33 lines
2.9 KiB
Plaintext
33 lines
2.9 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Limit Traffic Rates Overview
|
|
description: Rate limiting is a set of Consul server agent configurations that you can use to mitigate the risks to Consul servers when clients send excessive requests to Consul resources.
|
|
|
|
---
|
|
|
|
# Traffic rate limiting overview
|
|
|
|
This topic provides an overview of the rates limits you can configure for Consul servers.
|
|
|
|
## Introduction
|
|
You can configure global RPC rate limits to mitigate the risks to Consul servers when clients send excessive read or write requests to Consul resources. A _read request_ is defined as any request that does not modify Consul internal state. A _write request_ is defined as any request that modifies Consul internal state. Rate limits for read and write requests are configured separately.
|
|
|
|
## Rate limit modes
|
|
|
|
You can set one of the following modes to determine how Consul servers react when exceeding request limits.
|
|
|
|
- **Enforcing mode**: The rate limiter denies requests to a server once they exceed the configured rate. In this mode, Consul generates metrics and logs to help you understand your network's load and configure limits accordingly.
|
|
- **Permissive mode**: The rate limiter allows requests to a server once they exceed the configured rate. In this mode, Consul generates metrics and logs to help you understand your Consul load and configure limits accordingly. Use this mode to help you debug specific issues as you configure limits.
|
|
- **Disabled mode**: Disables the rate limiter. This mode allows all requests Consul does not generate logs or metrics. This is the default mode.
|
|
|
|
Refer to [`rate_limits`](/consul/docs/agent/config/config-files#request_limits) for additional configuration information.
|
|
|
|
## Request denials
|
|
|
|
When an HTTP request is denied for rate limiting reason, Consul returns one of the following errors:
|
|
|
|
- **429 Resource Exhausted**: Indicates that a server is not able to perform the request but that another server could potentially fulfill it. This error is most common on stale reads because any server may fulfill stale read requests. To resolve this type of error, we recommend immediately retrying the request to another server. If the request came from a Consul client agent, the agent automatically retries the request up to the limit set in the [`rpc_hold_timeout`](/consul/docs/agent/config/config-files#rpc_hold_timeout) configuration .
|
|
|
|
- **503 Service Unavailable**: Indicates that server is unable to perform the request and that no other server can fulfill the request, either. This usually occurs on consistent reads or for writes. In this case we recommend retrying according to an exponential backoff schedule. If the request came from a Consul client agent, the agent automatically retries the request according to the [`rpc_hold_timeout`](/consul/docs/agent/config/config-files#rpc_hold_timeout) configuration.
|
|
|
|
Refer to [Rate limit reached on the server](/consul/docs/troubleshoot/common-errors#rate-limit-reached-on-the-server) for additional information. |