Ocelot icon indicating copy to clipboard operation
Ocelot copied to clipboard

Published 20 hours ago verified publisher icon ThreeMammals

Rate Limiting works incorrectly if PeriodTimespan value is greater than Period

Open sergio-str opened this issue 2 years ago • 10 comments

Expected Behavior

Rate Limiting works as documented for such parameter values: Period: 1 second PeriodTimeSpan: 30 seconds Limit: 100

Scenario: Request flow, 10-20 requests per sec, should be allowed.

Status: not equal to 429

Actual Behavior / Motivation for New Feature

With the same parameter values from Expected Behavior Ocelot returns status 429 aka "Rate limit exceeded". It seems this issue caused by code in RateLimitCore.cs lines 35-43

// entry has not expired
if (entry.Value.Timestamp + TimeSpan.FromSeconds(rule.PeriodTimespan) >= DateTime.UtcNow)
{
    // increment request count
    var totalRequests = entry.Value.TotalRequests + 1;

    // deep copy
    counter = new RateLimitCounter(entry.Value.Timestamp, totalRequests);
}

Ocelot increments request counter if request has been received in interval [FirstRequestTime : FirstRequestTime + PeriodTimeSpan] According to the documentation counter should be incremented if request is in interval [FirstRequestTime : FirstRequestTime + Period].

Steps to Reproduce the Problem

  1. Set Rate Limiting configuration parameters:
  • Period: 1 second
  • PeriodTimeSpan: 30 seconds
  • Limit: 100
  1. Generate a consequent request flow (10-20 requests per second) for more than 12 seconds
  2. Ensure Ocelot returns status 429

Specifications

  • Ocelot Version: Latest, 19.0.2
  • Feature: Rate Limiting

sergio-str avatar Jul 28 '22 07:07 sergio-str

Hi Sergii!

Do not you mind if we collaborate on the issue description first?

raman-m avatar May 11 '23 13:05 raman-m

Check the issue Title please! Is this title correct?

raman-m avatar May 11 '23 13:05 raman-m

Sergii, I've changed Expected Behavior description. Could you confirm it's correct please? I need to know we are on the same page.

raman-m avatar May 11 '23 13:05 raman-m

I think yes. But give me a little time, please, to dive into the context. Also I apologize for inacurate title.

sergio-str avatar May 11 '23 14:05 sergio-str

So, bug description has been changed and updated. Could you review it plz?

raman-m avatar May 11 '23 14:05 raman-m

@sergio-str Hi Sergii! Do you accept current description?

raman-m avatar May 12 '23 13:05 raman-m

@sergio-str Sergii

I would like your checking this bug for the latest build/version which is 19.0.2 and .NET 7. Your reported Specifications info with "Ocelot Version: 18" is quite outdated. Please, use the latest package and/or just use top commits from develop branch version!

Do not you mind if I change Ocelot Version to 19.0.2 in Specifications paragraph? That's how I and team can accept this bug after our common validation. And the team will not accept bugs for old versions, because of outdating.

raman-m avatar Jun 01 '23 10:06 raman-m

The issue has been accepted due to open PR #1592

  • #1592

raman-m avatar Sep 07 '23 16:09 raman-m

Also, is it possible to configure RateLimiting globally? Looks like the limits work only when specified at Route level. It's inconvenient to configure Limits for large number of routes. Limits configured at Route level can then take precedence over Global configuration.

MithunChopda avatar Nov 03 '23 04:11 MithunChopda

@MithunChopda commented on Nov 3

Hi Mithun! No, impossible! You have to configure Rate Limiter for each route. Look at this PR #1659 for global Headers Transformation. If you will be inspired by this PR, you could open new PR especially for global Rate Liming.

raman-m avatar Nov 03 '23 17:11 raman-m