Simple rate limiting for agent rpc calls.

[wojtkiewicz]

Hi,
This PR is related to OOM outage that we encountered on our production.
Details can be found here: https://groups.google.com/forum/#!topic/consul-tool/YYnhFeC1qi4

After some discussion we got feedback from @slackpad that you are interested in some basic form of rate limiting for consul agents to prevent abusive clients from causing the cluster to become unstable.

In this PR only agents with client mode are limited. Rate limiting for simplicity covers all rpc calls regardless if came from dns, http or sync.

Rate limiting is based on https://godoc.org/golang.org/x/time/rate.

Configured by RPCRate and RPCMaxBurst. We recommend these values not to be lower than expected number of services registered locally on a single consul agent. By default RPCRate is set to infinite and RPCMaxBurst is ignored.

There is also two new metrics added:

• consul.client.rpc.rate: rate of rpc calls before rate limiting, can be used with a threshold to trigger monitoring events when agent is getting closer to its limit
• consul.client.rpc.exceeded.rate: how often client is rate limited, good candidate to trigger monitoring events that agent is actually rate limited

Sample configuration:
{"rpc_rate": 100, "rpc_max_burst": 100}

[wojtkiewicz]

Builds were failing for last two weeks on master. Doesn't seem to be related to anything I changed.

[wojtkiewicz]

@slackpad could you tell me if basic premise of this PR is good?

I can keep this PR up to date with master but so far I got no feedback which worries me a little bit.

[slackpad]

Hi @wojtkiewicz sorry for the delay! Yes this looks like a useful feature. Can you do a rebase and we can work on reviewing this and getting it merged?

[wojtkiewicz]

@slackpad rebased

[slackpad]

Thanks for your work on this @wojtkiewicz - this will land in 0.9.3!

[wojtkiewicz]

awesome!