CN117527706A - Service request control method and device - Google Patents

Service request control method and device Download PDF

Info

Publication number
CN117527706A
CN117527706A CN202311032988.5A CN202311032988A CN117527706A CN 117527706 A CN117527706 A CN 117527706A CN 202311032988 A CN202311032988 A CN 202311032988A CN 117527706 A CN117527706 A CN 117527706A
Authority
CN
China
Prior art keywords
request
preset
service
token
tokens
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311032988.5A
Other languages
Chinese (zh)
Inventor
王晓虎
舒润
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Geely Holding Group Co Ltd
Guangyu Mingdao Digital Technology Co Ltd
Original Assignee
Zhejiang Geely Holding Group Co Ltd
Guangyu Mingdao Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Geely Holding Group Co Ltd, Guangyu Mingdao Digital Technology Co Ltd filed Critical Zhejiang Geely Holding Group Co Ltd
Priority to CN202311032988.5A priority Critical patent/CN117527706A/en
Publication of CN117527706A publication Critical patent/CN117527706A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/215Flow control; Congestion control using token-bucket
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/20Traffic policing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2441Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to the technical field of gateways and discloses a service request control method and a device, wherein the method receives a service request through a current interface, matches request attribute information in the service request with preset attribute information, determines the number of remaining tokens and the last refreshing time if the matching is passed, determines target statistical dimension and counts request execution data of the service request to obtain current statistical data, determines the number of current tokens to generate if the number of the remaining tokens is smaller than a first critical threshold value, and determines the number of the current tokens to generate if the number of the current tokens is smaller than a second critical threshold value, and/or triggers the current interface to start a preset interface control strategy to control the service request if the current statistical data meets a preset statistical data interval, and realizes normal and reasonable call of the service request of different preset attribute information to the target service by pre-screening the service request and selecting statistical objects, so that the control is more refined and the customer experience is improved.

Description

Service request control method and device
Technical Field
The present invention relates to the field of gateway technologies, and in particular, to a service request control method and apparatus.
Background
Currently, network access traffic is increasing, and the stability requirements for services are also increasing. The API (Application Programming Interface, application program interface) gateway is an intermediate layer between the client and server sides, isolating external requests from internal services, all of which go through the API gateway layer. To prevent client abuse of interfaces, protect the server's resources, a limit on the number of calls made to the various interfaces on the server is required. The flow control strategy of the service interface comprises the following steps: degradation and current limiting. When the upstream service exceeds the request bearing range or is abnormal, the API gateway can limit the inflowing request, so that the upstream service is protected from impact and can be normally accessed.
The limitation of the API gateway is often implemented by flow control based on the traffic situation counted by the API gateway, so that the accurate statistics and control of access to the interface at the gateway level is critical to the normal and reasonable call of services. In the related art, the flow limitation of the API gateway is often realized based on the local current limiting size of the gateway, which is relatively rough and can not meet the user demand.
Disclosure of Invention
The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosed embodiments. The summary is not an extensive overview, and is intended to neither identify key/critical elements nor delineate the scope of such embodiments, but is intended as a prelude to the more detailed description that follows.
In view of the technical problem that in the related art, the flow limitation of the API gateway is often realized based on the local current limiting size of the gateway, which is relatively rough and cannot meet the user demand, the invention discloses a service request control method and device to solve the technical problem.
The invention provides a service request control method, which is characterized by comprising the following steps: receiving a service request through a current interface, wherein the service request comprises a request service identifier, a request mode and request attribute information; matching the request attribute information with preset attribute information; when the matching is passed, determining the residual token quantity of candidate tokens in a first token bucket and the last refreshing time based on the request mode, the request attribute information, the request service identification and the current interface identification of the current interface, determining a target statistical dimension according to one or more of the request service identification, the request mode and the request attribute information, and triggering request execution data of the service request to be counted according to the target statistical dimension to obtain the current statistical data of the target statistical dimension; if the number of the remaining tokens is smaller than a first critical threshold, determining a token generation rate of the candidate tokens according to the request mode, the request attribute information, the request service identifier and the current interface identifier, and determining the current token generation number based on the current time, the last refreshing time and the token generation rate; and if the current token generation quantity is smaller than a second critical threshold value, and/or if the current statistic data meets a preset statistic data interval, triggering the current interface to start a preset interface control strategy, and controlling the service request based on the preset interface control strategy.
In an embodiment of the present invention, if a preset token issuing condition is satisfied, a candidate token is allocated to the service request, where the preset token issuing condition includes that the number of remaining tokens is greater than a first critical threshold, or if the number of current tokens generated is greater than a second critical threshold, a new candidate token is generated and added to the first token bucket, and the last refresh time is refreshed at the current time; if the current interface does not enable the preset interface control strategy, controlling the service request to continue to access the target service; and if the current interface starts a preset interface control strategy, controlling the service request based on the preset interface control strategy.
In an embodiment of the present invention, if the number of generated current tokens is greater than a second critical threshold, generating a new candidate token and adding the new candidate token to the first token bucket, monitoring the existence duration of each candidate token in the first token bucket, and if a token to be destroyed exists, removing the token to be destroyed from the first token bucket, wherein the token to be destroyed is the candidate token whose existence duration exceeds a preset duration threshold; or if the number of the residual tokens is greater than a first critical threshold, monitoring the existence duration of each candidate token in the first token bucket, and if a token to be destroyed exists, removing the token to be destroyed from the first token bucket, wherein the token to be destroyed is the candidate token of which the existence duration exceeds a preset duration threshold.
In an embodiment of the present invention, before matching the request attribute information with preset attribute information, the method includes: acquiring rule modification data of a rule change event, wherein the rule modification data comprises at least one of preset attribute information modification data, target statistical dimension modification data, preset statistical data interval modification data, preset interface control strategy modification data and corresponding relation modification data of the target statistical dimension and the preset attribute information, and the rule modification data is obtained based on external input data or history request logs; and modifying and updating at least one of the preset attribute information, the target statistical dimension, the preset statistical data interval, a preset interface control strategy and the corresponding relation between the target statistical dimension and the preset attribute information based on the rule modification data.
In an embodiment of the present invention, determining the number of remaining tokens of the candidate tokens in the first token bucket and the last refresh time based on the request mode, the request attribute information, the request service identifier and the current interface identifier of the current interface includes matching the request mode, the request attribute information, the request service identifier and the current interface identifier with preset request modes, request statistics rule identifiers, preset service identifiers and preset interface identifiers of a plurality of initial tokens in the first token bucket, and taking the successfully matched initial tokens as the candidate tokens, wherein the token parameters preconfigured by the initial tokens include token rule identifier token thresholds and token generation rates, and the token rule identifiers are generated based on the request statistics rule identifiers, the preset request mode, the preset service identifiers and the preset interface identifiers, and the request statistics rule identifiers correspond to one or more preset attribute information; and taking the number of the candidate tokens in the first token bucket as the residual number of the tokens, and taking the latest historical refreshing time of the candidate tokens in the first token bucket as the last refreshing time.
In an embodiment of the present invention, a plurality of history request logs are obtained, where the history request logs include history request information of history requests received through a plurality of receiving interfaces, and the history request information includes a receiving interface identifier, request initiation object information, history request service information, a history request mode, history attribute information, and history request time; carrying out data statistics on a plurality of historical request logs according to the receiving interface identifications, the request initiating object information and the historical request time to obtain initial dimension data of each request initiating object in a plurality of historical statistics time dimensions in each receiving interface, wherein the initial dimension data comprises at least one of historical request times, historical attribute information times, request mode times and request service information times; if the initial dimension data is larger than the corresponding preset dimension maximum value, or if the initial dimension data is smaller than the corresponding preset dimension minimum value, determining the initial dimension data as abnormal dimension data; and generating alarm prompt information based on the abnormal dimension data so as to alarm.
In an embodiment of the present invention, after the service request is controlled based on the preset interface control policy, the method further includes: if the service request is allowed to access the target service, adding the service request to an access queue; and if a rule change event is detected, re-performing the steps of matching the request attribute information with preset attribute information and determining the number of the residual tokens of the candidate tokens on the service request in the access queue, wherein the rule change event comprises at least one of the following steps of changing the preset attribute information, changing the existence state of the candidate tokens and changing the token generation rate.
In an embodiment of the present invention, controlling the service request based on the preset interface control policy includes at least one of: if the preset interface control strategy is the current limit, the number of release tokens of the release tokens in the second token bucket is obtained, and if the number of release tokens is larger than 0, a release token is issued for the service request method, the service request is controlled to continue to carry out service access, and the generation number of release tokens is determined according to the preset release token generation speed; if the preset interface control strategy is fused, responding to a call failure prompt; and if the preset interface control policy is degraded, obtaining preset spam data based on at least one of the request service identifier request mode and the current interface identifier, and feeding back the preset spam data.
In an embodiment of the present invention, after triggering the current interface to open a preset interface control policy, the method further includes generating alarm information based on the opened preset interface control policy; and sending the alarm information to a preset receiving end for alarm prompt, wherein the preset receiving end comprises at least one of a mailbox address, a network hook and a preset internal alarm system.
The embodiment of the invention also provides a service request control device, which comprises: the current interface is used for receiving a service request, wherein the service request comprises a request service identifier, a request mode and request attribute information; the request interception module is used for matching the request attribute information with preset attribute information; the first token bucket is used for determining the residual token quantity and the last refreshing time of the candidate tokens in the first token bucket based on the request mode, the request attribute information, the request service identifier and the current interface identifier of the current interface when the matching is passed; the request statistics module is used for determining a target statistics dimension according to one or more of the request service identification, the request mode and the request attribute information when the matching is passed, triggering request execution data of the service request to be counted according to the target statistics dimension, obtaining a current statistics data token generation module of the target statistics dimension, and determining a token generation rate of the candidate token according to the request mode, the request attribute information, the request service identification and the current interface identification if the number of the residual tokens is smaller than a first critical threshold value, and determining a current token generation number based on the current time, the last refreshing time and the token generation rate; and the policy enablement determining module is used for triggering the current interface to start a preset interface control policy and controlling the service request based on the preset interface control policy if the number of the generated current tokens is smaller than a second critical threshold value and/or if the current statistics data meet a preset statistics data interval.
The invention has the beneficial effects that:
the embodiment of the invention provides a service request control method and a device, which are used for receiving a service request through a current interface, matching request attribute information in the service request with preset attribute information, if the matching is passed, determining the residual token quantity and the last refreshing time of candidate tokens in a first token bucket, determining a target statistical dimension and counting request execution data of the service request to obtain current statistical data, if the residual token quantity is smaller than a first critical threshold, determining the token generation rate of the candidate tokens, determining the current token generation quantity based on the current time, the last refreshing time and the token generation rate, if the current token generation quantity is smaller than a second critical threshold, and/or if the current statistical data meets a preset statistical data interval, triggering the current interface to start a preset interface control strategy, the service request is controlled based on the preset interface control strategy, request attribute data in the service request is matched firstly to screen out the request for service request control, which service requests are required to be subjected to flow limiting control and classified statistics can be accurately found, which service requests can be further controlled to continue to be accessed through whether the issuance of the candidate token is successful or not, when the token is exhausted, the current interface is controlled to enter the preset interface control strategy if the service request quantity is beyond the preset bearing quantity, the service requests are further controlled through the opened preset interface control strategy, thus the service requests can be screened in advance according to the preset attribute information and statistical objects are selected, the normal and reasonable call of the service requests with different preset attribute information to the target service can be realized, the method simply does not limit the current limitation on the number of all the received service requests, the control is more refined, and the customer experience is improved.
Drawings
FIG. 1 is a flow chart of a service request control method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of request forwarding through an API gateway according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of a rule configuration method according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating a service request control method according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a service request control device according to an embodiment of the present invention;
fig. 6 is a schematic diagram of an electronic device in an embodiment of the invention.
Detailed Description
Other advantages and effects of the present invention will become apparent to those skilled in the art from the following disclosure, which describes the embodiments of the present invention with reference to specific examples. The invention may be practiced or carried out in other embodiments that depart from the specific details, and the details of the present description may be modified or varied from the spirit and scope of the present invention. It should be noted that, without conflict, the following embodiments and sub-samples in the embodiments may be combined with each other.
It should be noted that the illustrations provided in the following embodiments merely illustrate the basic concept of the present invention by way of illustration, and only the components related to the present invention are shown in the drawings and are not drawn according to the number, shape and size of the components in actual implementation, and the form, number and proportion of the components in actual implementation may be arbitrarily changed, and the layout of the components may be more complicated.
In the following description, numerous details are set forth in order to provide a more thorough explanation of embodiments of the present invention, it will be apparent, however, to one skilled in the art that embodiments of the present invention may be practiced without these specific details, in other embodiments, well-known structures and devices are shown in block diagram form, rather than in detail, in order to avoid obscuring the embodiments of the present invention.
The terms first, second and the like in the description and in the claims of the embodiments of the disclosure and in the above-described figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe embodiments of the present disclosure. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion.
The term "plurality" means two or more, unless otherwise indicated.
In the embodiment of the present disclosure, the character "/" indicates that the front and rear objects are an or relationship. For example, A/B represents: a or B.
The term "and/or" is an associative relationship that describes an object, meaning that there may be three relationships. For example, a and/or B, represent: a or B, or, A and B.
Referring to fig. 1, fig. 1 is a schematic flow chart of a service request control method provided in an embodiment of the present invention, as shown in fig. 1, including steps S110 to S150, specifically described as follows:
step S110, a service request is received through the current interface.
Wherein the service request includes a request service identification, a request mode and request attribute information.
The service request is an external request, the purpose of which is to access an internal target service. The current interface, i.e. the aforementioned API gateway, requests the service identifier as the identifier of the target service, so as to find the corresponding target service by requesting the service identifier. The request means may be one or more of various request means known to those skilled in the art. The request attribute information may be information indicating the identity of the requester of the service request, and/or a parameter set in advance for a certain target. The request attribute information can distinguish the service request in another dimension besides the targeted target service and the request source, namely a data identification parameter preset by a person skilled in the art for classifying the service request.
The service request control method provided by the embodiment can be applied to the API gateway, and the service logic is considered more in the aspect of realizing the API, and the safety, the performance and the monitoring can be performed by the API gateway, so that the service flexibility is improved, and the safety is not lacked. Referring to fig. 2, fig. 2 is a schematic diagram of request forwarding through an API gateway according to an embodiment of the present invention, where, as shown in fig. 2, one or more clients send service requests (the "request" shown in fig. 2) to the API gateway, and the API gateway has one or more functions of single point entry, authentication authorization, flow control, flow limiting fusing, log monitoring, route forwarding, load balancing, and failed retry, and the service request is forwarded to a corresponding micro service (the "micro service 1 … micro service n" shown in fig. 2) through the API gateway.
In an embodiment, before step S110, that is, before receiving the service request through the current interface, the method further includes:
the creation of a service is a logical concept of a set of interface management, and at the same time, the service can also be used as a service name of a micro service to automatically discover and pull interfaces for management. Each SERVICE has a unique code service_key. Meanwhile, the service name also forms a complete interface address through the url prefix of the access gateway, such as a domain name/service name/api address;
and creating an API, namely creating an interface under the service after the service is created, and inputting the request mode, the request address and the request parameter information of the interface.
The "service" in the above embodiment is a service request, that is, the service request requests the target service to be accessed, and the API is a current interface. And receiving a service request sent by the client through the AIP.
Step S120, matching the request attribute information with preset attribute information.
As mentioned in the above embodiment, the preset attribute information is a data identification parameter preset by a person skilled in the art to classify the service request, the request attribute information is a parameter for distinguishing the service request from other types of service requests, and by comparing the request attribute parameter with the preset attribute parameter, it is able to know whether the service request is a request of a required type. The preset attribute information may be one or more preset by a person skilled in the art, and the preset attribute information may be a certain existing parameter in an existing service request, or may be a request structure rule set by a person skilled in the art separately to implement the service request control method provided in this embodiment. When the client wants to access the target service, the client needs to join the corresponding request attribute information according to the request structure rule.
In an embodiment, before matching the request attribute information with the preset attribute information, after completing the service and API creation, the method further includes: rule configuration is performed in advance, for example, specific configuration rules of a configuration statistics request (see description of the subsequent embodiment, namely, request statistics rules and preset statistics dimensions), triggered configuration conditions (request interception rules) are specifically described, and statistics is performed subsequently according to the preset statistics dimensions and the request interception rules corresponding to the request statistics rules. A configuration condition may be understood as a special rule, a series of conditions before triggering a request statistics rule, or a set of request interception rules, for example, when a request is for a tenant or the request must carry a certain parameter (preset attribute information) and is not counted by dimensions. It can be seen that a request statistics rule may correspond to one or more request interception rules, that is, a request statistics rule corresponds to one or more preset attribute information, and once the request attribute information of a certain service request matches with the preset attribute information corresponding to the request statistics rule, the request statistics rule is triggered to perform statistics on the request execution data of the service request. When a plurality of preset statistical dimensions exist, the preset statistical dimensions can be distinguished based on one or more of preset attribute information, a request mode, a request service identifier and a current interface identifier, namely, a target statistical dimension in the preset statistical dimensions can be obtained through matching at least one of the request service identifier, the request mode, the request attribute information and the current interface identifier of a currently received service request, the request execution data of the service request is triggered to be counted according to the target statistical dimension, and the current statistical data of the target statistical dimension is obtained, namely, the statistical result data of the target statistical dimension is refreshed. The request execution data includes, but is not limited to, at least one of a total number of requests, a total number of forwarding, a number of request failures, a number of forwarding failures, a number of timeout times, a number of authentication authorization failures, etc.
In an embodiment, matching the request attribute information with the preset attribute information includes: acquiring a plurality of preset configuration conditions of a current interface, wherein the preset configuration conditions comprise preset attribute information; matching the request attribute information with preset attribute information of each preset configuration condition; if the request attribute information is successfully matched with at least one preset attribute information, the matching is passed; if the matching of the request attribute information and all the preset attribute information fails, the matching is not passed.
In this embodiment, if the matching is not passed, the service request is indicated not to be limited in flow and is continuously accessed, for example, the service request can be directly forwarded to the target service, so that the service request can be intercepted and screened as required, and the service request which is passed by the matching is counted, so that the counting result is finer, the follow-up time of entering the preset interface control strategy is mastered more accurately, and the user experience is effectively improved.
That is, before executing step S120, the method provided in this embodiment needs to perform configuration of a request interception rule in advance, where the number of request interception rules may be one or more, each request interception rule may be configured with one or more preset attribute information, if a current service request carries one request attribute information, the request interception rule is triggered to perform interception verification, and when one or more request interception rules pass verification, that is, the matching is successful, that is, the service request includes preset attribute information corresponding to one or more request interception rules (the request attribute information is the same as the preset attribute information), a subsequent step is entered, otherwise, the verification fails, that is, the matching fails, and access is denied or a processing manner known by those skilled in the art is adopted. Of course, the above embodiment provides an example that the request attribute information is the same as the preset attribute information of one or more request interception rules, and then authentication passes, and a person skilled in the art may also implement interception in a "judgment not" manner, that is, the request attribute information is the same as the preset attribute information of one or more request interception rules, and then authentication fails, that is, interception is performed in a matching failure, and access rejection or other steps set by a person skilled in the art may be performed. Otherwise, if the request attribute information is different from the preset attribute information of all the request interception rules, the verification is successful, namely the matching is successful, and the subsequent steps are entered.
Step S130, when the matching is passed, determining the residual token number and the last refreshing time of the candidate tokens in the first token bucket based on the request mode, the request attribute information, the request service identification and the current interface identification of the current interface, determining a target statistical dimension according to one or more of the request service identification, the request mode and the request attribute information, and triggering the request execution related data of the service request to carry out statistics according to the target statistical dimension to obtain the current statistical data of the target statistical dimension.
The first token bucket is a tool for storing tokens for users maintained before, and the service request in the scheme provided by the embodiment can be accessed only after the tokens are taken, otherwise, the service request can be refused to be accessed or other rules set by a person skilled in the art can be executed. When the match passes, the service request enters a rule checking phase, which may be by using a first token bucket algorithm. For example, a first token bucket belonging to each group and an interface configured separately can be maintained, when a service request enters a gateway and meets the condition, a token (a candidate token) is acquired from the first token bucket, and only if the token is acquired, the token can pass through the gateway, then the subsequent steps can be entered.
In an exemplary embodiment, the first token bucket sets bucket parameters (i.e., token rule identification (KEY), token threshold (restriction size), token generation rate (rate of generating tokens), etc.) by Lua script (Lua is a lightweight and compact scripting language, written in standard C language and open in source code form), which are the restricted KEYs (service_key+reg_key+request mode+interface KEY), the rate of generating tokens (in terms of daily or hourly dimensions), the current time, and the restriction size, i.e., the number of rules configured N (the maximum number of tokens set for a certain request statistics rule, i.e., the token threshold), respectively. It will be appreciated that for the tokens in the first token bucket, one or more token may be provided, each configured with a token parameter, a token generation rate (characterizing its generation rate), and a token threshold, i.e. a token rule identity generated by the request means, the current interface identity (interface KEY), the request SERVICE identity (service_key), the request statistics rule identity (reg_key). The token threshold value can be determined by the request statistical rule identification, namely, the token threshold value corresponding to each request statistical rule is preconfigured, and only the matching is needed to be searched. The request statistics rule identifier is an identifier of the request statistics rule, and one or more pieces of preset attribute information are corresponding to the request statistics rule identifier.
In an embodiment, determining the number of remaining tokens of the candidate tokens in the first token bucket and the last refresh time based on the request mode, the request attribute information, the request service identification, and the current interface identification of the current interface includes: matching a request mode, request attribute information, a request service identifier and a current interface identifier with preset request modes, request statistics rule identifiers, preset service identifiers and preset interface identifiers of various initial tokens in a first token bucket, taking the successfully matched initial tokens as candidate tokens, wherein the pre-configured token parameters of the initial tokens comprise token rule identifiers, token threshold values and token generation rates, and the token rule identifiers are generated based on the request statistics rule identifiers, the preset request mode, the preset service identifiers and the preset interface identifiers, and the request statistics rule identifiers correspond to one or more pieces of preset attribute information; taking the number of the candidate tokens in the first token bucket as the number of the residual tokens and taking the latest historical refreshing time of the candidate tokens in the first token bucket as the last refreshing time.
If only one token exists in the first token bucket, the number of the remaining tokens in the first token bucket is directly obtained, and matching is not needed to obtain a result.
The token generation rate characterization requests the service identifier and the token generation rate corresponding to the current interface in the request mode, namely the token generation rate can be determined according to a preset generation time interval dimension. The token rule identifier is generated based on a preset interface identifier interface KEY, a preset request mode (request mode), a preset SERVICE identifier service_key and a preset request statistics rule identifier reg_key. The token threshold is a pre-configured current limit size corresponding to the preset request statistics rule, that is, the maximum number of tokens issued in a certain period, such as a day.
Tokens in one or more first token buckets may be generated in advance in the manner described above. And comparing the related parameters according to the currently obtained service request to know which first token bucket is going to apply for the tokens. A token corresponding to a preset request statistics rule and a preset statistics dimension, or a plurality of tokens corresponding to the preset request statistics rule and the preset statistics dimension, may exist in a first token bucket.
Wherein the request statistics rules define a preset statistics dimension consisting of a unit time dimension and a parameter statistics dimension. The request statistics rule and the request interception rule are divided into two scenes of system built-in parameters and user-defined. Each request statistics rule has a specific code reg_key. Metering the time dimension in terms of at least one of seconds, minutes, hours, days, and the like; the parameter statistics dimension includes at least one of a total number of requests, a total number of forwarding, a number of request failures, a number of forwarding failures, a number of timeout, a number of authentication authorization failures, and the like. The same metering time dimension may be used for both parameter statistics dimensions, or different metering time dimensions may be used.
In one embodiment, the method further comprises: acquiring a plurality of history request logs, wherein the history request logs comprise history request information of history requests received through a plurality of receiving interfaces, and the history request information comprises a receiving interface identifier, request initiating object information, history request service information, history request mode, history attribute information and history request time; carrying out data statistics on a plurality of historical request logs according to the receiving interface identifications, the request initiating object information and the historical request time to obtain initial dimension data of each request initiating object in a plurality of historical statistics time dimensions in each receiving interface, wherein the initial dimension data comprises at least one of historical request times, historical attribute information times, request mode times and request service information times; if the initial dimension data is larger than the corresponding preset dimension maximum value or if the initial dimension data is smaller than the corresponding preset dimension minimum value, determining the initial dimension data as abnormal dimension data; and generating alarm prompt information based on the abnormal dimension data so as to alarm. That is, if the number of times of historical requests of a request initiating object in one or more historical statistical time dimensions in a certain receiving interface is significantly higher or lower than the number of times of the request initiating object in other historical statistical time dimensions through the receiving interface, it is indicated that the historical request is abnormal dimension data at this time, and the manner of the abnormal dimension data corresponding to other initial dimension data is similar to the number of times of the historical requests, which is not limited herein. At this time, the preset dimension maximum value and the preset dimension minimum value may be at least two of an average value, a median, a mode, etc. of a plurality of historical statistics time dimensions (such as 30 days) of the request initiating object in the receiving interface under the statistics scene, or the preset dimension maximum value and the preset dimension minimum value may also be preset values (based on whether the sum of values is greater than or less than the obtained preset statistics data interval, such as 0 to the preset dimension minimum value, or the preset dimension maximum value to infinity) by a person skilled in the art. The alarm prompt information can be generated through the abnormal conditions so as to prompt the abnormal conditions with history accumulation.
For example, the API gateway has complete log storage and analysis for all requests, and the actual situation of passing through the gateway is extracted through data analysis and model analysis. And analyzing log data asynchronously, analyzing, recording and extracting the log according to conditions and parameters of rules, for example, carrying out 1000 times per day for an A tenant of an a interface, carrying out data aggregation on the log according to a dimension of the a interface, a dimension of the A tenant and a dimension of the day, and forming data of each dimension to be imported into an analysis model for data analysis. On one hand, once the request interface with larger deviation from the normal value is found to carry out abnormal alarm according to the analysis result of the log, the detection and verification processing is carried out manually.
In another embodiment, the API gateway may generate a "new rule" that may have guidance based on the history log, and only needs to modify and refresh the gateway system and redis data after the manual audit passes, so as to implement fast adjustment, and achieve the purpose of intelligently deciding to reduce the manual participation. The first token bucket and the second token bucket in the embodiment of the invention are realized based on redis. The redis is a high-performance memory data structure storage system, data access occurs in a memory, the IO speed is very high, and real-time data update, real-time transaction processing and real-time log processing can be realized. Meanwhile, regardless of whether the gateway service is single-node deployment or distributed deployment, the gateway service can read rules and tokens through redis, namely, the gateway service takes effect. And the gateway service does not need to be stopped, so that the real-time effectiveness is achieved.
Continuing the above embodiment, if the preset dimension maximum value and the preset dimension minimum value are preset values by a person skilled in the art, when the number of times reflected in one or more pieces of initial dimension data exceeding the history request with the preset duty ratio is greater than the preset dimension maximum value or less than the preset dimension minimum value, the preset dimension maximum value or the preset dimension minimum value can be adjusted, the average value, the median, the mode and the like of the request initiating object in the statistics scene in a plurality of history statistics time dimensions (such as 30 days) of the receiving interface are taken as the preset dimension maximum value or less than the preset dimension minimum value, and the preset dimension maximum value or less than the preset dimension minimum value is adjusted to generate a new preset statistics data interval, so that the adjustment linkage with the preset statistics data interval of opening and closing of the preset interface control strategy is realized, and whether to start or close the preset interface control strategy is enabled, and the selection of which interface control strategy is opened better meets the current practical condition of the whole API gateway load balancing and the requirement of client access target service.
In this embodiment, when the request attribute information of the service request is matched with the preset attribute information, it is indicated that the service request passes through the request interception rule and can be counted, one or more preset statistical dimensions of the request statistics rule corresponding to the request interception rule are selected as target statistical dimensions, and the request execution data of the service request is counted according to the measurement time dimension and the parameter statistical dimension of the target statistical dimensions, if the target statistical dimension is one, the parameter statistical dimension is the total number of requests and the timeout number, the measurement time dimension is the total number of requests measured according to each minute, the timeout number is measured according to each day, and if the service request has no timeout, the total number of requests in the current statistical data is +1, and the timeout number is maintained unchanged. The current statistics include statistics of historical requests preceding the service request.
And step S140, if the number of the remaining tokens is smaller than a first critical threshold, determining the token generation rate of the candidate tokens according to the request mode, the request attribute information, the request service identifier and the current interface identifier, and determining the current token generation number based on the current time, the last refreshing time and the token generation rate.
The token generation rate characterizes the token generation rate corresponding to the request service identifier, the current interface and the request attribute information in the request mode. The first critical threshold may be 1 or other value set by one skilled in the art.
In an embodiment, when candidate tokens in the first token bucket, which are matched with the service request, are all cleared or are less than the first critical threshold, the last refresh time of the first token bucket can be checked first, if the last refresh time is consistent with the current time, or the time difference between the last refresh time and the current time is less than the preset difference, this indicates that the service request amount of the current token is larger, no redundant tokens are regenerated, and the current token generation amount is zero.
In an embodiment, when the time difference between the last refresh time and the current time is greater than a preset difference, the current interface control policy currently executed may be determined according to at least one of a request mode and a request service identifier, and if an interface control policy in execution exists in a certain service interface or a certain request mode, the corresponding current token generation number is determined according to the interface control policy. If the interface control strategy is fusing, generating new tokens is not needed, and the current token generation number is determined to be zero. If the interface control strategy is the current limit, determining the current token generation quantity according to the current limit degree such as 80%, the current time, the last refresh time and the token generation rate, and multiplying the time difference with the token generation rate and the current limit degree to obtain the current token generation quantity, wherein the current token generation quantity is the time difference between the current time and the last refresh time. This avoids "white work" of the token generation process.
In one embodiment, if the number of remaining tokens is greater than or equal to a first critical threshold, a candidate token is issued for the service request and the service request is controlled to proceed with access to the target service. If the preset interface control strategy is not triggered currently either, the service request can be directly forwarded to the target service or cached in a cache queue of the target service to wait for accessing the target service.
Step S150, if the number of the generated current tokens is smaller than the second critical threshold value, and/or if the current statistic data meets the preset statistic data interval, triggering the current interface to start a preset interface control strategy, and controlling the service request based on the preset interface control strategy.
The second critical threshold may be 1 or another value set by one skilled in the art. The magnitude relation between the first critical threshold and the second critical threshold may be set by those skilled in the art, and is not limited herein.
In the embodiment that the current interface control policy currently executed may be determined according to at least one of the request mode and the request service identifier, if a certain service interface or a certain request mode has an interface control policy in execution, and a corresponding current token generation number is determined according to the interface control policy, a preset interface control policy has been executed as the current interface control policy, and if the current token generation number is 0 or less than a second critical threshold, the preset interface control policy in the current interface opening preset interface control policy is still the control policy executed before.
The triggering execution and ending of the preset interface control policy may be adjusted by the data obtained by statistics of the preset statistics dimensions corresponding to the preset request statistics rule provided in the foregoing embodiment. That is, when the number of the total number of requests, the total number of forwarding, the number of request failures, the number of forwarding failures, the number of times exceeding, the number of authentication and authorization failures, etc. is greater than a number M in a certain period of time (such as seconds, minutes, hours, days), the corresponding preset interface control strategy is started, whereas when the number of the total number of requests, the total number of forwarding, the number of request failures, the number of forwarding failures, the number of times exceeding, the number of authentication and authorization failures, etc. is less than a number N in a certain period of time (such as seconds, minutes, hours, days), the preset interface control strategy is stopped. Wherein the value M and the value N can be the same value or different values.
As mentioned in the above embodiment, the current statistics data is updated based on the matched request of the service request, if there are multiple parameter statistics dimensions in the target statistics dimension, each parameter statistics dimension is preset with a corresponding preset statistics data interval (the number may be one or more, if multiple, the data of the parameter statistics dimension may be further classified), when the data of one or more parameter statistics dimensions meets the preset statistics data interval, whether to start the preset interface control policy and which preset interface control policy to start are determined based on preset statistics data intervals bet on different parameter statistics dimensions preset and preset interface control policies corresponding to the multiple preset statistics data intervals.
Because the preset statistical rules can be multiple, if the current statistical data of the target statistical dimension corresponding to one or more preset statistical rules meets the preset statistical data interval of the target statistical dimension, one or more preset interface control strategies are selected based on different preset statistical rules which are preset in advance and the preset interface control strategies corresponding to the target statistical dimension, and the current interface is triggered to start the corresponding preset interface control strategy.
In one embodiment, the method further comprises: if the preset token issuing condition is met, distributing a candidate token preset token issuing condition for the service request, wherein the number of the residual tokens is larger than a first critical threshold value, or if the number of the generated current tokens is larger than a second critical threshold value, generating newly added candidate tokens and adding the newly generated candidate tokens into a first token bucket, and refreshing the last refreshing time according to the current time; if the current interface does not enable the preset interface control strategy, controlling the service request to continue to access the target service; and if the current interface starts a preset interface control strategy, controlling the service request based on the preset interface control strategy.
That is, the request execution data includes, but is not limited to, a number of requests total, a total number of forwarding, a number of request failures, a number of forwarding failures, a number of timeout, a number of authentication authorization failures, etc. of historical requests over a certain period of time (e.g., seconds, minutes, hours, days). The target statistics dimension comprises a metering time dimension and a parameter statistics dimension, the metering time dimension comprises at least one of seconds, minutes, hours, days and the like, and the parameter statistics dimension comprises at least one of the dimensions of total number of requests, total number of forwarding, number of request failures, number of forwarding failures, number of timeout, number of authentication and authorization failures and the like. The same metering time dimension can be adopted for the two target statistics dimensions, and different metering time dimensions can be adopted, so that the two target statistics dimensions can be set as required by a person skilled in the art. The history request may be a service request with a matching result of a preset interception rule as a service request passing through the matching, or may be all service requests received by a current interface, or may be a service request with a candidate token obtained, and for a request with a different request mode, a request received by a different interface, different preset attribute information, different clients, or the like, a determination mode of one or more of the foregoing history requests may be selected.
Different target statistical dimensions may be set with the same or different preset statistical data intervals, and a person skilled in the art may select specific values according to needs. The corresponding preset interface control strategies when the statistical data of different target statistical dimensions meet the preset data threshold values can be the same control strategy, and a plurality of configuration strategies can be correspondingly configured to be selected according to the needs.
In an embodiment, if the number of generated current tokens is greater than a second critical threshold, generating newly added candidate tokens and adding the newly added candidate tokens into a first token bucket, monitoring the existence duration of each candidate token in the first token bucket, and if a token to be destroyed exists, removing the token to be destroyed from the first token bucket, wherein the token to be destroyed is a candidate token whose existence duration exceeds a preset duration threshold. That is, if the current token generation number is greater than 0 or another preset second critical threshold, a new token may be generated, and a token (at least 1) less than or equal to the number may be generated according to the current token generation data, and added to the first token bucket for token replenishment. If the number of the newly added tokens is small, the minimum number of the tokens generated each time can be controlled by adjusting the second critical threshold value, so that the number of times of generating the tokens is reduced, and the burden of a system is reduced. When the existence duration is too long, which indicates that the token is not requested for a long time, the overtime token can be destroyed due to the possible adjustment of the token generation rate and the like, so that the invalid occupation of the first token bucket space is reduced. In another embodiment, when the duration of the presence exceeds the threshold of the presence time, which indicates that a service request of a certain type is not received for a long time, or a problem of a port or a problem of a client exists, or one or more situations such as fusing the service request of the certain type for a long time occur, the number of tokens of the token type X may be counted, and if the number of tokens of the certain type exceeds the threshold of the preset number of tokens, an alarm may be given based on preset alarm information corresponding to the token type X. Therefore, the discovery probability of the abnormal event can be further improved, and the reliability of the system is improved.
In an embodiment, if the number of remaining tokens is greater than a first critical threshold, monitoring the existence duration of each candidate token in the first token bucket, and if a token to be destroyed exists, removing the token to be destroyed from the first token bucket, wherein the token to be destroyed is a candidate token whose existence duration exceeds a preset duration threshold. The token destruction policy, reason and effect are similar to those of the scheme corresponding to the case that the number of generated tokens is greater than the second critical threshold, and are not described herein.
In an embodiment, after the service request is controlled based on the preset interface control policy, the method further includes: if the service request is allowed to access the target service, adding the service request to an access queue; and if the preset configuration rule of the candidate token in the first token bucket of the rule change event is detected to be changed, the steps of matching the request attribute information with the preset attribute information and determining the residual token quantity of the candidate token are carried out on the service request in the access queue, wherein the rule change event comprises at least one of the following steps of changing the preset attribute information, changing the existence state of the candidate token and changing the token generation rate to control the service request based on a preset interface control strategy. I.e. re-executing one or more of steps S120 to S150 and the other method steps provided in the above embodiments. At this time, there may be one or more of the following cases, the preset attribute information in step S120 may be changed, the existence state of the candidate token (whether the first token bucket allows the candidate token to exist), the token generation rate, etc. may also be changed, and the preset interface control policy may also be changed. And carrying out matching of preset attribute information and request of candidate tokens again based on the changed current situation.
In one embodiment, before matching the request attribute information with the preset attribute information, the method includes: acquiring rule modification data of a rule change event, wherein the rule modification data comprises at least one of preset attribute information modification data, target statistical dimension modification data, preset statistical data interval modification data, preset interface control strategy modification data and corresponding relation modification data of target statistical dimension and preset attribute information, and the rule modification data is obtained based on external input data or history request logs; and modifying and updating at least one of preset attribute information, target statistical dimension, preset statistical data interval, preset interface control strategy and corresponding relation between the target statistical dimension and the preset attribute information based on the rule modification data. The external input data can be rules under the business experience summary input into the system to update request interception rules, request statistics rules and the like, and can also be customized through the current system application scene. The modification of the target statistical dimension may be a modification of at least one of a metering time dimension, a parameter statistical dimension. The modification data of the preset statistical data interval can be obtained based on statistics of a history request log, that is, if the preset dimension maximum value and the preset dimension minimum value are preset values by a person skilled in the art, when the number of times of the occurrence of one or more initial dimension data of the history request exceeding the preset duty ratio is larger than the preset dimension maximum value or smaller than the preset dimension minimum value, the preset dimension maximum value or the preset dimension minimum value can be adjusted, and an average value, a median, a mode and the like of a plurality of history statistical time dimensions (such as 30 days) of the request initiating object in the statistical scene at the receiving interface are used as the preset dimension maximum value or smaller than the preset dimension minimum value, and the preset dimension maximum value or smaller than the preset dimension minimum value is adjusted to generate a new preset statistical data interval. If there are multiple preset interception rules and multiple preset statistics rules and multiple target statistics dimensions, the rule modification data needs to carry corresponding identifiers to distinguish which target statistics dimension or rule is modified.
For old and new rule alternates (rule change events) to occur, if the current service request takes the token to represent that the gateway flow control function has been passed. If the data is required to be processed, queuing is carried out on the requests after flow control, and re-condition interception, rule check and flow limiting strategy secondary processing are carried out on the data which is not forwarded after the new and old requests are alternately validated in a queue adding mode.
In an embodiment, the preset interface control policy includes at least one of current limiting, fusing, or degradation. Each preset interface control strategy corresponds to one or more target statistical dimensions and preset data thresholds corresponding to the statistical data of the target statistical dimensions. If the two preset interface control strategies have the corresponding same target statistical dimension, preset data thresholds of the same target statistical dimension are different. The current limiting strategy has three processing modes for interface processing, namely current limiting, fusing and degrading. Wherein the fusing responds to the failure call prompt and does not adopt an idle interface mode. If the response of the interface is not wanted to fail, the interface can be configured to be degraded, namely the response is normal (the response effect of the idle interface is achieved), but the non-business data does not influence the business call flow because the gateway fuses the refusal request.
In one embodiment, controlling the service request based on the preset interface control policy includes at least one of:
if the preset interface control strategy is the current limit, acquiring the release token quantity of release tokens in a second new token bucket, if the release token quantity is more than 0, issuing a release token for a service request method, controlling a service request to continue service access, determining the control of the generation rate according to the preset release token generation speed by the generation quantity of the release token, obtaining the new token, allowing access to the service, and if the release token quantity is equal to 0, rejecting the service request or executing other actions preset by a person skilled in the art;
if the preset interface control strategy is fusing, responding to the call failure prompt;
and if the preset interface control strategy is degradation, obtaining preset spam data based on at least one of the request service identifier, the request mode and the current interface identifier, and feeding back the preset spam data.
In an embodiment, after triggering the current interface to start the preset interface control policy, the method further includes: generating alarm information based on the opened preset interface control strategy; and sending the alarm information to a preset receiving end for alarm prompt, wherein the preset receiving end comprises at least one of a mailbox address, a network hook, a preset internal alarm system and the like.
The above embodiment provides a service request control method, receiving a service request through a current interface, matching request attribute information in the service request with preset attribute information, if the matching is passed, determining the number of remaining tokens of candidate tokens in a first token bucket and last refresh time based on a request mode of the service request, the request attribute information, a request service identifier and the current interface identifier, if the number of remaining tokens is smaller than a first critical threshold, determining a token generation rate of the candidate tokens according to a request mode, the request attribute information, the request service identifier and the current interface identifier, determining the current token generation number based on the current time, the last refresh time and the token generation rate, if the current token generation number is smaller than a second critical threshold, and/or if the current statistical data meets a preset statistical data interval, triggering a preset interface control policy to control the service request based on the preset interface control policy, and firstly matching the request attribute data in the service request to screen out requests requiring service request control, which service requests need to be subjected to flow limiting control (for other service requests, may be directly and not be limited in a current, may not be satisfied, or may not exceed a preset statistical threshold, and further processing may be performed by the current interface, if the current statistical data meets the preset statistical data, and then the current interface control policy is further processed by the current interface has been set up, the service requests are further controlled through the opened preset interface control strategy, so that the service requests can be screened in advance according to the preset attribute information, the normal and reasonable call of the service requests with different preset attribute information to the target service can be realized, the requests which need to be counted in a certain class or classes are counted, whether the preset interface control strategy is triggered or not is determined, the limitation of the quantity of all the received service requests is not limited, the control is more refined, and the customer experience degree is improved.
In addition, according to the method provided by the embodiment, the parameter flow control can be performed according to the request parameters of the user and the custom condition, and the parameter flow control configuration supports the following characteristics:
1) Support the flow control dimension of seconds, minutes, hours, days as the metering time dimension;
2) Obtaining parameter statistical dimensions according to client request parameters and system parameter setting conditions built in an API gateway, and executing different flow control dimensions;
3) The flow control may be set by using a single rule or a combination of multiple rules, that is, by configuring multiple request statistics rules to respectively count current statistics data, and determining whether to enter a preset interface control policy based on the satisfaction of the current statistics data and a corresponding preset statistics data interval, so as to further implement flow control.
Meanwhile, the method provided by the embodiment also has the following advantages:
1) And the expandability is strong. The built-in rule under the existing business experience summary is configured aiming at the rule, the custom rule can be carried out through the complete specific business scene, the spring SPEL analysis rule is supported, and the expansibility is high.
2) The rule configuration is simple, the logic is clear, and the rule configuration is easy to understand. Through the bottom layer business encapsulation, the invention needs to carry out simple parameter configuration, and is friendly to a little development experience or operation and maintenance experience.
3) The method can set alarm rules and specific notified persons aiming at the global or single API, support alarm modes such as mail and web hook, and the like, and can interface with an enterprise internal alarm system.
Referring to fig. 3, fig. 3 is a flow chart illustrating a rule configuration manner of the service request control method according to an embodiment of the present invention, as shown in fig. 3, the rule configuration manner includes the following steps:
first, a service is created, which is both a micro-service name and a logical grouping. The service is a logical concept of interface management, and can be used as a service name of a micro service to automatically discover and pull interfaces for management. Each SERVICE has a unique code service_key. Meanwhile, the service name also forms a complete interface address through the url prefix of the access gateway, such as a domain name/service name/api address. The number of services may be one or more, including at least the target service. Secondly, a current interface API is created, and information such as an interface request address, a request mode and the like is input for configuring specific interface rules. After the service is created, an interface is created under the service, and the request mode, the request address and the request parameter information of the interface are input. I.e. creating a current interface, which is preconfigured with the corresponding request mode, request address and request parameter information. Again, rules are configured based on service and interface configuration rules (request intercept rules and request statistics rules). Rule configuration, namely configuring specific rules (request statistics rules) of the statistics request and triggering conditions (request interception rules), and carrying out statistics according to the rules and the conditions. The request statistics rule consists of a metering time dimension and a parameter statistics dimension. Rules and conditions are divided into two scenes of system built-in parameters and custom. Each request statistics rule has a specific code reg_key. Metering time dimensions in seconds, minutes, hours and days; the statistical dimension comprises the total number of requests, the total number of forwarding, the number of request failures, the number of forwarding failures, the number of timeout and the number of authentication authorization failures. A configuration condition may be understood as a special rule, a series of conditions before the rule is triggered, or a set of request interception rules, for example, a request is counted by dimensions when it is a tenant or the request must carry a parameter. And when the request meets the condition, entering into whether a rule check is carried out, wherein the rule check adopts a token bucket algorithm. Each group and the independently configured interfaces maintain a token bucket belonging to the group, when a request enters the gateway and the condition is met, tokens are acquired from the token bucket, and only if the tokens are acquired, the tokens can pass through the gateway, and the subsequent steps can be entered. The token bucket sets bucket parameters, namely a KEY (service_key+reg_key+request mode+interface KEY) of the current limit, a size of the current limit (rule number N configured in step 3), a rate of generating tokens (in terms of a daily or hourly or minute dimension)), and a current time, through the Lua script. The method can also self-define specific service specific data specific to specific interface specific scenes to analyze requests with finer granularity and form rules, and can also take effect with built-in parameter superposition when conditions are met. Then, the control strategy is configured. And aiming at reaching a subsequent control strategy requiring a control interface. The corresponding control strategy is configured, and the control strategy comprises degradation, fusing and current limiting. The following is carried out ) The degradation strategy can be used for configuring spam data and degradation data, and preferentially guaranteeing core service and preferentially guaranteeing most users, so that a downstream system or an access page cannot cause abnormal links due to interface access failure; the following is carried out The following is carried out ) If the flow limiting strategy is configured, a token bucket with fixed speed is started, the request can acquire the token again, and as the token in the bucket is put in with fixed speed, access can be performed only when the token is taken, otherwise, the request is discarded, and access is refused to achieve the 'speed limiting' flow limiting target; the following is carried out The following is carried out The following is carried out ) And fusing the strategy, and directly rejecting the access by subsequent requests. At the same time, other processes such as log, alarm, monitor, etc. can be added to the location extension. Finally, the setting enables to be effective.
Referring to fig. 4, fig. 4 is a specific flowchart of a service request control method provided in an embodiment of the present invention, as shown in fig. 4, the specific service request control method includes the following steps: and receiving a client request (service request), analyzing the request, namely analyzing the service request, judging whether a rule is configured, judging whether the rule is met if the rule is configured, judging whether the rule is triggered if the rule is configured, and selecting a control strategy if the rule is triggered, wherein the control strategy comprises fusing or degrading and limiting. If the current is limited, the access to the target service interface is limited, if the current is limited, the predetermined rule is triggered by fusing or degradation, and the fusing response fails. Reference may be made in particular to the rules configured in fig. 3 above. If the rule is not configured, the target service interface is directly forwarded, if the condition is not met, the service request is forwarded to the target service interface, and if the rule is not triggered, the service request is forwarded to the target service interface.
For example, when there is currently a get request mode interface (/ ap i/product/list) for querying a product list under a product group (product_key), the current configuration rule is 100 times per minute call success (reg_success), provided that the tenant id is changed to xxx tenant. When the configuration is effective, a limited token in a redis token bucket is maintained as a product_ke_reg_success_get_api_product_list, a gateway service continuously adds tokens to the token bucket along with the time, 100 tokens are kept to be placed every minute, when the request comes in, a request parameter is firstly analyzed or whether the request head contains a tenant identifier and the tenant id is xxx (preset attribute information), then the tokens (candidate tokens) are obtained, the gateway service firstly obtains the residual token quantity in the first token bucket and the last refreshing time from a redis database, calculates the elapsed time and the generated new token quantity, and updates the token quantity in the bucket and the last refreshing time. And finally judging whether the token is acquired or not, if the token description is taken, continuing to access, otherwise, performing preconfigured fusing, degrading or current limiting treatment, and directly failing or returning the preconfigured spam return data.
As shown in fig. 5, an embodiment of the present disclosure provides a service request control device, including a current interface 501, a request interception module 502, a first token bucket 503, a request statistics module 504, a token generation module 505, and a policy enablement determination module 506, where:
a current interface 501, configured to receive a service request, where the service request includes a request service identifier, a request mode, and request attribute information;
the request interception module 502 is configured to match the request attribute information with preset attribute information;
a first token bucket 503, configured to determine, when the matching is passed, the number of remaining tokens of the candidate tokens in the first token bucket and the last refresh time based on the request mode, the request attribute information, the request service identifier, and the current interface identifier of the current interface;
the request statistics module 504 is configured to determine a target statistics dimension according to one or more of a request service identifier, a request manner and request attribute information when the matching is passed, and trigger request execution data of a service request to perform statistics according to the target statistics dimension, so as to obtain current statistics data of the target statistics dimension;
the token generation module 505 is configured to determine a token generation rate of the candidate token according to the request mode, the request attribute information, the request service identifier, and the current interface identifier if the number of remaining tokens is smaller than a first critical threshold, and determine the current token generation number based on the current time, the last refresh time, and the token generation rate, where the token generation rate characterizes the token generation rate corresponding to the request service identifier, the current interface, and the request attribute information in the request mode;
The policy enablement determination module 506 is configured to trigger the current interface to start a preset interface control policy if the number of generated current tokens is less than the second critical threshold and/or if the current statistics data meets a preset statistics data interval, and control the service request based on the preset interface control policy.
In an embodiment, the first token bucket is further configured to: if a preset token issuing condition is met, a candidate token is distributed for the service request, wherein the preset token issuing condition comprises that the number of the residual tokens is larger than a first critical threshold value, or if the number of the generated current tokens is larger than a second critical threshold value, a newly added candidate token is generated and added into the first token bucket, and the last refreshing time is refreshed according to the current time; if the current interface does not enable the preset interface control strategy, controlling the service request to continue to access the target service; and if the current interface starts a preset interface control strategy, controlling the service request based on the preset interface control strategy.
In an embodiment, the first token bucket is further configured to: if the number of the generated current tokens is larger than a second critical threshold, generating newly added candidate tokens and adding the newly added candidate tokens into the first token bucket, monitoring the existence time of each candidate token in the first token bucket, and if a token to be destroyed exists, removing the token to be destroyed from the first token bucket, wherein the token to be destroyed is the candidate token of which the existence time exceeds a preset time threshold; or if the number of the residual tokens is greater than a first critical threshold, monitoring the existence duration of each candidate token in the first token bucket, and if tokens to be destroyed exist, removing the tokens to be destroyed from the first token bucket, wherein the tokens to be destroyed are candidate tokens of which the existence duration exceeds a preset duration threshold.
In an embodiment, the device further includes a modification module, configured to obtain rule modification data of a rule change event before the request attribute information is matched with the preset attribute information, where the rule modification data includes at least one of preset attribute information modification data, target statistics dimension modification data, preset statistics data interval modification data, preset interface control policy modification data, correspondence modification data between the target statistics dimension and the preset attribute information, and the rule modification data is obtained based on external input data or a history request log; and modifying and updating at least one of the preset attribute information, the target statistical dimension, the preset statistical data interval, a preset interface control strategy and the corresponding relation between the target statistical dimension and the preset attribute information based on the rule modification data.
In an embodiment, the modification module is further configured to add the service request to an access queue if the service request is allowed to access a target service after controlling the service request based on the preset interface control policy; and if a rule change event is detected, re-performing the steps of matching the request attribute information with preset attribute information and determining the number of the residual tokens of the candidate tokens on the service request in the access queue, wherein the rule change event comprises at least one of the following steps of changing the preset attribute information, changing the existence state of the candidate tokens and changing the token generation rate.
In an embodiment, the first token bucket is further configured to: matching the request mode, the request attribute information, the request service identifier and the current interface identifier with preset request modes, request statistics rule identifiers, preset service identifiers and preset interface identifiers of various initial tokens in the first token bucket, taking the initial tokens successfully matched as candidate tokens, wherein the pre-configured token parameters of the initial tokens comprise token rule identifiers, token threshold values and token generation rates, the token rule identifiers are generated based on the request statistics rule identifiers, the preset request modes, the preset service identifiers and the preset interface identifiers, and the request statistics rule identifiers correspond to one or more pieces of preset attribute information; and taking the number of the candidate tokens in the first token bucket as the residual number of the tokens, and taking the latest historical refreshing time of the candidate tokens in the first token bucket as the last refreshing time.
In an embodiment, the device further comprises an alarm module, configured to obtain a plurality of history request logs, where the history request logs include history request information of history requests received through a plurality of receiving interfaces, and the history request information includes a receiving interface identifier, request initiation object information, history request service information, a history request mode, history attribute information, and history request time; carrying out data statistics on a plurality of historical request logs according to the receiving interface identifications, the request initiating object information and the historical request time to obtain initial dimension data of each request initiating object in a plurality of historical statistics time dimensions in each receiving interface, wherein the initial dimension data comprises at least one of historical request times, historical attribute information times, request mode times and request service information times; if the initial dimension data is larger than the corresponding preset dimension maximum value or if the initial dimension data is smaller than the corresponding preset dimension minimum value, determining the initial dimension data as abnormal dimension data; and generating alarm prompt information based on the abnormal dimension data so as to alarm.
In an embodiment, the device further includes an alarm module, configured to generate alarm information based on the opened preset interface control policy after triggering the current interface to open the preset interface control policy; and sending the alarm information to a preset receiving end for alarm prompt, wherein the preset receiving end comprises at least one of a mailbox address, a network hook and a preset internal alarm system.
In an embodiment, the policy enablement determination module is further configured to: if the preset interface control strategy is the current limit, the number of release tokens of the release tokens in the second token bucket is obtained, and if the number of release tokens is larger than 0, a release token is issued for the service request method, the service request is controlled to continue to carry out service access, and the generation number of release tokens is determined according to the preset release token generation speed; if the preset interface control strategy is fused, responding to a call failure prompt; and if the preset interface control policy is degraded, obtaining preset spam data based on at least one of the request service identifier, the request mode and the current interface identifier, and feeding back the preset spam data.
By adopting the service request control device provided by the embodiment of the disclosure, a service request is received through a current interface, request attribute information in the service request is matched with preset attribute information, if the matching is passed, the number of residual tokens of candidate tokens in a first token bucket and the last refreshing time are determined based on the request mode of the service request, the request service identifier and the current interface identifier, if the number of the residual tokens is smaller than a first critical threshold, the token generation rate of the candidate tokens is determined according to the request mode, the request service identifier and the current interface identifier, the current token generation number is determined based on the current time, the last refreshing time and the token generation rate, if the current token generation number is smaller than a second critical threshold, the current interface is triggered to start a preset interface control strategy to control the service request based on the preset interface control strategy, the request can be precisely found out which service requests are required to be subjected to service request control by matching request attribute data in the service request first, and classifying statistics are required, further control which service requests can be subjected to continuous access by further through issuing of the candidate tokens, when the service requests are enabled, the preset quantity exceeds the preset control threshold, the preset interface control request is not normally performed by the preset interface control attribute information, the preset interface control has been carried out to realize the preset request to realize the preset object information, the preset interface control has been opened according to the preset attribute information is not normally, the control is more refined, and the customer experience degree is improved.
The specific limitation of the service request control device may be referred to the limitation of the service request control method hereinabove, and will not be described herein. The respective modules in the above-described service request control apparatus may be implemented in whole or in part by software, hardware, and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
The disclosed embodiments also provide an electronic device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the method of any of the embodiments described above when the computer program is executed.
Fig. 6 shows a schematic diagram of a computer system suitable for use in implementing the electronic device of the embodiments of the present application. It should be noted that, the computer system 1000 of the electronic device shown in fig. 6 is only an example, and should not impose any limitation on the functions and the application scope of the embodiments of the present application.
As shown in fig. 6, the computer system 1000 includes a central processing unit (Central Processing Unit, CPU) 1001 which can perform various appropriate actions and processes, such as performing the method in the above-described embodiment, according to a program stored in a Read-Only Memory (ROM) 1002 or a program loaded from a storage section 1008 into a random access Memory (Random Access Memory, RAM) 1003. In the RAM 1003, various programs and data required for system operation are also stored. The CPU 1001, ROM 1002, and RAM 1003 are connected to each other by a bus 1004. An Input/Output (I/O) interface 1005 is also connected to bus 1004.
The following components are connected to the I/O interface 1005: an input section 1006 including a keyboard, a mouse, and the like; an output portion 1007 including a Cathode Ray Tube (CRT), a liquid crystal display (Liquid Crystal Display, LCD), and a speaker; a storage portion 1008 including a hard disk or the like; and a communication section 1009 including a network interface card such as a LAN (Local Area Netwo rk ) card, a modem, or the like. The communication section 1009 performs communication processing via a network such as the internet. The drive 1010 is also connected to the I/O interface 1005 as needed. A removable medium 1011, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is installed on the drive 1010 as needed, so that a computer program read out therefrom is installed into the storage section 1008 as needed.
In particular, according to embodiments of the present application, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising a computer program for performing the method shown in the flowchart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 1009, and/or installed from the removable medium 1011. When executed by a Central Processing Unit (CPU) 1001, the computer program performs various functions defined in the system of the present application.
It should be noted that, the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium may be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-Only Memory (ROM), an erasable programmable read-Only Memory (Erasable Programmabl e Read Only Memory, EPROM), flash Memory, an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with a computer-readable computer program embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. A computer program embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The disclosed embodiments also provide a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements any of the methods of the present embodiments.
The computer readable storage medium in the embodiments of the present disclosure may be understood by those of ordinary skill in the art: all or part of the steps for implementing the method embodiments described above may be performed by computer program related hardware. The aforementioned computer program may be stored in a computer readable storage medium. The program, when executed, performs steps including the method embodiments described above; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
The electronic device disclosed in this embodiment includes a processor, a memory, a transceiver, and a communication interface, where the memory and the communication interface are connected to the processor and the transceiver and perform communication therebetween, the memory is used to store a computer program, the communication interface is used to perform communication, and the processor and the transceiver are used to run the computer program, so that the electronic device performs each step of the above method.
In this embodiment, the memory may include a random access memory (Random Access Memory, abbreviated as RAM), and may further include a non-volatile memory (non-volatile memory), such as at least one magnetic disk memory.
The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a graphics processor (Graphics Processing Unit, GPU for short), a network processor (Network Process or, NP for short), etc.; but also digital signal processors (Digital Signal Processing, DSP for short), application specific integrated circuits (Application Specific Integrated Circuit, ASIC for short), field programmable gate arrays (Fi eld-Programmable Gate Array, FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
The above description and the drawings illustrate embodiments of the disclosure sufficiently to enable those skilled in the art to practice them. Other embodiments may involve structural, logical, electrical, process, and other changes. The embodiments represent only possible variations. Individual components and functions are optional unless explicitly required, and the sequence of operations may vary. Portions and sub-samples of some embodiments may be included in or substituted for portions and sub-samples of other embodiments. Moreover, the terminology used in the present application is for the purpose of describing embodiments only and is not intended to limit the claims. As used in the description of the embodiments and the claims, the singular forms "a," "an," and "the" (the) are intended to include the plural forms as well, unless the context clearly indicates otherwise. Similarly, the term "and/or" as used in this application is meant to encompass any and all possible combinations of one or more of the associated listed. In addition, when used in this application, the terms "comprises," "comprising," and/or "includes," and variations thereof, mean the presence of the stated sub-sample, integer, step, operation, element, and/or component, but do not exclude the presence or addition of one or more other sub-samples, integers, steps, operations, elements, components, and/or groups of these. Without further limitation, an element defined by the phrase "comprising one …" does not exclude the presence of other like elements in a process, method or apparatus comprising such elements. In this context, each embodiment may be described with emphasis on the differences from the other embodiments, and the same similar parts between the various embodiments may be referred to each other. For the methods, products, etc. disclosed in the embodiments, if they correspond to the method sections disclosed in the embodiments, the description of the method sections may be referred to for relevance.
Those of skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. The skilled person may use different methods for each particular application to achieve the described functionality, but such implementation should not be considered to be beyond the scope of the embodiments of the present disclosure. It will be clearly understood by those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again.
In the embodiments disclosed herein, the disclosed methods, articles of manufacture (including but not limited to devices, apparatuses, etc.) may be practiced in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of elements may be merely a logical functional division, and there may be additional divisions in actual implementation, e.g., multiple elements or components may be combined or integrated into another system, or some sub-samples may be omitted, or not performed. In addition, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form. The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to implement the present embodiment. In addition, each functional unit in the embodiments of the present disclosure may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. In the description corresponding to the flowcharts and block diagrams in the figures, operations or steps corresponding to different blocks may also occur in different orders than that disclosed in the description, and sometimes no specific order exists between different operations or steps. For example, two consecutive operations or steps may actually be performed substantially in parallel, they may sometimes be performed in reverse order, which may be dependent on the functions involved. Each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

Claims (10)

1. A service request control method, the method comprising:
receiving a service request through a current interface, wherein the service request comprises a request service identifier, a request mode and request attribute information;
matching the request attribute information with preset attribute information;
when the matching is passed, determining the residual token quantity of candidate tokens in a first token bucket and the last refreshing time based on the request mode, the request attribute information, the request service identification and the current interface identification of the current interface, determining a target statistical dimension according to one or more of the request service identification, the request mode and the request attribute information, and triggering request execution data of the service request to be counted according to the target statistical dimension to obtain the current statistical data of the target statistical dimension;
if the number of the residual tokens is smaller than a first critical threshold, determining the token generation rate of the candidate tokens according to the request mode, the request attribute information, the request service identifier and the current interface identifier, and determining the current token generation number based on the current time, the last refreshing time and the token generation rate;
And if the current token generation quantity is smaller than a second critical threshold value, and/or if the current statistic data meets a preset statistic data interval, triggering the current interface to start a preset interface control strategy, and controlling the service request based on the preset interface control strategy.
2. The service request control method according to claim 1, wherein the method further comprises:
if a preset token issuing condition is met, a candidate token is distributed for the service request, wherein the preset token issuing condition comprises that the number of the residual tokens is larger than a first critical threshold value, or if the number of the generated current tokens is larger than a second critical threshold value, a newly added candidate token is generated and added into the first token bucket, and the last refreshing time is refreshed according to the current time;
if the current interface does not enable the preset interface control strategy, controlling the service request to continue to access the target service;
and if the current interface starts a preset interface control strategy, controlling the service request based on the preset interface control strategy.
3. The service request control method according to claim 1, wherein the method further comprises:
If the number of the generated current tokens is larger than a second critical threshold, generating newly added candidate tokens and adding the newly added candidate tokens into the first token bucket, monitoring the existence time of each candidate token in the first token bucket, and if a token to be destroyed exists, removing the token to be destroyed from the first token bucket, wherein the token to be destroyed is the candidate token of which the existence time exceeds a preset time threshold;
or alternatively, the first and second heat exchangers may be,
if the number of the residual tokens is larger than a first critical threshold, monitoring the existence duration of each candidate token in the first token bucket, and if tokens to be destroyed exist, removing the tokens to be destroyed from the first token bucket, wherein the tokens to be destroyed are candidate tokens of which the existence duration exceeds a preset duration threshold.
4. The service request control method according to claim 1, wherein before matching the request attribute information with preset attribute information, the method comprises:
acquiring rule modification data of a rule change event, wherein the rule modification data comprises at least one of preset attribute information modification data, target statistical dimension modification data, preset statistical data interval modification data, preset interface control strategy modification data and corresponding relation modification data of the target statistical dimension and the preset attribute information, and the rule modification data is obtained based on external input data or history request logs;
And modifying and updating at least one of the preset attribute information, the target statistical dimension, the preset statistical data interval, a preset interface control strategy and the corresponding relation between the target statistical dimension and the preset attribute information based on the rule modification data.
5. The service request control method according to any one of claims 1 to 4, wherein determining the remaining number of tokens of candidate tokens in the first token bucket and the last refresh time based on the request pattern, the request attribute information, the request service identification, and the current interface identification of the current interface, comprises:
matching the request mode, the request attribute information, the request service identifier and the current interface identifier with preset request modes, request statistics rule identifiers, preset service identifiers and preset interface identifiers of various initial tokens in the first token bucket, taking the initial tokens successfully matched as candidate tokens, wherein the pre-configured token parameters of the initial tokens comprise token rule identifiers, token threshold values and token generation rates, the token rule identifiers are generated based on the request statistics rule identifiers, the preset request modes, the preset service identifiers and the preset interface identifiers, and the request statistics rule identifiers correspond to one or more pieces of preset attribute information;
And taking the number of the candidate tokens in the first token bucket as the residual number of the tokens, and taking the latest historical refreshing time of the candidate tokens in the first token bucket as the last refreshing time.
6. The service request control method according to any one of claims 1 to 4, characterized in that the method further comprises:
acquiring a plurality of history request logs, wherein the history request logs comprise history request information of history requests received through a plurality of receiving interfaces, and the history request information comprises a receiving interface identifier, request initiating object information, history request service information, history request modes, history attribute information and history request time;
carrying out data statistics on a plurality of historical request logs according to the receiving interface identifications, the request initiating object information and the historical request time to obtain initial dimension data of each request initiating object in a plurality of historical statistics time dimensions in each receiving interface, wherein the initial dimension data comprises at least one of historical request times, historical attribute information times, request mode times and request service information times;
if the initial dimension data is larger than the corresponding preset dimension maximum value or if the initial dimension data is smaller than the corresponding preset dimension minimum value, determining the initial dimension data as abnormal dimension data;
And generating alarm prompt information based on the abnormal dimension data so as to alarm.
7. The service request control method according to any one of claims 1 to 4, wherein controlling the service request based on the preset interface control policy includes at least one of:
if the preset interface control strategy is the current limit, the number of release tokens of the release tokens in the second token bucket is obtained, and if the number of release tokens is larger than 0, a release token is issued for the service request method, the service request is controlled to continue to carry out service access, and the generation number of release tokens is determined according to the preset release token generation speed;
if the preset interface control strategy is fused, responding to a call failure prompt;
and if the preset interface control policy is degraded, obtaining preset spam data based on at least one of the request service identifier, the request mode and the current interface identifier, and feeding back the preset spam data.
8. The service request control method according to any one of claims 1 to 4, wherein after the service request is controlled based on the preset interface control policy, the method further comprises:
If the service request is allowed to access the target service, adding the service request to an access queue;
and if a rule change event is detected, re-performing the steps of matching the request attribute information with preset attribute information and determining the number of the residual tokens of the candidate tokens on the service request in the access queue, wherein the rule change event comprises at least one of the following steps of changing the preset attribute information, changing the existence state of the candidate tokens and changing the token generation rate.
9. The service request control method according to any one of claims 1 to 4, wherein after triggering the current interface to open a preset interface control policy, the method further comprises:
generating alarm information based on the opened preset interface control strategy;
and sending the alarm information to a preset receiving end for alarm prompt, wherein the preset receiving end comprises at least one of a mailbox address, a network hook and a preset internal alarm system.
10. A service request control apparatus, the apparatus comprising:
the current interface is used for receiving a service request, wherein the service request comprises a request service identifier, a request mode and request attribute information;
The request interception module is used for matching the request attribute information with preset attribute information;
the first token bucket is used for determining the residual token quantity and the last refreshing time of the candidate tokens in the first token bucket based on the request mode, the request attribute information, the request service identifier and the current interface identifier of the current interface when the matching is passed;
the request statistics module is used for determining a target statistics dimension according to one or more of the request service identification, the request mode and the request attribute information when the matching is passed, triggering request execution data of the service request to carry out statistics according to the target statistics dimension, and obtaining current statistics data of the target statistics dimension;
the token generation module is used for determining the token generation rate of the candidate tokens according to the request mode, the request attribute information, the request service identifier and the current interface identifier if the number of the residual tokens is smaller than a first critical threshold value, and determining the current token generation number based on the current time, the last refreshing time and the token generation rate;
and the policy enablement determining module is used for triggering the current interface to start a preset interface control policy and controlling the service request based on the preset interface control policy if the number of the generated current tokens is smaller than a second critical threshold value and/or if the current statistics data meet a preset statistics data interval.
CN202311032988.5A 2023-08-16 2023-08-16 Service request control method and device Pending CN117527706A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311032988.5A CN117527706A (en) 2023-08-16 2023-08-16 Service request control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311032988.5A CN117527706A (en) 2023-08-16 2023-08-16 Service request control method and device

Publications (1)

Publication Number Publication Date
CN117527706A true CN117527706A (en) 2024-02-06

Family

ID=89742684

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311032988.5A Pending CN117527706A (en) 2023-08-16 2023-08-16 Service request control method and device

Country Status (1)

Country Link
CN (1) CN117527706A (en)

Similar Documents

Publication Publication Date Title
US11456965B2 (en) Network service request throttling system
US10862913B2 (en) Systems and methods for securing access to resources
EP3085023B1 (en) Communications security
US11550905B2 (en) Intelligent security risk assessment
EP3549050B1 (en) Method and computer product and methods for generation and selection of access rules
US20220326997A1 (en) Secure resource management to prevent resource abuse
US9866587B2 (en) Identifying suspicious activity in a load test
CN114240060A (en) Risk control method, risk processing system, risk processing device, server, and storage medium
US20230012460A1 (en) Fraud Detection and Prevention System
CN117527706A (en) Service request control method and device
US10009330B1 (en) Method, apparatus and article of manufacture for fast tracking authentication
CN109919767B (en) Transaction risk management method, device and equipment
CN111553796A (en) Exchange rate management method and device and computer readable storage medium
CN116560764B (en) Application program interface control method and device
US11475457B2 (en) Information security using velocity attack detection
RU2801674C2 (en) Method and system for user identification by sequence of opened windows of the user interface
CN117255060A (en) Service flow limiting method, device, equipment, medium, product and flow limiting system
CN114205165A (en) False request identification method, device, equipment and storage medium
CN116074217A (en) Network detection method, system, storage medium and electronic equipment
CN116644410A (en) Security verification method, device, equipment and storage medium
CN116915705A (en) Enhanced service flow control system and control method
CN115587374A (en) Trust value-based dynamic access control method and control system thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination