A simple sliding window , fixed rate rate limiting implementation supporting flexible second and minute window sizes This is an implementation of the idea presented here
- Simple algorithm for rate limiting at scale
- Supports Global Rate Limiting
- The Rate Limiter applies a consistent rate limit to incoming requests regardless of which instance of Rate Limter processes the request.
- This is accomplished by sharing the state using a backing store (There is out of box support for memcached)
- Low memory and network overhead.
- Keeps two counters (32 bit integers)
- Two contention-free network calls (Fetch and Increment)
- Assume that we want to limit our requests to 100 Requests per Minute (rpm)
- Say a request arrives at Minute 23, Second 40 (23:40)
- If within the window Minute 22, Second 40 (22:40) --> Window Minute 23, Second 40 (23:40), total requests made is < 100, then this request should be allowed
- How do we know the total requests made in that window?
- This is the clever part-
- We count requests per minute window (0-1, 1-2, 2-3 and so on)
- That means we have the number of requests made from Minute 23:00 -- Minute 23:40. Say it was 50
- Since we are counting requests per minute window then we have Minute 22:00 -- Minute 23:00 total count as well. Say it was 90.
- If we assumed that the requests were made at fixed rate then, from Minute 22:40 -- Minute 23:00, a duration of 20 seconds, the window would consume
90 * (20/60)i.e. 30. - Hence the total count in the window 22:40 - 23:40 ~= 30+50. So we are below the limit of 100 and the request should be allowed
The rate limiter supports window size of 1-30 seconds and 1-30 minutes. This allows both granular (persecond for example) rate limiting as well as broad window like 30 minutes. Usage is explained below -
//Create a ratelimiter which will allow 10000 requests per minute
rateLimiter := PerMinute(10000)
/* Choose a store for counters, There are two OOTB, Memcached and local.
* local is an In-Memory map, to be used only for testing. For production use Memcached. Its proven to work at scale.
* Below is an example for using local memcached as backing counter store.
* In production, you would likely use a cluster or something like AWS Elasticache
*/
rateLimiter.Store = &memcached.CounterStore{Client: memcache.New("127.0.0.1:11211")}
//Now ratelimiter is ready to use
client:=Client("someKey") //UserID, ApplicationID, IP etc.
allowed :=rateLimiter.Allow(client)
/* Or Use AllowWithStats() which returns all stats based on which allow/deny flag was set by the rate limiter
* Callers can examine stats like percentage window used etc.
*/
stats :=ratelimiter.AllowWithStats(client)
//If you print stats struct, you would get a JSON representatino like below
{"FormattedWindowTime":"H 10 M 54 S 10 MS 754","CurrentWindowIndex":54,"CurrentCounter":51,"PreviousWindowIndex":53,"PreviousWindowUsedPercent":0.8333333,"PreviousWindowUseCount":0,"RollingCounter":51,"Allow":false}
//N=15, A rate limiter with 15 minute window thershold instead of 1
rateLimiter := PerNMinute(threshold,15)
//rest of the usage remains same as per-minute
//N=15, A rate limiter with 15 second window thershold
rateLimiter := PerNSecond(threshold,15)
//rest of the usage remains same ..