Rate Limiting per IP address
Aman Bhala
{
"match": {
"path": “<“path_name>,
},
"route": {
"cluster": “<cluster_name>”,
"timeout": "0s",
"retry_policy": {
"retry_on": "reset, connect-failure, refused-stream, http3-post-connect-failure",
"num_retries": 1,
"retry_host_predicate": [
{
"name": "avoid previous host retry",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.retry.host.previous_hosts.v3.PreviousHostsPredicate"
}
}
]
},
}
},
"typed_per_filter_config": {
"envoy.filters.http.local_ratelimit": {
"@type": "type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit",
"stat_prefix": "all_endpoints_rate_limiting",
"token_bucket": {
"max_tokens": 1000,
"tokens_per_fill": 1000,
"fill_interval": "1s"
},
"filter_enabled": {
"default_value": {
"numerator": 100
},
"runtime_key": "http_local_rate_limiter.enabled"
},
"filter_enforced": {
"default_value": {
"numerator": 100
},
"runtime_key": "http_local_rate_limiter.enforced"
},
}
}
},
When I am sending request more than 1000rps from different IP addresses individually, it is able to rate limit the requests but when I am sending 600rps from 1 IP address and 500 rps from another IP address, I see that it is not rate limiting the requests as if it is able to do per IP rate limiting. As far as I have read, rate limit filter only allows rate limiting per endpoint unless the IP address is hardcoded in the descriptor.
Here, I am trying to understand why per IP rate limiting seem to work with rate limit filter even though it is not supported or I am missing something ?
Some github issues:
- https://github.com/envoyproxy/envoy/issues/31450
- https://github.com/envoyproxy/envoy/issues/18706