Design A Rate Limiter

Question 1

Examples of rate limiter usage?

Answer 1

• user can write no more than 2 posts per second
• you can create max of 10 accounts per day from the same IP address
• you can claim rewards no more than 5 times per week from the same device

Question 2

What are the benefits of using rate limiters?

Answer 2

DCO
- D: DoS by blocking excess calls
- C: Reduce costs
- O: Prevent servers from being overloaded

Question 3

What is the API Gateway?

Answer 3

It’s a fully managed service that supports rate limiting, SSL termination, authentication, IP whitelisting,
servicing static content, etc.

Question 4

What are the popular rate limiter algorithms?

Answer 4

• token bucket
• leaking bucket
• fixed window counter
• sliding window log
• sliding window counter

Question 5

Token bucket? Pros and cons?

Answer 5

+
easy to implement
memory efficient
allow burst of traffic
-
might be challenging to tune

Question 6

Leaking bucket? Pros and cons?

Answer 6

+
memory efficient
fixed rate and stable outflow
-
burst of traffic doesn’t work here
might be challenging to tune

Question 7

Fixed window counter? Pros and cons?

Answer 7

+
memory efficient
easy to understand
-
spike in traffic at the edges of a window

Question 8

Sliding window log? Pros and cons?

Answer 8

+
is very accurate
-
consumes a lot of memory

Question 9

HTTP code for to many requests?

Answer 9

429

Question 10

Lua script?