When microservices scale, a single slow dependency or unexpected traffic spike can cascade across your entire call chain and bring down production. Traffic protection in Microservices Engine (MSE) takes traffic as the starting point and ensures service stability through real-time throttling, circuit breaking and degradation, and system overload controls across distributed applications. As a commercial product of the open source Sentinel framework, it is the core component behind large-scale promotion events such as Double 11.
How traffic protection works
In a distributed application, a client request passes through multiple layers -- gateway, firewall, and Network Load Balancer (NLB) -- before reaching the frontend network service and then the backend services. Along the way, downstream services and third-party applications may be called.
Traffic protection operates across this entire request flow. It provides professional and stable traffic protection measures, continuously analyzes traffic patterns at each layer, and enforces protection rules within seconds. Rule updates take effect immediately.
The protection model has two core properties:
Second-level detection and enforcement: Detects anomalies and applies rules within seconds of a traffic change.
Dynamic rule updates: Push new or modified protection rules in real time.
When to use each feature
Traffic protection includes four complementary features. Use the following table to identify the right feature for your scenario:
| Scenario | Problem | Feature | How it helps |
|---|---|---|---|
| Flash sales or promotional events | Sudden traffic spikes overwhelm backend capacity | Ingress throttling | Caps inbound request rates at service entry points to match downstream capacity |
| Peak-load shifting for messages | Bursty message traffic degrades consumer performance | Ingress throttling + concurrency isolation | Limits request rates and isolates slow consumers so they do not exhaust shared resources |
| Cluster throttling | Aggregate traffic exceeds the total capacity of a service cluster | Ingress throttling | Enforces request rate limits distributed across cluster nodes |
| Hotspot parameters | A single parameter value (for example, a frequently accessed item ID) generates disproportionate load | Hotspot isolation | Separates hotspot traffic from normal traffic so that normal requests retain capacity |
| Cascading failures | A slow or failing dependency brings down the entire call chain | Circuit breaking | Trips a circuit breaker on the unstable dependency to limit the blast radius |
Feature details
Traffic protection provides professional and diversified preventive measures:
Ingress throttling
Controls inbound request rates based on service capacity. Apply throttling at application entry points such as gateways, frontend applications, and service providers to prevent traffic from exceeding what downstream services can handle.
Ingress throttling is the first line of defense: it rejects excess requests before they enter the system, protecting all downstream services in the call chain.
Concurrency isolation
Limits the maximum number of concurrent threads for a given resource. If a slow call holds a thread for too long, other interfaces stay responsive because the thread pool is not exhausted.
Use concurrency isolation when your services share a common thread pool and a single slow dependency could monopolize all available threads.
Hotspot isolation
Separates hotspot traffic from normal traffic. This prevents invalid hotspots from preempting the capacity of normal traffic. When a specific parameter value -- such as a frequently accessed item ID -- generates disproportionate load, hotspot isolation caps the rate for that parameter so that normal requests retain their share of capacity.
Circuit breaking on unstable dependencies
Applies circuit breaking both between and within applications. When a downstream dependency becomes unstable -- responding slowly or returning errors above a threshold -- the circuit breaker trips to limit the blast radius and prevent cascading failures.
Monitoring
Traffic protection provides real-time traffic monitoring and traffic diagnosis and analysis at the client level. This helps O&M personnel take preventive measures to protect application stability.
Traffic protection provides three levels of observability:
| Level | Scope |
|---|---|
| Single-node monitoring | Real-time metrics for individual service instances |
| Aggregate monitoring | Cluster-wide view that combines metrics across all nodes |
| Historical data queries | Past traffic data stored for retrospective analysis |
References
Sentinel -- the open source framework that traffic protection builds on.