Rate limit¶
Global rate limiting architecture overview
This filter should be configured with the type URL
type.googleapis.com/envoy.extensions.filters.network.ratelimit.v3.RateLimit
.
Note
Local rate limiting is also supported via the local rate limit filter.
Statistics¶
Every configured rate limit filter has statistics rooted at ratelimit.<stat_prefix>. with the following statistics:
Name |
Type |
Description |
---|---|---|
total |
Counter |
Total requests to the rate limit service |
error |
Counter |
Total errors contacting the rate limit service |
over_limit |
Counter |
Total over limit responses from the rate limit service |
ok |
Counter |
Total under limit responses from the rate limit service |
cx_closed |
Counter |
Total connections closed due to an over limit response from the rate limit service |
active |
Gauge |
Total active requests to the rate limit service |
failure_mode_allowed |
Counter |
Total requests that were error(s) but were allowed through because of failure_mode_deny set to false. |
Runtime¶
The network rate limit filter supports the following runtime settings:
- ratelimit.tcp_filter_enabled
% of connections that will call the rate limit service. Defaults to 100.
- ratelimit.tcp_filter_enforcing
% of connections that will call the rate limit service and enforce the decision. Defaults to 100. This can be used to test what would happen before fully enforcing the outcome.
Dynamic Metadata¶
The ratelimit filter emits dynamic metadata as an opaque google.protobuf.Struct
only when the gRPC ratelimit service returns a CheckResponse with a filled dynamic_metadata field.
Substitution Formatting¶
The network rate limit filter also supports substitution formatting based on stream info populated at request time for its descriptors. The value field for rate_limit_descriptor accepts runtime substitution. The format for the substitution formatting can be found in the access logging documentation
Example usage:
name: envoy.filters.network.ratelimit
domain: foo
descriptors:
- entries:
- key: remote_address
value: "%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%"
- key: foo
value: bar
stat_prefix: name