Skip to content

bug: Output token rate limiting can be bypassed and may need a reservation-based design #1266

Description

@nXtCyberNet

The current output token rate limiting in pkg/kthena-router/filters/ratelimit/ratelimit.go relies on allowN, which does not permit the bucket state to become negative. As a result, output token consumption cannot be properly accounted for, allowing requests to effectively bypass the limiter and consume unlimited output tokens.

This impacts both token accounting accuracy and the rate limiter's primary purpose of protecting backend services from overload.

with the Proposal #1225 and PR #1265 we are already moving toward more accurate token accounting, while through PR #1014 i was trying to addresses preserving limiter state across reconciliation events. However, supporting accurate post-request reconciliation within the current implementation appears challenging, as it would likely require a token reservation/reconciliation mechanism rather than incremental fixes.

Would accurate enforcement of output-token limits be considered a requirement for the router? If so, a refactor of pkg/kthena-router/filters/ratelimit/ratelimit.go toward a reservation-based design may be cleaner than continuing to patch the existing implementation.

wants to know your thoughts on it.

/cc @FAUST-BENCHOU @hzxuzhonghu @LiZhenCheng9527

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions