如何在使用多个Azure API管理服务实现高可用性时实现全局速率限制?

huangapple go评论61阅读模式
英文:

How can we achieve a Global Rate Limiting with Azure API Management Service while using multiple APIM Service for High Availability?

问题

如何在使用多个Azure API管理服务以实现高可用性的情况下(以轮询方式进行50/50流量分配的方式),实现全局速率限制,因为速率限制配置/策略是针对每个API管理服务本地的?

例如,我们正在使用2个Azure API管理服务,一个位于East US 2,另一个位于Central US,实现了50/50流量分配(轮询)到每个API管理服务,以提高高可用性。每个客户端的速率限制策略是每分钟2次API调用,这是针对每个API管理服务的本地配置。现在,如果请求在2个不同地区的API管理服务之间拆分,客户端可能在一分钟内进行4次API调用,然后达到限制,如何实现调用者/客户端的每分钟2次API调用的全局速率限制?

在Azure中尚未找到实现此目标的选项。

英文:

How can we achieve a Global Rate Limiting with Azure API Management Service while using multiple APIM Services for High Availability across paired regions in round robin fashion (50/50 traffic split), as the Rate Limit config/policy is local to each APIM?

For an example, we are using 2 Azure APIM Service, one in East US 2, another in Central US having 50/50 traffic split (round robin) to each APIM Service, for better HA. The the rate limit policy applied per client is 2 API calls per minute, which is local to each APIM Service. Now the client might end up making 4 API calls within a minute before hitting throttling limit, if the requests are splitted between the APIMS in 2 different regions. In such how can we achieve a global Rate limit of 2 API calls per minute for a caller/client?

Did not find any option in Azure to achieve this yet

答案1

得分: 1

是的,使用共享缓存系统,如Azure Cache for Redis或Azure Cosmos DB,以实现全局速率限制是一种方法。

  • 使用支持全局速率限制的第三方API管理系统是另一种替代方法,更加简单。有第三方程序可用于为各种APIM服务全局限制速率。
  • 使用按密钥限制速率策略,您可以在Azure API Management Service中实现全局速率限制。借助此策略,您可以定义用于监视流量的密钥的表达式。作为速率限制密钥,您可以使用客户端IP地址或用户身份来标识用户。通过在所有请求中使用相同的密钥,然后可以在所有APIM服务中全局实施速率限制策略。通过这样做,速率限制将在所有APIM服务和位置中得以维持。
    以下是来自MS文档的示例策略语句文档
<rate-limit-by-key calls="number"
                   renewal-period="seconds"
                   increment-condition="condition"
                   increment-count="number"
                   counter-key="key value" 
                   retry-after-header-name="custom header name, replaces default 'Retry-After'" 
                   retry-after-variable-name="policy expression variable name"
                   remaining-calls-header-name="header name"  
                   remaining-calls-variable-name="policy expression variable name"
                   total-calls-header-name="header name"/>
  • 另一种可能的方法是使用单个具有多个区域的APIM服务,而不是使用多个APIM服务。通过使用Azure Traffic Manager或Azure Front Door,您可以在全球实施速率限制策略并实现高可用性。
  • 参考MS文档
英文:

Yes, using a shared caching system like Azure Cache for Redis or Azure Cosmos DB to achieve global rate restriction is one method.

  • Using a third-party API management system that supports global rate restriction is an alternative, easier method.There are third-party programmes available that can limit rates globally for a variety of APIM services.
  • Using the rate-limit-by-key policy, you can implement global rate restriction with Azure API Management Service. With the help of this policy, you may define expressions that designate the keys used to monitor traffic flow. As a rate limiting key, you can utilise the client IP address or the user identity to identify the user. By utilising the same key for all requests, you can then implement the rate restriction policy globally across all APIM services. By doing this, the rate limit will be upheld in all APIM services and locations.
    Below is the Sample policy statement from MS document,
&lt;rate-limit-by-key calls=&quot;number&quot;
                   renewal-period=&quot;seconds&quot;
                   increment-condition=&quot;condition&quot;
                   increment-count=&quot;number&quot;
                   counter-key=&quot;key value&quot; 
                   retry-after-header-name=&quot;custom header name, replaces default &#39;Retry-After&#39;&quot; 
                   retry-after-variable-name=&quot;policy expression variable name&quot;
                   remaining-calls-header-name=&quot;header name&quot;  
                   remaining-calls-variable-name=&quot;policy expression variable name&quot;
                   total-calls-header-name=&quot;header name&quot;/&gt;
  • The other possible way is utilising a single APIM service with multiple regions is preferable to utilising numerous APIM services. By using Azure Traffic Manager or Azure Front Door, you may achieve high availability while the rate limit policy is imposed globally.
  • Reference MS document

huangapple
  • 本文由 发表于 2023年5月24日 22:27:44
  • 转载请务必保留本文链接:https://go.coder-hub.com/76324620.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定