Home / Service Mesh / Service Mesh Rate Limiting Not Working Consistently Across Pods

Service Mesh

Service Mesh Rate Limiting Not Working Consistently Across Pods

Service mesh rate limiting works inconsistently across pods due to local vs global rate limiting configuration.

Yesterday2 min read

Abstract illustration for service mesh troubleshooting guides.

Introduction Service mesh rate limiting that only works per-pod (local) instead of globally can allow traffic to exceed intended limits when multiple pods are running. This defeats the purpose of rate limiting for API protection.

Symptoms - Rate limiting effective for single-pod services but not multi-pod - Total traffic exceeding intended rate limit - Some pods rate limiting while others do not - Rate limit configuration not being applied - Rate limit service not reachable

Common Causes - Local rate limiting instead of global rate limiting - Rate limit service (Envoy RLS) not deployed - Redis backend for rate limiting not configured - Rate limit descriptors not matching request attributes - Rate limit configuration not pushed to all proxies

Step-by-Step Fix 1. **Check rate limit configuration': ```bash kubectl get envoyfilter -A kubectl get configmap -n istio-system | grep ratelimit ```

1.**Deploy global rate limit service':
2.```bash
3.helm install ratelimit kiwigrid/ratelimit \
4.--namespace istio-system \
5.--set redis.address=redis-master:6379
6.`
7.**Configure EnvoyFilter for global rate limiting':
8.Use EnvoyFilter to configure the rate limit service in the proxy.

Prevention - Use global rate limiting for API endpoints - Monitor rate limiting effectiveness across all pods - Test rate limiting with multiple concurrent clients - Set up rate limit dashboards - Document rate limiting architecture