Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how to achieve current limitation in ASP.NET Core middleware". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

1. Current limiting algorithm

In high concurrency systems, there are three sharp tools to protect the system: cache, degradation and current limit.

This paper mainly introduces the current limit, there are three main current limiting algorithms:

1. Counter algorithm

Fixed window

Sliding window

two。 Token bucket algorithm

3. Leaky bucket algorithm

1. Counter algorithm

1.1 fixed window algorithm

The counter algorithm is the simplest and easiest to implement among the current limiting algorithms. For example, we stipulate that for interface A, we cannot have more than 100 visits per minute. So we can do this: at the beginning, we can set a counter counter. Every time a request comes, counter is incremented by 1. If the value of counter is greater than 100 and the interval between the request and the first request is less than 1 minute, then the number of requests is too many. If the interval between the request and the first request is more than 1 minute, and the value of counter is still within the current limit, then reset the counter.

The specific implementation in java is as follows:

Public class CounterTest {public long timeStamp = getNowTime (); public int reqCount = 0; public final int limit = 100; / / maximum number of requests in the time window public final long interval = 1000; / / time window ms public boolean grant () {long now = getNowTime (); if (now

< timeStamp + interval) { // 在时间窗口内 reqCount++; // 判断当前时间窗口内是否超过最大请求控制数 return reqCount = DateTime.UtcNow) { // increment request count var totalCount = entry.Value.Count + _config.RateIncrementer?.Invoke() ?? 1; // deep copy counter = new RateLimitCounter { Timestamp = entry.Value.Timestamp, Count = totalCount }; }} 固定窗口算法缺点 从上图中我们可以看到，假设有一个恶意用户，他在0:59时，瞬间发送了100个请求，并且1:00又瞬间发送了100个请求，那么其实这个用户在 1秒里面，瞬间发送了200个请求。我们刚才规定的是1分钟最多100个请求，也就是每秒钟最多1.7个请求，用户通过在时间窗口的重置节点处突发请求， 可以瞬间超过我们的速率限制。用户有可能通过算法的这个漏洞，瞬间压垮我们的应用。 1.2 滑动窗口算法 滑动窗口类似于固定窗口算法，但它通过将前一个窗口中的加权计数添加到当前窗口中的计数来计算估计数，如果估计数超过计数限制，则请求将被阻止。 具体公式如下： 估计数 = 前一窗口计数 * (1 - 当前窗口经过时间 / 单位时间) + 当前窗口计数 窗口[00:00, 00:01)中有9个请求，窗口[00:01, 00:02)中有5个请求。对于01:15到达的请求，即窗口[00:01, 00:02)的25%位置，通过公式计算请求计数：9 x (1 - 25%) + 5 = 11.75 >

10. Therefore, we reject this request.

Even if neither window exceeds the limit, the request is rejected because the weighted sum of the previous and current windows does exceed the limit.

two。 Token bucket algorithm

Token bucket algorithm is one of the most common current-limiting algorithms, which is roughly described as follows:

1) all requests need to get an available token before they can be processed

2) according to the current limit, set to add tokens to the bucket at a certain rate.

3) the bucket sets the maximum limit for placing tokens. When the bucket is full, the newly added token is discarded or rejected.

4) after the request arrives, you must first obtain the token in the token bucket, hold the token before you can carry out other business logic, and delete the token directly after processing the business logic.

5) the token bucket has a minimum limit, and when the tokens in the bucket reach the minimum limit, the token will not be deleted after the request has been processed, so as to ensure sufficient flow restriction.

3. Leaky bucket algorithm

The leaky bucket algorithm is actually very simple, which can be roughly regarded as the process of water injection and leakage, in which water flows out of the bucket at a certain rate and flows into the bucket at any rate, and is discarded when the water exceeds the bucket flow, because the capacity of the bucket is constant, which ensures the overall rate.

Second, ASP.NET Core middleware to achieve current limit 1. Middleware code public class SlidingWindow {private readonly object _ syncObject = new object (); private readonly int _ requestIntervalSeconds; private readonly int _ requestLimit; private DateTime _ windowStartTime; private int _ prevRequestCount; private int _ requestCount; public SlidingWindow (int requestLimit, int requestIntervalSeconds) {_ windowStartTime = DateTime.Now; _ requestLimit = requestLimit; _ requestIntervalSeconds = requestIntervalSeconds } public bool PassRequest () lock (_ syncObject) {var currentTime = DateTime.Now; var elapsedSeconds = (currentTime-_ windowStartTime) .TotalSeconds; if (elapsedSeconds > = _ requestIntervalSeconds * 2) {_ windowStartTime = currentTime; _ prevRequestCount = 0; _ requestCount = 0; elapsedSeconds = 0 } else if (elapsedSeconds > = _ requestIntervalSeconds) _ windowStartTime = _ windowStartTime.AddSeconds (_ requestIntervalSeconds); _ prevRequestCount = _ requestCount; elapsedSeconds = (currentTime-_ windowStartTime) .TotalSeconds;} var requestCount = _ prevRequestCount * (1-elapsedSeconds / _ requestIntervalSeconds) + _ requestCount + 1 If (requestCount {context.Response.StatusCode = StatusCodes.Status403Forbidden; return Task.CompletedTask;}, EndpointMetadataCollection.Empty, "current limit");} await next (context);}} 2. Use in pipes

It should be noted that when we register for Middleware, we must use singleton mode to ensure that all requests pass the same SlidingWindow count:

Services.AddSingleton (); "how to achieve current limitation in ASP.NET Core middleware" is introduced here. Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.