Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ratelimits: Set a TTL each time we store bucket data in Redis #7720

Merged
merged 2 commits into from
Sep 26, 2024
Merged

ratelimits: Set a TTL each time we store bucket data in Redis #7720

merged 2 commits into from
Sep 26, 2024

Conversation

beautifulentropy
Copy link
Member

@beautifulentropy beautifulentropy commented Sep 23, 2024
edited
Loading

Set the Redis TTL to TAT (theoretical arrival time) plus a 10-minute buffer to account for possible clock skew.

@beautifulentropy beautifulentropy marked this pull request as ready for review September 23, 2024 22:04
@beautifulentropy beautifulentropy requested a review from a team as a code owner September 23, 2024 22:04
aarongable
aarongable previously approved these changes Sep 23, 2024
View reviewed changes
ratelimits/source_redis.go Outdated Show resolved Hide resolved
@aarongable aarongable requested review from a team and jsha and removed request for a team September 23, 2024 22:07
@beautifulentropy @aarongable
Update ratelimits/source_redis.go
e0fec0f 
Co-authored-by: Aaron Gable <aaron@letsencrypt.org>
@jsha
Copy link
Contributor

jsha commented Sep 25, 2024

Is this correct? Isn't theoretical arrival time for the arrival of a single token? I think expiring the record at the TAT means the rate limit will get reset each time a single token arrives, effectively granting a whole bucket's worth of tokens instantly.

@aarongable
Copy link
Contributor

The TAT is the time at which the bucket will be full again, and if the bucket is full then it's okay for us to lose the K/V representing it.

@jsha
Copy link
Contributor

jsha commented Sep 25, 2024

Oh, right, and that's described in the docs. My confusion was: I thought TAT was the arrival time of a token, but in GCRA it's described as the arrival time of a packet (or in our case, a request).

@beautifulentropy beautifulentropy merged commit 1b6e086 into main Sep 26, 2024
12 checks passed
@beautifulentropy beautifulentropy deleted the ttls-for-key-value-rate-limits branch September 26, 2024 15:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsha jsha jsha approved these changes

@aarongable aarongable aarongable approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@beautifulentropy @jsha @aarongable