Support explain about parameter Delta of VCL Checkrate

General
1

Hi Everyone,

I research about VCL ratelimit.check_rate: ratelimit.check_rate | Fastly Documentation

I configured with VCL below:
INIT

penaltybox pbox { }
ratecounter rc { }

RECV

declare local var.entry STRING;
set var.entry = req.http.Fastly-Client-IP;

if (req.http.host == "ABC..com" && req.url.qs ~ "^(cat=|price=)") {
    if (fastly.ff.visits_this_service == 0 && ratelimit.check_rate(var.entry, rc, **10, 10, 20**, pbox, 2m)) {
    error 601;
    log "hit condition";
    }
  }

I ran some tests with JMeter and realized

  • When I sent more than 20 requests / 10 seconds will banned by Fasly with an error is 429.

But when I change Config VCL below to 1,10,10 so It not banned by Fastly.

if (req.http.host == "ABC..com" && req.url.qs ~ "^(cat=|price=)") {
  if (fastly.ff.visits_this_service == 0 && ratelimit.check_rate(var.entry, rc, **1, 10, 20**, pbox, 2m)) {
    error 601;
    log "hit condition";
  }
}

I have two questions about VCL above:

  1. Why do we have to configure it delta as 10 and not 1 so that when we request more than 20 requests it will be banned?
  2. Can you explain clearly and give me an easy example to understand delta, and RC? I don’t know why we must set the delta is 10.

Thanks community.

2

Hi @ducnn,

The limit is requests per second not requests over the window period. This is a really common misconception and we probably should try and make this clearer in the docs as it’s not super intuitive.

Your first example has a delta of 10, window of 10 seconds and limit of 20rps. You then sent 20 requests (which counts as 200 because of your delta of 10: 10 x 20 = 200), over 10 seconds, so that is 200 / 10 -= 20rps. It should (just barely) trigger the limiter.

Your second example has a delta of 1, which actually is more typical. In this case, your 20 requests issued in 10 seconds mean your request rate over that 10 second window is only 2rps. The limit is 20, so that does not trigger the limiter.

The reason we allow delta to be configurable is that in some cases, you might have an operation that is particularly expensive, and you want it to “cost more” towards the rate limit.

3 Likes
3

Hi @triblondon ,

According to the document Fastly, I don’t understand but from your explanation, it’s easy to understand clearly.

Thank you so much for your reply.
Best regard

1 Like