1. What is gateway current limiting:
In the microservice architecture, the gateway layer can shield external services to directly call internal services, and play a role in isolation and protection of internal services. Gateway current limiting, as the name implies, is to limit the current of services through the gateway layer, so as to protect the backend role of service.
Sentinel has provided Spring Cloud Gateway adaptation since version 1.6.0, which can provide current limiting in two resource dimensions:
- Route dimension: that is, the route entry configured in the configuration file, and the resource name is the corresponding routeId. This is a coarse-grained current limit, which is generally limited to a certain microservice.
- Custom API dimension: Users can use the API provided by Sentinel to customize some API groups. This is a fine-grained current limit, which can be matched and limited for a certain type of uri, and can span multiple microservices.
2. Gateway integrates sentinel to achieve gateway current limiting:
Then we will introduce how spring cloud gateway integrates sentinel. As for how to build a gateway project and integrate nacos registry, we have already introduced it in the previous article. Interested readers, please read this article: Spring Cloud Gateway Service Gateway Deployment Detailed introduction to use
1. Add sentinel related dependencies:
<!-- 引入sentinel进行服务降级熔断 -->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-sentinel</artifactId>
</dependency>
<!-- gateway网关整合sentinel进行限流降级 -->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-alibaba-sentinel-gateway</artifactId>
</dependency>2. Add the configuration of the sentinel console to the configuration file:
# sentinel看板相关配置
spring.cloud.sentinel.eager = true
spring.cloud.sentinel.transport.dashboard = 172.28.190.101:89993. Start the gateway project:
For the gateway project, we need to add the following startup parameters based on the original startup parameters, and mark the application as the API Gateway type:
# 注:通过 Spring Cloud Alibaba Sentinel 自动接入的 API Gateway 整合则无需此参数
-Dcsp.sentinel.app.type=1
4. Access the sentinel console:
So far, we have integrated Spring Cloud Gateway with Sentinel, and you can see that the gateway project is being monitored by entering the sentinel console.
3. Introduction of Sentinel gateway flow control rules:
After integrating Spring Cloud Gateway and Sentinel, we will introduce how to perform gateway flow control based on the sentinel-dashboard console, as shown in the following figure:
3.1. Gateway flow control rules:
The core attributes of the gateway flow control rule GatewayFlowRule are as follows:
① resourceMode: Whether the rule is for the route of API Gateway (RESOURCE_MODE_ROUTE_ID) or the API group (RESOURCE_MODE_CUSTOM_API_NAME) defined by the user in Sentinel, the default is route.
② resource: resource name, which can be the route name in the gateway or the user-defined API group name.
③ grade: the dimension of the current limit indicator, the same as the grade field of the current limit rule
④ count: current limiting threshold
⑤ intervalSec: Statistical time window, the unit is second, the default is 1 second
⑥ controlBehavior: The control effect of traffic shaping. Currently, it supports two modes: fast failure and uniform queuing. The default is fast failure.
⑦ burst: The number of additional requests allowed when dealing with burst requests.
⑧ maxQueueingTimeoutMs: The longest queuing time in the uniform queuing mode, in milliseconds, only valid in the uniform queuing mode.
⑨ paramItem: parameter current limiting configuration. If it is not provided, it means that the parameter will not be limited, and the gateway rule will be converted into a normal flow control rule; otherwise, it will be converted into a hotspot rule. The fields in it:
- parseStrategy: The strategy for extracting parameters from requests, currently supports four modes of extracting source IP (PARAM_PARSE_STRATEGY_CLIENT_IP), Host (PARAM_PARSE_STRATEGY_HOST), arbitrary Header (PARAM_PARSE_STRATEGY_HEADER) and arbitrary URL parameters (PARAM_PARSE_STRATEGY_URL_PARAM).
- fieldName: If the extraction strategy selects Header mode or URL parameter mode, you need to specify the corresponding header name or URL parameter name.
- pattern: The matching pattern of the parameter value. Only the request attribute value matching this pattern will be included in the statistics and flow control; if it is empty, all the values of the request attribute will be counted.
- matchStrategy: The matching strategy for parameter values, currently supports exact matching (PARAM_MATCH_STRATEGY_EXACT), substring matching (PARAM_MATCH_STRATEGY_CONTAINS) and regular matching (PARAM_MATCH_STRATEGY_REGEX).
3.2. API group management:
API grouping is to group interfaces, and then implement different current limiting policies for interfaces of different groups.
(1) Add API grouping:
As shown in the figure below, follow the specified steps to enter the custom API interface:
There are three configuration modes for API grouping: exact, prefix and regular modes.
- Exact mode: refers to the current limit when the path of the URL is completely matched. For example, the match string is configured as /order/1
- Prefix mode: refers to the current limit when the path prefix of the URL is matched. For example, the match string is configured as /order/*
- Regular mode: refers to the current limit when the path of the URL conforms to the regular expression rules. For example, the match string is configured as \/order\/\d*
(2) Configure current limiting rules:
Next, you need to add flow control rules to this API group. The API name can be configured by selecting different API groups, as shown in the following figure:
After the addition, the current limiting rules will take effect for APIs that match the matching pattern.
Fourth, the principle of sentinel gateway flow control implementation:
After knowing how to use sentinel-dashboard to control the flow of the gateway, we will introduce the implementation principle of the flow control of the sentinel gateway.
When loading the gateway flow control rule (GatewayFlowRule) through the GatewayRuleManager, regardless of whether the request attribute is limited or not, the bottom layer of Sentinel will convert the gateway flow control rule into a hotspot parameter rule (ParamFlowRule), which is stored in the GatewayRuleManager, which is the same as the normal hotspot parameter rule. isolated. During conversion, Sentinel will set the parameter index (idx) for the gateway flow control rule according to the request attribute configuration, and synchronize it to the generated hotspot parameter rule.
When an external request enters API Gateway, it will go through the filter implemented by Sentinel, in which "route/API grouping matching -> request attribute parsing and parameter assembly" will be performed in turn. Sentinel will parse the request attributes according to the configured gateway flow control rules, and assemble the parameter array according to the parameter index order, and finally pass it into SphU.entry(res, args). Sentinel API Gateway Adapter Common module adds a GatewayFlowSlot to the Slot Chain, which is specially used to check gateway rules. GatewayFlowSlot will extract the generated hotspot parameter rules from the GatewayRuleManager, and check the rules sequentially according to the incoming parameters. If a rule does not target the request attribute, a preset constant will be placed in the last position of the parameter to achieve the effect of ordinary flow control.
5. Is the service safe when the gateway is limited?
If the current limit has been done at the gateway level, is the service hiding behind it safe? The answer is no. In the microservice architecture, an independent service is often called by multiple parties, as shown in the following figure:
The commodity service is not only called by the gateway layer, but also called by the internal order service. At this time, if the traffic is only limited at the gateway layer, once a large number of requests for order services, such as a big promotion, the commodity service will be instantly defeated if the traffic is not limited. . Therefore, it is necessary to limit the current for the services that you are responsible for according to the company's business scenario. The most common solution is: gateway-level cluster current limiting + single-machine current limiting for internal services , so as to ensure that it will not be overwhelmed by traffic.
6. Customize the flow control exception message:
The default exception return information of gateway flow control is not humane enough, and it directly returns: "Block......", which is definitely unacceptable, so how do we customize the configuration flow control exception information? In fact, sentinel has implemented the return content of custom flow control exceptions for us. Just add the following configuration to the configuration file:
spring:
cloud:
sentinel:
#配置限流之后的响应内容
scg:
fallback:
# 两种模式:一种是response返回文字提示信息,一种是redirect,重定向跳转,需要同时配置redirect(跳转的uri)
mode: response
# 响应的状态
response-status: 426
# 响应体
response-body: '{"code": 426,"message": "限流了,稍后重试!"}'The mode configuration in the above configuration is response. Once the current is limited, a JSON string will be returned.
{
"code": 426,
"message": "限流了,稍后重试!"
}The redirect configuration is as follows:
spring:
cloud:
sentinel:
#配置限流之后的响应内容
scg:
fallback:
## 两种模式,一种是response返回文字提示信息,一种是redirect,重定向跳转,需要同时配置redirect(跳转的uri)
mode: redirect
## 跳转的URL
redirect: http://www.baidu.comOnce the current is limited, it will jump directly to: http://www.baidu.com
Reference article:
Spring Cloud Gateway integrates Ali Sentinel gateway current limit actual combat!
Gateway Current Limit · alibaba/Sentinel Wiki · GitHub
Sentinel Gateway Nacos Gateway Current Limiting Three Musketeers - Cloud + Community - Tencent Cloud