Please clarify following doubts:
-
Why do we need to maintain sorted set in reddis?Why cant we just maintain a list.We dont need actual request timestamp. Let us say we receive three request, now client may have send as A B C in order but we might have received as C B A. But does it matter if we process CB and reject A in case limit is 2 request? What i am trying to say we can use the timestamp at which we insert in redis list instead of the time stamp at which request was created by sender.In this way we dont need sorted set.Take a List and tail has new records and front has old.It will be way faster.
-
I think in figure we should do load balancing at Load balancer and not webserver. The DDOS attack can send so many requests to we server that it is always busy in calling rate limiter.This should be done before request hits webserver probably at load balancer or api gateway