Home >Operation and Maintenance >Nginx >How to configure nginx ingress speed limit

How to configure nginx ingress speed limit

PHPz
PHPzforward
2023-05-12 16:52:062072browse

Starting from the business scenario

During the business development process, we have a requirement: the download service provided through filebrowser needs to be speed limited. For example, when users download files through filebrowser, they need to limit the download rate of each user. Extending from this requirement, the download rate for specific users can also be limited.

In order to achieve this business requirement, combined with our current technology stack (k8s nginx ingress), it can be achieved by configuring the corresponding nginx parameters.

What is speed limit?

Speed ​​limit, as the name suggests, is a speed limit.

The rate here can be:

  • The frequency of a single user accessing resources within a unit time,

  • can also be The frequency of a single IP accessing resources within a unit of time.

  • can also be the transmission rate of a specified connection within a unit of time.

Usually, the latter business scenario exists in download speed limit

Why speed limit?

The essence of speed limit is to ensure fairness.

In the case of limited bandwidth resources, try to ensure that each user can be reasonably allocated sufficient bandwidth value. It can also serve more users through speed limiting when bandwidth resources are limited.

In addition, speed limiting can also greatly alleviate the impact of distributed denial-of-service attacks (DDOS).

What are the configurations in the yaml file of nginx ingress?

The speed limit configuration of Nginx ingress can basically be found in the nginx.ingress.kubernetes.io annotation of ingress.

Below, we will interpret the annotations related to speed limit one by one:

  • ##nginx.ingress.kubernetes.io/limit-connections: single The number of concurrent connections that an IP address can have at the same time. If the number of concurrent connections is exceeded, a 503 error is returned.

  • nginx.ingress.kubernetes.io/limit-rps: Limit the number of requests per second for a single IP (limit request per second). If the limit is exceeded, a 503 error is returned. It should be noted that a 503 error does not occur immediately when the value set by the configuration is exceeded. nginx allows the existence of the number of burst requests within a certain time range (number of burst requests = limit-rps * limit-burst-multiplier ). So when will 503 appear? This starts with the current limiting model of nginx. The current limiting model of nginx is a queue (refer to the queue model of the thread pool). The max number of connections for current limiting = the queue processing capability and the length of the queue, that is, max-connections-per-second = limit-rps limit-rps*limit- burst-multiplier.

  • nginx.ingress.kubernetes.io/limit-rpm: Same as limit-rps, but limit-rpm has a higher priority than limit-rps, that is When limit-rpm and limit-rps are set at the same time, limit-rpm shall prevail. However, when limit-connections are also set, then limit-connections have the highest priority.

  • nginx.ingress.kubernetes.io/limit-burst-multiplier: The coefficient of the burst request size, mainly used to define the queue length of the connection, the default is 5

  • nginx.ingress.kubernetes.io/limit-rate-after: The limit-rate is executed after the amount of traffic is exceeded, the unit is KB

  • nginx.ingress.kubernetes.io/limit-rate: The rate limit value of a single connection per second, in KB.

  • nginx.ingress.kubernetes.io/limit-whitelist: Set an IP whitelist. IPs in the whitelist will not be speed limited and support CIDR. , multiple IPs can be separated by commas.

Note

  • When limit-connections, limit-rps, and limit-rpm are set at the same time, the priority Yes limit-connections>limit-rpm>limit-rps

  • The prerequisite for limit-rate-after and limit-rate to take effect is

    nginx.ingress.kubernetes.io/proxy- buffering: "on"

  • The IP mentioned above needs to be distinguished from the SLB or the real user IP to obtain the real user IP

4. Solutions for business needs

After clarifying these knowledge points, we can return to our business itself and simply add the following configuration to the business ingress configuration file:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    ...
    nginx.ingress.kubernetes.io/proxy-buffering: on
    nginx.ingress.kubernetes.io/limit-rate: 10 # 单位是KB
  name: xxx
  namespace: yyy
spec:
  ingressClassName: nginx
  rules:
    ...

The above is the detailed content of How to configure nginx ingress speed limit. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:yisu.com. If there is any infringement, please contact admin@php.cn delete