HTTP Throttling using Lyft Global Ratelimiting

By Gcore

March 30, 2023

6 min read

HTTP Throttling using Lyft Global Ratelimiting

Sometime ago for a project of mine I was looking for a good rate-limiting service. For the scope of that project, the service would run along a front proxy and would rate-limit requests to third party applications.

Nginx Plus and Kong certainly have rate-limiting features but are not OSS; while I am a bigger fan of OSS. Using Istio service mesh would have been a overkill. Therefore I decided to use Envoy Proxy + Lyft Ratelimiting.

The aim for this blog is help you get started with the rate-limiting service and configure various combinations of rate-limiting scenarios.

Let’s dive in…

Understanding Lyft Ratelimiter

Ratelimit configuration consists of

Domain: A domain is a container for a set of rate limits. All domains known to the Ratelimit service must be globally unique. They serve as a way for different teams/projects to have rate limit configurations that don’t conflict.
Descriptor: A descriptor is a list of key/value pairs owned by a domain that the Ratelimit service uses to select the correct rate limit. Descriptors are case-sensitive. Examples of descriptors are:
- (“database”, “users”)
- (“message_type”, “marketing”),(“to_number”,”2061234567″)
- (“to_cluster”, “service_a”)
- (“to_cluster”, “service_a”),(“from_cluster”, “service_b”)

Descriptors can also be nested to achieve more complex rate-limiting scenarios.

We will be performing rate limiting based on various HTTP headers. Let’s have a look at the configuration file.

domain: apisdescriptors:  - key: generic_key    value: global    rate_limit:      unit: second      requests_per_unit: 60  - key: generic_key    value: local    rate_limit:      unit: second      requests_per_unit: 50  - key: header_match    value: "123"    rate_limit:      unit: second      requests_per_unit: 40  - key: header_match    value: "456"    rate_limit:      unit: second      requests_per_unit: 30  - key: header_match    value: post    rate_limit:      unit: second       requests_per_unit: 20  - key: header_match    value: get    rate_limit:      unit: second       requests_per_unit: 10  - key: header_match    value: path    rate_limit:      unit: second       requests_per_unit: 5#Using nested descriptors  - key: custom_header    descriptors:    - key: plan      value: BASIC      rate_limit:        requests_per_unit: 2        unit: second    - key: plan      value: PLUS      rate_limit:        requests_per_unit: 3        unit: second

In the configuration above it can be clearly seen

There are various different keys with different ratelimit values.
We can use them globally for the entire vhost in envoy or even locally for a particular path.
We can also have nested values of descriptors.

Envoy Front proxy

Let’s see how we can use them in the envoy config now. Have a look at the configuration below:

static_resources:  listeners:  - name: listener_0    address:      socket_address:                address: 0.0.0.0        port_value: 10000    filter_chains:    - filters:      - name: envoy.http_connection_manager        config:          stat_prefix: ingress_http          codec_type: AUTO          route_config:            name: local_route            virtual_hosts:            - name: nginx              domains:              - "*"              rate_limits:                - stage: 0                  actions:                    - generic_key:                         descriptor_value: "global"              routes:              - match:                  prefix: "/nginx_1"                route:                  cluster: nginx_1                  include_vh_rate_limits: true                  rate_limits:                    - actions:                        - generic_key:                            descriptor_value: "local"                    - actions:                        - header_value_match:                            descriptor_value: "get"                            headers:                               - name: ":method"                                prefix_match: "GET"                     - actions:  #This will be triggered if `X-CustomHeader` is present AND the X-CustomPlan header has a value of either BASIC or PLUS                      - requestHeaders:                          descriptor_key: "custom_header"                          header_name: "X-CustomHeader"                      - requestHeaders:                          descriptor_key: "plan"                          header_name: "X-CustomPlan"                                                                                                  - match:                  prefix: "/nginx_2"                route:                  cluster: nginx_2                  include_vh_rate_limits: true                  rate_limits:                      - actions:                        - generic_key:                            descriptor_value: "local"                    - actions:                        - header_value_match:                            descriptor_value: "123"                            headers:                               - name: "X-MyHeader"                                prefix_match: "123"                    - actions:                        - header_value_match:                            descriptor_value: "456"                            headers:                               - name: "X-MyHeader"                                prefix_match: "456"                    - actions:                        - header_value_match:                            descriptor_value: "post"                            headers:                               - name: ":method"                                prefix_match: "POST"                    - actions:                        - header_value_match:                            descriptor_value: "path"                            headers:                               - name: ":path"                                prefix_match: "/nginx"          http_filters:          - name: envoy.rate_limit            config:              domain: apis              failure_mode_deny: false              rate_limit_service:                grpc_service:                  envoy_grpc:                    cluster_name: rate_limit_cluster                  timeout: 0.25s          - name: envoy.router  clusters:  - name: nginx_1    connect_timeout: 1s    type: strict_dns    lb_policy: round_robin    hosts:    - socket_address:        address: nginx1        port_value: 80  - name: nginx_2    connect_timeout: 1s    type: strict_dns    lb_policy: round_robin    hosts:    - socket_address:        address: nginx2        port_value: 80  - name: rate_limit_cluster    type: strict_dns    connect_timeout: 0.25s    lb_policy: round_robin    http2_protocol_options: {}    hosts:    - socket_address:        address: ratelimit        port_value: 8081admin:  access_log_path: "/dev/null"  address:    socket_address:      address: 0.0.0.0      port_value: 9901

Here is how it works:

We have defined a single vhost named nginx which matches all domains.
There is global rate-limit defined for this vhost. The descriptor value is global.
Next, we have 2 clusters under this vhost. Namely, nginx1 and nginx2. Routes for path /nginx1 are routed to nginx1 cluster and similarly for nginx2.
For nginx1, there is generic rate limit defined by descriptor value local and then we have rate-limits for different values of standard HTTP headers such as method, path etc., and some custom HTTP headers such as X-CustomHeader.
We have similar rate-limiting set for nginx2 cluster.
These 2 nginx clusters defined here actually refer to 2 different nginx containers running as part of docker-compose stack.

The overall architecture can be visualized as

All configuration files for this set-up can be found here. Since they are running on the same network as the ratelimiter and envoy proxy, they can be accessed easily using the container name.

In order to run the set-up just clone the repo and do

docker-compose up

Once the stack is up, you will have

2 nginx containers running on port 9090 and 9091 of localhost.
Envoy proxy to intercept and relay requests to nginx servers. Envoy admin console can be reached at localhost:9901.
Envoy will be listening as localhost:10000.
Ratelimiting service container with configured rate limits which will be used to envoy.
Redis container which is used by the Ratelimiting service.

It is important to understand that all the applicable actions for a particular path in a cluster are aggregated by the ratelimiter for the result i.e.,

Logical OR of all the applicable limits

Let’s Test our Setup

Firstly we need to install Vegeta, a load testing framework. It can be done by

brew update && brew install vegeta

Test Scenario 1:

Case: GET request on /nginx_1/ at 100 requests per second
Expected Result: 10% requests successful. ( Logical OR of "descriptor_value": "global" , "descriptor_value": "local" and "descriptor_value": "get" )
Command: echo "GET http://localhost:10000/nginx_1/" | vegeta attack -rate=100 -duration=0 | vegeta report
Actual Result

$ echo "GET http://localhost:10000/nginx_1/" | vegeta attack -rate=100 -duration=0 | vegeta report          Requests      [total, rate, throughput]  1008, 100.12, 10.92          Duration      [total, attack, wait]      10.071526192s, 10.06832056s, 3.205632ms          Latencies     [mean, 50, 95, 99, max]    4.718253ms, 4.514212ms, 7.426103ms, 9.089064ms, 17.916071ms          Bytes In      [total, mean]              68640, 68.10          Bytes Out     [total, mean]              0, 0.00          Success       [ratio]                    10.91%          Status Codes  [code:count]               200:110  429:898            Error Set:                               429 Too Many Requests

— — —

Test Scenario 2:

Case:POST request on /nginx_1/ at 100 requests per second.
ExpectedResult: 50% requests successful. ( Logical OR of "descriptor_value": "global" and "descriptor_value": "local" )
Command: echo "POST http://localhost:10000/nginx_1/" | vegeta attack -rate=100 -duration=0 | vegeta report
ActualResult:

$ echo “POST http://localhost:10000/nginx_1/" | vegeta attack -rate=100 -duration=0 | vegeta report Requests [total, rate, throughput] 4344, 100.02, 50.56 Duration [total, attack, wait] 43.434227783s, 43.429286664s, 4.941119ms Latencies [mean, 50, 95, 99, max] 5.190485ms, 5.224978ms, 7.862512ms, 10.340628ms, 20.573212ms Bytes In [total, mean] 1370304, 315.45 Bytes Out [total, mean] 0, 0.00 Success [ratio]  50.55% Status Codes [code:count] 200:2196 429:2148  Error Set:                429 Too Many Requests

— — —

Test Scenario 3:

Case: GET request on /nginx_2/ at 100 requests per second with X-MyHeader: 123
Expected Result: 5% requests successful ( Logical OR of "descriptor_value": "global", "descriptor_value": "local", "descriptor_value": "123", and "descriptor_value": "path")
Command: echo "GET http://localhost:10000/nginx_2/" | vegeta attack -rate=100 -duration=0 -header "X-MyHeader: 123" | vegeta report
Actual Result:

$ echo "GET http://localhost:10000/nginx_2/" | vegeta attack -rate=100 -duration=0 -header "X-MyHeader: 123" | vegeta report          Requests      [total, rate, throughput]  3861, 100.03, 5.18          Duration      [total, attack, wait]      38.604406747s, 38.597776398s, 6.630349ms          Latencies     [mean, 50, 95, 99, max]    4.96685ms, 4.673049ms, 7.683458ms, 9.713522ms, 16.875025ms          Bytes In      [total, mean]              124800, 32.32          Bytes Out     [total, mean]              0, 0.00          Success       [ratio]                    5.18%          Status Codes  [code:count]               200:200  429:3661            Error Set:                               429 Too Many Requests

— — —

Test Scenario 4:

Case: POST request on /nginx_2/ at 100 requests per second with X-MyHeader: 456
Expected Result: 5% requests successful ( Logical OR of "descriptor_value": "global", "descriptor_value": "local", "descriptor_value": "post", "descriptor_value": "456", and "descriptor_value": "path")
Command: echo "POST http://localhost:10000/nginx_2/" | vegeta attack -rate=100 -duration=0 -header "X-MyHeader: 456" | vegeta report
Actual Result:

$ echo “POST http://localhost:10000/nginx_2/" | vegeta attack -rate=100 -duration=0 -header “X-MyHeader: 456” | vegeta report Requests [total, rate, throughput] 2435, 100.04, 5.13 Duration [total, attack, wait] 24.346703709s, 24.339554311s, 7.149398ms Latencies [mean, 50, 95, 99, max] 5.513994ms, 5.255698ms, 8.239173ms, 10.390515ms, 20.287931ms Bytes In [total, mean] 78000, 32.03 Bytes Out [total, mean] 0, 0.00 Success [ratio] 5.13% Status Codes [code:count] 200:125 429:2310  Error Set: 429 Too Many Requests

— — —

Test Scenario 5:

Case: GET request on /nginx_1/ at 100 requests per second with X-CustomHeader: XYZ and X-CustomPlan: PLUS
Expected Result: 3% requests successful ( Logical OR of "descriptor_value": "global", "descriptor_value": "local", "descriptor_value": "get", "descriptor_key": "custom_header", and "descriptor_key": "plan")
Command: echo "GET http://localhost:10000/nginx_1/" | vegeta attack -rate=100 -duration=0 -header "X-CustomHeader: XYZ" -header "X-CustomPlan: PLUS" | vegeta report
Actual Result:

$ echo “GET http://localhost:10000/nginx_1/" | vegeta attack -rate=100 -duration=0 -header “X-CustomHeader: XYZ” -header “X-CustomPlan: PLUS” | vegeta report  Requests [total, rate, throughput] 2372, 100.05, 3.16 Duration [total, attack, wait] 23.71156424s, 23.707710415s, 3.853825ms Latencies [mean, 50, 95, 99, max] 5.396743ms, 5.179951ms, 7.981171ms, 10.084753ms, 15.086778ms Bytes In [total, mean] 46800, 19.73 Bytes Out [total, mean] 0, 0.00 Success [ratio] 3.16% Status Codes [code:count] 200:75 429:2297  Error Set: 429 Too Many Requests

— — —

Test Scenario 6:

Case: GET request on /nginx_1/ at 100 requests per second with X-Header: XYZ and X-CustomPlan: PLUS
Expected Result: 10% requests successful ( Logical OR of "descriptor_value": "global", "descriptor_value": "local", "descriptor_value": "get")
Command: echo "GET http://localhost:10000/nginx_1/" | vegeta attack -rate=100 -duration=0 -header "X-Header: XYZ" -header "X-CustomPlan: PLUS" | vegeta report
Actual Result:

$ echo “GET http://localhost:10000/nginx_1/" | vegeta attack -rate=100 -duration=0 -header “X-Header: XYZ” -header “X-CustomPlan: PLUS” | vegeta report Requests [total, rate, throughput] 1578, 100.07, 10.78 Duration [total, attack, wait] 15.773500478s, 15.769158977s, 4.341501ms Latencies [mean, 50, 95, 99, max] 4.748516ms, 4.514902ms, 7.076671ms, 8.518779ms, 16.077828ms Bytes In [total, mean] 106080, 67.22 Bytes Out [total, mean] 0, 0.00 Success [ratio] 10.77% Status Codes [code:count] 200:170 429:1408  Error Set: 429 Too Many Requests

Scalability

In a production scenario, you might want to run multiple instances of your proxy which can refer to the same ratelimit cluster. The front proxy is basically stateless.

As far as the ratelimiting service is concerned, I would recommend scaling it horizontally and moving out Redis Cache to a cloud-based service like RedisLabs or AWS Elastic-cache.

Also, using separate Redis for Per Second Limits is highly recommended. All you need to do is:

Set the env var, REDIS_PERSECOND: "true"
Set Redis endpoint, REDIS_PERSECOND_URL

Conclusion

We can clearly see that the actual results are pretty close to expected results. We can accomplish all kinds of complex rate limiting scenarios using this and perform request throttling. Feel free to reach out should you have any questions around this.

What is cloud networking: benefits, components, and implementation strategies

Cloud networking is the use and management of network resources, including hardware and software, hosted on public or private cloud infrastructures rather than on-premises equipment. Over 90% of enterprises are expected to adopt cloud networking solutions by 2025, indicating rapid industry-wide adoption for IT infrastructure modernization.Cloud networking operates through advanced technologies that separate traditional hardware dependencies from network management. Software-Defined Networking (SDN) serves as a core technology, decoupling network control from hardware to allow centralized, programmable management and automation of network configurations.This approach enables organizations to manage their entire network infrastructure through software interfaces rather than physical device manipulation.The main components of cloud networking include several key elements that work together to create flexible network environments. Virtual Private Clouds (VPCs) provide isolated virtual network environments within the cloud, allowing organizations to define IP ranges, subnets, and routing for enhanced security and control. Virtual network functions (VNFs) replace traditional hardware devices like firewalls, load balancers, and routers with software-based equivalents for easier use and improved flexibility.Cloud networking delivers significant advantages that transform how organizations approach network infrastructure management.These solutions can reduce network operational costs by up to 30% compared to traditional on-premises networking through reduced hardware requirements, lower maintenance overhead, and improved resource use. Cloud networks can scale bandwidth and compute resources within seconds to minutes, demonstrating superior agility compared to traditional manual provisioning methods.Understanding cloud networking has become essential for modern businesses seeking to modernize their IT infrastructure and improve operational effectiveness. This technology enables organizations to build more flexible and cost-effective network solutions that adapt quickly to changing business requirements.What is cloud networking?Cloud networking is the use and management of network resources through virtualized, software-defined environments hosted on cloud infrastructure rather than traditional on-premises hardware. This approach uses technologies like Software-Defined Networking (SDN) to separate network control from physical devices, allowing centralized management and programmable automation of network configurations. Virtual Private Clouds (VPCs) create isolated network environments within the cloud. In contrast, virtual network functions replace traditional hardware like firewalls and load balancers with flexible software alternatives that can scale within seconds to meet changing demands.How does cloud networking work?Cloud networking works by moving your network infrastructure from physical hardware to virtualized, software-defined environments hosted in the cloud. Instead of managing routers, switches, and firewalls in your data center, you access these network functions as services running on cloud platforms.The core mechanism relies on Software-Defined Networking (SDN), which separates network control from the underlying hardware. This means you can configure, manage, and modify your entire network through software interfaces rather than physically touching equipment.When you need a new subnet or firewall rule, you simply define it through an API or web console, and the cloud platform instantly creates the virtual network components.Virtual Private Clouds (VPCs) form the foundation of cloud networking by creating isolated network environments within the shared cloud infrastructure. You define your own IP address ranges, create subnets across different availability zones, and set up routing tables exactly like you would with physical networks. The difference is that all these components exist as software abstractions that can be modified in seconds.Network functions that traditionally required dedicated hardware appliances now run as Virtual Network Functions (VNFs).Load balancers, firewalls, VPN gateways, and intrusion detection systems all operate as software services that you can use, scale, or remove on demand. This approach can reduce network operational costs by up to 30% compared to traditional on-premises networking while providing the flexibility to scale bandwidth and compute resources within seconds to minutes.What are the main components of cloud networking?The main components of cloud networking refer to the key technologies and services that enable network infrastructure to operate in virtualized cloud environments. They are listed below.Software-defined networking (SDN): SDN separates network control from hardware devices, allowing centralized management through software controllers. This approach enables automated network configuration and policy enforcement across cloud resources.Virtual private clouds (VPCs): VPCs create isolated network environments within public cloud infrastructure, giving organizations control over IP addressing, subnets, and routing. They provide secure boundaries between different workloads and applications.Virtual network functions (VNFs): VNFs replace traditional hardware appliances like firewalls, load balancers, and routers with software-based alternatives. These functions can be deployed quickly and scaled on demand without physical hardware constraints.Cloud load balancers: These distribute incoming network traffic across multiple servers or resources to prevent overload and maintain performance. They automatically adjust traffic routing based on server health and capacity.Network security services: Cloud-native security tools include distributed firewalls, intrusion detection systems, and encryption services that protect data in transit. These services combine directly with cloud infrastructure for consistent security policies.Hybrid connectivity solutions: VPN gateways and dedicated network connections link on-premises infrastructure with cloud resources. These components enable secure data transfer between different network environments.Network monitoring and analytics: Real-time monitoring tools track network performance, bandwidth usage, and security events across cloud infrastructure. They provide visibility into traffic patterns and help identify potential issues before they affect users.What are the benefits of cloud networking?The benefits of cloud networking refer to the advantages organizations gain when they move their network infrastructure from physical hardware to virtualized, cloud-based environments. The benefits of cloud networking are listed below.Cost reduction: Cloud networking eliminates the need for expensive physical hardware like routers, switches, and firewalls. Organizations can reduce network operational costs by up to 30% compared to traditional on-premises networking through reduced maintenance, power consumption, and hardware replacement expenses.Instant flexibility: Cloud networks can scale bandwidth and compute resources within seconds to minutes based on demand. This flexibility allows businesses to handle traffic spikes during peak periods without over-provisioning resources during normal operations.Centralized management: Software-Defined Networking (SDN) enables administrators to control entire network infrastructures from a single dashboard. This centralized approach simplifies configuration changes, policy enforcement, and troubleshooting across distributed locations.Enhanced security: Virtual Private Clouds (VPCs) create isolated network environments that prevent unauthorized access between different applications or tenants. Cloud networking achieves compliance with strict standards like GDPR and HIPAA through built-in encryption and access controls.High availability: Cloud providers maintain network uptime SLAs of 99.99% or higher through redundant infrastructure and automatic failover mechanisms. This reliability exceeds what most organizations can achieve with on-premises equipment.Reduced complexity: Network-as-a-Service (NaaS) models eliminate the need for specialized networking staff to manage physical infrastructure. Organizations can focus on their core business while cloud providers handle network maintenance and updates.Global reach: Cloud networking enables instant use of network resources across multiple geographic regions. This global presence improves application performance for users worldwide without requiring physical infrastructure investments in each location.What's the difference between cloud networking and traditional networking?Cloud networking differs from traditional networking primarily in infrastructure location, resource management, and flexibility mechanisms. Traditional networking relies on physical hardware like routers, switches, and firewalls installed and maintained on-premises, while cloud networking delivers these functions as virtualized services managed remotely through cloud platforms.Infrastructure and management approachesTraditional networks require organizations to purchase, install, and configure physical equipment in data centers or office PoPs. IT teams must handle hardware maintenance, software updates, and capacity planning manually.Cloud networking operates through software-defined infrastructure where network functions run as virtual services. Administrators manage entire network configurations through web interfaces and APIs, enabling centralized control across multiple locations without physical hardware access.Flexibility and speedTraditional networking scales through hardware procurement processes that often take weeks or months to complete. Adding network capacity requires purchasing equipment, scheduling installations, and configuring devices individually.Cloud networks scale instantly through software provisioning, allowing organizations to add or remove bandwidth, create new network segments, or use security policies in minutes. This agility enables businesses to respond quickly to changing demands without infrastructure investments.Cost structure and resource allocationTraditional networking involves significant upfront capital expenses for hardware purchases, plus ongoing costs for power, cooling, and maintenance staff. Organizations must estimate future capacity needs and often over-provision to handle peak loads.Cloud networking operates on pay-as-you-go models where costs align with actual usage. According to industry case studies (2024), cloud networking can reduce network operational costs by up to 30% compared to traditional on-premises networking through improved resource effectiveness and reduced maintenance overhead.What are common cloud networking use cases?Common cloud networking use cases refer to the specific scenarios and applications in which organizations use cloud-based networking solutions to meet their infrastructure and connectivity needs. Below are some common cloud networking use cases.Hybrid cloud connectivity: Organizations connect their on-premises infrastructure with cloud resources to create cooperative hybrid cloud environments. This approach allows companies to maintain sensitive data locally while using cloud services for flexibility.Multi-cloud networking: Businesses distribute workloads across multiple cloud providers to avoid vendor lock-in and improve redundancy. This plan enables organizations to choose the best services from different providers while maintaining consistent network policies.Remote workforce enablement: Companies provide secure network access for distributed teams through cloud-based VPN and zero-trust network solutions. These implementations support remote work by ensuring employees can safely access corporate resources from any location.Application modernization: Organizations migrate legacy applications to cloud environments while maintaining network performance and security requirements. Cloud networking supports containerized applications and microservices architectures that require flexible connectivity.Disaster recovery and backup: Businesses replicate their network infrastructure in the cloud to ensure continuity during outages or disasters. Cloud networking enables rapid failover and recovery processes that reduce downtime and data loss.Global content delivery: Companies distribute content and applications closer to end users through cloud-based edge networking solutions. This approach reduces latency and improves user experience for geographically dispersed audiences.Development and testing environments: Teams create isolated network environments in the cloud for application development, testing, and staging. These environments can be quickly provisioned and torn down without affecting production systems.How to implement a cloud networking strategyYou implement a cloud networking plan by defining your network architecture requirements, selecting appropriate cloud services, and establishing security and connectivity frameworks that align with your business objectives.First, assess your current network infrastructure and identify which components can move to the cloud. Document your existing bandwidth requirements, security policies, and compliance needs to establish baseline requirements for your cloud network design.Next, design your Virtual Private Cloud (VPC) architecture by defining IP address ranges, subnets, and routing tables. Create separate subnets for different application tiers and establish network segmentation to isolate critical workloads from less sensitive traffic. We can assist you with that, have a look at our virtual private cloud services.Then, establish connectivity between your on-premises infrastructure and cloud resources through VPN connections or dedicated network links. Configure hybrid connectivity to ensure cooperation communication while maintaining security boundaries between environments.After that, use Software-Defined Networking (SDN) controls to centralize network management and enable automated configuration changes. Set up network policies that can flexibly adjust bandwidth allocation and routing based on application demands.Configure cloud-native security services, including network access control lists, security groups, and distributed firewalls. Apply the principle of least privilege by restricting network access to only necessary ports and protocols for each service.Use network monitoring and analytics tools to track performance metrics like latency, throughput, and packet loss. Establish baseline performance measurements and set up automated alerts for network anomalies or capacity thresholds.Finally, create disaster recovery and backup procedures for your network configurations. Document your network topology and maintain version control for configuration changes to enable quick recovery during outages.Start with a pilot using non-critical workloads to validate your network design and performance before migrating mission-critical applications to your new cloud networking environment.Learn more about building a faster, more flexible network with Gcore Cloud.Frequently asked questionsWhat's the difference between cloud networking and SD-WAN?Cloud networking is a broad infrastructure approach that virtualizes entire network environments in the cloud. At the same time, SD-WAN is a specific technology that connects and manages multiple network locations through software-defined controls. Cloud networking includes virtual networks, security services, and compute resources hosted by cloud providers, whereas SD-WAN focuses on connecting branch offices, data centers, and cloud resources through intelligent traffic routing and centralized management.Is cloud networking secure?Yes, cloud networking is secure when properly configured, offering advanced security features like encryption, network isolation, and centralized access controls. Major cloud providers maintain 99.99% uptime SLAs and comply with strict security standards, including GDPR and HIPAA, through technologies like Virtual Private Clouds that isolate network traffic.How much does cloud networking cost compared to traditional networking?Cloud networking costs 20-40% less than traditional networking due to reduced hardware expenses, maintenance, and staffing requirements. Organizations save on upfront capital expenditures while gaining predictable monthly operational costs through subscription-based cloud services.How does cloud networking affect network performance?Cloud networking can both improve and reduce network performance depending on your specific setup and requirements.Cloud networking typically improves performance through global content delivery networks that reduce latency by 40-60%, automatic growing that handles traffic spikes within seconds, and advanced routing that optimizes data paths. However, performance can decrease if you're moving from a well-optimized local network to a poorly configured cloud setup, or if your applications require extremely low latency that adds overhead from internet routing and virtualization layers.What happens if cloud networking services experience outages?Cloud networking outages cause service disruptions, including loss of connectivity, reduced application performance, and potential data access issues lasting from minutes to several hours. Most major cloud providers maintain 99.99% uptime guarantees and use redundant systems to reduce outage impact through automatic failover to backup infrastructure.

HTTP Throttling using Lyft Global Ratelimiting

Understanding Lyft Ratelimiter

Envoy Front proxy

Let’s Test our Setup

Scalability

Conclusion

Related articles

Geo DNS

What is cloud networking: benefits, components, and implementation strategies

3 use cases for geo-aware routing with Gcore DNS

Flexible DDoS mitigation with BGP Flowspec

Tuning Gcore CDN rules for dynamic application data caching

How AI is reshaping the future of interactive streaming

Subscribe to our newsletter