Aeraki Series: How to set local rate limiting rules

Aeraki Series: How to set local rate limiting rules

Aeraki can help you manage any Layer 7 protocol in a service mesh. Currently, Aeraki already supports open source protocols such as Dubbo, Thrit, and Redis. You can also use Aeraki's MetaProtocol protocol extension framework to manage Layer 7 traffic for private protocols.

This series of tutorials will introduce how to use Aeraki to provide seven-layer traffic routing, local flow control, and global flow control for services using protocols such as Dubbo and Thrift in a service mesh, as well as how to quickly develop a custom protocol based on the Aeraki Protocol and manage services using custom protocols in the Istio service mesh.

This tutorial describes how to use the MetaRouter CRD resource provided by Areaaki to set local throttling rules for application protocols developed based on MetaProtocol.

Installing the Sample Program

If you haven't installed the sample application yet, refer to the Quick Start guide to install Aeraki, Istio, and the sample application.

After the installation is complete, you can see that the following two NSs are added to the cluster. The two NSs are installed with sample programs for Dubbo and Thrift protocols based on MetaProtocol. You can choose any program for testing.

  1.  ➜ ~ kubectl get ns|grep meta
  2.  meta-dubbo Active 16m
  3.  meta-thrift Active 16m

Aeraki's throttling rules are designed to be intuitive and flexible, supporting both throttling of all incoming requests to a service and fine-grained throttling of requests to a server based on different conditions.

Limit all incoming requests to the service

  1.  kubectl apply -f- <<EOF
  2.  apiVersion: metaprotocol.aeraki.io/v1alpha1
  3.  kind: MetaRouter
  4.  metadata:
  5.  name : test-metaprotocol-thrift-route
  6.  namespace: meta-thrift
  7.  spec:
  8.  hosts:
  9.   - thrift-sample-server.meta-thrift.svc.cluster. local  
  10.  localRateLimit:
  11.  tokenBucket:
  12.  fillInterval: 60s
  13.  maxTokens: 2
  14.  tokensPerFill: 2
  15.  EOF

Note: Because local throttling is processed on a service instance, when a service has multiple instances, the actual throttling effect is the throttling number multiplied by the number of instances.

Use the aerakictl command to view the client's application logs. You can see that the client can only successfully execute 4 requests per minute (there are two service instances, and each service instance is limited to 2 requests per minute):

  1.  ➜ ~ aerakictl_app_log client meta-thrift -f --tail 10  
  2.  Hello Aeraki, response from thrift-sample-server-v1-5c8476684-842l6/172.17.0.40
  3.  Hello Aeraki, response from thrift-sample-server-v2-6d5bcc885-hpx7n/172.17.0.41
  4.  Hello Aeraki, response from thrift-sample-server-v1-5c8476684-842l6/172.17.0.40
  5.  Hello Aeraki, response from thrift-sample-server-v2-6d5bcc885-hpx7n/172.17.0.41
  6.  org.apache.thrift.TApplicationException: meta protocol local rate limit: request '5' has been rate limited
  7.  at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:79)
  8.  at org.aeraki.HelloService$Client.recv_sayHello(HelloService.java:61)
  9.  at org.aeraki.HelloService$Client.sayHello(HelloService.java:48)
  10.  at org.aeraki.HelloClient.main(HelloClient.java:44)
  11.  Connected to thrift-sample-server
  12.  org.apache.thrift.TApplicationException: meta protocol local rate limit: request '1' has been rate limited
  13.  ...

Limit incoming requests to services based on conditions

Aeraki supports setting multiple throttling rules for services based on conditions to meet fine-grained throttling requirements, such as grouping requests by user or interface and setting different throttling rules for each group.

The matching conditions for packet current limiting are the same as those for routing. Any attribute that can be extracted from the request data packet can be used as the matching condition for the current limiting rule.

For example, the following rules set different current limiting conditions for the sayHello and ping interfaces:

  1.  apiVersion: metaprotocol.aeraki.io/v1alpha1
  2.  kind: MetaRouter
  3.  metadata:
  4.  name : test-metaprotocol-thrift-route
  5.  namespace: meta-thrift
  6.  spec:
  7.  hosts:
  8.   - thrift-sample- server.meta -thrift.svc.cluster.local  
  9.  localRateLimit:
  10.  conditions:
  11.  - match:
  12.  attributes:
  13.  method:
  14.  exact: sayHello
  15.  tokenBucket:
  16.  fillInterval: 60s
  17.  maxTokens: 10
  18.  tokensPerFill: 10
  19.  - match:
  20.  attributes:
  21.  method:
  22.  exact: ping
  23.  tokenBucket:
  24.  fillInterval: 60s
  25.  maxTokens: 100
  26.  tokensPerFill: 100

Set up traffic limiting rules by service and by condition at the same time

You can set both service-level throttling rules and conditional throttling rules at the same time. This is suitable for situations where you need to set an overall throttling rule for all requests of a service, while also setting exceptions for one or several groups of requests.

For example, the following rate limiting rule sets an overall rate limiting rule of 1000 messages per minute for the service, and sets a rate limiting condition of 100 messages per minute for the ping interface.

  1.  apiVersion: metaprotocol.aeraki.io/v1alpha1
  2.  kind: MetaRouter
  3.  metadata:
  4.  name : test-metaprotocol-thrift-route
  5.  namespace: meta-thrift
  6.  spec:
  7.  hosts:
  8.   - thrift-sample- server.meta -thrift.svc.cluster.local  
  9.  localRateLimit:
  10.  tokenBucket:
  11.  fillInterval: 60s
  12.  maxTokens: 1000
  13.  tokensPerFill: 1000
  14.  conditions:
  15.  - match:
  16.  attributes:
  17.  method:
  18.  exact: ping
  19.  tokenBucket:
  20.  fillInterval: 60s
  21.  maxTokens: 100
  22.  tokensPerFill: 100

Understanding the principles

In the configuration sent by Aeraki to the Sidecar Proxy, the MetaProtocol Proxy is set for the Listener corresponding to the service, and the local rate limit filter is set in the configuration.

Aeraki will translate the rate limiting rules configured in MetaRouter into rate limiting configurations of the local rate limit filter and send them to MetaProtocol Proxy through Aeraki.

You can view the configuration of the service's sidecar proxy with the following command:

  1.  aerakictl_sidecar_config server-v1 meta-thrift |fx

The MetaProtocol Proxy configuration in the Inbound Listener of the Thrift service is as follows:

  1.  {
  2.  "name" : "envoy.filters.network.meta_protocol_proxy" ,
  3.  "typed_config" : {
  4.  "@type" : "type.googleapis.com/udpa.type.v1.TypedStruct" ,
  5.  "type_url" : "type.googleapis.com/aeraki.meta_protocol_proxy.v1alpha.MetaProtocolProxy" ,
  6.  "value" : {
  7.  "stat_prefix" : "inbound|9090||" ,
  8.  "application_protocol" : "thrift" ,
  9.  "route_config" : {
  10.  "name" : "inbound|9090||" ,
  11.  "routes" : [
  12.  {
  13.  "route" : {
  14.  "cluster" : "inbound|9090||"  
  15.  }
  16.  }
  17.  ]
  18.  },
  19.  "codec" : {
  20.  "name" : "aeraki.meta_protocol.codec.thrift"  
  21.  },
  22.  "meta_protocol_filters" : [
  23.  {
  24.  "name" : "aeraki.meta_protocol.filters.local_ratelimit" ,
  25.  "config" : {
  26.  "@type" : "type.googleapis.com/aeraki.meta_protocol_proxy.filters.local_ratelimit.v1alpha.LocalRateLimit" ,
  27.  "stat_prefix" : "thrift-sample-server.meta-thrift.svc.cluster.local" ,
  28.  "token_bucket" : {
  29.  "max_tokens" : 2,
  30.  "tokens_per_fill" : 2,
  31.  "fill_interval" : "60s"  
  32.  }
  33.  }
  34.  },
  35.  {
  36.  "name" : "aeraki.meta_protocol.filters.router"  
  37.  }
  38.  ]
  39.  }
  40.  }
  41.  }

<<:  Interviewer: How to close a TCP connection without killing the process?

>>:  China's 5G mobile phone shipments reached 266 million in 2021, and the number of 5G terminal users is approaching 500 million

Recommend

What is the function of each layer in the computer network layered model?

1. Layering of computer networks In the computer ...

COVID accelerates interest in 5G, digital transformation, and IoT

[[409518]] The COVID-19 pandemic has accelerated ...

Three-minute review! A quick overview of 5G industry development trends in October 2021

After the rapid development in 2020, 2021 is a cr...

Canadian telecom operator Rogers shuts down its network on a large scale

According to foreign media, Rogers, one of Canada...

A story about computer network concepts: gateway, DHCP, IP addressing, ARP spoofing, routing, DDOS, etc.

What is the role of a host computer gateway? Supp...

5G needs new Wi-Fi tech to succeed, Cisco says

As the tech industry talks up 5G networks, Cisco ...

A brief analysis of Web real-time communication technology!

Web-based instant messaging The server can immedi...

Ethernet welcomes new growth: Experts' view on automotive Ethernet and AVB technology

Before discussing automotive Ethernet, let’s take...

List of the most common Internet SIM cards: Choose the right one and save a lot of money

At present, many Internet companies have joined h...

VMISS VPS 20% off, Hong Kong/Korea/Japan/Los Angeles etc. starting from 21 yuan/month, CN2 GIA/9929/CMIN2 lines available

Canadian hosting provider VMISS currently offers ...

Seven QoS best practices for monitoring cloud traffic

The recent maturation of technologies such as hig...

Wi-Fi - What's new in 6E networks? More interference testing is needed

Just like cellular standards, Wi-Fi standards are...

Justhost newly opened German data center, 200Mbps unlimited traffic starting from $3.4/month

Justhost opened a new German data center this mon...

HTTP working principle and case analysis

When you enter a web address or uniform resource ...

Ruijie campus switching and wireless technologies lead the education industry; Ethernet color optical technology promotes innovation in education networks

IDC report shows that in the first half of 2024, ...