04:16 Token bucket 10:40 Leaky bucket 12:50 Fixed window counter 16:15 Sliding logs 20:36 Sliding Window counter 25:21 Distributed system setup (Sticky sessions | locks)

My implementation takes advantage of Redis expiration.. When a call comes in, I create a record and the increment the value. Consequent calls will increment the value until the quota is reached. If the quota is not reached by the time the record expires, consequential request will cause a creation of new record and restart the counter.. This way I dont need to check and compare dates at any point. Code is very simple. Albeit, I am not maintaining a perpetual quota, I am only preventing abuse, which is really the main gist of request throttling

Narendra, very informative video, keep it up. About locking in case of distributed token bucket you can use following technique Optimistic locking or conditional put - many no sql databases support conditional put. This is how it works * Read current value, say 9 * You do a conditional put with value 10 only if current value is 9. * When 2 concurrent requests try to update the value to 10, only one of them will succeed and other will fail as current value for that request will be 10.

i was reading alex xu, i did not get good idea about sliding window and sliding window counter. now after i watched your explanation it is crystal clear and with pros and cons. thank you for doing this!!

This channel is just hidden Gem!

Good Stuff Naren! Even famous profs are not able to explain this kind of stuff so clearly.

Narendra, your video are great resources for learning system design. Your explanation of concepts is crystal clear. Big thumbs up for you

Great explanation. The pattern you followed is very good i.e. when you mention a problem with some approach, you also provide the solution for that instead of just identifying problems.

Best explanation, almost searched everywhere for my scenario, but found this tutorial very very helpful, once again thanks man.

you have my respect Narendra.. great work! :)

I think you're easily the best youtuber for system design content

Sliding window can be optimized by setting the size of the queue to Max Requests allowed and try to remove the old entries only if max size is reached by comparing timestamp

Great tutorial. Tricky part comes at 25:12:)

One additional case, were sliding logs should be used: limit a bitrate of video/audio/internet signal. In such case you need to store a packet size with a timestamp

I love your voice brother. It makes it exciting to listen to what you have to say about this very interesting design topic.

Bro, You saved my months. Love from Pakistan

You can solve this with the help of increment or decrement method on redis which works atomically on any key so there is no chance for data inconsistencies and no need to put any lock 😊

very underrated youtube channel for system design

Hi Narendra - You are doing a good job in your knowledge transfer. I suggest you cover these topics as well - a) Job Scheduler b) Internals of Zoo Keeper c) Dist.Sys concepts like 2PC, 3PC, Paxos d) DB Internals.

I love your cap.. Looks like a trademark for you.. Thanks for all your videos..

This video was a clear and concise explanation of these topics! Great job! You have a new subscriber.

Great work Narendra..! I am currently planning to switch jobs and your videos on system design are amazing...!!

20:36 Sliding Window counter The rate limit is 10R/M While in explanation , he considered 10R/S so please don't get confuse and think he is wrong

For the last example with concurrency. How about optimistic locking on the counter. Number of req has a version. If you try to update from 2 different RL, one of them will have the NoReq version smaller than the current one and will fail. The RL can retry or drop

Narendra L! You doing good job! I watched your couple of videos. Keep it up!

One of best explanation, thanks man :)

04:15 Rate Limting Algorithms 25:11 Race Conditions in distributed systems

Narendra L !! This is just superb ... keep going.

very comprehensive video. Great work. subscribed

Perfect! I wish I can give you 1,000,000 likes!

Hi Narendra, In token bucket scenario above, I would like to add one point that in order to reset the requests count after one minute to 5 again, we have to store the time(start time) of the first request so that we can check the difference of one minute to reset the count

Great work, Searching for System design like leetcode or Hackerank...

Distributed Systems, a necessary evil.. very nicely explained Narendra !!

Awesome Narendra..

Outstanding Explanation

Great video, congrats!!

Thank you Narendra. The incredible content archive that you are building is invaluable. Thank you.

Excellent..hats off

Your content is good. But please try to change your voice modulation. It really helps for long videos.

Great lesson! Thank you!

Great video. Well explained.

Great work Narendra👍👍

Why are you using two caches? Your sync issues are solved by keeping one single cache. Then, coming to race conditions, redis automatically acquires a lock on the transaction since it is atomic and therefore, the other request(second) should get an updated value. For SPOF on one cache, we can keep a master slave nodes for redis

What's the difference between token bucket and fixed window? they seem so similar

the threshold is calculated per second, for example AWS API gateway 5000 req/sec .. we can just declare an Array Queue or Array stack and start pushing elements in to it and keep flushing it every second ... + or - 10/20 request would not matter .. if the stack/Queue fills up it would throw an error and that error could be propagated to the user !!

You have a new subscriber. Thanks for making this video.

Thanks for the great tutorial, but I have a question as how would a rate limit service obtain lock of a record in separate db affect another rate limiter service obtain the count from different db within a node？

Token Bucket and Fixed Window counter, what's the difference?

Good one bro !

Why he is looking like varun singla sir from Gate smashers , btw nice lecture

Great video! Thank you!

Great video.. Thanks for the knowledge.

Awesome work sir.. 👍🏼

What a guy!! bless you bro

I love your videos. Thank you for making such detailed videos which explain the concepts so clearly. :)

Redis provides INCR and DECR commands which are atomic operations for increment and decrement of its Integer Data Type. Will this not take care of distributed access without any lock ?

Thanks for the nice explanation. One question - What is the difference between fixed window counter and token bucket? Are they not doing the same?

Well explained Narendra

This is not efficient and optimized, cause it has to do linear O(N) time processing for each requests. The way it actually solves rate limiting is: 1. Create a container/ list of max N size, when you have to serve N requests/ min let say. 2. When a request comes: 2.1. If the container size is lesser than N, then add the timestamp. 2.2. If no, then do a binary search on the list with (TS - 1 min), this will return the index of the timestamp which got served at the beginning of the last minute. Get the index diff from that position and that is the number of requests you already served. 2.2.1. If that is more than or equal to N -> wait in the message queue with a signal or wait time. 2.2.2. If no, then add the TS entry at the list. 3. Keep a sanity check on each list size, that it should always contain the timestamps of last N requests. Keep on deleting the old requests. This way the response time reduces to O(logN) and also the latency is resolved.

Excellent videos, just lacking good sound system.

thank you for sharing the video. neatly explained.

I found this video very useful. One thing that can be improved is the way it is presented. At times the material seems unorganized. For example, there are flashes on the screen because the speaker forgot to mention it verbally. Adding a few notes before making the video may help the presenter have a good flow.

Consider this scenario for token bucket: We can only serve 5 request/5 min. One request (10.05), Two request(10.06), Two request(10.07) we have served all the 5 requests so at 10.07 we will have 0. Now when we get new request at 10.11 it should be the valid request because request at 10.05 & 10.06 should be removed but as per token bucket it won't be served because 10.07 is set to 0 & will be reset at 10.12

The inconsistency problem is basically a common DB problem called "lost update" due to two threads reading committed data concurrently and performing writes without any locks. Solution is to introduce locking to enforce ordering. Or enforce ordering by sticky session at a much higher level

For token bucket - why do we need to update the timestamp (and not only the counter) when we are within the same minute, e.g. from 11:01:10 to 11:01:15? Why not just upata the timestamp when refilling the bucket, i.e. when we switched to a different minute, e.g.: from 11:01:10 to 11:02:07?

Good bro. Awesome

31:00 and you can't even lock across the nodes. If you are sharding then maybe, but as soon as you introduce replication, I don't think it'll just work like that

For the situation of distributed race limit, even though one user send two requests at the same time in one server, it dosen't mean that the actual two processing threads will deal them serially, so the inconsistency problem seems still exist. I think to address this problem we can make the read and update operation as atomic with redis+Lua.

at 10:37 video time, you mentioned that race condition may occur because of multiple requests coming from the different or same server. As you said, we are using Redis for this solution. Redis commands are atomic in itself and while executing atomic commands there is no scope of any data races. Did I get something wrong here?

you are the best

Thank You

At 19:18 How can we serve 11 requests , when the limit is set to 10?

As usual naren rocks !!!

amazing video

There is one con to all your videos. If you skip 10 sec of this video, you are doomed :-P Exceptional work, Narendra.

Great video, keep up the good work :)

You have already served 8 instead of 5 at 28:34 , your intention is right, but Cache 1 = U1:3 and Cache 2 = U1:2, should be the case, instead of u1:4 in both.

thanks Narendra

very nice tutorial .. great work :)

@31:00 you have confused me here, if we use locks, region 1 will have lock in region 1 redis only. Still regions 2 call can read old data from region 2 redis and allow more requests. R1 should take lock of all regions DB theoretically if u say locking is one way to solve consistency?

Narendra from where do you get such a great understanding of system

Sir please make video on elevator design and google doc design as well.

Amazing content

why not use cache expiry to set rate limit? If the rate limit is set at 10 rpm, For a user, maintain a key in redis, set the cache expiry to 1 minute. Fetch the user key from redis for every API request, If the key is present, check if the count has exceeded. If yes, block the current request. If the count is under the rate limit, update the count for user. The cache will expire after a minute. Is there any problem with this approach?

Imo, redis key value pair is the only viable solution(first one). Others are examples for over engineering if we implement.

So Ideally, Token Bucket can have more request in particular time. Like if 5 request were made on 11:55:00 and the very next minute 11:56:00 5 more request are made, so total 10 request can be made in a minute. (or size of a bucket)? Right?

thanks for this video

can't we use Zookeeper for synchronization to manage requests along multiple regions

Nice explanation. Could you please make a video for Google ad sense analytics collection system ?

For the Local Memory solution that you provided, how is it different from the solution that you explained just before (where the rate limiter is connected directly to the Redis)?

great explanation (y)

In sliding window logs, how are we able to serve 11 (requests) in last minute, if we're checking the rate in real time. Ideally it shouldn't allow for more than 10.

Thanks for great video, very informative, however last several minutes of video is not very clear and crisp like other part of the video.

isnt the token bucket and fixed window has the same problem of boundary request problem... ? since even in token bucket you can request more token in end of the first request window and request more token to the second of the window.?

Can't we use a sorted Redis set to avoid the concurrency issue?

Sir, for amazon any particular series of questions you want to suggest.

A good one. Thanks

@Naren, even with local memory, you can have inconsistency. It just is a bit faster. Do I have that right?

Don't the fixed window counter also run into concurrency issue like the first scenario ?

so, we are building a web application for example. Where do we put this rate limiter? As an aspect in java, as a cross cutting concern? Or as a server like load balancer in front of the application server?