Skip to content

Commit

Permalink
Overview and examples for Ratelimiting
Browse files Browse the repository at this point in the history
Started a design doc highlighting the `WHAT` and `WHY`

Relates to envoyproxy#670

Signed-off-by: Arko Dasgupta <[email protected]>
  • Loading branch information
arkodg committed Dec 8, 2022
1 parent 13c1113 commit 45dda30
Showing 1 changed file with 66 additions and 0 deletions.
66 changes: 66 additions & 0 deletions docs/latest/design/ratelimit.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# Ratelimiting Design

## Overview

Ratelimiting is a feature that allows the user to limit the number of incoming requests
to a predefined value based on attributes within the traffic flow.

Here are some reasons why a user may want to implements Ratelimits

* To prevent malicious activity such as DDoS attacks.
* To prevent applications and its resources (such as a database) from getting overloaded.
* To create API limits based on user entitlements.

## API

* Here is an example of a ratelimit implemented by the platform engineer that limits requests made
by every unique client remote address to 100 requests per second, to help mitigate DDoS attacks.
```
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: RateLimiting
metadata:
name: ratelimit-per-client-ip
spec:
type: Global
rules:
- matches:
- remoteAddress: {}
limit:
requests: 100
unit: Minute
```

* Here is an example of a ratelimit implemented by the application developer that limits total requests made
to a specific route to safeguard health of internal application components.
```
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: RateLimiting
metadata:
name: ratelimit-all-requests
spec:
type: Global
rules:
- matches:
- limit:
requests: 1000
unit: Second
```

* Here is an example of a ratelimit implemented by the application developer to limit a specific set of users
by matching on a custom `x-user-tier` header with a value set to `one`
```
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: RateLimiting
metadata:
name: ratelimit-specific-requests
spec:
type: Global
rules:
- matches:
- header:
name: x-user-tier
value: one
limit:
requests: 10
unit: Hour
```

0 comments on commit 45dda30

Please sign in to comment.