RateLimit headers: Azure and Kong implementation landed. Request for feedback on Intermediaries and Cache

Roberto Polli <robipolli@gmail.com> Thu, 13 February 2020 09:54 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CAB61200D8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 13 Feb 2020 01:54:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.75
X-Spam-Level:
X-Spam-Status: No, score=-2.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r2WaksgI5VRb for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 13 Feb 2020 01:54:09 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF29A1200D5 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 13 Feb 2020 01:54:09 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1j2B83-000586-IH for ietf-http-wg-dist@listhub.w3.org; Thu, 13 Feb 2020 09:49:51 +0000
Resent-Date: Thu, 13 Feb 2020 09:49:51 +0000
Resent-Message-Id: <E1j2B83-000586-IH@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <robipolli@gmail.com>) id 1j2B7w-00057T-M2 for ietf-http-wg@listhub.w3.org; Thu, 13 Feb 2020 09:49:44 +0000
Received: from mail-io1-xd2c.google.com ([2607:f8b0:4864:20::d2c]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <robipolli@gmail.com>) id 1j2B7t-0000E5-27 for ietf-http-wg@w3.org; Thu, 13 Feb 2020 09:49:44 +0000
Received: by mail-io1-xd2c.google.com with SMTP id z1so5168590iom.9 for <ietf-http-wg@w3.org>; Thu, 13 Feb 2020 01:49:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=SWCOfnxU33TzQvbCLkwhsyaSRFxV7S0blu0EygGqqUo=; b=nYhosxHADOyLsXsW3JaN/VBbSbPq754ydLoBLLvA/YR1+5c6WW7cDidlXxkfElI8cc L6lzWEdeeUSrB85BZVJqOO8hRhwDtzdy07eEWyVf59i2zPNd36P0HrNeHiY42cWqDJUG k1eQ0GAbtR3Mewr4WpkS1GK7sOv75lVqwxIRj9IHd28SkYlqDu9a4sjGr+4Ro7YsX6oH 6oiIyxca/I9jN7sfAMbqZJr47KQJ+wFFCJ6P0TdEpnyD5ghXumAf5BKNl+Ew2C2yYGqd BDZmskeAeFrqhZQrJu8zvUyjwLKJFF5hmpuH0RuaDZDpYAlVH6rjQ2M0lBj0xk8Fn+f0 EcLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=SWCOfnxU33TzQvbCLkwhsyaSRFxV7S0blu0EygGqqUo=; b=WNbnH6Cq/xPGYn+Bvufuyyd6NbOHTinqqe5bp/lGYuTVTARjj9qIiM4gjm+v+wx0Vk LdOSspzalqxRsRzuKzEv7Bj2oyr+MNuoTVVGQ4TQeu5ttWCntkcW64Q3AGaH62kInEeA zRgMrufH0CPSt6G+uK+ji3Ckx7PTH2q3QuVNFxqION2cViNk3j+8D9AFXDaGJYIHsPUi /wODuyViJFtWkhQ8cQOkLbWsz5todW4br2Zp8DKAhZoRHylvGzTXs8KRqFon/I0IEwko qpDZFw5MgSYG40D44B9Jb0SnyfVOhbL/4OkmsGPnZbbP3fo6mfjLrGFgzLxouUe1LYEP 6UgQ==
X-Gm-Message-State: APjAAAXgjeDi4vM8He5k5qpnWnz0nMhiokUkKQ8xUU4XLVMegoFd/UE6 a2FnT00nhyoPvMkXSfSZsxE7GW/OplvejqY5ksZ50AcZ1+w=
X-Google-Smtp-Source: APXvYqxFYAiWGC3VmjE+1NUy9cCizDWHdQeqIKA/GyR+yw0Ai9dEixW2Gy8+eXEp7yJXo0nkRcoOIrGL9+HpyYzTWEY=
X-Received: by 2002:a5d:9509:: with SMTP id d9mr20048517iom.127.1581587369072; Thu, 13 Feb 2020 01:49:29 -0800 (PST)
MIME-Version: 1.0
From: Roberto Polli <robipolli@gmail.com>
Date: Thu, 13 Feb 2020 10:49:18 +0100
Message-ID: <CAP9qbHVOGx3JxKVT7-3VjO+bZAdQ1aCSgnBbugs1q-_Dc=LT=w@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Cc: Alex Martinez <amartine@redhat.com>
Content-Type: multipart/alternative; boundary="000000000000509dbb059e720172"
Received-SPF: pass client-ip=2607:f8b0:4864:20::d2c; envelope-from=robipolli@gmail.com; helo=mail-io1-xd2c.google.com
X-W3C-Hub-Spam-Status: No, score=-5.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1j2B7t-0000E5-27 8742d50884ada42130c9caeed7b295ef
X-Original-To: ietf-http-wg@w3.org
Subject: RateLimit headers: Azure and Kong implementation landed. Request for feedback on Intermediaries and Cache
Archived-At: <https://www.w3.org/mid/CAP9qbHVOGx3JxKVT7-3VjO+bZAdQ1aCSgnBbugs1q-_Dc=LT=w@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37353
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Dear all,

me, Alex and the community are continuing
our work on ratelimit headers.

Here you can find the updates, your feedback
is precious to move on with the spec :)

## Implementors
Following the advices coming from IETF-106
we got more support from API Gateway implementors:

- Azure API Gateway added some features to
  expose ratelimit counters, so you can use them
  to implement this specification [1]
- Kong 2.0.0 implemented the specification and
  supports now providing the mandatory part
  of the headers [2]
- Express-Gateway, a nodejs gateway with more than 2k stars on github
  is working on that. You can test it using this docker image [3]

## Intermediaries and Caching
We have a PR [4] on Intermediaries and Caching,
and got some useful feedback from Martin and Erik (thanks!).
Further feedbacks are really appreciated, especially on Caching!

## Scope
After Roy's comment, I made a proposal for addressing
the scope issue in a way that is consistent with Retry-After [5].
If that won't work, we could address that only in ratelimit spec
passing the scope as an header parameter [6].

Thanks for all your guidance
and support,
R.





[1]:
https://azure.microsoft.com/en-ca/updates/azure-api-management-update-january-2020/
[2]: https://github.com/Kong/kong/pull/5335
[3]: https://github.com/ioggstream/docker-express-gateway-ratelimit
[4]: https://github.com/ioggstream/draft-polli-ratelimit-headers/pull/76
[5]: https://github.com/httpwg/http-core/pull/317#issuecomment-585634120
[6]:
https://github.com/ioggstream/draft-polli-ratelimit-headers/pull/79/files