summary

FireflySoft.RateLimit since 2021 year 1 Since the first release in June , Experienced many upgrade iterations , At present, it has been very stable , It has been applied to the production system by many developers , The latest release is 3.0.0.

Its core is based on .NET Standard Current limiting class library , Its core is simple and lightweight , Current limiting scenarios that can flexibly respond to various needs . Its main features include :

  • Various current limiting algorithms : Built in fixed window 、 The sliding window 、 Leaky bucket 、 There are four algorithms for token bucket , Easy to customize and expand .
  • Multiple count storage : Memory is currently supported 、Redis( Including clusters ) Two ways of storage .
  • Distributed friendly : adopt Redis Storage supports unified counting of distributed programs .
  • The current limiting target is flexible : Various data can be extracted from the request to set the current limiting target , Not just the client IP and Id.
  • Current limiting penalty is supported : You can lock the client for a period of time after triggering the current limit and not allow it to access .
  • Time window enhancement : Support to the millisecond level ; Support from seconds 、 minute 、 Hours 、 The natural starting point of a time cycle, such as a date .
  • Real time current limit tracking : The number of requests processed in the current counting cycle 、 Number of remaining allowed requests , And the reset time of the counting cycle .
  • Change rules dynamically : Support the dynamic change of current limiting rules when the program is running .
  • Custom error : You can customize the error code and error message after triggering current limiting .
  • Universality : In principle, it can meet any current limiting scenario , It can be used in all kinds of B/S、C/S Program .

Based on this core, two middleware are implemented :

Compared with FireflySoft.RateLimit The core library , It is more convenient to use these two middleware directly . If these two middleware cannot meet your needs , For example, it is not used in official Web In the frame , Not even Web Program , No big problem , It can meet your current limiting needs based on the core class library , All you have to do is define the request you want to limit the flow , And execute its own business logic when triggering current limit , How to implement the current limiting algorithm does not need to be concerned .

These class libraries and middleware are available through Nuget Installed , Search for  FireflySoft.RateLimit  You can find it .

Examples of use

This article is based on a ASP.NET Core Program, for example , explain FireflySoft.RateLimit How to use .

The business requirements of the program are : Interface for obtaining weather forecast , According to client IP and ClientId Carry out current limiting , Every IP Every second 1 Time , Every ClientId Every second 3 Time .ClientId Is pre assigned to the caller . According to rules , If the caller has only 1 An exit IP, Then you can only access 1 Time , If there are multiple exits IP, Then visit at most per second 3 Time .

This sample program is based on .NET6 Developed , Of course you use .NET Core 3.1 No problem , It's just .NET6 By default, the service and middleware registration are put in Program.cs  in .( It is recommended to upgrade to .NET6,.NET6 comparison .NET Core 3.1 The performance of has been significantly improved .)

Look at the code it , Just register the service and Middleware That's all right. .

using FireflySoft.RateLimit.AspNetCore;
using FireflySoft.RateLimit.Core.InProcessAlgorithm;
using FireflySoft.RateLimit.Core.Rule; var builder = WebApplication.CreateBuilder(args); ... builder.Services.AddRateLimit(new InProcessFixedWindowAlgorithm(
new[] {
new FixedWindowRule()
{
ExtractTarget = context =>
{
var httpContext= context as HttpContext; // Through CDN
var ip = httpContext!.Request.Headers["Cdn-Src-Ip"].FirstOrDefault();
if (!string.IsNullOrEmpty(ip))
return ip; // Through SLB
ip = httpContext!.Request.Headers["X-Forwarded-For"].FirstOrDefault();
if (!string.IsNullOrEmpty(ip))
return ip; ip = httpContext!.Connection.RemoteIpAddress?.ToString();
return ip??"Anonymous-IP";
},
CheckRuleMatching = context =>
{
var requestPath = (context as HttpContext)!.Request.Path.Value;
if (requestPath == "/WeatherForecast/Future")
{
return true;
}
return false;
},
Name = "ClientIPRule",
LimitNumber = 3,
StatWindow = TimeSpan.FromSeconds(1)
},
new FixedWindowRule()
{
ExtractTarget = context =>
{
var httpContext= context as HttpContext;
var clientID = httpContext!.Request.Headers["X-ClientId"].FirstOrDefault(); return clientID??"Anonymous-ClientId";
},
CheckRuleMatching = context =>
{
var requestPath = (context as HttpContext)!.Request.Path.Value;
if (requestPath == "/WeatherForecast/Future")
{
return true;
}
return false;
},
Name = "ClientIdRule",
LimitNumber = 1,
StatWindow = TimeSpan.FromSeconds(1)
}
})
); ... app.UseRateLimit(); ...

Only the content required by the middleware is retained in the pasted code , The registration service uses AddRateLimit, Use middleware to pass UseRateLimit.

Algorithm

AddRateLimit You need to specify a current limiting Algorithm , The example is a fixed window algorithm based on local memory , It can be replaced with other algorithms as needed , For example, token bucket algorithm that can deal with short-term burst traffic .

For a specific algorithm , Based on local memory and based on Redis The implementation of is a different class , Because for better performance ,Redis The algorithm is implemented by Lua It's scripted , It runs completely in Redis Server side .

For ease of use , List the names of these algorithms here :

Based on local memory ( In process ) be based on Redis
Fixed window algorithm InProcessFixedWindowAlgorithmRedisFixedWindowAlgorithm
Sliding window algorithm InProcessSlidingWindowAlgorithmRedisSlidingWindowAlgorithm
Leaky bucket algorithm InProcessFixedWindowAlgorithmRedisFixedWindowAlgorithm
Token bucket algorithm InProcessTokenBucketAlgorithmRedisokenBucketAlgorithm

At present one ASP.NET Core Only one algorithm can be used in the program , I don't know whether there is a need for multiple algorithms , If necessary, you can FireflySoft.RateLimit.AspNetCore Make some changes :

  • AddRateLimit Sign up for IAlgorithm Change to register IAlgorithm The parser , The parser provides a method based on a Key return IAlgorithm The concrete realization of .

  • RateLimitMiddleware Determine the algorithm to be used according to the current request , Then call the method of the parser to get IAlgorithm The concrete realization of .

The rules

When creating algorithm instances , You also need to specify the rules of the algorithm , The algorithm used here is FixedWindowRule, For the same algorithm , In process implementation and Redis The implementation uses the same rules .

Take a look at several properties of the rules used here :

ExtractTarget  Set up a function , For from HTTP Extract the target to limit the flow in the request , For example, the client here IP And the client ID, It can also be all kinds of things that can be extracted from or associated with the request , such as Http Header Users carried in Id, Or according to the user Id The age of the user queried .

CheckRuleMatching  Set up a function , Returns whether the current request can match a flow restriction rule , If you can match , Then return to true. For example, only /api/req This path limits current , Then just judge that the path of the request is it , Just go back to true, All other paths return false. Of course, it can also be judged according to various things that can be extracted or associated from the request .

Name  The name of the current limit rule , It is convenient for people to distinguish when tracking .

StatWindow  Time window for current limiting . For example, every second in the demand 3 Time , The time window here should be set to 1 second .

LimitNumber  The number threshold of current limiting . For example, every second in the demand 3 Time , The time window here should be set to 3, exceed 3 It will be limited .

There are several other attributes in the rule , The rules of different algorithms are also slightly different , Here is not a list . Interested friends can go Sample code and unit testing Know them in .

Rules of multiple corresponding algorithms can be added to an algorithm , This will undoubtedly be more flexible .

More instructions


The above is the main content of this paper , If you have any questions, please leave a message .

.NET Flow limiting middleware for service governance -FireflySoft.RateLimit More articles about

  1. Service interface API Current limiting Rate Limit To continue

    One . Preface In the previous article, I briefly introduced the use of Redis And the service interface based on token bucket algorithm API Current limiting , This paper introduces another algorithm --- Application of leaky bucket algorithm .Nginx It must be understood by everyone that it is a high-performance HTTP And reverse proxy , ...

  2. Hystrix Introduction and service degradation current limiting fuse

    (dubbo Fuse ,Hystrix Ask less ) Both the cache layer and the storage layer have the probability of error , Think of them as resources . As a system with large amount of concurrency , If a resource is not available , May cause all threads hang ( Hang up ) On this resource , ...

  3. Asp.Net Core 7 preview 4 Heavy new features -- Current limiting middleware

    Preface Flow restriction is one of the important means to deal with scenarios such as traffic surge or malicious attacks by some users , However, Microsoft officials have never supported this important feature ,AspNetCoreRateLimit This third-party current limiting library is generally preferred , However, there are too many configuration parameters , To make ...

  4. ASP.NET Core WebApi AspNetCoreRateLimit Current limiting middleware learning

    AspNetCoreRateLimit Introduce : AspNetCoreRateLimit yes ASP.NET Core rate limiting framework , Can be right WebApi,Mvc Control current limiting in the system ,AspNetCoreRateLimit Package contains ...

  5. Service interface API Current limiting Rate Limit

    One . Scene description Many people who do service interfaces encounter such scenarios more or less , Due to the limited load capacity of business application system , In order to prevent unexpected requests from putting too much pressure on the system and dragging down the business application system . That is, in the face of large traffic , How to control the flow ? Service interface traffic ...

  6. Golang Microservices :Micro Current limiting 、 Fuse

    Wrapper Wrapper Provides a packaging mechanism , Cause to execute before executing a method Wrapper, advantage Filter It means : Therefore, you can do many functions on the client and server : Fusing and current limiting .Filter.Auth etc. . client ...

  7. Laravel Current limiting middleware throttle analysis

    1. stay Laravel Middle configuration stay app\Http\Kernel.php in , Add to middleware group by default api Next ,1 minute 60 Time . 2. Current limiting principle Get unique request source , Unique identification (key) Get the request request ...

  8. java Service interface API Current limiting Rate Limit

    One . Scene description Many people who do service interfaces encounter such scenarios more or less , Due to the limited load capacity of business application system , In order to prevent unexpected requests from putting too much pressure on the system and dragging down the business application system . That is, in the face of large traffic , How to control the flow ? Service interface traffic ...

  9. BeetleX Current limiting and caching of service gateway

    Current limiting and caching are two very important functions of gateway , The former is to ensure more reliable operation of the service , The latter can greatly improve the throughput of the application .Beetlex.Bumblebee Microservice gateway provides two extensions to realize these two functions , Namely Beetl ...

  10. AspNetCore Current limiting middleware IpRateLimitMiddleware Introduce

    IpRateLimitMiddleware(Github: AspNetCoreRateLimit) yes ASPNETCore A current limiting middleware , Used to control client calls API Frequency of , If the client frequently accesses the service ...

Random recommendation

  1. JIT The principle and implementation of dynamic compiler Interpreter( Interpreter ) The implementation of the ( 3、 ... and )

    Next , Is to implement a virtual machine . Remember to code one of the high quality code : Don't optimize your code prematurely . therefore , Also in line with the principle of gradual progress , I'll start by implementing an interpreter , Make a gradual transition to JIT Dynamic compiler , This kind of evolution can make the principle look clearer ...

  2. C Language tools ---Code::Blocks

    Code::Blocks Code::Blocks It's an open source, full-featured, cross platform C/C++ Integrated development environment . Code::Blocks It's open source software . By pure C++ Language development completed , It uses the famous GUI Library wx ...

  3. spring aop Intercept business methods , Realize the authority control

    difficulty :aop Class is common java class ,session It can't be injected , So how to get user related information in a stateful system ,session It's the only way , obtain session It becomes very important . Thinking for a long time, there is no way , Later I saw it on the Internet ...

  4. oracle Database management -- object 、 Role related queries

    1. The data dictionary :      It records the system information of the database , It's a collection of read-only tables and views , All users of the data dictionary are sys user . Users can only perform query operations on the data dictionary (select sentence ), And its maintenance and modification are automatically completed by the system . Data word ...

  5. Northeast Yucai DAY2 Combined data retrieval mod (comb)

    Modular of combinatorial data (comb) [ Problem description ] Calculation C(m,n)mod 9901 Value [ Input format ] From file comb.in Input data in . The first line of input contains two integers ,m and n [ Output format ] output to a file comb.out in ...

  6. Study python3 Function notes

    Python Built in a lot of useful functions , We can call . To call a function , You need to know the name and parameters of the function , For example, the function of absolute value abs, There is only one parameter . Can be directly from Python The official website for viewing documents : http://doc ...

  7. .NET Core To realize AOP Programming

    AOP Full name Aspect Oriented Progarmming( Section oriented programming ), Actually AOP Yes ASP.NET It's no mystery to programmers , You may have passed Filter To accomplish some common functions , For example, you use Autho ...

  8. POJ2157 Check the difficulty of problems probability DP

    http://poj.org/problem?id=2151   The question :t A team m Problem ,i Team write right j The probability of the problem is pij. The champion is to solve more than n One of the teams with the largest number of problem-solving , It is required to satisfy that there is a champion and the number of problem-solving of other teams is greater than or equal to 1 ...

  9. 【 Point divide and conquer 】poj1741 Tree / poj2114 Boatherds / poj1987 Distance Statistics

    The three questions are very similar . give 1741 Code for #include<cstdio> #include<algorithm> #include<cstring> using nam ...

  10. elasticsearch2.x ik plug-in unit

    Let's start with a standard participle (standard), The configuration is as follows : curl -XPUT localhost:/local -d '{ "settings" : { "analysis&q ...