Rate limits for ingesting data

As a storage administrator, you can set rate limits on users and buckets based on the operations and bandwidth when saving an object in an IBM Storage Ceph cluster with a Ceph Object Gateway configuration. The rate limit includes the maximum number of read operations, write operations per minute, and how many bytes per minute can be written or read per user or per bucket.

Requests that use GET or HEAD method in the REST are either read or write requests.

Important: Ensure to have the following permissions in place for ratelimit SET and GET operations through REST API:

To get a rate limit, the user must have ratelimit capability set with read permission.
```
radosgw-admin caps add --uid=UID --caps='ratelimit=read'
```
To set a rate limit, the user must have ratelimit capability set with write permission.
```
radosgw-admin caps add --uid=UID --caps='ratelimit=write'
```

The Ceph Object Gateway tracks the user and bucket requests separately and does not share with other gateways, which means that the desired limits configured should be divided by the number of active Object Gateways.

For example, if user A should be limited by ten ops per minute and there are two Ceph Object Gateways in the cluster, the limit over user A should be five, that is, ten ops per minute for two Ceph Object Gateways. If the requests are not balanced between Ceph Object Gateways, the rate limit may be underutilized. For example, if the ops limit is five and there are two Ceph Object Gateways, but the load balancer sends load only to one of those Ceph Object Gateways, the effective limit would be five ops, because this limit is enforced per Ceph Object Gateway.

If there is a limit reached for the bucket, but not for the user, or vice versa the request would be canceled as well.

The bandwidth counting happens after the request is accepted.As a result, this request proceeds even if the bucket or the user has reached its bandwidth limit in the middle of the request.

The Ceph Object Gateway keeps a debt of used bytes more than the configured value and prevents this user or bucket from sending more requests until their debt is paid. The debt maximum size is twice the max-read/write-bytes per minute. If user A has 1 byte read limit per minute and this user tries to GET 1 GB object, the user can do it.

After user A completes this 1 GB operation, the Ceph Object Gateway blocks the user request for up to two minutes until user A is able to send the GET request again.

The following are different options for limiting rates:

Bucket: The --bucket option allows you to specify a rate limit for a bucket.
User: The --uid option allows you to specify a rate limit for a user.
Maximum read ops: The --max-read-ops setting allows you to specify the maximum number of read ops per minute per Ceph Object Gateway.
A value of 0 disables this setting, which means unlimited access.
Maximum read bytes: The --max-read-bytes setting allows you to specify the maximum number of read bytes per minute per Ceph Object Gateway.
A value of 0 disables this setting, which means unlimited access.
Maximum write ops: The --max-write-ops setting allows you to specify the maximum number of write ops per minute per Ceph Object Gateway.
A value of 0 disables this setting, which means unlimited access.
Maximum write bytes: The --max-write-bytes setting allows you to specify the maximum number of write bytes per minute per Ceph Object Gateway.
A value of 0 disables this setting, which means unlimited access.
Rate limit scope: The --rate-limit-scope option sets the scope for the rate limit. The options are bucket, user, and anonymous. Bucket rate limit applies to buckets, user rate limit applies to a user, and anonymous applies to an unauthenticated user.
Anonymous scope is only available for global rate limit.