Rootconf 2018
Rootconf
Rootconf

Rootconf 2018

On scaling infrastructure and operations

All submissions
This submission has been added to the schedule

Powered by VideoKen

Aditya Patawari

Aditya Patawari

@adityapatawari

Throttling requests before they hit your application

Submitted Mar 15, 2018

Section: Crisp Talk Technical level: Intermediate

Most APIs get abused by users, sometimes intentionally, sometimes by mistake. If we throttle requests in the app, we waste precious resources of the app which should have been used to serve legitimate traffic. In this talk we will figure out a way to throttle traffic before it hits the application.

Outline

  • how do you throttle?
  • using middleware? but by then request has already hit your app.
  • if you are on aws, you can use WAF but that will only limit per 5 minutes and will base it on IP.
  • Let us think of an open and portable alternative. How about nginx?
  • Nginx can rate limit for us. A dumb solution, but it can help avoid spikes. We can rate limit based on IPs, user names and lots of other parameters.
  • But we can only put a single limit per parameter. We need it to be smarter.
  • Nginx supports Lua. Can we use it?
  • Enter OpenResty, the Nginx bundle pre-complied with Lua from by folks at cloudflare.
  • Let us add redis in the mix and push user info there.
  • More money, more API requests. We will be rich!!
  • each user will get a fixed number of tokens every minute. Once the tokens are finished, they can’t use the API anymore.
  • API gets rejected by Nginx itself, so no need to bother app about it.
  • Benchmark.

Requirements

Basic knowledge of what is an API and knowledge of Nginx can be used to proxy_pass. No in-depth knowledge is required.

Speaker bio

Aditya Patawari is a consultant specializing in cloud management, infrastructure management and container technologies. He has helped several organizations in setting up and managing their infrastructure.
He has given talks and workshops on containers and related technolgies in India and abroad (including Rootconf, FOSDEM, Flock and FUDCon). He is a contributor to Kubernetes project and to Fedora Project.

Slides

https://docs.google.com/presentation/d/1MhmbolZz8IeCebON1SOtFzF2rLjWAvvfzmpAS3dLLfE/edit?usp=sharing

All submissions

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Register

Hosted by

Rootconf
Rootconf
We care about site reliability, cloud costs, security and data privacy