Quota enforcement

Quota enforcement provides precise threshold specification for traffic control, and supports flexible counting for any specific occurrences and counting for concurrent transactions. Administrative control and possible sanctions are imposed on requests when the threshold is exceeded.

Quota enforcement is implemented by calling a GatewayScript file on the processing action, such as GatewayScript action, for a service. The GatewayScript file calls the ratelimit module that defines and manages the following types of keys. Based on your configuration, unique keys and their metadata are persisted on the RAID volume or stored in memory.
  • Rate thresholds

    Measure the maximum number of resources that are requested during an interval for the specific traffic type.

  • Counters

    Count the number of any specific occurrences. Based on your requirements, you can flexibly modify the value of a counter.

  • Concurrent transactions

    Count the number of concurrent transactions that are simultaneously processed.

Quota enforcement supports the following types of rate thresholds:
  • Rate-based thresholds
  • Token bucket thresholds
The threshold is expressed in tokens per interval. The token represents the monitored resources. The bucket represents the resource pool that contains tokens. For each request, a defined number of tokens in the bucket can be requested. When the available tokens in the bucket are enough for a request, the request is accepted and requested tokens are removed from the bucket. Otherwise, the threshold is exceeded. When the threshold is exceeded, the next incoming requests are rejected. The difference between the two types of rate thresholds is that the token bucket threshold is affected by the maximum capacity of the bucket.
Quota enforcement can work in standalone mode or peer group mode.
  • In standalone mode, thresholds are enforced by the local DataPower® Gateway.
  • In peer group mode, thresholds are enforced by a group of DataPower Gateway peers.

    The keys and associated metadata are synchronized among the peer group and no single point of failure exists in the peer group.

You can view the quota enforcement status for the DataPower Gateway by using the quota enforcement server status provider. On each DataPower Gateway, you can view details of all keys. However, you can delete keys from data storage on the master only by using the following status providers or the ratelimit delete command. Deleting a key indicates the key and the associated metadata are deleted.
  • Quota enforcement counter metrics
  • Quota enforcement concurrent transactions metrics
  • Quota enforcement rate-based threshold metrics
  • Quota enforcement token bucket threshold metrics