Panjenengan ndesain rate limiting kepiye?

Question

Accepted Answer

**Rate limiting** mbatesi pirang akeh request sing bisa digawa klien ing sawetara jangka wektu — nglindungi sistem saka penyalahgunaan, beban berlebihan, lan mesthekake panggunaan sing adil. Iki minangka komponen desain sistem sing umum, kanthi pirang-pirang algoritma lan pertimbangan.

## Napa rate limiting

```text
✓ PROTECT against abuse → prevent attacks (brute force, scraping, DoS), excessive use
✓ PREVENT OVERLOAD → protect the system from being overwhelmed (stability)
✓ FAIR USAGE → ensure no single client monopolizes resources; tiered limits (free vs paid)
✓ COST control; protect downstream services
→ a common requirement for APIs and services.
```

## Algoritma rate limiting

```text
FIXED WINDOW → count requests per fixed time window (e.g. 100/minute); simple
  ✗ allows bursts at window boundaries (up to 2x at the edges)
SLIDING WINDOW → rolling time window → smoother, no boundary bursts (more accurate)
TOKEN BUCKET → tokens refill at a rate; each request takes a token → allows BURSTS up to
  the bucket size while limiting the average rate (popular, flexible)
LEAKY BUCKET → requests processed at a steady rate (smooths output)
```

## Pertimbangan implementasi

```text
✓ DISTRIBUTED → limits must be shared across servers → use a centralized store (REDIS is
  common: atomic counters, fast, shared across instances)
✓ Identify the client → by API key, user ID, IP
✓ Return clear responses → HTTP 429 (Too Many Requests); include limit/retry-after headers
✓ Where → at the API gateway, load balancer, or application layer
✓ Granularity → per user, per endpoint, global; different tiers/limits
```

## Napa iku penting

Namang carane ndesain rate limiting iku berharga amerga iku **komponen desain sistem sing umum** kanggo nglindungi sistem lan mesthekake panggunaan sing adil, dadi iku katrangan praktis sing penting.

Rate limiting — mbatesi pirang akeh request sing bisa digawa klien ing sawetara jangka wektu — ngatasi kabutuhan penting: **nglindungi saka penyalahgunaan** (nyegah serangan kaya brute force, scraping, lan DoS), **nyegah beban berlebihan** (nglindungi stabilitas sistem), mesthekake **panggunaan sing adil** (ora ana klien sing nguasai sumber daya, suportara wates tingkatan kaya gratis lawan berbayar), lan kontrol biaya.

Iki nggawe rate limiting minangka kabutuhan umum kanggo API lan layanan.

Namang **algoritma** lan trade-off-ne — **fixed window** (prasaja nanging bisa nglirwaki meledak ing batas), **sliding window** (luwih mulus lan akurat), **token bucket** (nglirwaki meledak sing dikontrol nalika mbatesi rata-rata rate — populer lan fleksibel), lan leaky bucket (nglunakke output) — iku katrangan desain kunci, amerga milih algoritma sing bener ngimpekake prilaku.

Namang **pertimbangan implementasi** iku sing luwih penting: nangani **rate limiting terdistribusi** (wates sing dibagi ing pirang-pirang server, umume nggunakake **Redis** kanggo counter atomic sing cepet dibagi ing instans — amerga wates per-server ora bisa ing sistem terdistribusi), ngenali klien (dening API key, pengguna, utawa IP), mbalekake respons sing cetha (HTTP 429 kanthi retry-after headers), milih dimana nglakokake (gateway, load balancer, utawa aplikasi), lan granularitas (per pengguna, per endpoint, tingkatan).

Iki nggambarake ndesain rate limiting sing bisa ing sistem terdistribusi nyata.

Rate limiting iku komponen sing perlu kasering, asring muncul ing diskusi desain sistem lan wawancara.

Amerga rate limiting iku komponen sing umum lan penting kanggo nglindungi sistem (saka penyalahgunaan lan beban berlebihan) lan mesthekake panggunaan sing adil, lan amerga namang algoritma, trade-off-ne, lan utamane implementasi terdistribusi (wates sing dibagi liwat Redis) iku penting kanggo ndesain kanthi apik, namang carane ndesain rate limiting iku berharga, katrangan desain sistem sing relevan kanthi praktis — komponen umum kanggo nglindungi layanan lan mesthekake panggunaan sing adil, mbutuhake namang algoritma lan implementasi terdistribusi, lan topik sing asring didiskusikake ing desain sistem kanggo ngbangun sistem sing matibake lan terlindungi.