Hi,
Thank you for the response. I will try to configure 16666 for 10
seconds and check the outcome.
regards,
badari
On Thu, Apr 25, 2019 at 12:00 AM PiBa-NL <[email protected]> wrote:
> Hi Badari,
>
> Op 24-4-2019 om 8:13 schreef Badari Prasad:
>
> Hi
> Any inputs on this issue mentioned in earlier mail. Rate limiting is
> not kicking in properly for about 60 secs with the config
>
> frontend apiGateWay2
> bind 0.0.0.0:11002
>
> mode http
> option forwardfor
> stick-table type string size 1m expire 1m store http_req_rate(1m)
> http-request set-var(req.rate_limit)
> path,map_sub(/etc/haproxy/maps/apiGateWay2_rates.map)
> http-request set-var(req.asname)
> path,map_sub(/etc/haproxy/maps/apiGateWay2_path2as.map)
>
> http-request set-var(req.request_rate)
> var(req.asname),table_http_req_rate(apiGateWay2)
> acl rate_abuse var(req.rate_limit),sub(req.request_rate) lt 0
> http-request deny deny_status 429 if rate_abuse
> http-request track-sc0 var(req.asname)
> use_backend nodes
>
> thanks
> badari
>
> On Mon, Apr 22, 2019 at 8:47 PM Badari Prasad <[email protected]> wrote:
>
>> Hi Igor,
>> I am using the configuration mentioned in this mail thread for rate
>> limiting. For some reason the rate limiting is not applied properly for
>> say 60 to 120 seconds...
>> My configuration is as follows
>>
>> frontend apiGateWay2
>> bind 0.0.0.0:11002
>>
>> mode http
>> option forwardfor
>> stick-table type string size 1m expire 1m store http_req_rate(1m)
>> http-request set-var(req.rate_limit)
>> path,map_sub(/etc/haproxy/maps/apiGateWay2_rates.map)
>> http-request set-var(req.asname)
>> path,map_sub(/etc/haproxy/maps/apiGateWay2_path2as.map)
>>
>> http-request set-var(req.request_rate)
>> var(req.asname),table_http_req_rate(apiGateWay2)
>> acl rate_abuse var(req.rate_limit),sub(req.request_rate) lt 0
>> http-request deny deny_status 429 if rate_abuse
>> http-request track-sc0 var(req.asname)
>> use_backend nodes
>>
>> And contents of tile apiGateWay2_rates.map are : I would want to limit
>> 100,000 request per minute on uri containing AS0002 or A000001
>> /AS00002/ 100000
>> /A000001/ 100000
>>
>>
>> And contents of apiGateWay2_path2as.map file are:
>> /A000001/ A000001
>> /AS00002/ AS00002
>>
>>
>> And stats from haproxy sticky tables :
>> >>>>> load with url containing A00001 and then with AS00002 >>>>
>>
>> root@VM-Ubuntu-VM:/etc/bind# echo "show table api_gateway" | socat
>> unix:/var/lib/haproxy/stats stdio
>> # table: api_gateway, type: string, size:1048576, used:2
>> 0x14c8090: key=A000001 use=0 exp=56494 http_req_rate(60000)=48583
>> 0x14f6fb0: key=AS00002 use=0 exp=59998 http_req_rate(60000)=38
>>
>> root@VM-Ubuntu-VM:/etc/bind# echo "show table api_gateway" | socat
>> unix:/var/lib/haproxy/stats stdio
>> # table: api_gateway, type: string, size:1048576, used:2
>> 0x14c8090: key=A000001 use=0 exp=55557 http_req_rate(60000)=48583
>> 0x14f6fb0: key=AS00002 use=0 exp=60000 http_req_rate(60000)=2807
>>
>> root@VM-Ubuntu-VM:/etc/bind# echo "show table api_gateway" | socat
>> unix:/var/lib/haproxy/stats stdio
>> # table: api_gateway, type: string, size:1048576, used:2
>> 0x14c8090: key=A000001 use=0 exp=52736 http_req_rate(60000)=48583
>> 0x14f6fb0: key=AS00002 use=2 exp=60000 http_req_rate(60000)=27815
>>
>> >> After 60 secs when load with AS00002 is running
>> root@VM-Ubuntu-VM:/etc/bind# echo "show table api_gateway" | socat
>> unix:/var/lib/haproxy/stats stdio
>> # table: api_gateway, type: string, size:1048576, used:1
>> 0x14f6fb0: key=AS00002 use=3 exp=60000 http_req_rate(60000)=100001
>>
>>
>> Rate of HTTP request received at back end node which is just a HTTP echo
>> server absolutely no processing done here:
>> >> start of test >>>
>> E0422 10:59:10.406466 18653 EchoServer.cpp:117]
>> ========================================> current rate : 1
>> E0422 10:59:11.406616 18653 EchoServer.cpp:117]
>> ========================================> current rate : 2742
>> E0422 10:59:12.406698 18653 EchoServer.cpp:117]
>> ========================================> current rate : 6330
>> E0422 10:59:13.406762 18653 EchoServer.cpp:117]
>> ========================================> current rate : 8729
>> E0422 10:59:14.406828 18653 EchoServer.cpp:117]
>> ========================================> current rate : 11832
>> E0422 10:59:15.407163 18653 EchoServer.cpp:117]
>> ========================================> current rate : 12323
>> E0422 10:59:16.407294 18653 EchoServer.cpp:117]
>> ========================================> current rate : 12556
>> E0422 10:59:17.408223 18653 EchoServer.cpp:117]
>> ========================================> current rate : 12962
>> E0422 10:59:18.408849 18653 EchoServer.cpp:117]
>> ========================================> current rate : 13815
>> E0422 10:59:19.408854 18653 EchoServer.cpp:117]
>> ========================================> current rate : 16224
>> E0422 10:59:22.603286 18653 EchoServer.cpp:117]
>> ========================================> current rate : 2488
>>
>> It looks like me its +- exactly the configured 100000 requests that got
> allowed above in that minute summing up the rate numbers listed above.
>
> >>> until almost 60 no http request are received to back ends >> this time
>> gap varies with every run ...
>> >>> after 60 secs rate limits are applied properly >>>>
>> E0422 11:00:07.690192 18653 EchoServer.cpp:117]
>> ========================================> current rate : 1
>> E0422 11:00:10.411736 18653 EchoServer.cpp:117]
>> ========================================> current rate : 1
>> E0422 11:00:11.412317 18653 EchoServer.cpp:117]
>> ========================================> current rate : 1679
>> E0422 11:00:12.412369 18653 EchoServer.cpp:117]
>> ========================================> current rate : 1667
>> E0422 11:00:13.451706 18653 EchoServer.cpp:117]
>> ========================================> current rate : 1668
>> E0422 11:00:14.453778 18653 EchoServer.cpp:117]
>> ========================================> current rate : 1668
>> E0422 11:00:15.457597 18653 EchoServer.cpp:117]
>> ========================================> current rate : 1645
>> E0422 11:00:16.458938 18653 EchoServer.cpp:117]
>> ========================================> current rate : 1762
>> E0422 11:00:17.470010 18653 EchoServer.cpp:117]
>> ========================================> current rate : 1598
>>
>>
>> Can I get some info on the issue, is this know issue or am I missing some
>> config for rate limiting to be applied properly ?
>>
>> Thanks in advance,
>> Badari
>>
>> I wonder if instead of allowing 100000 requests per minute you would like
> 1666 requests to be allowed per second.? Which should effectively be
> similar besides that 'bursts' of requests will be blocked sooner.. To do
> this use 1s instead of 1m for the 'http_req_rate(1m)'. and put the 1666
> as a limit in the map file...
>
> Still you might see a burst of 1000 requests in the first millisecond, and
> only 666 allowed in the other 999 milliseconds (theoretically.?.). But also
> its probably not really relevant on which ms a request is allowed or
> blocked. you could argue that allowing 2 requests per millisecond would
> achieve almost the desired benchmark result. But then if there is nothing
> to do, and a few 10 users send a request at the same millisecond you might
> block 8... while the server has actually little to do... and though
> managing this on a millisecond level is likely ridiculous its just to make
> it a bit more clear that a short 'burst' of requests isn't necessarily bad
> and that requests arn't always expected to come in at all the same speed..
> So depending on expected runtime of a request and when the server will
> start to have trouble the current 100000/minute might be perfectly fine..
> or make it a 16666 per 10 seconds.?.
>
> So to sum things up.. the limiting is working, and its allowing 100000
> request in the first minute, just as specified. So in that regard its
> working correctly already..
>
> Regards,
>
> PiBa-NL (Pieter)
>
>
>
