Rate limiting in OpenStack Object Storage is implemented as a pluggable middleware that you configure on the proxy server. Rate limiting is performed on requests that result in database writes to the account and container SQLite databases. It uses memcached and is dependent on the proxy servers having highly synchronized time. The rate limits are limited by the accuracy of the proxy server clocks.
All configuration is optional. If no account or container limits are provided, no rate limiting occurs. Available configuration options include:
| Configuration option = Default value | Description |
|---|---|
| use = egg:swift#ratelimit | Entry point of paste.deploy in the server |
| set log_name = ratelimit | Label to use when logging |
| set log_facility = LOG_LOCAL0 | Syslog log facility |
| set log_level = INFO | Log level |
| set log_headers = false | If True, log headers in each request |
| set log_address = /dev/log | Location where syslog sends the logs to |
| clock_accuracy = 1000 | Represents how accurate the proxy servers' system clocks are with each other. 1000 means that all the proxies' clock are accurate to each other within 1 millisecond. No ratelimit should be higher than the clock accuracy. |
| max_sleep_time_seconds = 60 | App will immediately return a 498 response if the necessary sleep time ever exceeds the given max_sleep_time_seconds. |
| log_sleep_time_seconds = 0 | To allow visibility into rate limiting set this value > 0 and all sleeps greater than the number will be logged. |
| rate_buffer_seconds = 5 | Number of seconds the rate counter can drop and be allowed to catch up (at a faster than listed rate). A larger number will result in larger spikes in rate but better average accuracy. |
| account_ratelimit = 0 | If set, will limit PUT and DELETE requests to /account_name/container_name. Number is in requests per second. |
| account_whitelist = a,b | Comma separated lists of account names that will not be rate limited. |
| account_blacklist = c,d | Comma separated lists of account names that will not be allowed. Returns a 497 response. r: for containers of size x, limit requests per second to r. Will limit PUT, DELETE, and POST requests to /a/c/o. container_listing_ratelimit_x = r: for containers of size x, limit listing requests per second to r. Will limit GET requests to /a/c. |
| with container_limit_x = r | No help text available for this option. |
| container_ratelimit_0 = 100 | No help text available for this option. |
| container_ratelimit_10 = 50 | No help text available for this option. |
| container_ratelimit_50 = 20 | No help text available for this option. |
| container_listing_ratelimit_0 = 100 | No help text available for this option. |
| container_listing_ratelimit_10 = 50 | No help text available for this option. |
| container_listing_ratelimit_50 = 20 | No help text available for this option. |
The container rate limits are linearly interpolated from the values given. A sample container rate limiting could be:
container_ratelimit_100 = 100
container_ratelimit_200 = 50
container_ratelimit_500 = 20
This would result in:
| Container Size | Rate Limit |
| 0-99 | No limiting |
| 100 | 100 |
| 150 | 75 |
| 500 | 20 |
| 1000 | 20 |
