Multiple limit_req_zone

addis_a · September 13, 2014, 10:37pm

Hello

Please may I ask a question with respect to limit_req_zone to better
understand how it works

Can I have multiple limit_re_zone statements?

limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=two:10m rate=10r/s;

Thank you

Posted at Nginx Forum:

matt_l · September 13, 2014, 10:49pm

On Saturday 13 September 2014 16:37:05 matt_l wrote:

Hello

Please may I ask a question with respect to limit_req_zone to better
understand how it works

Can I have multiple limit_re_zone statements?

Of course, you can.

limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=two:10m rate=10r/s;

This defines two separate memory zones with different names, where
information about requests can be collected. Please note that these
directives alone don’t do anything useful. To actually apply the limit,
you also need to specify the limit_req directive.

See the documentation:
http://nginx.org/en/docs/http/ngx_http_limit_req_module.html

wbr, Valentin V. Bartenev

matt_l · September 14, 2014, 12:07am

Valentin

Thank you very much for your response.

What would be a use case where one would define multiple limit_req_zone?

For example, I would assume that the following

limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=two:10m rate=10r/s;

is completely equivalent to

limit_req_zone $binary_remote_addr zone=two:20m rate=10r/s;

I am thinking that one would want to have multiple limit_req_zone if one
wants different rates and zone sizes?

On a separate note, how does one decides the size needed for zone?

Thank you for your help

Posted at Nginx Forum:

matt_l · September 15, 2014, 10:06pm

Valentin,
Thank you so much for your example. It definitely helps.
When you say “A client IP address serves as a key. […]. One megabyte
zone
can keep about 16 thousand 64-byte states.” Does that mean that 1
megabyte
zone can keep the state on 16 thousand different sending IP addresses?
What about the following 2 use cases:
Use Case #1: One receives 10 requests per second from 10 different
clients/IPs each of them sending 1 request per second
Use Case #2: One receives 10 requests per second from 1 client/IP
sending
10 requests per second.
Should the zone size be different?
Thank you.
-matthieu

Posted at Nginx Forum:

matt_l · September 16, 2014, 1:03am

On Monday 15 September 2014 16:05:31 matt_l wrote:

Valentin,
Thank you so much for your example. It definitely helps.
When you say “A client IP address serves as a key. […]. One megabyte zone
can keep about 16 thousand 64-byte states.” Does that mean that 1 megabyte
zone can keep the state on 16 thousand different sending IP addresses?

Yes.

What about the following 2 use cases:
Use Case #1: One receives 10 requests per second from 10 different
clients/IPs each of them sending 1 request per second
Use Case #2: One receives 10 requests per second from 1 client/IP sending
10 requests per second.
Should the zone size be different?

Each state is needed to be kept till it has something in the bucket.

If in the first case the clients doesn’t send requests at the same time,
but
with 100ms interval between each other, then a place for one state would
be
enough. Otherwise, nginx will need up to 10 states to handle them.

In the second case only one state is used.

wbr, Valentin V. Bartenev

matt_l · September 14, 2014, 1:13am

On Saturday 13 September 2014 18:07:31 matt_l wrote:

is completely equivalent to

limit_req_zone $binary_remote_addr zone=two:20m rate=10r/s;

I am thinking that one would want to have multiple limit_req_zone if one
wants different rates and zone sizes?

Well, no. It’s not an equivalent to one zone with bigger size.

Can you see the difference between this config:

limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=two:10m rate=10r/s;

server {
server_name one.example.org;
limit_rate zone=one burst=10;
}

server {
server_name two.example.org;
limit_rate zone=two burst=10;
}

and this one:

limit_req_zone $binary_remote_addr zone=both:20m rate=10r/s;

server {
server_name one.example.org;
limit_rate zone=both burst=10;
}

server {
server_name two.example.org;
limit_rate zone=both burst=10;
}

?

With the first configuration a client is able to request
one.example.org and two.example.org with up to 10 rps at
the same time. But with the last one the limitation is
shared between servers, since they share the same limit
zone.

On a separate note, how does one decides the size needed for zone?

A quote from Module ngx_http_limit_req_module

| A client IP address serves as a key. Note that instead of
| $remote_addr, the $binary_remote_addr variable is used here,
| that allows decreasing the state size down to 64 bytes.
| One megabyte zone can keep about 16 thousand 64-byte states.

wbr, Valentin V. Bartenev