• Home
  • Blog
  • Rate Limiting with Envoy Proxy based API Gateways

Rate Limiting with Envoy Proxy based API Gateways

Solo.io | July 29, 2019

In this post, we’ll dig into Rate Limiting and its role in API Gateways.

What is Rate Limiting?

Rate limiting is the ability to specify how many times an end user can call a service within a rate (time interval like per second, minute, hour) and even setting a quota (total number received within a period like day, week, month).

API Gateways help control the incoming traffic from an end user or system (client) to a specified application service. This interaction of exposing services to external users who are unknown to the organization can put the service at risk of potentially (gasp!) malicious behavior. Rate limiting allows you to protect your environment from intentional or unintentional issues that overwhelm your services with incoming traffic that result in failures and service outages.

Examples of issues include denial of service attacks from malicious users, a rogue script or random changes in the traffic mix where a spike in low priority user requests crowd out the higher priority requests into your service.

Rate Limiting with Gloo

Gloo Enterprise provides two models for rate limiting to address a wide range of use cases and flexibility from simple to finer grained settings.

  1. Gloo includes for simplified rate limiting model
  2. Envoy rate limiting with Gloo for a finer grained settings

Gloo’s built in rate limiting offers a simplified model to specify the number of requests per unit of time that can be made against all routes (incoming traffic paths) defined within a virtual host. Different limits can be set for authorized users (per user basis) and anonymous users (incoming IPs) and are defined on the virtual service specification.

The example below shows the rate limit configuration of 1000 anonymous requests per hour and 200 authorized requests per minute to the same virtual service. This allows you to also better control resource utilization across different types of users.

ratelimitBasic:
  anonymous_limits:
    requests_per_unit: 1000
    unit: HOUR
  authorized_limits:
    requests_per_unit: 200
    unit: MINUTE

The Envoy rate limiting API can be used with Gloo to define more granular rate limits. With Envoy rate limiting, you can use custom headers and application meta information to make decisions. This can get quite fine grained and at the same time complex. We recommend starting with the built in rate limiting in Gloo and then adding the Envoy rate limiting as needed.

Give rate limiting a try in Gloo:

About the Author
Darkgray Glooey Logomark V1.1 Solo.io
Solo.io connects the world’s applications with APIs and Service Mesh across any infrastructure to ease the journey to cloud native architecture
Additional Resources
infographic
Gloo Gateway vs. Apigee
View the Infographic
post
The Battle of Titans: Kong vs. Gloo Gateway

April 19, 2024

Read the Article
infographic
Top 7 API Capabilities to Adopt
View the Infographic
post
Optimize AWS Workloads with Istio’s Ambient Mode

April 16, 2024

Read the Article