Local rate limit

This documentation is for the Envoy v3 API.

As of Envoy v1.18 the v2 API has been removed and is no longer supported.

If you are upgrading from v2 API config you may wish to view the v2 API documentation:

This extension may be referenced by the qualified name envoy.filters.network.local_ratelimit

Note

This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.

Tip

This extension extends and can be used with the following extension category:

Local rate limit configuration overview.

extensions.filters.network.local_ratelimit.v3.LocalRateLimit

[extensions.filters.network.local_ratelimit.v3.LocalRateLimit proto]

{
  "stat_prefix": "...",
  "token_bucket": "{...}",
  "runtime_enabled": "{...}"
}
stat_prefix

(string, REQUIRED) The prefix to use when emitting statistics.

token_bucket

(type.v3.TokenBucket, REQUIRED) The token bucket configuration to use for rate limiting connections that are processed by the filter’s filter chain. Each incoming connection processed by the filter consumes a single token. If the token is available, the connection will be allowed. If no tokens are available, the connection will be immediately closed.

Note

In the current implementation each filter and filter chain has an independent rate limit.

Note

In the current implementation the token bucket’s fill_interval must be >= 50ms to avoid too aggressive refills.

runtime_enabled

(config.core.v3.RuntimeFeatureFlag) Runtime flag that controls whether the filter is enabled or not. If not specified, defaults to enabled.