To ensure a single user or a client cannot overwhelm the system with too many requests in a short period of time, we use rate limiting. express-rate-limit is popular among developers due to its ease of implementation and understanding. But how does it work under the hood? Let’s dive in.
There are a few popular algorithms used to implement rate limiters. express-rate-limiter uses the Fixed Window Counter Algorithm to manage rate limits.
The Fixed Window Rate Limiting algorithm splits time into fixed-size windows (e.g., one minute or one hour). It tracks the number of requests made by a client within a single window and rejects additional requests after the limit is reached. No further requests will be processed until the window resets.
For example, if the limit is set to five requests per minute, any additional requests after the fifth request will be rejected until the next window starts, restarting the request count to zero.
However, a notable drawback of this limiter is how it handles requests at the edges of the window, leading to a behavior known as the "burstiness problem."
In the algorithm, the request count resets at fixed intervals (e.g., every 1 minute). This approach can become problematic if a client makes many requests at the end of one window and then immediately at the beginning of the next, potentially overwhelming the server.
In conclusion, while the Fixed Window Counter Algorithm is straightforward and easy to implement, it has limitations, particularly in handling requests near the edges of the window. Developers should be aware of the "burstiness problem" and consider alternative algorithms or additional strategies to mitigate this issue and ensure a more balanced rate limiting approach.
Top comments (4)
Insightful article
Thanks
Great explanation of the Fixed Window Counter Algorithm in express-rate-limit! Clear overview and good insight into the "burstiness problem." Very informative for developers!
Thank you, hope to continue doing it