Ratelimit plugin not working as expected - kong 1.4 #5311

ghost · 2019-12-08T16:58:20Z

Summary

I have configured rate-limit plugin with key-auth. 5 req/sec is working fine if requests are more then 50 per seconds its not detecting. i have tried out with cluster/local/redis policy.

SUMMARY_GOES_HERE

Steps To Reproduce

kong 1.4 . cassandra backend. deploy on kubernets

enable key-auth plugin
enable rate limit plugin with 5 req/sec
try with apache benchmark ab -c 100 -n 1000
check live kong logs

Additional Details & Logs

Kong version ($ kong version) v1.4
Kong debug-level startup logs ($ kong start --vv)
Kong error logs (<KONG_PREFIX>/logs/error.log)
Kong configuration (the output of a GET request to Kong's Admin port - see
https://docs.konghq.com/latest/admin-api/#retrieve-node-information)
Operating system

The text was updated successfully, but these errors were encountered:

bungle · 2019-12-09T17:11:13Z

Currently rate-limiting is counted async, the function is created here on access phase:
https://github.com/Kong/kong/blob/master/kong/plugins/rate-limiting/handler.lua#L130-L135

And it is executed here on log phase:
https://github.com/Kong/kong/blob/master/kong/plugins/rate-limiting/handler.lua#L148-L150

bungle · 2019-12-09T17:24:05Z

I think on high load, the timer that is executed on log is not executed as fast as new requests are proxied. This has potential good and bad sides. Good sides is that if we increase the counters after request we can increase counters only when we actually proxied. Bad side of it being that we are possibly going to proxy some requests before the rate-limit is effective. Good side of this is that we also add little latency to request itself. Having fully up-to-date rate-limiting requires making db requests for both get usage and increase counters run on access and make request to wait on both. Perhaps it should be done like that. increasing counters has always been a timer, but on originally it was executed on access instead of log.

bungle · 2019-12-09T17:32:30Z

On Kong Enterprise we have this (which does not run timers on each request):
https://docs.konghq.com/hub/kong-inc/rate-limiting-advanced/

bungle · 2020-01-16T23:25:16Z

@jogendrajangid1, would you like to try: #5460, and give feedback?

### Summary Context: - starting `timers` on busy servers on each request will just move the load elsewhere - there is little change that upstream sets rate-limiting headers, so we can just set them on access So this PR removes timers and all the phase handlers except `access` from rate-limiting plugin. Yes, it might add some latency to request, but on a bright side we have more accurate rate-limits. ### Issues Resolved This might fix #5311

### Summary Context: - starting `timers` on busy servers on each request will just move the load elsewhere - there is little change that upstream sets rate-limiting headers, so we can just set them on access So this PR removes timers and all the phase handlers except `access` from rate-limiting plugin. Yes, it might add some latency to request, but on a bright side we have more accurate rate-limits. This PR does change the rate-limiting consistency mode. ### Issues Resolved This might fix #5311

### Summary Context: - starting `timers` on busy servers on each request will just move the load elsewhere - there is little change that upstream sets rate-limiting headers, so we can just set them on access So this PR removes timers and all the phase handlers except `access` from rate-limiting plugin. Yes, it might add some latency to request, but on a bright side we have more accurate rate-limits. This PR does change the rate-limiting consistency mode. ### Issues Resolved This might fix Kong#5311

### Summary Context: - starting `timers` on busy servers on each request will just move the load elsewhere - there is little change that upstream sets rate-limiting headers, so we can just set them on access So this PR removes timers and all the phase handlers except `access` from rate-limiting plugin. Yes, it might add some latency to request, but on a bright side we have more accurate rate-limits. This PR does change the rate-limiting consistency mode. ### Issues Resolved This might fix #5311

perjerz · 2020-12-19T10:04:30Z

On Kong Enterprise we have this (which does not run timers on each request):
https://docs.konghq.com/hub/kong-inc/rate-limiting-advanced/

We have to buy Kong Enterprise to use it right?

### Summary Context: - starting `timers` on busy servers on each request will just move the load elsewhere - there is little change that upstream sets rate-limiting headers, so we can just set them on access So this PR removes timers and all the phase handlers except `access` from rate-limiting plugin. Yes, it might add some latency to request, but on a bright side we have more accurate rate-limits. This PR does change the rate-limiting consistency mode. ### Issues Resolved This might fix #5311

### Summary The PR #5460 tried to fix rate-limiting accuracy issues as reported with #5311. That PR has stayed open for over a year now. There is a smaller change in that PR that we can make without a lot of work or debating, and this PR contains that only: 1. it removes extra phase handlers and context passing of data and now does everything in `access` phase (this could make it more accurate as well, compared to post-poning that to log phase) 2. it now also sets rate-limiting headers when the limits have exceeded

…#6802) ### Summary The PR #5460 tried to fix rate-limiting accuracy issues as reported with #5311. That PR has stayed open for over a year now. There is a smaller change in that PR that we can make without a lot of work or debating, and this PR contains that only: 1. it removes extra phase handlers and context passing of data and now does everything in `access` phase (this could make it more accurate as well, compared to post-poning that to log phase) 2. it now also sets rate-limiting headers when the limits have exceeded

giovanibrioni · 2021-09-10T17:19:43Z

@jogendrajangid1 you can reproduce your scenario with the version of PR: #7831 that will work

hbagdi · 2023-04-05T20:55:39Z

Kong 1.4 came out in October 2019 and is not longer supported.
Please try a 3.x version and open a new issue if needed.

it is same fix made in PR #8227, but I remove sliding-window feature. Kong have no plans to add a sliding window to this plugin, Sliding window is an enterprise-only feature at this point

hishamhm added the task/needs-investigation Requires investigation and reproduction before classifying it as a bug or not. label Dec 9, 2019

bungle mentioned this issue Jan 16, 2020

feat(rate-limiting) remove timer and phase handlers #5460

Closed

vasuharish mentioned this issue Apr 17, 2020

Rate limiting not working while performing parallel connection #5790

Closed

kikito added plugins/rate-limiting plugins/response-ratelimiting labels Nov 24, 2020

bungle mentioned this issue Feb 3, 2021

fix(rate-limiting) remove unneeded phase handlers for better accuracy #6802

Merged

giovanibrioni mentioned this issue Sep 10, 2021

fix(rate-limiting) removes race condition(redis) for better accuracy #7831

Closed

giovanibrioni mentioned this issue Dec 22, 2021

fix(rate-limiting) removes race condition(redis) for better accuracy #8227

Closed

giovanibrioni added a commit to giovanibrioni/kong that referenced this issue Apr 15, 2022

fix rate-limiting accuracy reported on issue: Kong#5311

66fbaba

giovanibrioni mentioned this issue Mar 25, 2023

fix(plugin/rate-limiting): use redis:eval() to improve rate-limiting accuracy #10559

Merged

2 tasks

hbagdi closed this as completed Apr 5, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ratelimit plugin not working as expected - kong 1.4 #5311

Ratelimit plugin not working as expected - kong 1.4 #5311

ghost commented Dec 8, 2019

bungle commented Dec 9, 2019

bungle commented Dec 9, 2019 •

edited

Loading

bungle commented Dec 9, 2019 •

edited

Loading

bungle commented Jan 16, 2020

perjerz commented Dec 19, 2020 •

edited

Loading

giovanibrioni commented Sep 10, 2021

hbagdi commented Apr 5, 2023

Ratelimit plugin not working as expected - kong 1.4 #5311

Ratelimit plugin not working as expected - kong 1.4 #5311

Comments

ghost commented Dec 8, 2019

Summary

Steps To Reproduce

Additional Details & Logs

bungle commented Dec 9, 2019

bungle commented Dec 9, 2019 • edited Loading

bungle commented Dec 9, 2019 • edited Loading

bungle commented Jan 16, 2020

perjerz commented Dec 19, 2020 • edited Loading

giovanibrioni commented Sep 10, 2021

hbagdi commented Apr 5, 2023

bungle commented Dec 9, 2019 •

edited

Loading

bungle commented Dec 9, 2019 •

edited

Loading

perjerz commented Dec 19, 2020 •

edited

Loading