API Rate Limiting
Use Cases
As a System Administrator, I want to limit access to the downstream services on the API Mediation Layer before requests reach southbound services.
Technical Requirements
- The minimum is to set on API ML instance limit of connections for all services.
- Document Spring Cloud Gateway approach.
- Possible extension to allow the limitation of connection per service.
- To be discussed with stakeholders
- Explore the option of supporting rate limiting in Zuul
- The decision is that we won't implement the API Rate Limiting in Zuul.
Notes
- We want to prevent overloading services on the southbound side as they may take relevant zOS resources.
- We want to prevent DDoS attacks on the zOS service.
Potential approach for the ZUUL https://www.baeldung.com/spring-cloud-zuul-rate-limit
@balhar-jakub Given that the Spike recommended we do not implement this in ZUUL but instead deliver it as part of the SCG roll out (natively), does this then become simply a documentation epic to highlight this function in SCG?
@jalel01 There is one more note to discuss. We want to document the setup per Gateway, we will need to clarify with the users whether there is value in the services being able to set their custom limits.
If the users see value in the per-service setting, we may need to do some implementation.