Example of rate Limiting in 1.1.3 with ingress gateway

Any body has example of rate Limiting in 1.1.3 with ingress gateway, I am somehow not able to make it work. If someone has example withe deployment and service configuration.

Help is appreciated.

Thanks,
Vikash

Check out TestRateLimiting_DefaultLessThanOverride test in https://github.com/istio/istio/blob/20f2381b7234706d80e4f9973f670f5477a84a8c/tests/integration/mixer/policy/ratelimiting_test.go test.
It is rate limiting at istio-ingressgateway

1 Like

@gargnupur: As far as I can tell, all policy enforcement including rate-limiting is done on the server side proxy and not on the client side. This is old, but notes the problem: https://docs.google.com/document/d/16Nvgyaw3IPUZvg0E24V8FfUK2j8C895o6Z0nXs4mABQ

In case of Ingress-Gateway, it is always the client. So perhaps in the test that you reference, the requests come in at the ingress-gateway, then get sent without any rate-limit to the destination at which point the rate-limits are applied. To the external client that made the request, the error response will of course come from the ingress-gateway so its not easy to say where was the actual rate-limit actually enforce. Is it correct that for a request entering through ingress-gateway, the rate-limiting is at the sidecar-proxy of the destination pod of that request? If so, is there any way to rate-limit right at the ingress-gateway?

@gargnupur, @geeknoid: Is it right that quota enforcement can only happen on the server side? Is there a way to limit incoming requests at the ingress-gateway?