(1+readRegionCount) * writeCommandCount + readCommandCount and plus 1 if analytics is enabled.
The Rate Limit SDK minimizes Redis calls to reduce latency overhead and cost. Number of commands executed by the Rate Limit algorithm depends on the chosen algorithm, as well as the state of the algorithm and the caching.
Algorithm State
By state of the algorithm, we refer to the entry in our Redis store regarding some identifierip1. You can imagine that there is a state for every identifier. We name these states in the following manner for the purpose of attributing costs to each one:
For instance, first time we call the algorithm with
ip1, PEXPIRE is called so that the key expires after some time. In the following calls, we still use the same script but don’t call PEXPIRE. In the rate-limited state, we may avoid using Redis altogether if we can make use of the cache.
Cache Result
We distinguish the two cases when the identifierip1 is found in cache, resulting in a “hit” and the case when the identifier ip1 is not found in the cache, resulting in a “miss”. The cache only exists in the runtime environment and is independent of the Redis database. The state of the cache is especially relevant for serverless contexts, where the cache will usually be empty because of a cold start.
An identifier is saved in the cache only when a request is rate limited after a call to the Redis database. The request to Redis returns a timestamp for the time when such a request won’t be rate limited anymore. We save this timestamp in the cache and this allows us to reject any request before this timestamp without having to consult the Redis database.
See the section on caching for more details.
Costs
limit()
Fixed Window
Sliding Window
Token Bucket
getRemaining()
This method doesn’t use the cache or it doesn’t have a state it depends on. Therefore, every call
results in the same number of commands in Redis.
resetUsedTokens()
This method starts with a SCAN command and deletes every key that matches with DEL commands:
blockUntilReady()
Works the same as limit().
Deny List
Enabling deny lists introduces a cost of 2 additional command perlimit call.
Values passed in identifier, ip, userAgent and country are checked with a single SMISMEMBER command.
The other command is TTL which is for checking the status of the current ip deny list to figure out whether
it is expired, valid or disabled.
If Auto IP deny list is enabled,
the Ratelimit SDK will update the ip deny list everyday, in the first limit invocation after 2 AM UTC.
This will consume 9 commands per day.
If a value is found in the deny list at redis, the client saves this value in the cache and denies
any further requests with that value for a minute without calling Redis (except for analytics).
Analytics
If analytics is enabled, all calls oflimit will result in 1 more command since ZINCRBY will be called to update the analytics.
Dynamic Limits
When dynamic limits are enabled, eachlimit and getRemaining call will execute one additional command.
Both setDynamicLimit and getDynamicLimit execute 1 command each.