1. Hardware appliances

2. Web servers

3. Datacenters

4. See also

5. References

In computer networks, rate limiting is used to control the rate of traffic sent or received by a network interface controller and is used to prevent DoS attacks.^[1]

Hardware appliances

Hardware appliances can limit the rate of requests on layer 4 or 5 of the OSI model.

Rate limiting can be induced by the network protocol stack of the sender due to a received ECN-marked packet and also by the network scheduler of any router along the way.

While a hardware appliance can limit the rate for a given range of IP-addresses on layer 4, it risks blocking a networks with many users, which are masked by NAT with a single IP-address of an ISP.

Deep packet inspection can be used to filter on the session layer, but will effectively disarm encryption protocols like TLS and SSL between the appliance and the web server.

Web servers

Web servers typically use a central in-memory key-value database, like Redis or Aerospike, for session management. A rate limiting algorithm is used to check if the user session (or IP-address) has to be limited based on the information in the session cache.

In case a client made too many requests within a given timeframe, HTTP-Servers can respond with status code 429: Too Many Requests.

However, the session management and rate limiting algorithm usually must be built into the application running on the web server, rather than the web server itself.

Datacenters

Datacenters widely use rate-limiting to control the share of resources given to different tenants and applications according to their service level agreement.^[1] A variety of rate-limiting techniques are applied in datacenters using software and hardware. Virtualized datacenters may also apply rate-limiting at the hypervisor layer. Two important performance metrics of rate-limiters in datacenters are resource footprint (memory and CPU usage) which determines scalability, and precision. There usually exists a trade-off, that is, higher precision can be achieved by dedicating more resources to the rate-limiters. A considerable body of research exists with focus on improving performance of rate-limiting in datacenters.^[1]

See also

• Bandwidth management
• Bandwidth throttling
• Project Shield

Algorithms

• Token bucket^[4]
• Leaky bucket
• Fixed window counter^[4]
• Sliding window log^[4]
• Sliding window counter^[4]

Libraries

• [https://github.com/stefanprodan/WebApiThrottle ASP.NET Web API rate limiter]
• [https://github.com/stefanprodan/AspNetCoreRateLimit ASP.NET Core rate limiting middleware]
• [https://github.com/Husseinhj/RateLimiting.NET Rate-Limiting for .NET (PCL Library)]
• [https://github.com/tj/node-ratelimiter Rate-Limiting for Node.JS]

References

• Boniewo, Lublin Voivodeship
• Boniface Ambani
• Boniface Berthin Zakahely
• Boniface Chidyausiku
• Boniface de castellane
• Boniface de Castellane
• Boniface de Castellane (1788-1862)
• Boniface de Castellane (1867-1932)
• Boniface del vasto
• Boniface de Savoie
• Boniface I (disambiguation)
• Boniface II (disambiguation)
• Boniface III of Tuscany
• Boniface II of Montferrat
• Boniface II of Tuscany
• Boniface I of Montferrat
• Boniface I of Tuscany
• Boniface Kiprop
• Boniface Kiprop Toroitich
• Boniface Marquis de Castellane
• Boniface of brussels
• Boniface of Castellane
• Boniface of Savoy (archbishop)
• Boniface of Savoy, Archbishop of Canterbury
• Boniface of Savoy (disambiguation)