Limit to X requests/sec PER CUSTOMER using LocalRateLimit

[skbergam]

Title: Limit to X requests/sec PER CUSTOMER using LocalRateLimit

Description:

I have a few thousand customers calling my API. I want to limit them (with 429s) to 10 requests/sec each. On each HTTP request I have a "X-Customer-ID" header to uniquely identify them (and it has to match the auth token so I can trust the values in the "X-Customer-ID" header). I understand that with "RateLimit" configs you can specify a rate limit criteria like "CustomerID=*" which would effectively give each customer their own limit, but you also have to deploy the RateLimitService which uses Redis to make it work. I would prefer to not have to worry about a Redis cluster, so I was thinking of using the "LocalRateLimit" instead but it looks like it would only work for pre-specified values of CustomerID, i.e. I couldn't have a blanket limit to apply to all customers, I would have to specify a limit for every single customer.

Can we add support to the LocalRateLimit feature for specifying a blanket limit for each customer in this way? In my case, I can trust round robin load balancing to evenly distribute, so I'm fine just dividing my limit by the number of nodes and calling it good.

[ggreenway]

cc @mattklein123 @wbpcode

[kyessenov]

This is an often-requested feature for local rate limiting, an ability to specify a "wildcard" bucket instead of "literal" values, e.g. #19895.

[vikaschoudhary16]

I would like to work on it.

[skbergam]

@vikaschoudhary16 I'm interested as well. Is the LocalRateLimit extension written in C++? Do you have a link to the source?

I'd be happy to collaborate.

[dio]

@skbergam the entry points (the responsible filter code (HTTP and TCP (network)), including how it is configured):

• HTTP https://github.com/envoyproxy/envoy/tree/main/source/extensions/filters/http/local_ratelimit (the corresponding configuration definition: https://github.com/envoyproxy/envoy/tree/main/api/envoy/extensions/filters/http/local_ratelimit/v3)
• Network https://github.com/envoyproxy/envoy/tree/main/source/extensions/filters/network/local_ratelimit (the corresponding configuration definition: https://github.com/envoyproxy/envoy/tree/main/api/envoy/extensions/filters/network/local_ratelimit/v3)

The common implementation (used by both filters above as lib): https://github.com/envoyproxy/envoy/tree/main/source/extensions/filters/common/local_ratelimit

[vikaschoudhary16]

@vikaschoudhary16 I'm interested as well. Is the LocalRateLimit extension written in C++? Do you have a link to the source?

I'd be happy to collaborate.

sure. Not able to find you on envoy slack channel. What is your slack id?

[skbergam]

Can you invite me? Last time I tried I couldn't find it. @sean Bergam

[therealaditigupta]

Interested in learning about the progress made on this feature. Would be really valuable to my use case!

[vikaschoudhary16]

/assign