Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add enterprise notes for IP-based rate limits #17711

Merged
merged 4 commits into from
Jun 13, 2023
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion website/content/docs/agent/limits/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ You can set global limits on the rate of read and write requests that affect ind

1. Monitor the metrics and logs and readjust the initial configurations as necessary. Refer to [Monitor rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limit-data)

1. Define your final operational limits based on your observations. If you are defining global rate limits, refer to [Set global traffic rate limits](/consul/docs/agent/limits/usage/set-global-rate-limits) for additional information. For information about setting limits based on source IP, refer to [Limit traffic rates for a source IP](/consul/docs/agent/limits/usage/set-source-ip-rate-limits).
1. Define your final operational limits based on your observations. If you are defining global rate limits, refer to [Set global traffic rate limits](/consul/docs/agent/limits/usage/set-global-rate-limits) for additional information. For information about setting limits per source IP address, refer to [Limit traffic rates for a source IP](/consul/docs/agent/limits/usage/set-source-ip-rate-limits). Note that setting limits per source IP requires Consul Enterprise.

### Order of operations

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@ description: Learn how to set read and request rate limits on RPC and gRPC traff

This topic describes how to configure RPC and gRPC traffic rate limits for source IP addresses. This enables you to specify a budget for read and write requests to prevent any single source IP from overwhelming the Consul server and negatively affecting the network. For information about setting global traffic rate limits, refer to [Set a global limit on traffic rates](/consul/docs/agent/limits/usage/set-glogal-traffic-rate-limits). For an overview of Consul's server rate limiting capabilities, refer to [Limit traffic rates overview](/consul/docs/agent/limits/overview).

<EnterpriseAlert>

This feature requires Consul Enterprise. Refer to the [feature compatibility matrix](/consul/docs/v1.16.x/enterprise#consul-enterprise-feature-availability) for additional information.
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved

</EnterpriseAlert>

## Overview

You can set limits on the rate of read and write requests from source IP addresses to specific resources, which mitigates the risks to Consul servers when consul clients send excessive requests to a specific resource type. Before configuring traffic rate limits, you should complete the initialization process to understand normal traffic loads in your network. Refer to [Initialize rate limit settings](/consul/docs/agent/limits/init-rate-limits) for additional information.
Expand All @@ -22,7 +28,7 @@ You should also monitor read and write rate activity and make any necessary adju

## Define rate limits

Create a control plane request limit configuration entry in the `default` partition. The configuration entry applies to all client requests targeting any partition. Refer to the [control plane request limit configuration entry](/consul/docs/connect/config-entries/control-plan-request-limit) reference documentation for details about the available configuration parameters.
Create a control plane request limit configuration entry in the `default` partition. The configuration entry applies to all client requests targeting any partition. Refer to the [control plane request limit configuration entry](/consul/docs/connect/config-entries/control-plane-request-limit) reference documentation for details about the available configuration parameters.

Specify the following parameters:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@ description: Learn how to configure the control-plane-request-limit configurati

This topic describes the configuration options for the `control-plane-request-limit` configuration entry. You can only write the `control-plane-request-limit` configuration entry to the `default` partition, but the configuration entry applies to all client requests that target any partition.

<EnterpriseAlert>

This feature requires Consul Enterprise. Refer to the [feature compatibility matrix](/consul/docs/v1.16.x/enterprise#consul-enterprise-feature-availability) for additional information.
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved

</EnterpriseAlert>

## Configuration model

The following list outlines field hierarchy, language-specific data types, and requirements in a control plane request limit configuration entry. Click on a property name to view additional details, including default values.
Expand Down
5 changes: 5 additions & 0 deletions website/content/docs/enterprise/index.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,8 @@ Available Enterprise features per Consul form and license include:
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | Not applicable | Yes | With Global Visibility, Routing, and Scale module |
| [Sameness Groups](/consul/docs/connect/config-entries/samenes-group) | No | Yes | N/A |
| [Sentinel for KV](/consul/docs/enterprise/sentinel) | All tiers | Yes | With Governance and Policy module |
| [Server request rate limits per source IP](/consul/docs/v1.16.x/agent/limits/usage/limit-request-rates-from-ips) | All tiers | Yes | With Governance and Policy module |
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved


[HashiCorp Cloud Platform (HCP) Consul]: https://cloud.hashicorp.com/products/consul
[Consul Enterprise]: https://www.hashicorp.com/products/consul/
Expand All @@ -112,6 +114,7 @@ Consul Enterprise feature availability can change depending on your server and c
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | &#9989; | &#9989; | &#9989; |
| [Sameness Groups](/consul/docs/connect/config-entries/samenes-group) | &#9989; | &#9989; | &#9989; |
| [Sentinel ](/consul/docs/enterprise/sentinel) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/v1.16.x/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved

</Tab>

Expand All @@ -131,6 +134,7 @@ Consul Enterprise feature availability can change depending on your server and c
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | &#10060; | &#10060; | &#10060; |
| [Sameness Groups](/consul/docs/connect/config-entries/samenes-group) | &#9989; | &#9989; | &#9989; |
| [Sentinel ](/consul/docs/enterprise/sentinel) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/v1.16.x/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved

</Tab>

Expand All @@ -150,6 +154,7 @@ Consul Enterprise feature availability can change depending on your server and c
| [Redundancy Zones](/consul/docs/enterprise/redundancy) | n/a | n/a | n/a |
| [Sameness Groups](/consul/docs/connect/config-entries/samenes-group) | &#9989; | &#9989; | &#9989; |
| [Sentinel ](/consul/docs/enterprise/sentinel) | &#9989; | &#9989; | &#9989; |
| [Server request rate limits per source IP](/consul/docs/v1.16.x/agent/limits/usage/limit-request-rates-from-ips) | &#9989; | &#9989; | &#9989; |
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved

</Tab>
</Tabs>
2 changes: 1 addition & 1 deletion website/content/docs/release-notes/consul/v1_16_x.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ We are pleased to announce the following Consul updates.
- [Route traffic to virtual services](/consul/docs/k8s/l7-traffic/route-to-virtual-services)
- [Configure failover services](/consul/docs/k8s/l7-traffic/failover-tproxy).

- **Granular server-side rate limits:** You can now set limits per source IP address. The following steps describe the general process for setting global read and write rate limits:
- **Granular server-side rate limits:** You can now set limits per source IP address in Consul Enterprise. The following steps describe the general process for setting global read and write rate limits:
trujillo-adam marked this conversation as resolved.
Show resolved Hide resolved

1. Set arbitrary limits to begin understanding the upper boundary of RPC and gRPC loads in your network. Refer to [Initialize rate limit settings](/consul/docs/agent/limits/usage/init-rate-limits) for additional information.
1. Monitor the metrics and logs and readjust the initial configurations as necessary. Refer to [Monitor rate limit data](/consul/docs/agent/limits/usage/monitor-rate-limits)
Expand Down