Local rate limit

  • Local rate limiting architecture overview

  • This filter should be configured with the type URL type.googleapis.com/envoy.extensions.filters.network.local_ratelimit.v3.LocalRateLimit.

  • v3 API reference

Note

The token bucket is shared across all workers, thus the rate limits are applied per Envoy process.

Note

Global rate limiting is also supported via the global rate limit filter.

Overview

The local rate limit filter applies a token bucket rate limit to incoming connections that are processed by the filter’s filter chain. Each connection processed by the filter utilizes a single token, and if no tokens are available, the connection will be immediately closed without further filter iteration.

Note

In the current implementation each filter and filter chain has an independent rate limit.

Planned future enhancements: * rate limit on specific requestedApplicationProtocols` or detectedTransportProtocol

Statistics

Every configured local rate limit filter has statistics rooted at local_ratelimit.<stat_prefix>. with the following statistics:

Name

Type

Description

rate_limited

Counter

Total connections that have been closed due to rate limit exceeded

Runtime

The local rate limit filter can be runtime feature flagged via the enabled configuration field.