Distributed Rate Limiting — Five Problems That Break Your Counters

Why Local Rate Limiting Breaks A rate limiter on a single server works exactly as advertised. But most production systems aren't a single server — they're 10, 50, or 200 instances behind a load balancer. And that changes the math. If your limit is 100 requests per minute and you have 50 instances, the load balancer sprays traffic round-robin. Each instance sees ~2 requests per minute from any given user. Every instance says "well under the limit." Nobody rejects anything. The user sends 3,000 requests. All pass. Your per-instance rate limiter silently became a limit × num_instances rate limiter. You didn't change the code. You changed the deployment. The fix is shared state — usually Redis. All instances read and write to the same counter, so the global count is enforced globally. But the moment you introduce shared state over a network, five new problems appear. Problem 1: The Race You Can't See Two requests from the same user arrive at the same millisecond, hitting two different inst

Distributed Rate Limiting — Five Problems That Break Your Counters

Related Articles

The Decision Pattern That Prevents Product–Engineering Conflict

Autopilot

The Most Important Skill in Software Engineering Isn’t Coding

New interstellar hunting with Vera Rubin alerts

R: A Language for Data Analysis and Graphics (1996)

Related Articles

News
The Decision Pattern That Prevents Product–Engineering Conflict
Medium Programming • 2d ago

News
Autopilot
Medium Programming • 2d ago

News
The Most Important Skill in Software Engineering Isn’t Coding
Medium Programming • 2d ago

News
New interstellar hunting with Vera Rubin alerts
Medium Programming • 2d ago

News
R: A Language for Data Analysis and Graphics (1996)
Lobsters • 2d ago