Page MenuHomePhabricator
Create Task
Maniphest T410143

Exempt network-local traffic from API rate limiting
Closed, DeclinedPublic
Actions

Description

Ideally, traffic within our network would not go through the API gateway.
However, as long as it does, it should be excempt from limits (or have very permissive limits).

In particular, in codfw we are seeing a lot of traffic from 172.16.x.x and from 10.192.x.x (upwards of 100 req/sec). Eqiad probably sees similar traffic.

To avoid blocking internal traffic, we should identify such requests using a regex (in theory, network masks would be better, but hard to implement in Envoy), and assign the "no-limit" class to them for now. That would disable rate limiting for them completely. They would even vanish from the ratelimiter metrics, because the ratelimit service would not be called for them.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
rest gateway: do not rate limit internal trafficoperations/deployment-chartsmaster+11 -13
Customize query in gerrit

Related Objects
Search...

Event Timeline

daniel created this task.Nov 14 2025, 2:43 PM
daniel mentioned this in T410273: api rate limiting: Assign ratelimit class based on IP range.Nov 17 2025, 1:53 PM
daniel closed this task as Declined.Nov 17 2025, 1:58 PM

Let's do T410273: api rate limiting: Assign ratelimit class based on IP range instead.

Krinkle renamed this task from Excempt network-local traffic from API rate limiting to Exempt network-local traffic from API rate limiting.Nov 25 2025, 11:54 AM
gerritbot added a comment.Dec 1 2025, 3:26 PM

Change #1213504 had a related patch set uploaded (by Daniel Kinzler; author: Daniel Kinzler):

[operations/deployment-charts@master] rest gateway: do not rate limit internal traffic

https://gerrit.wikimedia.org/r/1213504

gerritbot added a project: Patch-For-Review.Dec 1 2025, 3:26 PM
gerritbot added a comment.Dec 2 2025, 11:34 AM

Change #1213504 merged by jenkins-bot:

[operations/deployment-charts@master] rest gateway: do not rate limit internal traffic

https://gerrit.wikimedia.org/r/1213504

Maintenance_bot removed a project: Patch-For-Review.Dec 2 2025, 12:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits