Envoy Proxy · Rate Limits
Envoy Proxy Rate Limits
Envoy Proxy is self-hosted open-source software, so there is no upstream "service" rate limit to publish. Envoy itself implements rate limiting as a feature (local and global rate-limit filters, the gRPC Rate Limit Service), and the operator chooses the limits they want to enforce on their own traffic. The numbers below are not platform-imposed quotas; they describe Envoy's own rate-limit machinery and the response codes it emits when configured.
2 Limits
Throttle: 429
Rate LimitingGatewaysProxiesService MeshOpen Source
Limits
Operator-configured global rate limit descriptor
operator-defined via Rate Limit Service descriptors
Operator-configured local rate limit route/cluster
operator-defined via token-bucket fill_interval and max_tokens
Policies
Token bucket
Envoy's local rate limiter uses a token-bucket algorithm; operators specify max_tokens, tokens_per_fill, and fill_interval per route or cluster.
Global rate limiting via RLS
Global limits are enforced by an external gRPC Rate Limit Service; Envoy sends descriptors and the RLS returns OVER_LIMIT or OK.
Status override
The HTTP status returned on throttle is configurable (defaults to 429); operators may also enforce a 503 envoy_rate_limited response on the local filter.