forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
extensions: add http bandwidth limit filter (envoyproxy#16358)
the filter smoothens the flow of data in both direction up to the specified bandwidth limit. Risk Level: Low, new filter Testing: UTs added. Adding more UTs and integration tests. Docs Changes: Added Release Notes: Added Fixes envoyproxy#13604 Signed-off-by: Nitin Goyal <nigoyal@microsoft.com>
- Loading branch information
Showing
28 changed files
with
1,519 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
api/envoy/extensions/filters/http/bandwidth_limit/v3alpha/BUILD
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| # DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. | ||
|
|
||
| load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") | ||
|
|
||
| licenses(["notice"]) # Apache 2 | ||
|
|
||
| api_proto_package( | ||
| deps = [ | ||
| "//envoy/config/core/v3:pkg", | ||
| "@com_github_cncf_udpa//udpa/annotations:pkg", | ||
| ], | ||
| ) |
70 changes: 70 additions & 0 deletions
70
api/envoy/extensions/filters/http/bandwidth_limit/v3alpha/bandwidth_limit.proto
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,70 @@ | ||
| syntax = "proto3"; | ||
|
|
||
| package envoy.extensions.filters.http.bandwidth_limit.v3alpha; | ||
|
|
||
| import "envoy/config/core/v3/base.proto"; | ||
|
|
||
| import "google/protobuf/duration.proto"; | ||
| import "google/protobuf/wrappers.proto"; | ||
|
|
||
| import "udpa/annotations/status.proto"; | ||
| import "validate/validate.proto"; | ||
|
|
||
| option java_package = "io.envoyproxy.envoy.extensions.filters.http.bandwidth_limit.v3alpha"; | ||
| option java_outer_classname = "BandwidthLimitProto"; | ||
| option java_multiple_files = true; | ||
| option (udpa.annotations.file_status).work_in_progress = true; | ||
| option (udpa.annotations.file_status).package_version_status = ACTIVE; | ||
|
|
||
| // [#protodoc-title: Bandwidth limit] | ||
| // Bandwidth limit :ref:`configuration overview <config_http_filters_bandwidth_limit>`. | ||
| // [#extension: envoy.filters.http.bandwidth_limit] | ||
|
|
||
| // [#next-free-field: 6] | ||
| message BandwidthLimit { | ||
| // Defines the mode for the bandwidth limit filter. | ||
| // Values represent bitmask. | ||
| enum EnableMode { | ||
| // Filter is disabled. | ||
| DISABLED = 0; | ||
|
|
||
| // Filter enabled only for incoming traffic. | ||
| REQUEST = 1; | ||
|
|
||
| // Filter enabled only for outgoing traffic. | ||
| RESPONSE = 2; | ||
|
|
||
| // Filter enabled for both incoming and outgoing traffic. | ||
| REQUEST_AND_RESPONSE = 3; | ||
| } | ||
|
|
||
| // The human readable prefix to use when emitting stats. | ||
| string stat_prefix = 1 [(validate.rules).string = {min_len: 1}]; | ||
|
|
||
| // The enable mode for the bandwidth limit filter. | ||
| // Default is Disabled. | ||
| EnableMode enable_mode = 2 [(validate.rules).enum = {defined_only: true}]; | ||
|
|
||
| // The limit supplied in KiB/s. | ||
| // | ||
| // .. note:: | ||
| // It's fine for the limit to be unset for the global configuration since the bandwidth limit | ||
| // can be applied at a the virtual host or route level. Thus, the limit must be set for the | ||
| // per route configuration otherwise the config will be rejected. | ||
| // | ||
| // .. note:: | ||
| // When using per route configuration, the limit becomes unique to that route. | ||
| // | ||
| google.protobuf.UInt64Value limit_kbps = 3 [(validate.rules).uint64 = {gte: 1}]; | ||
|
|
||
| // Optional Fill interval in milliseconds for the token refills. Defaults to 50ms. | ||
| // It must be at least 20ms to avoid too aggressive refills. | ||
| google.protobuf.Duration fill_interval = 4 [(validate.rules).duration = { | ||
| lte {seconds: 1} | ||
| gte {nanos: 20000000} | ||
| }]; | ||
|
|
||
| // Runtime flag that controls whether the filter is enabled or not. If not specified, defaults | ||
| // to enabled. | ||
| config.core.v3.RuntimeFeatureFlag runtime_enabled = 5; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
65 changes: 65 additions & 0 deletions
65
docs/root/configuration/http/http_filters/_include/bandwidth-limit-filter.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| static_resources: | ||
| listeners: | ||
| - address: | ||
| socket_address: | ||
| address: 0.0.0.0 | ||
| port_value: 8000 | ||
| filter_chains: | ||
| - filters: | ||
| - name: envoy.filters.network.http_connection_manager | ||
| typed_config: | ||
| "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager | ||
| codec_type: AUTO | ||
| stat_prefix: ingress_http | ||
| route_config: | ||
| name: local_route | ||
| virtual_hosts: | ||
| - name: local_service | ||
| domains: ["*"] | ||
| routes: | ||
| - match: { prefix: "/path/with/bandwidth/limit" } | ||
| route: { cluster: service_protected_by_bandwidth_limit } | ||
| typed_per_filter_config: | ||
| envoy.filters.http.bandwidth_limit: | ||
| "@type": type.googleapis.com/envoy.extensions.filters.http.bandwidth_limit.v3alpha.BandwidthLimit | ||
| stat_prefix: bandwidth_limiter_custom_route | ||
| enable_mode: REQUEST_AND_RESPONSE | ||
| limit_kbps: 500 | ||
| fill_interval: 0.1s | ||
| - match: { prefix: "/" } | ||
| route: { cluster: web_service } | ||
| http_filters: | ||
| - name: envoy.filters.http.bandwidth_limit | ||
| typed_config: | ||
| "@type": type.googleapis.com/envoy.extensions.filters.http.bandwidth_limit.v3alpha.BandwidthLimit | ||
| stat_prefix: bandwidth_limiter_default | ||
| - name: envoy.filters.http.router | ||
| typed_config: {} | ||
|
|
||
| clusters: | ||
| - name: service_protected_by_bandwidth_limit | ||
| connect_timeout: 0.25s | ||
| type: STRICT_DNS | ||
| lb_policy: ROUND_ROBIN | ||
| load_assignment: | ||
| cluster_name: service1 | ||
| endpoints: | ||
| - lb_endpoints: | ||
| - endpoint: | ||
| address: | ||
| socket_address: | ||
| address: web_service | ||
| port_value: 9000 | ||
| - name: web_service | ||
| connect_timeout: 0.25s | ||
| type: STRICT_DNS | ||
| lb_policy: ROUND_ROBIN | ||
| load_assignment: | ||
| cluster_name: service1 | ||
| endpoints: | ||
| - lb_endpoints: | ||
| - endpoint: | ||
| address: | ||
| socket_address: | ||
| address: web_service | ||
| port_value: 9000 |
64 changes: 64 additions & 0 deletions
64
docs/root/configuration/http/http_filters/bandwidth_limit_filter.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| .. _config_http_filters_bandwidth_limit: | ||
|
|
||
| Bandwidth limit | ||
| ==================== | ||
|
|
||
| * Bandwidth limiting :ref:`architecture overview <arch_overview_bandwidth_limit>` | ||
| * :ref:`v3 API reference <envoy_v3_api_msg_extensions.filters.http.bandwidth_limit.v3alpha.BandwidthLimit>` | ||
| * This filter should be configured with the name ``envoy.filters.http.bandwidth_limit``. | ||
|
|
||
| The HTTP Bandwidth limit filter limits the size of data flow to the max bandwidth set in the ``limit_kbps`` | ||
| when the request's route, virtual host or filter chain has a | ||
| :ref:`bandwidth limit configuration <envoy_v3_api_msg_extensions.filters.http.bandwidth_limit.v3alpha.BandwidthLimit>`. | ||
|
|
||
| If the bandwidth limit has been exhausted the filter stops further transfer until more bandwidth gets allocated | ||
| according to the ``fill_interval`` (default is 50 milliseconds). If the connection buffer fills up with accumulated | ||
| data then the source of data will have ``readDisable(true)`` set as described in the :repo:`flow control doc<source/docs/flow_control.md>`. | ||
|
|
||
| .. note:: | ||
| The token bucket is shared across all workers, thus the limits are applied per Envoy process. | ||
|
|
||
| Example configuration | ||
| --------------------- | ||
|
|
||
| Example filter configuration for a globally disabled bandwidth limiter but enabled for a specific route: | ||
|
|
||
| .. literalinclude:: _include/bandwidth-limit-filter.yaml | ||
| :language: yaml | ||
| :lines: 11-53 | ||
| :emphasize-lines: 9-25 | ||
| :caption: :download:`bandwidth-limit-filter.yaml <_include/bandwidth-limit-filter.yaml>` | ||
|
|
||
| Note that if this filter is configured as globally disabled and there are no virtual host or route level | ||
| token buckets, no bandwidth limiting will be applied. | ||
|
|
||
| Statistics | ||
| ---------- | ||
|
|
||
| The HTTP bandwidth limit filter outputs statistics in the ``<stat_prefix>.http_bandwidth_limit.`` namespace. | ||
|
|
||
| .. csv-table:: | ||
| :header: Name, Type, Description | ||
| :widths: 1, 1, 2 | ||
|
|
||
| request_enabled, Counter, Total number of request streams for which the bandwidth limiter was consulted | ||
| request_pending, GAUGE, Number of request streams which are currently pending transfer in bandwidth limiter | ||
| request_incoming_size, GAUGE, Size in bytes of incoming request data to bandwidth limiter | ||
| request_allowed_size, GAUGE, Size in bytes of outgoing request data from bandwidth limiter | ||
| request_transfer_duration, HISTOGRAM, Total time (including added delay) it took for the request stream transfer | ||
| response_enabled, Counter, Total number of response streams for which the bandwidth limiter was consulted | ||
| response_pending, GAUGE, Number of response streams which are currently pending transfer in bandwidth limiter | ||
| response_incoming_size, GAUGE, Size in bytes of incoming response data to bandwidth limiter | ||
| response_allowed_size, GAUGE, Size in bytes of outgoing response data from bandwidth limiter | ||
| response_transfer_duration, HISTOGRAM, Total time (including added delay) it took for the response stream transfer | ||
|
|
||
| .. _config_http_filters_bandwidth_limit_runtime: | ||
|
|
||
| Runtime | ||
| ------- | ||
|
|
||
| The HTTP bandwidth limit filter supports the following runtime settings: | ||
|
|
||
| The bandwidth limit filter can be runtime feature flagged via the :ref:`enabled | ||
| <envoy_v3_api_field_extensions.filters.http.bandwidth_limit.v3alpha.BandwidthLimit.runtime_enabled>` | ||
| configuration field. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9 changes: 9 additions & 0 deletions
9
docs/root/intro/arch_overview/other_features/bandwidth_limiting.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| .. _arch_overview_bandwidth_limit: | ||
|
|
||
| Bandwidth limiting | ||
| =================== | ||
|
|
||
| Envoy supports local (non-distributed) bandwidth limiting of HTTP requests and response via the | ||
| :ref:`HTTP bandwidth limit filter <config_http_filters_bandwidth_limit>`. This can be activated | ||
| globally at the listener level or at a more specific level (e.g.: the virtual host or route level). | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
generated_api_shadow/envoy/extensions/filters/http/bandwidth_limit/v3alpha/BUILD
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
70 changes: 70 additions & 0 deletions
70
...ed_api_shadow/envoy/extensions/filters/http/bandwidth_limit/v3alpha/bandwidth_limit.proto
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.