Leveraging Mesh Global Rate Limit Policy in Kong Mesh 2.3

In today’s interconnected and dynamic world of microservices, ensuring optimal traffic management and protection against malicious attacks are critical. Rate limiting, a popular mechanism for controlling request flow, gets more effortless with the introduction of Global Rate Limiting in Kong Mesh.

In this blog post, we’ll explore this exciting new feature and its benefits in detail.

What is Global Rate Limiting?

Rate limiting is a mechanism that allows you to control the number of requests received by a service within a specific time frame. With Kong Mesh’s Global Rate Limiting, you now have the ability to apply rate limits across multiple service instances and coordinate request counting between them.

The benefits of Global Rate Limiting include:

1. Enhanced Security: Global Rate Limiting protects your services from DoS (Denial of Service) attacks by limiting the number of requests they can handle within a specified time period. This ensures that malicious actors cannot overwhelm your services with excessive traffic.
2. Improved API Management: If you have public APIs, Global Rate Limiting allows you to set limits on non-paying users or specific usage tiers. You can define different rate limits for various user groups, ensuring fair and controlled access to your API resources.
3. Traffic Control and Throughput: By implementing rate limits, you can efficiently control the flow of traffic to your services, preventing congestion and maintaining optimal performance. This is particularly useful in scenarios where you need to balance incoming requests across multiple instances.

MeshGlobalRateLimit policy capabilities

Global Rate Limiting in Kong Mesh offers a range of powerful policy capabilities to give you granular control over your traffic management.

With header-based global rate limiting, you can set rate limits based on specific headers in the incoming requests, allowing for more flexible and targeted rate limiting strategies.

Additionally, you can extend rate limiting beyond your internal services and apply it to traffic directed towards external services, ensuring that these resources are protected from excessive requests regardless of their origin.

The Mesh Gateway also benefits from global rate limiting, allowing you to control and limit traffic entering the service mesh, providing an added layer of security and performance optimization. For enhanced performance, Kong Mesh enables you to combine both local and global rate limits, leveraging the strengths of each. By combining the two, you can achieve better resource utilization and improved response times, resulting in an overall optimized service mesh architecture.

Configuration simplicity

In Kong Mesh, we value simplicity, and we wanted to make Global Rate Limiting effortless, especially when running on Kubernetes.

There is only one prerequisite: you need to have your own Redis deployment in place. One thing you need to do to start using Global Rate Limit is to deploy the ratelimit service. Most preferably using helm, which will configure it with proper security. We care about security, so communication between ratelimit service and Kong Mesh control plane is encrypted and protected with a token. Moreover, communication from Data Plane Proxy to ratelimit service can be encrypted.

After deploying ratelimit service, you need to configure ratelimit connection globally:

After this, you can start utilizing Global Rate Limit and set your first limits, like this:

If you want to learn more about Global Rate Limit internals, its algorithms, deployment strategies, and more. I encourage you to look at our documentation, which contains all of this information.

Wrapping up

Global Rate Limiting in Kong Mesh brings powerful traffic management capabilities to your service mesh deployments. By leveraging the ratelimit service and an in-memory data store like Redis, you can efficiently control request flow, protect against DoS attacks, and manage API usage. Whether you have a single service or a complex microservices architecture, Global Rate Limiting empowers you with fine-grained control over your system’s performance and security.

Give Global Rate Limiting in Kong Mesh a try today and experience the benefits of robust rate limiting in your service mesh deployment!