In today’s interconnected and dynamic world of microservices, ensuring optimal traffic management and protection against malicious attacks are critical. Rate limiting, a popular mechanism for controlling request flow, gets more effortless with the introduction of Global Rate Limiting in Kong Mesh.
In this blog post, we’ll explore this exciting new feature and its benefits in detail.
Rate limiting is a mechanism that allows you to control the number of requests received by a service within a specific time frame. With Kong Mesh’s Global Rate Limiting, you now have the ability to apply rate limits across multiple service instances and coordinate request counting between them.
The benefits of Global Rate Limiting include:
Global Rate Limiting in Kong Mesh offers a range of powerful policy capabilities to give you granular control over your traffic management.
With header-based global rate limiting, you can set rate limits based on specific headers in the incoming requests, allowing for more flexible and targeted rate limiting strategies.
Additionally, you can extend rate limiting beyond your internal services and apply it to traffic directed towards external services, ensuring that these resources are protected from excessive requests regardless of their origin.
The Mesh Gateway also benefits from global rate limiting, allowing you to control and limit traffic entering the service mesh, providing an added layer of security and performance optimization. For enhanced performance, Kong Mesh enables you to combine both local and global rate limits, leveraging the strengths of each. By combining the two, you can achieve better resource utilization and improved response times, resulting in an overall optimized service mesh architecture.
In Kong Mesh, we value simplicity, and we wanted to make Global Rate Limiting effortless, especially when running on Kubernetes.
There is only one prerequisite: you need to have your own Redis deployment in place. One thing you need to do to start using Global Rate Limit is to deploy the ratelimit service. Most preferably using helm, which will configure it with proper security. We care about security, so communication between ratelimit service and Kong Mesh control plane is encrypted and protected with a token. Moreover, communication from Data Plane Proxy to ratelimit service can be encrypted.
After deploying ratelimit service, you need to configure ratelimit connection globally:
After this, you can start utilizing Global Rate Limit and set your first limits, like this:
If you want to learn more about Global Rate Limit internals, its algorithms, deployment strategies, and more. I encourage you to look at our documentation, which contains all of this information.
Global Rate Limiting in Kong Mesh brings powerful traffic management capabilities to your service mesh deployments. By leveraging the ratelimit service and an in-memory data store like Redis, you can efficiently control request flow, protect against DoS attacks, and manage API usage. Whether you have a single service or a complex microservices architecture, Global Rate Limiting empowers you with fine-grained control over your system’s performance and security.
Give Global Rate Limiting in Kong Mesh a try today and experience the benefits of robust rate limiting in your service mesh deployment!
As of September 2025, Kong Gateway Enterprise 3.8 will enter its End Of Life (EOL) phase and will no longer be fully supported by Kong. Following this, Kong Gateway Enterprise 3.8 will enter a 12-month sunset support period, focused on helping cus
We're very excited to announce Kong Mesh 2.12 to the world! Kong Mesh 2.12 delivers two very important features: SPIFFE / SPIRE support, which provides enterprise-class workload identity and trust models for your mesh, as well as a consistent Kuma R
It’s been almost a year since we released our Konnect Terraform provider . In that time we’ve seen over 300,000 installs, have 1.7 times as many resources available, and have expanded the provider to include data sources to enable federated managem
We're happy to announce the 3.5 release of Kong Ingress Controller (KIC). This release includes the graduation of combined services to General Availability, support for connection draining, as well as the start of deprecating support for some Ingre
Update Includes Data Orchestration, CyberArk Support, Solace Integration, and Kafka Schema Validation We’re excited to bring you Kong Gateway Enterprise 3.11 with compelling new features to make your APIs and event streams even more powerful, includ
When we released the beta version of Service Catalog last September, it was in service of a greater API discovery vision we had for Kong Konnect as an API platform. In March of this year, we moved closer to fulfilling that vision when we announced
The new Kong Konnect Dev Portal is now generally available for all users! In March, we announced the public beta version of our reimagined Dev Portal. We set out to fully address the needs of the modern API consumer as well as the needs of the moder