Issue with flooded warning and request limiting

Stephan Ryer sr at inmobile.dk
Mon Nov 20 10:33:26 UTC 2017


Hello

We are using nginx as a proxy server in front of our IIS servers.

We have a client who needs to call us up to 200 times per second. Due to
the roundtrip-time, 16 simultanious connections are opened from the client
and each connection is used independently to send a https request, wait for
x ms and then send again.



I have been doing some tests and looked into the throttle logic in the
nginx-code. It seems that when setting request limit to 200/sec it is
actually interpreted as “minimum 5ms per call” in the code. If we receive 2
calls at the same time, the warning log will show an “excess”-message and
the call will be delayed to ensure a minimum of 5ms between the calls..
(and if no burst is set, it will be an error message in the log and an
error will be returned to the client)



We have set burst to 20 meaning, that when our client only sends 1 request
at a time per connection, he will never get an error reply from nginx,
instead nginx just delays the call. I conclude that this is by design.



The issue, however, is that a client using multiple connections naturally
often wont be able to time the calls between each connection. And even
though our burst has been set to 20, our log is spawned by warning-messages
which I do not think should be a warning at all. There is a difference
between sending 2 calls at the same time and sending a total of 201
requests within a second, the latter being the only case I would expect to
be logged as a warning.



Instead of calculating the throttling by simply looking at the last call
time and calculate a minimum timespan between last call and current call, I
would like the logic to be that nginx keeps a counter of the number of
requests withing the current second, and when the second expires and a new
seconds exists, the counter Is reset.



I know this will actually change the behavior of nginx, so I understand why
this is a breaking change if the solution was just to replace the other
logic. However, configuring which logic that should be used would be of
huge value to us. This will allow us to keep using the warning-log for
stuff that should actually be warned and not just for “10 calls per second
which happened to be withing a few milis”.


I hope you will read this mail and please let me know If I need to explain
something in more details about the issue.

---

Med venlig hilsen / Best Regards
Stephan Ryer Møller
Partner & CTO

inMobile ApS
Axel Kiers Vej 18L
DK-8270 Højbjerg

Dir. +45 82 82 66 92
E-mail: sr at inmobile.dk

Web: www.inmobile.dk
Tel: +45 88 33 66 99
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20171120/b69fd0e1/attachment.html>


More information about the nginx mailing list