Mastering Rate Limiting: Counter, Sliding Window, Leaky Bucket & Token Bucket Explained

Rate Limiting Overview

High concurrency can be handled by caching, throttling, and degradation. When traffic spikes (e.g., flash‑sale events), protecting the system requires throttling mechanisms.

Four Common Rate‑Limiting Algorithms

1. Fixed‑Window Counter

The counter records the number of requests in a fixed time window; requests within the limit are processed normally, while excess requests are rejected or handled asynchronously.

// Pseudo code
++counter;
if (counter > limit) {
    return 'System busy, please try later';
}

2. Sliding Window

The sliding window divides a larger interval into smaller cells, each with its own counter. The sum of counters in the current window determines whether a request is accepted.

// Pseudo code
var cellIndex = time % cellNum;
++cellCounter[cellIndex];
var sum = 0;
for (var i = cellIndex; i >= cellIndex - cellNum; --i) {
    sum += cellCounter[i];
}
if (sum > limit) {
    return 'System busy, please try later';
}

3. Leaky Bucket

The leaky bucket models a fixed‑capacity bucket that drains at a constant rate; incoming requests fill the bucket, and overflow is discarded, effectively limiting the request rate.

// Pseudo code
++counter;
var time = nowTime - (nowTime % interval);
var rate = counter / time;
if (rate > limitRate) {
    return 'System busy, please try later';
}

4. Token Bucket

Tokens are generated at a steady rate and stored in a bucket; a request must acquire a token before being processed, otherwise it is rejected. This allows short bursts while enforcing an average rate.