How to implement Nginx current limiting

How nginx current limiting works

nginx current limiting uses the leaky bucket algorithm, which is widely used in communications and packet switching-based computer networks , used to handle emergencies when bandwidth is limited. The principle is very similar to a bucket with water entering from above and leaking from below; if the rate of water inflow is greater than the rate of water leakage, the bucket will overflow.

In the request processing process, the water represents the request from the client, and the bucket represents a queue in which the request is waiting to be processed according to the first-in-first-out (fifo) algorithm. A leak means a request leaves the buffer and is processed by the server, an overflow means a request is dropped and never served.

1. Limit access frequency (normal traffic)

In nginx we use the ngx_http_limit_req_module module to limit the access frequency of requests, based on Implementation of leaky bucket algorithm principle. Next, we use the nginx limit_req_zone and limit_req instructions to limit the request processing rate of a single IP.

Syntax: limit_req_zone key zone rate

• ##key: defines the current limiting object, binary_remote_addr is a key means current limiting based on remote_addr (client IP). The purpose of binary_ is to compress the memory usage.

• zone: Define a shared memory area to store access information. myratelimit:10m represents a memory area with a size of 10m and a name of myratelimit. Every 1m can store the access information of 16,000 IP addresses, so 10m can store the access information of 160,000 IP addresses.

• The "rate" parameter is used to set the maximum access rate. "rate=10r/s" means that no more than 10 requests will be processed per second.. nginx actually tracks request information with millisecond granularity, so 10r/s is actually the limit: one request is processed every 100 milliseconds. This means that if another request arrives within the next 100 milliseconds after the last request is processed, the request will be refused to be processed.

2. Limit access frequency (burst traffic)

According to the above configuration, when the traffic suddenly increases, the excess requests will be Rejection, unable to handle burst traffic, so how to deal with burst traffic? nginx provides the burst parameter to solve the problem of burst traffic and is used in conjunction with the nodelay parameter. Burst is translated as burst, burst, indicating the number of additional requests that can be processed after exceeding the set processing rate.

burst=20 nodelay means that these 20 requests will be processed immediately without delay, which is equivalent to handling special cases. However, even if these 20 burst requests are processed immediately, subsequent requests will not be processed immediately. burst=20 is equivalent to occupying 20 holes in the cache queue. Even if the request is processed, these 20 positions can only be released every 100ms. This achieves the effect of stable speed, but sudden traffic can also be processed normally.

3. Limit the number of concurrent connections

nginx’s ngx_http_limit_conn_module module provides the function of limiting the number of resource connections. Just use the limit_conn_zone and limit_conn instructions.

limit_conn perip 20: The corresponding key is $binary_remote_addr, which means that a single IP is limited to holding up to 20 connections at the same time. limit_conn perserver 100: The corresponding key is $server_name, which indicates the total number of concurrent connections that the virtual host (server) can handle at the same time. Note that this connection is only counted after the request header is processed by the backend server.

The above is the detailed content of How to implement Nginx current limiting. For more information, please follow other related articles on the PHP Chinese website!