Skip to content

EAI-7230: Rate-limiting PoC (RL-1) — per-key request + token enforcement#766

Open
johnl-amd wants to merge 2 commits into
mainfrom
EAI-7230
Open

EAI-7230: Rate-limiting PoC (RL-1) — per-key request + token enforcement#766
johnl-amd wants to merge 2 commits into
mainfrom
EAI-7230

Conversation

@johnl-amd

Copy link
Copy Markdown
Contributor

What

Spike scaffolding (RL-1) to prove native, per-API-key request + generation-token enforcement on the AI gateway using Envoy Gateway global / cost-based rate limiting backed by Redis. No proxy or upstream code.

Changes

Change File
Enable EG global rate-limit service, point it at in-cluster Redis root/values.yaml (config.envoyGateway.rateLimit.backend)
Ephemeral Redis (Deployment + Service, no persistence/HA) sources/envoy-gateway-config/templates/ratelimit-redis.yaml
Per-key BackendTrafficPolicy (request count + token budget) sources/envoy-gateway-config/templates/backend-traffic-policy-ratelimit.yaml
Toggles + policy params sources/envoy-gateway-config/values.yaml (rateLimit.*)
Runbook docs/rate-limit-spike.md

Safe by default

  • rateLimit.enabled: true → deploys Redis + the rate-limit service.
  • rateLimit.policy.enabled: falsethe per-key policy does not render until a real key is supplied.

So merging/deploying this readies the infra and enforces nothing — zero impact on inference until we plug in a key and flip the policy on.

Builds on what's already live

  • Token costs are emitted as io.envoy.ai_gateway:llm_output_token via AIGatewayRoute.spec.llmRequestCosts (ai-gateway-discovery).
  • x-api-key-id is injected by cluster-auth ext_authz.

The policy keys on exactly those — this PR only adds the Redis backend + policy.

Known risk to verify on cluster

The rate-limit filter must run after ext_authz or x-api-key-id is absent at limiting time. The ai-gateway EnvoyProxy already orders lua before ext_authz; live filter-chain ordering will be confirmed before enabling the policy (Step 2 in the runbook).

Test plan

See docs/rate-limit-spike.md. Once deployed to app-dev with a real key:

  1. N requests/min → HTTP 429 after the limit.

  2. Output tokens over budget → subsequent calls 429 (one-request overshoot, charged from prior response metadata).
  3. A different key keeps working (per-key isolation).
  4. Counts hold across Envoy replicas (shared Redis).

Follow-ups (RL-2+)

Redis HA/persistence posture, windows offered (min/hour/day), confirm "generation tokens" = llm_output_token vs total, narrow targetRef to per-service HTTPRoute (or add x-aim-service-id selector) for per-inference-service limits.

Prove native per-API-key request + generation-token enforcement on the AI
gateway via Envoy Gateway global/cost-based rate limiting, no proxy code.

- Enable EG global rate-limit service pointed at an in-cluster Redis
  (config.envoyGateway.rateLimit.backend).
- Deploy an ephemeral Redis (no persistence/HA; RL-2 decides posture).
- Add a per-key BackendTrafficPolicy (request count + token budget charged
  from io.envoy.ai_gateway:llm_output_token, keyed on x-api-key-id). It
  renders only when a real key is supplied, so deploying readies infra and
  enforces nothing by default.

Token cost metadata and the x-api-key-id header already exist; this only
adds the Redis backend and policy. Runbook in docs/rate-limit-spike.md.
@johnl-amd johnl-amd requested a review from a team as a code owner June 30, 2026 12:13
Per-API-key request + token-budget enforcement verified end-to-end on
app-dev (EG v1.7.1) with no auth/proxy code: 200,200,429,429,429,200 under
a 5 req/min + 100 token/min policy, response_flags=RL, Redis-backed counters.

Corrects the identifier conclusion: x-api-key-id is the OpenBao DisplayName
AIWB mints as token-<namespace>-<apikeyname>, globally unique per key, so
per-key limiting works out of the box. Captures carry-forward findings
(fixed windows, overshoot-by-one, bare 429, fail-open only in v1.7.1).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant