WE5.1.3 API Rate limiting experiment (local gateway environment)
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	daniel
	Jul 8 2025, 7:41 AM

Description

Hypothesis: If we create a rate limiting solution for the API gateway using a local development environment based on Kubernetes, we will be able to determine the best option to test with production traffic, by comparing the performance and functionality of at least three different rate limiting services.

Target outcomes

A set of configuration files for the gateway helm chart to allow testing different rate limiting solutions in a local development environment
A clear path for deploying a rate limiting solution for testing with production traffic.
A custom rate limit implementation MVP (“tally”) to evaluate against off-the-shelf solutions.
An evaluation chart comparing at least three different solutions with respect to latency, robustness, and resource consumption

Success criteria

We are able to evaluate rate limiting solutions with some percentage of production traffic
We have identified the desired architecture for rate limit and evaluated possible alternatives
We have gained proficiency in working with Envoy, Kubernetes, gRPC and Golang

Epics

Implement a custom rate limiting service (T398914)
Create a local Minikube environment for setting up a cluster of rate limiters and connecting it to Envoy using an appropriate load balancing strategy. (T398915)
Identify and evaluate different technology choices for rate limiting: envoy rate limit vs limitator vs custom (“tally”); Redis vs KeyDB vs in-memory; stretch: Envoy vs Apisix. (T398917)
Benchmark different solutions using the local Minikube environment (T398918)
Investigate how to deploy solutions to production for testing with real traffic (T398919)
Investigate routing/partitioning strategies (T399088)
Investigate cost-based rate-limiting (T399844)

Details

Other Assignee: hnowlan

Related Objects
Search...

Status	Assigned	Task
Open	None	T399291 Epic: API Rate Limiting Architecture
Resolved	daniel	T398913 WE5.1.3 API Rate limiting experiment (local gateway environment)
Resolved	Atieno	T398914 Implement an experimental rate limiting service (“tally”)
Invalid	Atieno	T399168 Tally: Create RateLimitRequest
Invalid	None	T399169 Tally: Create Custom Datatypes for Tally
Invalid	None	T399170 Tally: Create RateLimitResponse
Resolved	pmiazga	T398915 Minikube environment for experimenting with Envoy rate limiting
Resolved	daniel	T398917 Evaluate different technologies for API rate limiting.
Resolved	daniel	T398918 Benchmark different solutions for API rate limiting
Resolved	daniel	T399582 Implement a debug client for the envoy rls protocol
Resolved	pmiazga	T401572 Evaluate Limitador for rate limiting
Resolved	daniel	T401625 Evaluate envoy's default rate limiter implementation
Resolved	daniel	T399088 Investigate routing/partitioning strategy for API rate limiting
Resolved	daniel	T401661 Determine if we can do load balancing for the rate limiter cluster based on user ID in Envoy
Resolved	daniel	T399844 Investigate feasibility of cost-based rate-limiting with Envoy

Event Timeline

daniel created this task.Jul 8 2025, 7:41 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 8 2025, 7:41 AM

daniel added a project: Epic.Jul 8 2025, 7:42 AM

daniel updated the task description. (Show Details)Jul 8 2025, 7:53 AM

ArielGlenn subscribed.Jul 8 2025, 9:47 AM

daniel added a project: FY2025-26 KR 5.1.Jul 8 2025, 3:41 PM

daniel updated the task description. (Show Details)Jul 8 2025, 3:44 PM

JTweed-WMF renamed this task from Tracking: WE5.1.3 API Gateway local development to WE5.1.3 API Gateway local development.Jul 10 2025, 9:40 AM

JTweed-WMF mentioned this in T398816: WE5.1.3 API Gateway local development.

JTweed-WMF edited projects, added Goal; removed Epic.

Thought from a discussion with @hnowlan and @Joe: if in the long run we need to share counters across data centers, we very likely have to implement our own rate limiter. The reason is that the syncinc would have to be done batched, and just for long term counters. So we'd either need custom logic for the sync, or separate storage (redis) backends for short-term and long-term limits. None of the off-the-shelf solutions support that.

Aklapper merged a task: T398816: WE5.1.3 API Gateway local development.Jul 10 2025, 10:23 AM

Aklapper added a subscriber: Tgr.

gmodena subscribed.Jul 10 2025, 11:08 AM

akosiaris subscribed.Jul 10 2025, 11:26 AM

JTweed-WMF moved this task from Inbox to WE5.1.1 on the FY2025-26 KR 5.1 board.Jul 10 2025, 1:54 PM

daniel renamed this task from WE5.1.3 API Gateway local development to WE5.1.3 API Rate limiting experiment (local gateway environment).Jul 10 2025, 6:55 PM

daniel mentioned this in T399291: Epic: API Rate Limiting Architecture.Jul 11 2025, 10:45 AM

daniel added a parent task: T399291: Epic: API Rate Limiting Architecture.

tchin subscribed.Jul 11 2025, 1:56 PM

JTweed-WMF removed a project: MediaWiki-Platform-Team.Jul 14 2025, 1:31 PM

daniel moved this task from Incoming (Needs Triage) to MWI-Roadmap on the MW-Interfaces-Team board.Jul 16 2025, 2:38 PM

daniel edited projects, added MW-Interfaces-Team (MWI-Roadmap); removed MW-Interfaces-Team.

daniel updated the task description. (Show Details)Jul 17 2025, 1:26 PM

JTweed-WMF moved this task from WE5.1.1 to WE5.1.3 on the FY2025-26 KR 5.1 board.Jul 24 2025, 8:57 AM

daniel closed subtask T399844: Investigate feasibility of cost-based rate-limiting with Envoy as Resolved.Jul 29 2025, 5:18 PM

daniel updated the task description. (Show Details)

daniel reopened subtask T399844: Investigate feasibility of cost-based rate-limiting with Envoy as Open.Aug 28 2025, 11:56 AM

daniel edited projects, added MediaWiki-Platform-Team; removed MW-Interfaces-Team (MWI-Roadmap).Aug 28 2025, 2:15 PM