Over the Spring 2019 semester, Atlassian mentored and collaborated with students from UC Berkeley's Codebase student organization for a project centered around providing distributed rate-limiting in our cloud platform.

Why do we need rate limiting?

Atlassian's distributed cloud architecture comprises of more than a thousand micro-services that interact with each other, and process tens of thousands of requests per second. Having a rate-limiting solution in front of these micro-services allows them to be protected against abnormal spikes in traffic and all types of attacks: brute force, denial of service, and other bad actors in general. A misbehaving (or malicious) series of requests (usually via a script) can hog resources and capacity, ultimately taking away from a positive experience for other users of our cloud products.

What was the project scope?

The team chose to focus on the algorithms engine, a critical component for the rate limiting solution, for the scope of this project. The goal was to provide students exposure towards enterprise software engineering by working with the Platform Services team, and experience towards development of modular micro-service components for distributed systems.

Some of the key requirements for the algorithms engine were to support multiple rate limiting algorithms, be flexible enough to support diverse scenarios and inputs, and provide a decision with low latency at scale for hundreds of thousands requests per second or more.

How did it go?

Over the course of the project, the students learned about the workings of rate limiting, learned GoLang, and in the spirit of using and growing the open-source community, investigated usage of an open-source library as the algorithms engine. Off the shelf, the library of choice supported only the fixed window rate limiting algorithm. This leaves rate limiting susceptible to a single burst of requests near the edge of the time window allowing twice the amount of intended traffic through. As part of this project, support for the sliding window and token bucket algorithms was added to a fork of the library, complete with tests and accompanying updates to configuration parsing to be able to declare the rate limiting algorithm of choice.

The students also learned best practices for agile software engineering by working with the Cloud Platform Services team at Atlassian with a regular stand-up/demo/office hours cadence. They used Trello for distributing and tracking work effectively. The team used Confluence to share thoughts, implementation details, and learnings with each other. Bitbucket was used for source control.

The Algorithms Engine was demoed successfully to a wider Engineering audience at Atlassian including senior leadership via a very detailed demo, and received resounding kudos from the audience. The project is well on its way to be integrated into the distributed rate limiting solution for Atlassian's Cloud Platform.

Here is a picture of all of the students and members of the Atlassian Cloud Platform who collaborated on the project, right after we celebrated the completion of the project over ice-cream!

Top to bottom, left to right:
Bernice Chen, Dean Shaft, Abhas Bodas, Kyle Tse, Kelvin Jue, Roshan Paiva, Julia Luo, George Zhang, Trevor Aquino, Isabelle Zhou, Steven Tsay, Cody Zeng