1. Gateway flow control introduction

In the microservice system, the gateway provides a unified entrance for the microservice system, so when doing current limiting, it must be a flow control at the gateway level. Sentinel supports Spring Cloud Gateway, Zuul and other mainstream API Gateway. Limiting.

Sentinel 1.6.0 introduced the Sentinel API Gateway Adapter Common module, which contains gateway flow-limiting rules and custom API entity and management logic: - GatewayFlowRule: Gateway flow-limiting rules, custom-made flow-limiting rules
for API Gateway scenarios , you can limit the flow for different routes or custom API groups, and support customized flow limit for parameters, Header, source IP, etc. in the request; - ApiDefinition: User-defined API definition
group , which can be regarded as some Combination of URL matches. For example, you can define an API called my_api, and requests with path patterns of /foo/** and /baz/** are grouped under the API group my_api. When limiting traffic, you can limit the traffic for this custom API grouping dimension;

The fields of GatewayFlowRule are explained as follows: - resource : resource name, which can be the route name in the gateway or a user-defined API group name; - resourceMode : whether the rule is for the route (RESOURCE_MODE_ROUTE_ID) of API Gateway or the user in Sentinel The API group defined in RESOURCE_MODE_CUSTOM_API_NAME, the default is route; - grade : current limit indicator dimension, same as the grade field of current limit rule; - count : current limit threshold; - intervalSec : statistical time window, the unit is second, the default is 1 Seconds; - controlBehavior : The control effect of traffic shaping, same as the `controlBehavior` field of the current limiting rule, currently supports two modes of fast failure and uniform queuing, the default is fast failure; - burst : The number of additional requests allowed when dealing with burst requests ; - maxQueueingTimeoutMs : the maximum queuing time in the uniform queuing mode, in milliseconds, only valid in the uniform queuing mode; - paramItem

: Parameter current limit configuration. If not provided, it means that the parameters are not limited, and the gateway rule will be converted into a normal flow control rule; otherwise, it will be converted into a hotspot rule. The fields in it:

- parseStrategy : The strategy for extracting parameters from the request. Currently, it supports four modes of extracting source IP (PARAM_PARSE_STRATEGY_CLIENT_IP), Host (PARAM_PARSE_STRATEGY_HOST), arbitrary Header (PARAM_PARSE_STRATEGY_HEADER) and arbitrary URL parameters (PARAM_PARSE_STRATEGY_URL_PARAM).

- fieldName : If the extraction strategy selects Header mode or URL parameter mode, you need to specify the corresponding header name or URL parameter name;
- pattern : The matching mode of the parameter value, only the request attribute value matching the pattern will be included in the statistics and flow control; If it is empty, all values of the request attribute will be counted. (Supported from version 1.6.2);
- matchStrategy : The matching strategy of parameter values, currently supports exact match (PARAM_MATCH_STRATEGY_EXACT), substring match (PARAM_MATCH_STRATEGY_CONTAINS) and regular match (PARAM_MATCH_STRATEGY_REGEX) (supported from version 1.6.2)

Users can manually load gateway rules through GatewayRuleManager.loadRules(rules), or register dynamic rule source dynamic push through GatewayRuleManager.register2Property(property) (recommended method) .

2. Gateway flow control console

Sentinel 1.6.3 introduces the support of the gateway flow control console. Users can directly view the real-time route and custom API group monitoring of API Gateway on the Sentinel console, and manage gateway rules and API group configuration.

Introduce related dependencies in the pom file of gateway-9999:

Modify the yml configuration file of gateway-9999:

Start gateway-9999 and 9002 services, visit: http://localhost:9999/feenix/get, you can see that it is successfully forwarded to 9002 services:

When you come to the Sentinel Dashboard console, you can see that there is currently a gateway-level flow control management:

The API name in [Request Link] has changed to the service name of 9002, not an interface name in the original service.

It is worth noting the two settings [Interval] and [Burst size]. [Interval] means that when the request per second exceeds the QPS value, the interval will be started. During the 1 second when the interval starts, all calls to this interface return directly without calling business code. [Burst size] refers to the number of additional requests allowed in response to sudden traffic surges.

Add a new rule directly:

Through Jmeter access, it can be seen that the current has been limited:

Hurry up and see the effect directly through the browser:

Change the [Interval] in the configuration to 1 minute. Once the traffic is limited, no matter how you access it, all requests will be rejected within 1 minute when the interval starts. Change the [Burst Size] in the configuration to 5, and test the flow control through Jmeter, and found that a total of 7 requests have passed:

That is to say, when the value of [Burst Size] is set, the number of requests that can be passed when the traffic surges is the QPS threshold + Burst Size.

Careful friends may find that the current limiting effect here is consistent with the current limiting effect of the previous hotspot parameters. This is also explained on the official website. According to the official statement, when GatewayRuleManager loading the gateway flow control rules ( GatewayFlowRule), regardless of whether the request attribute is restricted or not, the bottom layer of Sentinel will convert the gateway flow control rules into hot parameter rules ( ParamFlowRule) , stored in GatewayRuleManager , isolated from the normal hotspot parameter rules. During the conversion, Sentinel will set the parameter index ( ) for the gateway flow control rule according to the request attribute configuration idx, and synchronize it to the generated hotspot parameter rule.

When an external request enters the API Gateway, it will pass through the filter implemented by Sentinel, which will sequentially perform routing/API group matching , request attribute parsing , and parameter assembly . Sentinel will parse the request attributes according to the configured gateway flow control rules, assemble the parameter array according to the parameter index order, and finally pass it in SphU.entry(res, args) . The Sentinel API Gateway Adapter Common module adds one to the Slot Chain GatewayFlowSlot, which is specially used to check gateway rules. GatewayFlowSlot The generated hotspot parameter rules will be extracted GatewayRuleManager from it , and the rules will be checked in turn according to the incoming parameters. If a rule does not target the request attribute, a preset constant will be placed in the last position of the parameter to achieve the effect of ordinary flow control.

3. API group current limit

In the daily production environment, it is very rare to directly limit the flow of all services under the entire Route ID, and it is more common to limit the flow of some specific interfaces in the service. This makes it necessary to use the second method, API group current limiting.