Egnyte Releases Open Source Bandwidth Limiting Plugin

Bandwidth pricing is a major component of the cloud services model. And for a content-heavy service like a video or document store, egress costs can quickly spiral out of control. To mitigate this, it is important to put limits on the amount of data that can be downloaded in a given interval. However, bandwidth limiting for a multi-tenant SaaS product adds a few interesting challenges. 

At Egnyte, we deal with petabytes of data and, as such, it’s important that we keep a close eye on bandwidth consumption. Cloud services need to be protected against sudden high volume spikes or brute force attempts.

To address this issue internally, we consolidated our needs into one comprehensive bandwidth limiting plugin. And now, we have open sourced the bandwidth rate limiter because we believe this is a common problem, and our solution is applicable to a lot of content-heavy services.

The download rate limiter plugin includes the following capabilities:

• Rate limiting based on bandwidth consumption
• Configurable per customer, user, or entity
• Able to filter specific requests in or out
• Allows limit extensions on weekends
• Configurable jitter

How the Rate Limiter Works

Our plugin, developed on Kong API Gateway(OSS), lets you define per-day download limits on your APIs, which ultimately helps avoid runaway egress fees. It can be configured to filter specific requests or APIs, extract user-defined headers, and enforce limits based on custom rules. It can also rate limit/throttle requests based on bandwidth consumption per user, customer, or custom entity, on a daily consumption basis.

See https://docs.konghq.com/hub/ for more information on how to use Kong API gateway and its plugins.

Here is a sample configuration using the plugin:

{

  "domain": "test",

  "rule": {

    "config": {

       "match_path": "^/mock/200",

       "dl_limit": 1000,

       "extend_limits": 0.2,

       "extend_range": 0.1

    },

    "exclude_filter": [

      { "type": "Header", "name": "X-Header", "pattern": "bypass"}

    ],

    "include_filter": [

      { "type": "Header", "name": "X-Agent", "pattern": "limit" }

    ]

  }

}

The configuration instructs the Kong gateway to:

• Rate limit whenever we have an incoming request with the header set as ”X-Domain” (configurable) with a value of test and request URI beginning with /mock/200.
• Set the limit threshold to 1,000 bytes; an extension of 20% is allowed on weekends, with a max jitter of 10%.
• Exclude from rate limiting all requests with “X-Domain” as test and “X-Header” as bypass.
• Make all requests with “X-Domain” as test and “X-Agent” as limit eligible for rate limiting.

Once the set threshold of 1,000 bytes is breached, the plugin would start rate limiting the requests with the HTTP 429 error response status code.

The plugin, which was awarded Best Kong Gateway Plugin at the Kong Summit Hackathon 2021, is designed with considerations for performance and monitoring. And since it’s built on OSS, it can be used by everyone.

Check out the plugin here. The GitHub repository contains a detailed description, along with a configuration example to walk you through the setup.