Page MenuHomePhabricator
Create Task
Maniphest T398919

Epic: API rate limiting dry run (WE5.1.3b)
Open, MediumPublic
Actions

Description

Based on the minikube setup (T398915), create a set of Helm templates for configurations that will allow us to deploy the candidate solutions identified by T398917 in the production environment, to collect stats (dry run) based on real life traffic.

The goal is to evaluate the selected technolgoes as well as to determine baselines for future rate limiting rules.

Properties to be observed:

  • added latency
  • does it even work
  • cpu load (gatewy, limiter, storage)
  • memory consumption (gatewy, limiter, storage)
  • service discovery and recovery (in particular, envoy getting new IPs for nodes in a StatefulSet after they restart).

Note: Ideally we would test with (some percentage of) real traffic, in dry run mode. But asa first step it would already be useful to test with generated or recorded traffic on a separate, internal instance of the api gateway (backed by the real app server or a dummy, tbd).

Note: For the evaluation, it would be sufficient to determin the user name or ID based on a coookie, even if that is not truested. We also only need to test two tiers of users: anon (with IP address as identity) and logged in (with the ID from the cookie). We can add suppotr for JWT later.

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT399291 Epic: API Rate Limiting Architecture
 OpenNoneT412585 Epic: Enforce API rate limits (WE5.1.3c)
 OpendanielT398919 Epic: API rate limiting dry run (WE5.1.3b)
 DeclinedClement_GoubertT402914 Set up a rest-gateway deployment for rate limiting testing
 ResolveddanielT405544 Add support for rate limiting rest gateway routes to api-gateway helm chart
 ResolveddanielT405636 api-gateway helm chart: rest routes should return retry-after when a rate limit applies.
 ResolveddanielT405578 api-gateway helm chart: use JWT to determine rate limit for rest routes
 ResolvedpmiazgaT406624 Create a mediawiki maintenance script for generating JWT tokens
 ResolvedhnowlanT416205 Deploy Production JWT key on staging cluster
 ResolveddanielT408128 api-gateway chart: make cookie name configurable for testing
 ResolveddanielT406498 Test api rate limiting on production cluster
 ResolvedClement_GoubertT406490 Test api rate limiting on staging cluster
 ResolveddanielT405574 api-gateway helm chart: add ability to test rate limiting for rest-gateway routes
 ResolvedpmiazgaT408839 api-gateway chart: make emission of x-ratelimit headers configurable
 ResolveddanielT408183 api-gateway chart: metrics mapping for rerst-gateway
 ResolvedpmiazgaT409155 For better readability rename `fallback_policy` and `x-wmf-user-class`
 ResolveddanielT407999 api rate limiting: Create a helper service for exposing per-user (per-bucket) metrics
 ResolvedbrennenT409821 Move redioscope repo under mediawiki/services
 ResolveddanielT410559 Publish redioscope image to wmf registry for deployment on the aux cluster
 ResolvedClement_GoubertT413999 Create namespace and support files for redioscope
 ResolveddanielT409044 api-gateway chart: add support for per-route rate limit policy overrides
 ResolveddanielT409543 rest-gateway: define a catch-all rate limit
 DeclinedNoneT410143 Exempt network-local traffic from API rate limiting
 OpenNoneT410198 Determine the source of internal requests going through the API gateway.
 ResolvedJgiannelosT411769 Migrate wikifeeds backend calls away from rest-gateway
 StalledNoneT411771 Migrate PageViewInfo calls away from rest-gateway
 InvalidNoneT411770 Migrate GrowthExperiments away from rest-gateway
 ResolveddanielT410379 Support setting rate limits based on x-trusted-request headers coming from the edge.
 ResolveddanielT410658 rest gateway: for unauthenticated requests from wmcs, use the User_agent header as the rate limit key
 ResolveddanielT411250 rest gateway: Record x-trusted-request and x-provenance headers in access logs
 OpenSLyngshede-WMFT411503 x-provenance header: identify WMCS
 ResolvedtaaviT411590 Publish machine-readable version of Cloud VPS IP space
 ResolvedtaaviT411610 Publish machine-readable information for Toolforge worker IPs
 ResolvedNoneT412520 Ensure requests originating from InstantCommons on third party wikis doesn't get rate limited too much
 ResolvedClement_GoubertT413876 Switch ratelimit backend redis to instance 6380
 ResolvedClement_GoubertT414333 Use external_services for redis network policies

Event Timeline

daniel created this task.Jul 8 2025, 8:20 AM
daniel added parent tasks: T398915: Minikube environment for experimenting with Envoy rate limiting, T398917: Evaluate different technologies for API rate limiting..
daniel added a project: FY2025-26 KR 5.1.Jul 8 2025, 3:43 PM
daniel mentioned this in T398913: WE5.1.3 API Rate limiting experiment (local gateway environment).
JTweed-WMF moved this task from Inbox to WE5.1.1 on the FY2025-26 KR 5.1 board.Jul 10 2025, 1:54 PM
JTweed-WMF moved this task from Inbox, needs triage to Needs refinement on the MediaWiki-Platform-Team board.Jul 14 2025, 1:30 PM
daniel triaged this task as Medium priority.Jul 16 2025, 2:33 PM
daniel moved this task from Incoming (Needs Triage) to Backlog on the MW-Interfaces-Team board.
daniel moved this task from Backlog to MWI-Roadmap on the MW-Interfaces-Team board.Jul 16 2025, 2:36 PM
daniel edited projects, added MW-Interfaces-Team (MWI-Roadmap); removed MW-Interfaces-Team.
JTweed-WMF moved this task from WE5.1.1 to WE5.1.3 on the FY2025-26 KR 5.1 board.Jul 24 2025, 8:57 AM
daniel updated the task description. (Show Details)Aug 8 2025, 4:41 PM

I played with envoy locally a bit: Here is a configuration that demonstrates how to detect the user's ID from a cookie, and use it to drive rate limiting: P80982.

The config also demponstrates how to do cost based rate limiting based on the time it takes the upstream server to respond.

daniel removed projects: MW-Interfaces-Team (MWI-Roadmap), FY2025-26 KR 5.1, Epic, OKR-Work.Aug 25 2025, 2:18 PM
daniel added a subscriber: Clement_Goubert.EditedAug 26 2025, 2:38 PM

Note to self: @Clement_Goubert said in our meeting today that we should probably start testing with a separate instance of the REST Gateway and send synthetic or recorded traffic to it. See T402914: Set up a rest-gateway deployment for rate limiting testing

daniel renamed this task from Determine how to test API rate limiting with real traffic to Test API rate limiting in a production environment.Aug 27 2025, 2:16 PM
daniel updated the task description. (Show Details)
HCoplin-WMF added subscribers: SLong-WMF, HCoplin-WMF.Aug 27 2025, 6:24 PM

Just jotting down some notes based on the conversation @daniel and me had earlier today :)

Specific areas of focus for testing:

  • Want to observe how much traffic would be rejected (without rejecting it)
  • Test spin up/spin down processes
  • Determine how many instances should be created
    • Memory consumption & CPU load relative to traffic

General order of dependencies:

  • Biggest blocker is currently the Envoy version upgrade. Production currently runs on v1.23, with work in progress to upgrade to 1.26. To effectively test this work, we require a minimum of v1.33 (with 1.35 desired).
  • Soft block/limitation based on rerouting the existing APIs through the new Gateway. Rerouting will allow us to measure and monitor real traffic.

Need more clarity on:

  • What we want to measure or observe for auth. What level of granularity is expected?
    • Should we compare anonymous vs logged in? Wait for JWT?

Finally, just wanted to update with what our timeline looks like for rerouting the endpoints through the common gateway, so y'all have it:

  • Today/tomorrow: Dial test2wiki.wikimedia.org up to 100% of traffic going through new gateway.
  • Now through Sept 8: Define and review detailed test plan, perhaps with some preliminary or exploratory manual testing (https://phabricator.wikimedia.org/T400152)
  • Sept 9-23: Internal testing
  • Sept 23- Oct 3: Community testing -- During this period, we will dial traffic through the gateway up to 100% for test wiki, so that the community can execute calls and let us know if anything seems wonky.
  • Week of Oct 6: General rollout across wikis

Also, if y'all haven't already, you might want to talk to @SLong-WMF on the Quality Services team. Their input and guidance is really helpful. We are working very closely with them to help us create a good test plan, and they might be able to help you too!

daniel moved this task from Needs refinement to Next (DO NOT USE) on the MediaWiki-Platform-Team board.Aug 28 2025, 2:17 PM
daniel added a project: OKR-Work.Aug 28 2025, 2:25 PM
Clement_Goubert changed the status of subtask T402914: Set up a rest-gateway deployment for rate limiting testing from Open to In Progress.Sep 10 2025, 10:18 AM
daniel edited parent tasks, added: T399291: Epic: API Rate Limiting Architecture; removed: T398917: Evaluate different technologies for API rate limiting., T398915: Minikube environment for experimenting with Envoy rate limiting, T398913: WE5.1.3 API Rate limiting experiment (local gateway environment).Sep 23 2025, 12:58 PM
daniel added a subtask: T405578: api-gateway helm chart: use JWT to determine rate limit for rest routes.Oct 6 2025, 2:42 PM
daniel removed a subtask: T405578: api-gateway helm chart: use JWT to determine rate limit for rest routes.
daniel added a subtask: T406490: Test api rate limiting on staging cluster.
daniel changed the status of subtask T407999: api rate limiting: Create a helper service for exposing per-user (per-bucket) metrics from Open to In Progress.Oct 30 2025, 5:03 PM
daniel closed subtask T406490: Test api rate limiting on staging cluster as Resolved.Oct 30 2025, 5:36 PM
daniel closed subtask T402914: Set up a rest-gateway deployment for rate limiting testing as Declined.Oct 30 2025, 5:41 PM
daniel closed subtask T405544: Add support for rate limiting rest gateway routes to api-gateway helm chart as Resolved.Oct 30 2025, 5:45 PM
daniel claimed this task.Nov 3 2025, 9:47 AM
daniel added a project: Epic.
daniel renamed this task from Test API rate limiting in a production environment to Epic: Test API rate limiting in a production environment (WE5.1.3b).Nov 4 2025, 10:28 AM
Clement_Goubert changed the status of subtask T408183: api-gateway chart: metrics mapping for rerst-gateway from Open to In Progress.Nov 5 2025, 4:58 PM
daniel renamed this task from Epic: Test API rate limiting in a production environment (WE5.1.3b) to Epic: API rate limiting dry run (WE5.1.3b).Nov 6 2025, 8:58 AM
daniel closed subtask T408183: api-gateway chart: metrics mapping for rerst-gateway as Resolved.
daniel changed the status of subtask T409044: api-gateway chart: add support for per-route rate limit policy overrides from Open to Stalled.Nov 7 2025, 11:42 AM
daniel changed the status of subtask T409543: rest-gateway: define a catch-all rate limit from Open to In Progress.Nov 7 2025, 12:00 PM
daniel closed subtask T409543: rest-gateway: define a catch-all rate limit as Resolved.Nov 11 2025, 2:01 PM
daniel closed subtask T406498: Test api rate limiting on production cluster as Resolved.Nov 12 2025, 12:02 PM
daniel closed subtask T410143: Exempt network-local traffic from API rate limiting as Declined.Nov 17 2025, 1:58 PM
daniel created subtask T410658: rest gateway: for unauthenticated requests from wmcs, use the User_agent header as the rate limit key.Nov 20 2025, 4:12 PM
daniel changed the status of subtask T409044: api-gateway chart: add support for per-route rate limit policy overrides from Stalled to In Progress.Nov 20 2025, 8:56 PM
OWresch-WMF edited projects, added MediaWiki-Platform-Team (Q3 Kanban Board); removed MediaWiki-Platform-Team.Nov 21 2025, 11:39 AM
daniel closed subtask T409044: api-gateway chart: add support for per-route rate limit policy overrides as Resolved.Nov 25 2025, 6:02 PM
daniel created subtask T411250: rest gateway: Record x-trusted-request and x-provenance headers in access logs.Nov 28 2025, 11:38 AM
daniel added a subtask: T411503: x-provenance header: identify WMCS.Dec 2 2025, 2:48 PM
daniel closed subtask T410379: Support setting rate limits based on x-trusted-request headers coming from the edge. as Resolved.Dec 4 2025, 1:36 PM
daniel closed subtask T411250: rest gateway: Record x-trusted-request and x-provenance headers in access logs as Resolved.Dec 12 2025, 1:05 PM
daniel created subtask T412520: Ensure requests originating from InstantCommons on third party wikis doesn't get rate limited too much.Dec 12 2025, 1:11 PM
daniel mentioned this in T412585: Epic: Enforce API rate limits (WE5.1.3c).Dec 13 2025, 12:15 PM
daniel added a parent task: T412585: Epic: Enforce API rate limits (WE5.1.3c).
daniel closed subtask T410658: rest gateway: for unauthenticated requests from wmcs, use the User_agent header as the rate limit key as Resolved.
Clement_Goubert created subtask T413876: Switch ratelimit backend redis to instance 6380.Jan 6 2026, 12:53 PM
Clement_Goubert changed the status of subtask T413876: Switch ratelimit backend redis to instance 6380 from Open to In Progress.
Clement_Goubert closed subtask T413876: Switch ratelimit backend redis to instance 6380 as Resolved.Jan 7 2026, 4:43 PM
Clement_Goubert created subtask T414333: Use external_services for redis network policies.Jan 12 2026, 12:34 PM
Clement_Goubert changed the status of subtask T414333: Use external_services for redis network policies from Open to In Progress.
JTweed-WMF moved this task from Essential Work to OKR Work on the MediaWiki-Platform-Team (Q3 Kanban Board) board.Jan 13 2026, 11:14 AM
daniel closed subtask T407999: api rate limiting: Create a helper service for exposing per-user (per-bucket) metrics as Resolved.Jan 22 2026, 8:44 PM
OWresch-WMF moved this task from OKR Work to In Progress on the MediaWiki-Platform-Team (Q3 Kanban Board) board.Feb 2 2026, 3:34 PM
OWresch-WMF moved this task from In Progress to Epic in Progress on the MediaWiki-Platform-Team (Q3 Kanban Board) board.Feb 12 2026, 3:31 PM
Clement_Goubert closed subtask T414333: Use external_services for redis network policies as Resolved.Feb 23 2026, 12:08 PM
matmarex closed subtask T412520: Ensure requests originating from InstantCommons on third party wikis doesn't get rate limited too much as Resolved.Wed, Apr 1, 7:14 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits