consul/website/content/docs/agent/limits/set-global-traffic-rate-lim...

115 lines
3.4 KiB
Markdown

---
layout: docs
page_title: Set a Global Limit on Traffic Rates
description: Use global rate limits to prevent excessive rates of requests to Consul servers.
---
# Set a global limit on traffic rates
This topic describes how to configure rate limits for RPC and gRPC traffic to the Consul server.
## Introduction
Rate limits apply to each Consul server separately and limit the number of read requests or write requests to the server on the RPC and internal gRPC endpoints.
Because all requests coming to a Consul server eventually perform an RPC or an internal gRPC request, global rate limits apply to Consul's user interfaces, such as the HTTP API interface, the CLI, and the external gRPC endpoint for services in the service mesh.
Refer to [Initialize Rate Limit Settings]() for additional information about right-sizing your gRPC request configurations.
## Set a global rate limit for a Consul server
Configure the following settings in your Consul server configuration to limit the RPC and gRPC traffic rates.
- Set the rate limiter [`mode`](/consul/docs/agent/config/config-files#mode-1)
- Set the [`read_rate`](/consul/docs/agent/config/config-files#read_rate)
- Set the [`write_rate`](/consul/docs/agent/config/config-files#write_rate)
In the following example, the Consul server is configured to prevent more than `500` read and `200` write RPC calls:
<CodeTabs heading="Consul server agent">
```hcl
limits = {
rate_limit = {
mode = "enforcing"
read_rate = 500
write_rate = 200
}
}
```
```json
{
"limits" : {
"rate_limit" : {
"mode" : "enforcing",
"read_rate" : 500,
"write_rate" : 200
}
}
}
```
</CodeTabs>
## Access rate limit logs
Consul prints a log line for each rate limit request. The log includes information to identify the source of the request and the server's configured limit. Consul prints to `DEBUG` log level, and can be configured to drop log lines to avoid affecting the server health. Dropping a log line increments the `rpc.rate_limit.log_dropped` metric.
The following example log shows that RPC request from `127.0.0.1:53562` to `KVS.Apply` exceeded the rate limit:
<CodeBlockConfig hideClipboard>
```shell-session
2023-02-17T10:01:15.565-0500 [DEBUG] agent.server.rpc-rate-limit: RPC
exceeded allowed rate limit: rpc=KVS.Apply source_addr=127.0.0.1:53562
limit_type=global/write limit_enforced=false
```
</CodeBlockConfig>
## Review rate limit metrics
Consul captures the following metrics associated with rate limits:
- Type of limit
- Operation
- Rate limit mode
Call the `agent/metrics` API endpoint to view the metrics associated with rate limits. Refer to [View Metrics](/consul/api-docs/agent#view-metrics) for API usage information.
In the following example, Consul dropped a call to the `consul` service because it exceeded the limit by one call:
```shell-session
$ curl http://127.0.0.1:8500/v1/agent/metrics
{
. . .
"Counters": [
{
"Name": "consul.rpc.rate_limit.exceeded",
"Count": 1,
"Sum": 1,
"Min": 1,
"Max": 1,
"Mean": 1,
"Stddev": 0,
"Labels": {
"service": "consul"
}
},
{
"Name": "consul.rpc.rate_limit.log_dropped",
"Count": 1,
"Sum": 1,
"Min": 1,
"Max": 1,
"Mean": 1,
"Stddev": 0,
"Labels": {}
}
],
. . .
```
Refer to [Telemetry](/consul/docs/agent/telemetry) for additional information.