Kubernetes Nginx Ingress Rate Limiting

0
votes

I'm looking to use annotations like below for rate limiting for DDOS protection

nginx.ingress.kubernetes.io/limit-connections: "50"
nginx.ingress.kubernetes.io/limit-rps: "10"
nginx.ingress.kubernetes.io/limit-rpm: "100"
nginx.ingress.kubernetes.io/limit-burst-multiplier: "20"

My question: These solutions rate limit by IP Address.

Could there be situations where many users (proxy) under one IP address and therefore many users get the one set of rates and thus it affects there usage?

Or is it really one user per IP address?

thanks

1
kubernetes

1 Answers

1
votes

Nginx ingress uses the A leaky bucket, FIFO queue for the rate-limiting.

Nginx ingress has some limitations like :

  • Requests are counted by client IP, which is not accurate. Not much useful when you want rate-limiting by user identity.
  • It is not easy to monitor rejected requests

By using this you can stop a certain amount of requests it's not accurate you can try with POC.

There is one nice article on rate limiting with Nginx : https://medium.com/titansoft-engineering/rate-limiting-for-your-kubernetes-applications-with-nginx-ingress-2e32721f7f57#:~:text=When%20we%20use%20NGINX%20ingress,configure%20rate%20limits%20with%20annotations.&text=As%20an%20example%20above%2C%20the,qps)%20on%20the%20Hello%20service.