Understanding Nginx Current Limitation in One Article (Simple Implementation)

Nginx is now one of the most popular load balancers. In the face of the rapid increase in Internet traffic, interface current limiting is also very necessary, especially for high-concurrency scenarios. Nginx has two main ways of limiting the flow: limiting the access frequency and limiting the number of concurrent connections.

Rate limiting is one of the most useful NGINX features, but it is also one of the most often misunderstood and misconfigured. This feature can limit the number of HTTP requests a user can make in a given period of time. The request can be as simple as a GET request for a home page or a POST request for a login form.
Rate limiting can also be used for security purposes, such as slowing down brute force password cracking attacks. Helps protect against DDoS attacks by limiting the rate of incoming requests and (combined with logging) marking target URLs. Generally speaking, current limiting is used to protect upstream application servers from being overwhelmed by a large number of user requests at the same time.

How NGINX Rate Limiting Works

NGINX throttling uses the leaky bucket algorithm, which is widely used in communications and packet-switched computer networks to handle bursts when bandwidth is limited. It's very similar to a bucket with water filling up from the top and leaking out from the bottom; if the rate at which water fills in is greater than the rate at which water leaks out, the bucket will overflow.

In the request processing process, water represents requests from the client, and the bucket represents a queue where requests wait to be processed according to the first-in-first-out (FIFO) algorithm. Leaking water represents requests leaving the buffer and being processed by the server, and overflow represents requests being dropped and never served.

1. Limit access frequency (normal traffic)

In Nginx, we use the ngx_http_limit_req_module module to limit the access frequency of requests, based on the principle of the leaky bucket algorithm. Next, we use the nginx limit_req_zone and limit_req instructions to limit the request processing rate of a single IP.

Syntax: limit_req_zone key zone rate

• key: defines the current limiting object. binary_remote_addr is a key, which means current limiting based on remote_addr (client IP). The purpose of binary_ is to compress memory usage.
• zone: defines a shared memory zone to store access information. myRateLimit:10m indicates a memory area with a size of 10M and the name myRateLimit. 1M can store access information of 16,000 IP addresses, and 10M can store access information of 16W IP addresses.
• rate is used to set the maximum access rate. rate=10r/s means that a maximum of 10 requests are processed per second. Nginx actually tracks request information at millisecond granularity, so 10r/s is actually a limit: one request is processed every 100 milliseconds. This means that if another request arrives within 100 milliseconds after the previous request is processed, the request will be rejected.

2. Limit access frequency (burst traffic)

According to the above configuration, when the traffic suddenly increases, the excess requests will be rejected and the burst traffic cannot be processed. So, how to deal with the burst traffic? Nginx provides the burst parameter to solve the problem of burst traffic and is used in conjunction with the nodelay parameter. Burst means the number of additional requests that can be processed after exceeding the set processing rate.

burst=20 nodelay means that these 20 requests are processed immediately without delay, which is equivalent to special handling of special matters. However, even if these 20 burst requests are processed immediately, subsequent requests will not be processed immediately. burst=20 is equivalent to occupying 20 slots in the cache queue. Even if the request is processed, these 20 slots can only be released one at a time of 100ms. This achieves the effect of a stable rate, but also being able to handle sudden traffic flows normally.

3. Limit the number of concurrent connections

The ngx_http_limit_conn_module module of Nginx provides the function of limiting the number of resource connections. It can be done using the limit_conn_zone and limit_conn instructions.

limit_conn perip 20: The corresponding key is $binary_remote_addr, which means that a single IP is limited to holding a maximum of 20 connections at the same time. limit_conn perserver 100: The corresponding key is $server_name, which indicates the total number of concurrent connections that the virtual host (server) can handle at the same time. Note that the connection is counted only after the request header is processed by the backend server.

Okay, are you clear about the above current limiting methods?

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.