nginx: how limit_req_zone zone gets cleared?

StackOverflow https://stackoverflow.com/questions/21169843

  •  28-09-2022
  •  | 
  •  

Question

According to nginx documentation on limit_req_zone

One megabyte zone can keep about 16 thousand 64-byte states. If the zone storage is exhausted, the server will return the 503 (Service Temporarily Unavailable) error to all further requests.

I wonder in what way these zones get cleared? For example if we have smth like

limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;

and the number of unique users per a day exceeds 16000 - does it mean that the zone will get overflown and other users will start getting 503 error for the set up location? Or is there a time frame of user's inactivity after which the-user-related-zone-memory will be cleaned?

My main concern here is to set an optimal zone size without a risk of getting it exhausted in case of high-load.

Was it helpful?

Solution

It should be checked, but as I understood lifetime of the zone items relates to the active connections.
So zone=one:1m can hold up to 16 K unique IPs among currently (simultaneously) active connections (total number of the active connections at the moment can exceed 16 K, because a few connections can be opened from the same IP).
So zone size in mb should be >= number of simultaneous connections from the unique IPs / 16K.

Note that if users share single IP over the NAT that is rather often for USSR providers then you will limit request frequency for the bunch of users that can be very inconvenient for them, so to handle this case you should set rate = simult_users_with_same_ip r/s

OTHER TIPS

From https://www.nginx.com/blog/rate-limiting-nginx

If storage is exhausted when NGINX needs to add a new entry, it removes the oldest entry. If the space freed is still not enough to accommodate the new record, NGINX returns status code 503 (Service Temporarily Unavailable). Additionally, to prevent memory from being exhausted, every time NGINX creates a new entry it removes up to two entries that have not been used in the previous 60 seconds.

>16K entries a day is nothing to worry about. NGINX wipes entries that are inactive for more than a minute.

But if the number of active entries reaches >16K, it gets problematic, in that it might lose entries (and states) in use.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top