consul/website/content/docs/connect/manage-traffic/limit-request-rates.mdx

79 lines
6.3 KiB
Markdown

---
layout: docs
page_title: Limit request rates to services in the mesh
description: Learn how to limit the rate of requests to services in a Consul service mesh. Rate limits on requests improves network resilience and availability
---
# Limit request rates to services in the mesh
This topic describes how to configure Consul to limit the request rate to services in the mesh.
<EnterpriseAlert> This feature is available in Consul Enterprise. </EnterpriseAlert>
## Introduction
Consul allows you to configure settings to limit the rate of HTTP requests a service receives from sources in the mesh. Limiting request rates is one strategy for building a resilient and highly-available network.
Consul applies rate limits per service instance. As an example, if you specify a rate limit of 100 requests per second (RPS) for a service and five instances of the service are available, the service accepts a total of 500 RPS, which equals 100 RPS per instance.
You can limit request rates for all traffic to a service, as well as set rate limits for specific URL paths on a service. When multiple rate limits are configured on a service, Consul applies the limit configured for the first matching path. As a result, the maximum RPS for a service is equal to the number of service instances deployed for a service multiplied by either the rate limit configured for that service or the rate limit for the path.
## Requirements
Consul Enterprise v1.17.0 or later
## Limit request rates to a service on all paths
Specify request rate limits in the service defaults configuration entry. Create or edit the existing service defaults configuration entry for your service and specify the following fields:
<Tabs>
<Tab heading="VMs" group="vms">
1. `RateLimits.InstanceLevel.RequestPerSecond`: Set an average number of requests per second that Consul should allow to the service. The number of requests may momentarily exceed this value up to the value specified in the `RequestsMaxBurst` parameter, but Consul temporarily lowers the speed of the transactions.
1. `RateLimits.InstanceLevel.RequestsMaxBurst`: Set the maximum number of concurrent requests that Consul momentarily allows to the service. Consul blocks any additional requests over this limit.
</Tab>
<Tab heading="Kubernetes" group="k8s">
1. `spec.rateLimits.instanceLevel.requestPerSecond`: Set an average number of requests per second that Consul should allow to the service. The number of requests may momentarily exceed this value up to the value specified in the `requestsMaxBurst` parameter, but Consul temporarily lowers the speed of the transactions.
1. `spec.rateLimits.instanceLevel.requestsMaxBurst`: Set the maximum number of concurrent requests that Consul momentarily allows to the service. Consul blocks any additional requests over this limit.
</Tab>
</Tabs>
Refer to the [service defaults configuration entry reference](/consul/docs/connect/config-entries/service-defaults) for additional specifications and example configurations.
## Specify request rate limits for specific paths
Specify request rate limits in the service defaults configuration entry. Create or edit the existing service defaults configuration entry for your service and configure the following parameters:
<Tabs>
<Tab heading="VMs" group="vms">
1. Add a `RateLimits.InstanceLevel.Routes` block to the configuration entry. The block contains the limits and matching criteria for determining which paths to set limits on.
1. In the `Routes` block, configure one of the following match criteria to determine which path to set the limits on:
- `PathExact`: Specifies the exact path to match on the request path.
- `PathPrefix`: Specifies the path prefix to match on the request path.
- `PathRegex`: Specifies a regular expression to match on the request path.
1. Configure the limits you want to enforce in the `Routes` block as well. You can configure the following parameters:
- `RequestsPerSecond`: Set an average number of requests per second that Consul should allow to the service through the matching path. The number of requests may momentarily exceed this value up to the value specified in the `RequestsMaxBurst` parameter, but Consul temporarily lowers the speed of the transactions. This configuration overrides the value specified in `RateLimits.InstanceLevel.RequestPerSecond` field of the configuration entry.
- `RequestsMaxBurst`: Set the maximum number of concurrent requests that Consul momentarily allows to the service through the matching path. Consul blocks any additional requests over this limit. This configuration overrides the value specified in `RateLimits.InstanceLevel.RequestsMaxBurst` field of the configuration entry.
</Tab>
<Tab heading="Kubernetes" group="k8s">
1. Add a `spec.rateLimits.instanceLevel.routes` block to the configuration entry. The block contains the limits and matching criteria for determining which paths to set limits on.
1. In the `routes` block, configure one of the following match criteria for enabling Consul to determine which path to set the limits on:
- `pathExact`: Specifies the exact path to match on the request path. When using this field.
- `pathPrefix`: Specifies the path prefix to match on the request path.
- `pathRegex`: Specifies a regular expression to match on the request path.
1. Configure the limits you want to enforce in the `routes` block as well. You can configure the following parameters:
- `requestsPerSecond`: Set an average number of requests per second that Consul should allow to the service through the matching path. The number of requests may momentarily exceed this value up to the value specified in the `requestsMaxBurst` parameter, but Consul temporarily lowers the speed of the transactions. This configuration overrides the value specified in `spec.rateLimits.instanceLevel.requestPerSecond` field of the CRD.
- `requestsMaxBurst`: Set the maximum number of concurrent requests that Consul momentarily allows to the service through the matching path. Consul blocks any additional requests over this limit. This configuration overrides the value specified in `spec.rateLimits.instanceLevel.requestsMaxBurst` field of the CRD.
</Tab>
</Tabs>
Refer to the [service defaults configuration entry reference](/consul/docs/connect/config-entries/service-defaults) for additional specifications and example configurations.