Rate Limiter

· Rate Limiter?
· Token Bucket implementation in Java
· Fixed size rate limiter implemented using Redis
· Distributed Rate limiter
∘ Where to place RL service?
∘ How to integrate rate limiting service
∘ Functional Requirement
∘ Back of the envelope memory calculation
· Redis with Lua scripting

Rate Limiter?

• First line of defense
• Any incoming request is first consulted against rate limiter
• if we are under limits, go through otherwise, reject with error (429)

Token Bucket implementation in Java

Fixed size rate limiter implemented using Redis

Source — https://youtu.be/gVVDo2h6DwA?si=qp8LQkLHYOZrTx6q

Distributed Rate limiter

Where to place RL service?

How to integrate rate limiting service

https://youtu.be/FU4WlwfS3G0?si=srl-p1GbUEmYfwHm

Functional Requirement

• client can send a limited number of requests to a server within a window
• client should get an error message if the defined threshold limit of request is crossed for a server single server or across different combinations of servers.

Non-Functional Requirements:

1. The system should be highly available since it protects our service from external attacks.
2. Performance is an important factor for any system. So, we need to be careful that rate limiter service should not add substantial latencies to the system.

Back of the envelope memory calculation

• key value pair

key is userid/ip address

value is timestamp+count

Relational DB vs In Memory cache time

RateLimitingExample/app.py at fixed_bucket · maguec/RateLimitingExample

Source — https://youtu.be/CRGPbCbRTHA?si=wgF5gwZYomoshauJ

RateLimitingExample/app.py at sliding_window · maguec/RateLimitingExample

Source — https://youtu.be/CRGPbCbRTHA?si=ujMyRDymjbwHVnP8

Redis with Lua scripting

* simple and good article

Distributed Rate Limiting using Redis and Lua