Imagine your website gets on the front page of Hacker News. Traffic starts to skyrocket. Unfortunately, your website isn’t ready for this. Your database starts to topple under the load. With degraded performance, users start hitting reload in their browser, hoping to get a request through — which adds even more load to your server.

What do you do?

Global rate limiting

You want to mitigate the performance issues as quickly as possible, while you work to scale your backend. You can do this using rate limiting — restricting the total number of requests that your application is receiving. There are numerous approaches for rate limiting.

Since our website is melting down, we’ll apply a quick per-user rate limit to prevent a single user from sending too many requests to the our application.

Ambassador rate limiting

Ambassador has a powerful rate limiting API. Incoming requests can be labeled. These request labels are exposed to a third party rate limiting service, which can use these labels to make rate limit decisions. In Ambassador Pro, we also include an integrated rate limiting service that leverages this API.

Deploying a global rate limit in Ambassador

We can apply a request label to all requests through Ambassador by configuring default_labels in the global Ambassador Module .

---

apiVersion: ambassador/v1

kind: Module

name: ambassador

config:

default_label_domain: ambassador

default_labels:

ambassador:

defaults:

- remote_address

The remote_address value tells Ambassador to label every request with the client IP address. This allows for the external rate limiting service to be configured to rate limit based on each client IP passed through Ambassador. In Ambassador Pro, this is easily configured with a RateLimit object.

apiVersion: getambassador.io/v1beta1

kind: RateLimit

metadata:

name: global-rate-limit

spec:

domain: ambassador

limits:

- pattern: [{remote_address: "*"}]

rate: 10

unit: second

This will configure Ambassador Pro to limit a single user to 10 requests per second. If a user goes over this limit, Ambassador will reject the request with an HTTP 429.

Monitoring

With Ambassador’s statistics output, we can actively track the effect our rate limiting configuration is having on our system.