Throttling enables precise traffic control to handle traffic bursts, service overload, resource exhaustion, and malicious attacks, protecting the stability of backend services while reducing costs and improving user experience.
Concepts of throttling
Throttling limits the number of requests sent to a service within a given period of time, such as 300 requests per minute or 10 requests per second. This prevents a service from being overloaded by excessive requests from a specific client IP address or from global clients.
For example, if you limit the number of requests sent to a service to 300 per minute, the 301st request is denied. At the same time, the HTTP 429 status code that indicates excessive requests is returned.
Throttling modes
Envoy proxies support two throttling modes: local throttling and global throttling. Local throttling limits the request rate of each service instance. Global throttling uses a global gRPC service to enforce rate limits across the entire Service Mesh (ASM) instance. You can combine both modes to apply different levels of throttling.
|
Mode |
Description |
References |
|
Local throttling |
|
|
|
Global or distributed throttling |
|
How local throttling works
An Envoy proxy uses the token bucket algorithm to implement local throttling. Tokens are added to a bucket at a constant rate. Each incoming request consumes one token. When the bucket is empty, subsequent requests are denied. You generally need to specify the following parameters:
-
The interval at which the bucket is filled
-
The number of tokens added to the bucket at each interval
By default, an Envoy proxy returns the HTTP 429 status code when a request is denied and the x-envoy-ratelimited header is set. You can customize the HTTP status code and response header.
Take note of the following concepts when you use the throttling feature:
-
http_filter_enabled: indicates the percentage of requests for which the local rate limit is checked but not enforced.
-
http_filter_enforcing: indicates the percentage of requests on which the local rate limit is applied or enforced.
Set the values to percentages. For example, you can set http_filter_enabled to 10% of requests and http_filter_enforcing to 5% of requests. This way, you can test the effect of throttling before it is applied to all the requests.
How global throttling works
Global throttling controls request rates across an ASM instance by using the Envoy rate limit service. The rate limit service centrally processes traffic and enforces rate limits based on predefined rules and quotas.
The configuration of global throttling involves two parts: the Envoy rate_limits filter and the configuration of the rate limit service.
-
The rate_limits filter contains a list of
actions. An Envoy proxy attempts to match each request against each action in the rate_limits filter. A descriptor is generated for each action. A descriptor consists of a set of descriptor entries that correspond to an action. Each descriptor entry is a key-value pair, such as"descriptor-key-1": "descriptor-value-1"and"descriptor-key-2": "descriptor-value-2". For more information, see config-http-filters-rate-limit. -
The configuration of the rate limit service is matched against the descriptor entry generated for each request. The configuration of the rate limit service specifies the rate limit for a specific set of descriptor entries. The rate limit service interacts with the Redis cache to determine whether to limit the rates of requests and sends the throttling decision to the Envoy proxy.
Together, the rate_limits filter and the rate limit service implement global throttling. The filter generates a descriptor based on the configured action and sends it to the rate limit service, which determines the applicable limit and returns a throttling response. This mechanism gives you full control over request rates and protects backend services against traffic bursts.