Hi,

I have been experimenting with Nginx rate limiting and I need some inputs on it’s working and what can be expected from this feature. I see some difference in what I expected from this feature going by the documentation and what I observed in my experiments.

Here is the detail on my testing:
I have a test server running Nginx and a backend server. Nginx is configured as HTTPS server listening on 443. I have configured Nginx as reverse proxy to my backend. We have a proprietary tool which feeds configured number of HTTPS requests (one request/connection) to test server and generates reports at the end of test. Report will have details how many requests return status as 200 and 503.

Observation 1:
As per my observations, more requests are getting processed with return status as 200 than expected if input request rate to Nginx is much higher than the rate limit configured.
For example, with the following configuration in Nginx for rate limiting, Here are my tests:
limit_req_zone $host zone=perhost:1m rate=100r/s;
limit_req zone=perhost burst=100 nodelay;

Test1: With input as 250 req/sec and rate limit configured at 100r/s, rate limiting works as expected since on average ~100 requests return with 200 status every second

Test2: With input as 500 req/sec and rate limit configured at 100r/s, rate limiting does not work as expected since on average ~150 requests return with 200 status every second

Test3: With input as 600 req/sec and rate limit configured at 100r/s, rate limiting does not work as expected since on average ~200 requests return with 200 status every second

Test4: With input as 800 req/sec and rate limit configured at 100r/s, rate limiting does not work as expected since on average ~350 requests return with 200 status every second

Observation 2:
On the other side, If Nginx is configured as HTTP server listening on 80, rate limiting feature seems to be working fine for the same tests.

I am not very sure what is happening here for HTTPS based testing. One observation I have made is that in HTTP case, requests gets processed very quickly whereas for HTTPS case, complete transaction takes relatively longer. Also, for low input rate of HTTPS requests transaction completion is not taking very long where as when input rate goes up, this delay further increase and then rate limiting start behaving unexpectedly. Can this be the cause of this difference in anyway? Please share your inputs on this.

Thanks in advance