Configure traffic protection rules - Serverless App Engine

Serverless App Engine (SAE) integrates the traffic protection capabilities of Microservices Engine (MSE). This integration allows you to use different traffic management rules such as throttling, concurrency isolation, and circuit breaking rules to ensure business stability. This integration provides professional and reliable traffic protection mechanisms, along with real-time traffic distribution analysis capabilities. This topic describes how to configure traffic protection rules and provides usage examples.

Prerequisites

Application deployment is complete.
Microservices Governance Enterprise Edition of MSE is activated.
Note
Additional costs are generated for the use of MSE. For information about the billing rules for MSE, see Billing overview of Microservices Governance.

Limits

This feature applies only to microservices applications created on November 8, 2023 or later.

Go to the Traffic Protection tab in the SAE console

Log on to the SAE console. In the left-side navigation pane, choose Applications > Applications. On the page that appears, select a region in the top navigation bar and a namespace from the Namespace drop-down list, and then click the desired application name.
In the left-side navigation pane, choose Microservice Governance > Traffic Governance, and click the Traffic Protection tab.

Configure rules

Create a throttling rule

A throttling rule monitors the queries per second (QPS) of an application or service. When the QPS reaches a predefined threshold, the system immediately intercepts or restricts the traffic. This prevents the application from being overwhelmed by sudden traffic spikes and ensures the high availability and stability of the application.

Click the Interface Flow Control tab, and then click Add Throttling Rule.

In the Add Throttling Protection Rule dialog box, configure the parameters.

In the Select Protection Scenario step, configure the API Type, Type of Traffic, and Interface Name parameters, and click Next.

In the Configure Protection Rule step, configure the parameters and click Next.

Parameter	Description
Whether to open	If you slide the toggle to the ON position, the rule takes effect immediately after it is created. By default, the rule is disabled.
Stand-alone QPS threshold	The QPS threshold that triggers the behavior of the throttling rule.
Flow control effect	The method that is used to process the blocked requests. Valid values: Fast failure: Requests are immediately blocked if the QPS threshold is reached. The content returned varies based on the configurations of the adaptation module in the system settings of the application. Waiting in line: Requests are processed at a constant speed and the accumulated requests are queued up. In most cases, this value is specified for scenarios such as peak-load shifting. You must specify a queuing timeout period for requests. If the queuing time of a request exceeds the queuing timeout period, the request fails.

In the Configure Protection Behavior step, select an associated behavior and click New.

After the rule is created, you can edit or delete the rule on the Interface Flow Control tab.

Create an isolation rule

You can create isolation rules to control the number of concurrent threads of interfaces or dependencies to ensure the system stability.

Click the Concurrency Isolation tab, and then click Add isolation rule.

In the Add Isolation Protection Rule dialog box, configure the parameters.

In the Select Protection Scenario step, configure the API Type, Type of Traffic, and Interface Name parameters, and click Next.

In the Configure Protection Rule step, configure the parameters and click Next.

Parameter	Description
Whether to open	If you slide the toggle to the ON position, the rule takes effect immediately after it is created. By default, the rule is disabled.
Concurrency threshold	The maximum number of concurrent threads to process requests.

In the Configure Protection Behavior step, select an associated behavior and click New.

After the rule is created, you can edit or delete the rule on the Concurrency Isolation tab.

Configure a circuit breaking rule

You can configure circuit breaking rules to monitor the response time (RT) of requests or ratio of abnormal requests for an application or a downstream application on which the application depends. If the specified threshold is reached, the system immediately lowers the priority of the dependent downstream application. The system does not call the abnormal downstream application within the specified period of time. This ensures stability and high availability of your application. After the specified period of time elapses, the system resumes the calls to the dependent downstream application.

On the Circuit Breaking Rule tab, click Add Circuit Breaking Rule.

In the Add Circuit Breaking Rule dialog box, configure the parameters.

In the Select Protection Scenario step, configure the API Type and Interface Name parameters, and click Next.

In the Configure Protection Rule step, configure the parameters and click New.

Parameter	Description
Statistical window duration	The duration of the time window. Valid values: 1 second to 120 minutes.
Minimum number of requests	The minimum number of requests to trigger circuit breaking. If the number of requests in the current time window is less than the value of this parameter, circuit breaking is not triggered even if the circuit breaking rule is met.
Threshold Type	The threshold type. Valid values: Slow call ratio (%) and Abnormal proportion (%). If you set this parameter to Slow call ratio, you must set the Slow call RT parameter, which specifies a threshold for the response time of requests. If the response time of a request exceeds the value of the Slow call RT parameter, the request is counted as a slow call. You must also set the Circuit Breaking Ratio Threshold parameter, which specifies a percentage threshold that triggers circuit breaking for slow calls. After the circuit breaking rule is enabled, if the number of requests in the specified time window is greater than the value of the Minimum number of requests parameter and the percentage of slow calls is greater than the value of the Circuit Breaking Ratio Threshold parameter, requests are automatically blocked within the circuit breaking period that is specified by the Circuit Breaking Duration (s) parameter. After the circuit breaking period elapses, the circuit breaker detects the next request. If the response time of the next request is less than the value of the Slow call RT parameter, circuit breaking ends. If the response time of the next request is greater than the value of the Slow call RT parameter, circuit breaking is triggered again. If you set this parameter to Abnormal proportion, you must set the Circuit Breaking Ratio Threshold parameter, which specifies a percentage threshold that triggers circuit breaking for abnormal requests. After the circuit breaking rule is enabled, if the number of abnormal requests within the time window is greater than the value of the Minimum number of requests parameter and the percentage of abnormal requests is greater than the value of the Circuit Breaking Ration Threshold parameter, requests are automatically blocked within the circuit breaking period that is specified by the Circuit Breaking Duration (s) parameter.
Circuit Breaking Duration (s)	Click Show Advanced Options. The period in which circuit breaking is implemented. If circuit breaking is implemented on the resources, the calls to all the resources fail in the specified circuit breaking period.
Circuit Breaking Policy	Click Show Advanced Options. Specifies whether a circuit breaker retriggers circuit breaking after the circuit breaking period elapses. Valid values: Single detection recovery: After the circuit breaking period elapses, the circuit breaker detects the next request. If the request is not a slow call or an abnormal request, circuit breaking ends. Otherwise, circuit breaking is triggered again. Progressive recovery: If you select this option, you must set the Number of recovery phases and Minimum number of passes per step parameters. After the circuit breaking period elapses, the circuit breaker performs progressive recovery based on the specified number of recovery stages. If the number of requests in a stage reaches the value of the Minimum number of passes per step parameter, a check is triggered. If the number of checked requests does not exceed the configured threshold, the percentage of requests that are allowed to pass is gradually increased until all the requests are allowed to pass. If the number of checked requests exceeds the configured threshold in a stage, circuit breaking is triggered again. The request percentage is calculated based on the following formula: Request percentage (T) = 100/Number of recovery stages (N). The request percentage in the first stage is T and the request percentage in the second stage is 2T. The calculation ends until the request percentage is equal to 100%. For example, if the number of recovery stages is 3 and the minimum number of requests that are allowed to pass in each stage is 5, requests are distributed in the three stages based on the percentages of 33%, 67%, and 100%. If the number of requests in each stage is greater than or equal to 5, a check is triggered. If the number of requests in each stage is less than 5, the system enters the next recovery stage until all the requests are allowed to pass.

After the rule is created, you can edit or delete the rule on the Circuit Breaking Rule tab.

Create a hotspot parameter protection (RPC) rule

After you create RPC rules for an application, the system analyzes and collects statistics on the hot parameters that are most frequently accessed during resource calls and throttles resource calls that involve hot parameters. This ensures system stability.

Click the Hotspot Parameter Protection (RPC) tab. On the Hotspot Parameter Protection (RPC) tab, click Add Hotspot Parameter Protection (RPC) Rule.

In the Add Hotspot Parameter Protection (RPC) Rule dialog box, configure the parameters.

In the Select Protection Scenario step, configure the Interface name parameter and click Next.

In the Configure Protection Rule step, configure the parameters and click Next.

Parameter	Description
Parameter position Index	The index of the hot parameter specified during tracking. The index corresponds to the index of the parameter in `SphU.entry(xxx,args)`. For example, if you specify `SphU.entry(resourceName,Entry Type.IN,1,paramA,paramB)` during tracking, the index of the `paramA` parameter is 0 and the index of the `paramB` parameter is 1.
Statistical dimension	The dimension based on which the statistics of requests are collected. Valid values: Number of requests: limits the number of requests within a period of time. Concurrent number: limits the maximum number of requests that can be concurrently processed.
Statistical cycle time	The statistical period. Unit: seconds. For example, if the statistical period is 10 seconds and the queries per second (QPS) threshold is 5, each hot parameter can be accessed five times at most within 10 seconds.
Single machine threshold	The QPS threshold for each hot parameter.
Flow control effect	The mode in which the blocked requests are processed. You can configure this parameter if you set the Statistical dimension parameter to Number of requests. Valid values: Fast failure: Requests are immediately blocked if the QPS threshold is reached. In this mode, you can configure the Number of buffered requests parameter, which specifies the number of additionally allowed requests for traffic bursts. Waiting in line: In this mode, the system queues requests and processes the requests at a constant speed. This mode is typically used in scenarios such as message queue (MQ) peak-load shifting. You must specify a timeout period. The estimated queuing duration is calculated when a request is queued. If the estimated queuing duration exceeds the specified timeout period, the request is directly rejected. For example, if the Single machine threshold parameter is set to 5, the system processes a request every 200 milliseconds and queues the excess requests. If you set the Timeout period to 1,000 milliseconds and more than five requests are queued, the excess requests are rejected.
Whether to open	If you slide the toggle to the ON position, the rule takes effect immediately after it is created. By default, the rule is disabled.

In the Configure Protection Behavior step, select an associated behavior and click New.

After the rule is created, you can edit or delete the rule on the Hotspot Parameter Protection (RPC) tab.

Create a hot parameter throttling rule for HTTP requests

Hotspot parameter protection rules (HTTP requests) are designed for applications that provide web services. These rules enable fine-grained traffic control based on parameters such as IP, Host, Header, and URL Param to ensure service and system stability.

Click the Hotspot Parameter Protection (HTTP Requests) tab, and then click New Hotspot Parameter Protection (HTTP Requests).

In the New Hotspot Parameter Protection (HTTP Requests) dialog box, configure the parameters.

In the Select Protection Scenario step, configure the Interface name parameter and click Next.

In the Configure Protection Rule step, configure the parameters and click Next.

Parameter	Description
Parameter Properties	The parameter of the API request to which you want to apply the rule. Client IP: the IP address of the client from which the request is sent. Note If the request is distributed by a proxy, the system first attempts to obtain the IP address from the X-Forwarded-For request header. If the IP address exists, the system uses the IP address as the actual client IP address. Remote Host: the hostname of the client from which the request is sent. Header: the HTTP headers of the request. After you specify a header, the rule applies to the hot values of the header. If you select Header, you can configure a matching mode for the values of request parameters. Only values that match the specified mode are collected in statistics and throttled. URL Parameters: the request parameters in the request body. You must specify the name of a request parameter. If you select URL Parameter, you can configure a matching mode for the values of request parameters. Only values that match the specified mode are collected in statistics and throttled.
Threshold Type	The threshold type. Default value: Number of requests.
Threshold	The QPS threshold that triggers the behavior of the throttling rule. You must specify an interval at which the system processes the requests. Supported units: second, minute, hour, and day. For example, if the threshold is set to 10 requests per minute, the system processes a maximum of 10 requests per minute.
Whether to open	If you slide the toggle to the ON position, the rule takes effect immediately after it is created. By default, the rule is disabled.
Flow Control Method	Click Show Advanced Options. Fast failure: Requests are immediately blocked if the QPS threshold is reached. Note If the requests are blocked, the system returns the custom information that you configure in the Configure Protection Behavior step. If you do not configure custom information in the Configure Protection Behavior step, the default behavior that contains a 429 error code and the default text message is returned. Waiting in line: If you set the Threshold Type parameter to Number of requests, the blocked requests are processed at a constant speed. The excess requests can be queued. You must specify a timeout period. The estimated queuing duration is calculated when a request is queued. If the estimated queuing duration exceeds the specified timeout period, the request immediately fails without being queued. For example, if the QPS threshold is set to 10 requests per second, the system processes a request every 100 milliseconds and queues the excess requests. The timeout period indicates the maximum queuing duration. The requests whose queuing duration exceeds the timeout period are directly rejected. Note If you set the Flow control effect parameter to Waiting in line, we recommend that you set the QPS threshold to no more than 1,000 requests per second.
Burst size	Click Show Advanced Options. If you set the Flow Control Method parameter to Fast failure, you can specify the number of additionally allowed requests for traffic bursts.
Timeout Period	Click Show Advanced Options. If you set the Flow Control Method parameter to Waiting in line, you must specify a timeout period. Unit: millisecond. For example, if the QPS threshold is set to 5 requests per second, the system processes a request every 200 milliseconds and queues the excess requests. The timeout period indicates the maximum queuing duration. The requests whose queuing duration exceeds the timeout period are directly rejected.

In the Configure Protection Behavior step, select an associated behavior and click New.

After the rule is created, you can edit or delete the rule on the Hotspot Parameter Protection (HTTP Requests) tab.

Manage behaviors

A web behavior defines the custom behavior that is to be performed after a web-type instrumentation resource triggers a specific rule. For example, the "Blocked by Sentinel" error message is returned after a web interface triggers a specific throttling rule.

Create a behavior

Click the Behavior Management tab, and then click New behavior.

In the New behavior dialog box, configure the parameters and click New.

Web resources

Parameter	Description	Example
Behavior Name	The name of the behavior. The name length cannot exceed 128 characters. The name must be unique in an application.	Test behavior
Resource Type	Select Web for this parameter.	Web
Web Throttling Policy	The behavior that is to be performed after a web interface triggers a specific rule. By default, Custom return is selected. You need to further customize the HTTP response status code and the format and content of the HTTP response. After a web interface triggers a specific rule, the custom content is returned.	Custom return
HTTP Status Code	The default value is 429. You must configure this parameter if the Web flow limiting processing strategy parameter is set to Custom return.	429
Returned Content-Type	The format of the HTTP response. Valid values: Plain text and JSON.	JSON
Returned HTTP Text	The content of the HTTP response to be returned after a web interface triggers a specific rule. You must configure this parameter if the Web flow limiting processing strategy parameter is set to Custom return.	{"message": "blocked oops"}

RPC resources

Parameter	Description	Example
Behavior Name	The name of the behavior. The name length cannot exceed 128 characters. The name must be unique in an application.	Test behavior
Resource Type	Select Rpc for this parameter. Note Apache Dubbo versions 2.7.0 to 2.7.3 do not support custom behaviors. The `java.lang.RuntimeException` error message is returned when throttling is triggered in the preceding versions. The error message contains `SentinelBlockedException` and throttling information.	Rpc
Rpc current limiting processing strategy	The behavior that is to be performed after an RPC interface triggers a specific rule. Custom return: the custom response. You need to customize the HTTP response status code and the format and content of the HTTP response. After an RPC interface triggers a specific rule, the custom content is returned. Custom exception: the custom exception that is returned. You need to specify the Exception Class Name and Exception Message Text parameters. After an RPC interface triggers a specific rule, the custom exception is returned.	Custom return or Custom exception
Rpc current limiting processing strategy set to Custom return
Custom Response Class Name	The path of the class name. Note The custom response does not support generic types that contain unknown types, such as Map<K, V> and List<T>.	com.alibaba.demo.OrderService:getOrder(long)
Custom Response Content (JSON Format)	The custom content that is returned after an RPC interface triggers a specific rule.	{"id": "123", "name": "test"}
Rpc current limiting processing strategy set to Custom exception
Exception Class Name	The path of the exception class name.	java.lang.RuntimeException
Exception Message Text	The custom exception text that is returned after an RPC interface triggers a specific rule.	"Operation failed"

The created behavior is displayed on the Behavior Management tab. You can modify or delete the behavior.

Associate a behavior with a rule

Click the Traffic Protection tab and then click the tab on which the rule is managed. Find the rule and click Edit in the Actions column of the rule. Complete the Select Protection Scenario and Configure Protection Rules steps and select a behavior from the Association Behavior drop-down list in the Configure Protection Behavior step. You can also click New behavior to create a new behavior.
Note
- If you do not need to customize the fallback behavior that is to be performed after throttling, select Default Behavior and leave the API Type parameter unspecified by default.
- When you add a throttling rule, if the current interface is already associated with a behavior, the behavior is overwritten by the new behavior that you associate with the interface.
- If you do not specify the API Type parameter in the Select Protection Scenario step, the default behavior is associated. After you specify the API Type parameter and associate a behavior of the specified type, you cannot change the type.
Click Save.

Scenarios

Scenario 1: Implement peak-load shifting to process requests at a constant speed

Request traffic fluctuates during peak and off-peak hours. You can implement throttling to delay peak traffic for a specific period of time, namely, the queuing time, for processing. This ensures that all the requests can be processed without affecting user experience.

In the Add Throttling Protection Rule dialog box, create a throttling rule by using the following parameter settings:

Set the Stand-alone QPS threshold parameter to 5.
Set the Flow control effect parameter to Waiting in line.
Set the Timeout parameter to 5000. Unit: milliseconds.

The system processes a request every 200 milliseconds and the accumulated requests are queued up. The queuing timeout period is set to 5,000 milliseconds. If a request is queued for longer than 5,000 milliseconds, the request fails, and the default information such as texts and static pages to be displayed due to throttling is directly returned.

Scenario 2: Ensure sufficient resources

If the response time of requests becomes longer, the number of concurrent threads increases. If the number of concurrent threads exceeds the threshold, Application High Availability Service rejects the excess requests until the accumulated requests are processed and the number of concurrent threads decreases. This way, exceptions can be isolated and stability is ensured. For example, the execution time of an SQL statement is 20 milliseconds and the expected QPS is 20.

In the Add Isolation Protection Rule dialog box, configure the following parameters:

Set the Interface name parameter.
Set the Concurrency threshold parameter to 10.

After the configuration is complete, if a deadlock or a performance issue occurs in the SQL statement and the execution of the SQL statement is slow, only 10 threads are occupied and the active threads of the process are not exhausted even if more and more requests are received and the requests cannot be ended in a short period of time. After the SQL statement becomes normal, the number of concurrent threads decreases. When the number of concurrent threads is less than the specified threshold, the system does not reject requests and the processing capability of the application is restored. This way, the number of concurrent threads is automatically adjusted based on the response time of requests and unstable applications are isolated.

Scenario 3: Create a circuit breaking rule for slow calls

For example, if you call a third-party service and the response time is long, the calls to the current interface are affected. To resolve this issue, you can perform circuit breaking on the slow calls.

In the Add Circuit Breaking Rule dialog box, configure the parameters that are described in the following table.

Parameter	Example	Description
Interface name	test	The name of the interface to which you want to apply the circuit breaking rule.
Statistical window duration	1	The duration of the time window. Unit: seconds. Set this parameter to 1.
Minimum number of requests	10	The minimum number of requests to trigger circuit breaking. Set this parameter to 10.
Threshold Type	Slow call ratio (%)	Set this parameter to Slow call ratio (%).
Slow call RT	1000	Set this parameter to 1000. Unit: milliseconds. If the response time of a request exceeds 1,000 milliseconds, the request is counted as a slow call.
Circuit Breaking Ratio Threshold	80%	Set this parameter to 80. Unit: %. If the percentage of slow calls reaches 80%, circuit breaking is triggered.
Circuit Breaking Duration (s)	10	Set this parameter to 10 seconds.
Circuit Breaking Policy	Single detection recovery	After the circuit breaking period elapses, the circuit breaker detects the next request. If the request is not a slow call or an abnormal request, circuit breaking ends. Otherwise, circuit breaking is triggered again.

Scenario 4: Create a circuit breaking rule for abnormal requests

For example, when the content of a third-party service is displayed, abnormal requests occur in the system. If the ratio of abnormal requests is high, you can perform circuit breaking on the abnormal requests to ensure a better user experience.

In the Add Circuit Breaking Rule dialog box, configure the parameters that are described in the following table.

Parameter	Example	Description
Interface name	test	The name of the interface to which you want to apply the circuit breaking rule.
Statistical window duration	1	The duration of the time window. Unit: seconds. Set this parameter to 1.
Minimum number of requests	10	The minimum number of requests to trigger circuit breaking. Set this parameter to 10.
Threshold Type	Abnormal proportion (%)	Set this parameter to Abnormal proportion (%).
Circuit Breaking Ratio Threshold	80%	Set this parameter to 80. Unit: %. If the percentage of abnormal requests reaches 80%, circuit breaking is triggered.
Circuit Breaking Duration (s)	10	Set this parameter to 10 seconds.
Circuit Breaking Policy	Single detection recovery	After the circuit breaking period elapses, the circuit breaker detects the next request. If the request is not a slow call or an abnormal request, circuit breaking ends. Otherwise, circuit breaking is triggered again.

Scenario 5: Flash sales of hot products

In scenarios such as flash sales, the system may fail to respond immediately or even stop responding due to a large amount of traffic. To ensure system stability, you can create a hot parameter throttling rule. If the specified threshold is exceeded, the system queues the excess requests to purchase the hot products. For example, if the number of requests to purchase a product exceeds 100 within 1 second, the system processes 100 requests per second and queues the excess requests.

To create a hot parameter throttling rule for RPC requests, configure the following rule information in the Add Hotspot Parameter Protection (RPC) Rule dialog box:

Set the Interface name parameter.
Set the Statistical dimension parameter to Number of requests.
Set the Statistical cycle time parameter to 1 in units of seconds and the Single machine threshold parameter to 100.
Set the Flow control effect parameter to Waiting in line.
Set the Timeout parameter to 30 milliseconds.

After the rule is created, if this API operation is called more than 100 times within 1 second, the excess requests are queued. If a request is queued for more than 30 milliseconds, the request immediately fails.

Scenario 6: Frequent requests that occupy a large number of system resources

In the flash sales scenario, customers may need to modify shipping addresses for orders. If a large number of requests to modify shipping addresses are sent to the system, a large number of resources are consumed to write data to a database. In this case, you can make the excess requests that involve hot parameters immediately fail.

To create a hot parameter throttling rule for RPC requests, configure the following rule information in the Add Hotspot Parameter Protection (RPC) Rule dialog box:

Set the Interface name parameter.
Set the Statistical dimension parameter to Concurrent number.
Set the Statistical cycle time parameter to 1 in units of seconds and the Single machine threshold parameter to 100.
Set the Flow control effect parameter to Fast failure.

After the rule is created, the system can process up to 100 requests per second. The excess requests immediately fails.

Scenario 7: Flash sales of hot products

For example, if you want to specify that the system processes a maximum of 100 requests to access a product per second, you can configure the following rule information in the New Hotspot Parameter Protection (HTTP Requests) dialog box. After the rule is created, the system processes a maximum of 100 requests to access each product per second. In this case, the system rejects the excess requests to access each product and returns custom information.

Set the Parameter Properties parameter to URL Parameter.
Note
When you configure the Parameter Properties parameter, select the parameter that specifies the hot product ID. For example, if the stockId parameter specifies the product ID, you can select URL Parameter and enter stockId in the URL Parameter Name field.
Enter stockId in the URL Parameter Name field.
Set the Threshold parameter to 100 requests per second.
Set the Flow control effect parameter to Fast failure.

Scenario 8: Prevention of malicious brushing

For example, if a large number of malicious brushing requests occur during a promotion, a large number of product inventory or server resources are occupied. In this case, the system can queue requests based on the source IP address and process the requests at a constant speed to prevent excess requests from affecting service stability.

To create a hot parameter throttling rule, configure the following rule information in the New Hotspot Parameter Protection (HTTP Requests) dialog box. After the rule is created, the system processes an API request from each IP address every 10 milliseconds and queues the excess requests. The blocked requests immediately fail if they are queued for more than 30 milliseconds.

Set the Parameter Properties parameter to Client IP.
By default, Number of requests is selected for the Threshold Type parameter.
Set the Threshold parameter to 100 requests per second.
Set the Flow control effect parameter to Waiting in line.
Set the Timeout parameter to 30. Unit: millisecond.
Turn on Whether to open.