Package com.netflix.eureka

Class RateLimitingFilter

  • All Implemented Interfaces:
    jakarta.servlet.Filter
    @Singleton
public class RateLimitingFilter
extends java.lang.Object
implements jakarta.servlet.Filter
    Rate limiting filter, with configurable threshold above which non-privileged clients will be dropped. This feature enables cutting off non-standard and potentially harmful clients in case of system overload. Since it is critical to always allow client registrations and heartbeats into the system, which at the same time are relatively cheap operations, the rate limiting is applied only to full and delta registry fetches. Furthermore, since delta fetches are much smaller than full fetches, and if not served my result in following full registry fetch from the client, they have relatively higher priority. This is implemented by two parallel rate limiters, one for overall number of full/delta fetches (higher threshold) and one for full fetches only (low threshold).

    The client is identified by AbstractEurekaIdentity.AUTH_NAME_HEADER_KEY HTTP header value. The privileged group by default contains:

    • EurekaClientIdentity.DEFAULT_CLIENT_NAME - standard Java eureka-client. Applications using this client automatically belong to the privileged group.
    • EurekaServerIdentity.DEFAULT_SERVER_NAME - connections from peer Eureka servers (internal only, traffic replication)
    It is possible to turn off privileged client filtering via EurekaServerConfig.isRateLimiterThrottleStandardClients() property.

    Rate limiting is not enabled by default, but can be turned on via configuration. Even when disabled, the throttling statistics are still counted, although on a separate counter, so it is possible to measure the impact of this feature before activation.

    Rate limiter implementation is based on token bucket algorithm. There are two configurable parameters:

    • burst size - maximum number of requests allowed into the system as a burst
    • average rate - expected number of requests per second

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void destroy()  
      void doFilter​(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, jakarta.servlet.FilterChain chain)  
      void init​(jakarta.servlet.FilterConfig filterConfig)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • RateLimitingFilter

        public RateLimitingFilter()

    • Method Detail

      • init

        public void init​(jakarta.servlet.FilterConfig filterConfig)
          throws jakarta.servlet.ServletException
        Specified by:
        init in interface jakarta.servlet.Filter
        Throws:
        jakarta.servlet.ServletException

      • doFilter

        public void doFilter​(jakarta.servlet.ServletRequest request,
                     jakarta.servlet.ServletResponse response,
                     jakarta.servlet.FilterChain chain)
              throws java.io.IOException,
                     jakarta.servlet.ServletException
        Specified by:
        doFilter in interface jakarta.servlet.Filter
        Throws:
        java.io.IOException
        jakarta.servlet.ServletException

      • destroy

        public void destroy()
        Specified by:
        destroy in interface jakarta.servlet.Filter