Case Study lastminute.com Case Study: Success Story

You are viewing a previous version of KrakenD Community Edition (v2.7), go to the latest version

Document updated on Nov 1, 2023

Traffic Management Overview

Traffic management refers to the practice of monitoring, controlling, and optimizing the flow of requests to and from an API. It aims to prevent abuse by limiting the volume of requests from individual clients or groups, regulate the flow of traffic, ensure fair usage, and provide predictable API performance.

KrakenD offers several traffic management features, ranging from rate-limiting to advanced techniques like circuit breakers and bot detection. These features can be configured independently or combined for a holistic traffic management strategy.

You can combine multiple traffic management features to address complex use cases. You don’t have to choose one or the other, but implement those that complete your needs

Rate-Limiting

Rate-limiting controls the number of requests users or systems can send. KrakenD allows you to throttle both the traffic of end-users and the traffic of KrakenD against your services. The rate limits mainly cover the following purposes:

  • Avoid stressing or flooding your backend services with massive requests (proxy rate limit)
  • Establish a quota of usage for your exposed API (router rate limit)
  • Create a simple QoS strategy for your API

Our approach to rate-limiting has many variants:

  • Endpoint Rate Limiting: Sets the maximum throughput all connected users can have against specific endpoints (stateless).
  • Client Rate Limiting: Sets the maximum throughput each end-user has to specific endpoints (stateless).
  • Proxy Rate Limiting: Sets the maximum throughput KrakenD can have between an endpoint and your backend services (stateless).

Rate-Limiting features implement the Spike Arrest, a mechanism triggered after exhausting the burst capacity of the rate-limit, ensuring that a minimum time interval occurs between consecutive requests, helping prevent sudden traffic spikes that could destabilize the system.

In addition, on the Enterprise edition there is:

Circuit Breaker

Circuit Breakers are automatic protection mechanisms that help prevent cascading failures in your system by temporarily halting requests to struggling backend services.

A simplified diagram would be:

circuit-breaker-overview.mmd diagram

The circuit breaker watches the state of the connections with your backend(s), with a tolerance to consecutive failures that you define. When the number of failures are reached, it stops all the interaction with the backend for a few seconds (timeout defined by you), and returns errors to clients. After the defined timeout, it tests the system again to see if it is already healthy or if it continues to fail. See the Circuit Breaker for more details.

Bot Detection

Bot detection identifies and blocks malicious bots that scrape data, spam endpoints, or conduct other abusive behaviors. It allows you to set your own rules for bot detection, and they are based on regular expressions.

bot detector

Geofencing

With Geofencing Enterprise , you can restrict API usage based on geographical locations, such as specific countries or cities. This feature, combined with Security Policies, enhances regional access control.

When GeoIP is enabled, the requests reaching to your backends have an additional enrichment of location metadata as well.

IP Filtering

IPFiltering Enterprise allows you to block traffic from specific IP addresses, adding an extra layer of security.

Scarf

Unresolved issues?

The documentation is only a piece of the help you can get! Whether you are looking for Open Source or Enterprise support, see more support channels that can help you.

See all support channels