By limiting the rate of calls made to API services, you can make operations more reliable and reduce the incidence of orphaned objects during high load. You can also enable rate limiting for some services and not for others. For example, you might want to throttle Nova API service calls more tightly than Neutron API service calls.

Rate limiting is disabled by default. If a rate limit is exceeded, clients receive a HTTP/429 error: Too many requests response with a Retry-After header that indicates how long to wait before attempting to make more calls.

To enable rate limiting and specify the wait time, you modify the custom.yml file.

Procedure

  1. If you have not already done so, implement the custom.yml file.
    sudo mkdir -p /opt/vmware/vio/custom
    sudo cp /var/lib/vio/ansible/custom/custom.yml.sample /opt/vmware/vio/custom/custom.yml
  2. To enable rate limiting, edit the custom.yml file by uncommenting the haproxy_throttle_period parameter.
    ##############################
    # haproxy API rate limiting
    ##############################
    # Leave commented out to disable API rate limiting.
    # All time periods are in seconds.
    #
    # Period for which the load balancer should answer API requests
    # with a 429 error if rate limit is exceeded.  Applies to all
    # services.  Must be uncommented and set to a nonzero value if
    # rate limiting is enabled on any of the individual services below.
    # Has no effect if no service rate limiting is enabled.
    #haproxy_throttle_period: 60
    
    
    
  3. (optional) To control rate limits on individual API services, uncomment the max_requests and request_period parameters for those services.
    ## Maximum number of API requests to the Keystone public API per time
    ## period before rate limiting is invoked.
    #haproxy_keystone_max_requests: 100
    #haproxy_keystone_request_period: 60
    ## Maximum number of API requests to the Keystone admin public API per
    ## time period before rate limiting is invoked.
    #haproxy_keystone_admin_max_requests: 100
    #haproxy_keystone_admin_request_period: 60
    ## Maximum number of API requests to the Glance public API per time
    ## period before rate limiting is invoked.
    #haproxy_glance_max_requests: 100
    #haproxy_glance_request_period: 60
    ## Maximum number of API requests to the Nova public API per time
    ## period before rate limiting is invoked.
    #haproxy_nova_max_requests: 100
    #haproxy_nova_request_period: 60
    ## Maximum number of API requests to the Nova placement public API per time
    ## period before rate limiting is invoked.
    #haproxy_nova_placement_max_requests: 100
    #haproxy_nova_placement_request_period: 60
    ## Maximum number of API requests to the Cinder public API per time
    ## period before rate limiting is invoked.
    #haproxy_cinder_max_requests: 100
    #haproxy_cinder_request_period: 60
    ## Maximum number of API requests to the Designate public API per time
    ## period before rate limiting is invoked.
    #haproxy_designate_max_requests: 100
    #haproxy_designate_request_period: 60
    ## Maximum number of API requests to the Neutron public API per time
    ## period before rate limiting is invoked.
    #haproxy_neutron_max_requests: 100
    #haproxy_neutron_request_period: 60
    ## Maximum number of API requests to the Heat public API per time
    ## period before rate limiting is invoked.
    #haproxy_heat_max_requests: 100
    #haproxy_heat_request_period: 60
    ## Maximum number of API requests to the Heat CFN public API per time
    ## period before rate limiting is invoked.
    #haproxy_heat_cfn_max_requests: 100
    #haproxy_heat_cfn_request_period: 60
    ## Maximum number of API requests to the Heat Cloutdwatch public API
    ## per time period before rate limiting is invoked.
    #haproxy_heat_cloudwatch_max_requests: 100
    #haproxy_heat_cloudwatch_request_period: 60
    ## Maximum number of API requests to the Ceilometer public API per time
    ## period before rate limiting is invoked.
    #haproxy_ceilometer_max_requests: 100
    #haproxy_ceilometer_request_period: 60
    ## Maximum number of API requests to the Aodh public API per time
    ## period before rate limiting is invoked.
    #haproxy_aodh_max_requests: 100
    #haproxy_aodh_request_period: 60
    ## Maximum number of API requests to the Panko public API per time
    ## period before rate limiting is invoked.
    #haproxy_panko_max_requests: 100
    #haproxy_panko_request_period: 60
    
    
  4. Save the custom.yml file.
  5. Push the modified configuration to your VMware Integrated OpenStack deployment.
    viocli deployment --verbose configure --limit lb
  6. To disable rate limiting, repeat the procedure and re-comment out the haproxy_throttle_period parameter.

Rate Limiting Calls to the Neutron API Service

The following example includes values for three parameters. If a single source IP sends more than 50 requests to the Neutron public API in a 10 second period, the load balancers will begin returning HTTP/429 errors to all subsequent requests from that source address for a period of 60 seconds. After 60 seconds, the client may resume sending requests to the Neutron API.

haproxy_throttle_period: 60
haproxy_neutron_max_requests: 50
haproxy_neutron_request_period: 10