EnvoyFilter LocalRateLimit with actions and descriptors does not work as expected #37282
Labels
Comments
Open
2 tasks
|
Seems like I found out the root cause of this issue: The global bucket is used FIRSTIf a request for a certain bucket exhausts the GLOBAL bucket then this request will be throttled regardless of the bucket configuration that request belongs to! |
|
cc @wbpcode |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there!
I am trying to create the local rate limit and seems this does not work as expected.
My idea is to have several usage plans and a common limit.
Usage plans are based on the header
X-USAGE-PLAN: basicorX-USAGE-PLAN: proandX-USAGE-PLAN: enterpriseThis is the current Envoy configuration
Envoy config
{ "name": "envoy.filters.network.http_connection_manager", "typedConfig": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", "statPrefix": "inbound_0.0.0.0_8080;", "routeConfig": { "name": "inbound|8080||", "virtualHosts": [ { "name": "inbound|http|8000", "domains": [ "*" ], "routes": [ { "name": "default", "match": { "prefix": "/" }, "route": { "cluster": "inbound|8080||", "timeout": "0s", "maxStreamDuration": { "maxStreamDuration": "0s", "grpcTimeoutHeaderMax": "0s" } }, "decorator": { "operation": "httpbin.httpbin.svc.cluster.local:8000/*" } } ], "rateLimits": [ { "actions": [ { "requestHeaders": { "headerName": "X-USAGE-PLAN", "descriptorKey": "header-rate-limit" } } ] } ] } ], "validateClusters": false }, "httpFilters": [ { "name": "envoy.filters.http.local_ratelimit", "typedConfig": { "@type": "type.googleapis.com/udpa.type.v1.TypedStruct", "typeUrl": "type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit", "value": { "descriptors": [ { "entries": [ { "key": "header-rate-limit", "value": "basic" } ], "token_bucket": { "fill_interval": "30s", "max_tokens": 5, "tokens_per_fill": 5 } }, { "entries": [ { "key": "header-rate-limit", "value": "pro" } ], "token_bucket": { "fill_interval": "30s", "max_tokens": 10, "tokens_per_fill": 5 } }, { "entries": [ { "key": "header-rate-limit", "value": "enterprise" } ], "token_bucket": { "fill_interval": "30s", "max_tokens": 50000, "tokens_per_fill": 50000 } } ], "filter_enabled": { "default_value": { "numerator": 100 }, "runtime_key": "local_rate_limit_enabled" }, "filter_enforced": { "default_value": { "numerator": 100 }, "runtime_key": "local_rate_limit_enforced" }, "response_headers_to_add": [ { "header": { "key": "x-rate-limited", "value": "TOO_MANY_REQUESTS" } } ], "stat_prefix": "http_local_rate_limiter", "status": { "code": "TooManyRequests" }, "token_bucket": { "fill_interval": "30s", "max_tokens": 1, "tokens_per_fill": 1 } } } },The issue is:
Currently, only a common bucket does work. Whether I send requests with special headers or not they are throttled by a common bucket.
Seems the buckets for certain headers do not work
How it looks
Console output
I configured the metrics for
http.and the metricincreased each time I sent a request
Envoy version
The text was updated successfully, but these errors were encountered: