IETF Logo Mail Archive

Re: [httpapi] RateLimit Header client implementations

Alex Martinez <amr@redhat.com> Mon, 04 January 2021 13:48 UTC

Return-Path: <amartine@redhat.com>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12A7D3A0E03 for <httpapi@ietfa.amsl.com>; Mon, 4 Jan 2021 05:48:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.778
X-Spam-Level:
X-Spam-Status: No, score=0.778 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.246, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5uckdOBA-JxZ for <httpapi@ietfa.amsl.com>; Mon, 4 Jan 2021 05:48:57 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 838023A0D7C for <httpapi@ietf.org>; Mon, 4 Jan 2021 05:48:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1609768133; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=cTwC53cudOyss6iZgBQYZMvnY8ACNWnFMZ6Y+e/PMro=; b=GojY3KaE2PPt4E58GZPr4GYj/Al/dAqPC5Qp8ldAq7GidYi81PNkNRVpUyl5NHI8X6g8ri 6xsGf8XV3daOLKsZgNFb34Jd6RN6qrBVfs/cQ9AWOzoAx2HF2BpVdJcGl1VhaYw72zi73e fhym2U7eJ0gYZ0S0da481SxojJlz50s=
Received: from mail-yb1-f200.google.com (mail-yb1-f200.google.com [209.85.219.200]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-342-ks3sB7U0PpS_gLa0hLxxBQ-1; Mon, 04 Jan 2021 08:48:52 -0500
X-MC-Unique: ks3sB7U0PpS_gLa0hLxxBQ-1
Received: by mail-yb1-f200.google.com with SMTP id k7so51740436ybm.13 for <httpapi@ietf.org>; Mon, 04 Jan 2021 05:48:51 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=cTwC53cudOyss6iZgBQYZMvnY8ACNWnFMZ6Y+e/PMro=; b=Ndw0Yqta+TzlWmBEvJFLxdcKaNY92Kqom4VILtyE3jiXJsdQxVOGo+QobFSpfsOl3u I3lHsdh1V/UV/BWSkvWH4PvQYrrQBfQThJSFEufI5ihgJMZooRHcfWSIODATgK/v70eD A33EbP0bt7O5gv0/p68b0QGQVUQ/zXllN8ruQHqZ12mnj/gNNTr9WeX73msd39FuP5h5 vhjKVLfpEoz5O82lQPe1jaf/XEwbr9E75UTiVRdXA/fhpKVjllMehaqxzyr/WI20P7JO qPd6Gy1/3+QMOC3LabASKm94/dj9pjjx632RImhWgVQqK7QSp5zm9rYHCIaibNSXWvzz Cgcg==
X-Gm-Message-State: AOAM5301ukt7oraqi8HlQV4ef+72SiqLe1Sq0575htmojZa02FJEHLMi Zb3zmhJBi5YFAp2ocrPrchG0C35ecbHZVN9jV8HmGQd8klStM//wFINEO4mb4eEpRq1eZRHhPyo N27NyJSFML/H2/W2U6w8yTtz3
X-Received: by 2002:a25:a029:: with SMTP id x38mr69361286ybh.105.1609768130789; Mon, 04 Jan 2021 05:48:50 -0800 (PST)
X-Google-Smtp-Source: ABdhPJz1PJ4uvioq55y0F2edEnQCB2swTzA7n+fborSxJCjZT3l7RYXcRBfsuCAAxPHHRavhtfoeQRbnYuWgZqA4K+4=
X-Received: by 2002:a25:a029:: with SMTP id x38mr69361271ybh.105.1609768130623; Mon, 04 Jan 2021 05:48:50 -0800 (PST)
MIME-Version: 1.0
References: <DM6PR01MB49370264EE9621D603FEAA81A3D70@DM6PR01MB4937.prod.exchangelabs.com>
In-Reply-To: <DM6PR01MB49370264EE9621D603FEAA81A3D70@DM6PR01MB4937.prod.exchangelabs.com>
From: Alex Martinez <amr@redhat.com>
Date: Mon, 04 Jan 2021 13:48:39 +0000
Message-ID: <CALmQWfiw+1DJ20=3A5JYNVziS9zvttEOTNFuEZE2y83AbZSrYQ@mail.gmail.com>
To: Darrel Miller <darrel@tavis.ca>
Cc: "httpapi@ietf.org" <httpapi@ietf.org>, "robipolli@gmail.com" <robipolli@gmail.com>
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=amartine@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: multipart/alternative; boundary="00000000000098cc3005b813594c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/b-xx26eXwFH-sTeeZd0Zwg3vp00>
Subject: Re: [httpapi] RateLimit Header client implementations
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jan 2021 13:49:05 -0000

Hi Darrel,

On Wed, Dec 30, 2020 at 3:17 AM Darrel Miller <darrel@tavis.ca> wrote:

> [...]
>

>
> From what I understand there are a few scenarios where clients can use
> these headers:
>
>
>
>    1. Optimizing polling frequency:  i.e. check quota and window and
>    determine optimum calling interval
>    2. Prioritization between client tasks:  Don’t let low priority tasks
>    starve high priority tasks of quota
>    3. Enable user agents to avoid hitting rate limit due to some kind of
>    punitive behavior.
>
>
>
> Are you aware of other scenarios?  Are there implementations of these
> scenarios?
>

The scenario about "hitting rate limiting" is quite broad in scope. You can
have rate limits apply per API endpoint, per user identity, per connection,
per time of day, per infrastructure resources, or even per service type or
cost, or a combination of them all - which is quite a bit more than just
limiting some misbehavior.

The immediate benefit of these headers to service providers is being able
to signal expectations to clients so they can adapt. Sometimes it is just a
matter of adjusting to some specific rate of resource consumption. Some
other times the only way to adapt is just to stop using a service entirely
for a while or use another endpoint, and that's more useful than just
returning a 403 or 50X without further information, ie. during a
maintenance window you can use the headers to signal that window with 0
quota units and avoid useless traffic.

I can't think of any other specific scenarios and I don't know yet of
generic client implementations targeting specifically these headers. My
hope is that such clients support just enough of these headers to reap the
main benefits, that is, basic rate limiting information enabling some form
of throttling.

Cheers,
  Alex

v2.23.0 | Report a Bug | By Email