Aeraki Series: How to set local rate limiting rules

Aeraki Series: How to set local rate limiting rules

Aeraki can help you manage any Layer 7 protocol in a service mesh. Currently, Aeraki already supports open source protocols such as Dubbo, Thrit, and Redis. You can also use Aeraki's MetaProtocol protocol extension framework to manage Layer 7 traffic for private protocols.

This series of tutorials will introduce how to use Aeraki to provide seven-layer traffic routing, local flow control, and global flow control for services using protocols such as Dubbo and Thrift in a service mesh, as well as how to quickly develop a custom protocol based on the Aeraki Protocol and manage services using custom protocols in the Istio service mesh.

This tutorial describes how to use the MetaRouter CRD resource provided by Areaaki to set local throttling rules for application protocols developed based on MetaProtocol.

Installing the Sample Program

If you haven't installed the sample application yet, refer to the Quick Start guide to install Aeraki, Istio, and the sample application.

After the installation is complete, you can see that the following two NSs are added to the cluster. The two NSs are installed with sample programs for Dubbo and Thrift protocols based on MetaProtocol. You can choose any program for testing.

  1.  ➜ ~ kubectl get ns|grep meta
  2.  meta-dubbo Active 16m
  3.  meta-thrift Active 16m

Aeraki's throttling rules are designed to be intuitive and flexible, supporting both throttling of all incoming requests to a service and fine-grained throttling of requests to a server based on different conditions.

Limit all incoming requests to the service

  1.  kubectl apply -f- <<EOF
  2.  apiVersion: metaprotocol.aeraki.io/v1alpha1
  3.  kind: MetaRouter
  4.  metadata:
  5.  name : test-metaprotocol-thrift-route
  6.  namespace: meta-thrift
  7.  spec:
  8.  hosts:
  9.   - thrift-sample-server.meta-thrift.svc.cluster. local  
  10.  localRateLimit:
  11.  tokenBucket:
  12.  fillInterval: 60s
  13.  maxTokens: 2
  14.  tokensPerFill: 2
  15.  EOF

Note: Because local throttling is processed on a service instance, when a service has multiple instances, the actual throttling effect is the throttling number multiplied by the number of instances.

Use the aerakictl command to view the client's application logs. You can see that the client can only successfully execute 4 requests per minute (there are two service instances, and each service instance is limited to 2 requests per minute):

  1.  ➜ ~ aerakictl_app_log client meta-thrift -f --tail 10  
  2.  Hello Aeraki, response from thrift-sample-server-v1-5c8476684-842l6/172.17.0.40
  3.  Hello Aeraki, response from thrift-sample-server-v2-6d5bcc885-hpx7n/172.17.0.41
  4.  Hello Aeraki, response from thrift-sample-server-v1-5c8476684-842l6/172.17.0.40
  5.  Hello Aeraki, response from thrift-sample-server-v2-6d5bcc885-hpx7n/172.17.0.41
  6.  org.apache.thrift.TApplicationException: meta protocol local rate limit: request '5' has been rate limited
  7.  at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:79)
  8.  at org.aeraki.HelloService$Client.recv_sayHello(HelloService.java:61)
  9.  at org.aeraki.HelloService$Client.sayHello(HelloService.java:48)
  10.  at org.aeraki.HelloClient.main(HelloClient.java:44)
  11.  Connected to thrift-sample-server
  12.  org.apache.thrift.TApplicationException: meta protocol local rate limit: request '1' has been rate limited
  13.  ...

Limit incoming requests to services based on conditions

Aeraki supports setting multiple throttling rules for services based on conditions to meet fine-grained throttling requirements, such as grouping requests by user or interface and setting different throttling rules for each group.

The matching conditions for packet current limiting are the same as those for routing. Any attribute that can be extracted from the request data packet can be used as the matching condition for the current limiting rule.

For example, the following rules set different current limiting conditions for the sayHello and ping interfaces:

  1.  apiVersion: metaprotocol.aeraki.io/v1alpha1
  2.  kind: MetaRouter
  3.  metadata:
  4.  name : test-metaprotocol-thrift-route
  5.  namespace: meta-thrift
  6.  spec:
  7.  hosts:
  8.   - thrift-sample- server.meta -thrift.svc.cluster.local  
  9.  localRateLimit:
  10.  conditions:
  11.  - match:
  12.  attributes:
  13.  method:
  14.  exact: sayHello
  15.  tokenBucket:
  16.  fillInterval: 60s
  17.  maxTokens: 10
  18.  tokensPerFill: 10
  19.  - match:
  20.  attributes:
  21.  method:
  22.  exact: ping
  23.  tokenBucket:
  24.  fillInterval: 60s
  25.  maxTokens: 100
  26.  tokensPerFill: 100

Set up traffic limiting rules by service and by condition at the same time

You can set both service-level throttling rules and conditional throttling rules at the same time. This is suitable for situations where you need to set an overall throttling rule for all requests of a service, while also setting exceptions for one or several groups of requests.

For example, the following rate limiting rule sets an overall rate limiting rule of 1000 messages per minute for the service, and sets a rate limiting condition of 100 messages per minute for the ping interface.

  1.  apiVersion: metaprotocol.aeraki.io/v1alpha1
  2.  kind: MetaRouter
  3.  metadata:
  4.  name : test-metaprotocol-thrift-route
  5.  namespace: meta-thrift
  6.  spec:
  7.  hosts:
  8.   - thrift-sample- server.meta -thrift.svc.cluster.local  
  9.  localRateLimit:
  10.  tokenBucket:
  11.  fillInterval: 60s
  12.  maxTokens: 1000
  13.  tokensPerFill: 1000
  14.  conditions:
  15.  - match:
  16.  attributes:
  17.  method:
  18.  exact: ping
  19.  tokenBucket:
  20.  fillInterval: 60s
  21.  maxTokens: 100
  22.  tokensPerFill: 100

Understanding the principles

In the configuration sent by Aeraki to the Sidecar Proxy, the MetaProtocol Proxy is set for the Listener corresponding to the service, and the local rate limit filter is set in the configuration.

Aeraki will translate the rate limiting rules configured in MetaRouter into rate limiting configurations of the local rate limit filter and send them to MetaProtocol Proxy through Aeraki.

You can view the configuration of the service's sidecar proxy with the following command:

  1.  aerakictl_sidecar_config server-v1 meta-thrift |fx

The MetaProtocol Proxy configuration in the Inbound Listener of the Thrift service is as follows:

  1.  {
  2.  "name" : "envoy.filters.network.meta_protocol_proxy" ,
  3.  "typed_config" : {
  4.  "@type" : "type.googleapis.com/udpa.type.v1.TypedStruct" ,
  5.  "type_url" : "type.googleapis.com/aeraki.meta_protocol_proxy.v1alpha.MetaProtocolProxy" ,
  6.  "value" : {
  7.  "stat_prefix" : "inbound|9090||" ,
  8.  "application_protocol" : "thrift" ,
  9.  "route_config" : {
  10.  "name" : "inbound|9090||" ,
  11.  "routes" : [
  12.  {
  13.  "route" : {
  14.  "cluster" : "inbound|9090||"  
  15.  }
  16.  }
  17.  ]
  18.  },
  19.  "codec" : {
  20.  "name" : "aeraki.meta_protocol.codec.thrift"  
  21.  },
  22.  "meta_protocol_filters" : [
  23.  {
  24.  "name" : "aeraki.meta_protocol.filters.local_ratelimit" ,
  25.  "config" : {
  26.  "@type" : "type.googleapis.com/aeraki.meta_protocol_proxy.filters.local_ratelimit.v1alpha.LocalRateLimit" ,
  27.  "stat_prefix" : "thrift-sample-server.meta-thrift.svc.cluster.local" ,
  28.  "token_bucket" : {
  29.  "max_tokens" : 2,
  30.  "tokens_per_fill" : 2,
  31.  "fill_interval" : "60s"  
  32.  }
  33.  }
  34.  },
  35.  {
  36.  "name" : "aeraki.meta_protocol.filters.router"  
  37.  }
  38.  ]
  39.  }
  40.  }
  41.  }

<<:  Interviewer: How to close a TCP connection without killing the process?

>>:  China's 5G mobile phone shipments reached 266 million in 2021, and the number of 5G terminal users is approaching 500 million

Recommend

Exploration and practice of full-link grayscale solution based on Istio

background Under the microservice software archit...

20 pictures to thoroughly understand the principles of HTTPS!

[[355627]] Preface In recent years, major compani...

The transformation path of communication engineers in the 5G era

[[263696]] The 5G era is an era of great integrat...

5G may disappoint consumers because it has no other advantages except fast speed

Less than four years after the issuance of 4G lic...

IPv6 just increases the number of addresses? In fact, the truth is not that simple!

On October 20, at the 6th World Internet Conferen...

Six ways 5G can save the global supply chain

5G enables real-time data at the point of origin,...

LowEndTalk (LEB) 2020 Low-End VPS Voting Ranking

A few years ago, LET often carried out voting act...

QuickPacket: $69/month - E5-2683v4 CPU, 64G memory, 1TB or 500G SSD, 50TB monthly traffic, Los Angeles data center

I searched and found that the last information ab...

What is holding women back from becoming programmers?

Ding Ling, a modern Chinese feminist writer, publ...

CloudCone Los Angeles SSD VPS Flash Sale $19.38/year - 1GB/30GB SSD/1TB monthly traffic

CloudCone launched the SSD VPS Flash Sale yesterd...

10 SD-WAN projects to watch

[[323303]] GlobalConnect | Versa Networks GlobalC...

What is Power over Ethernet (PoE) and what are its benefits?

Power over Ethernet (PoE) is a technology that tr...

Huawei HC releases AIOps series cloud services to enable intelligent transformation of new infrastructure operations and maintenance

[51CTO.com original article] On September 25, 202...

POTN: The Future of Optical Transport Networks

Packet Optical Transport Network (POTN) is a rapi...

How to get out of the maze of mixed network management

When people are walking on a broad road, the road...