Consul Connect · Rate Limits

Consul Connect Rate Limits

Consul Connect's HTTP API is exposed by self-hosted Consul agents (default port 8500/8501). Rate limiting is operator-configured rather than imposed by HashiCorp — Consul ships built-in client- and server-side RPC rate-limiting (`limits.http_max_conns_per_client`, `limits.rpc_rate`, `limits.rpc_max_burst`, Enterprise-only `limits.request_limits`) and per-key ACL token enforcement. Cluster operators set the actual limits to protect the agent and the Raft leader.

Consul Connect Rate Limits is the machine-readable rate-limit profile for Consul Connect on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 4 rate-limit definitions, measuring concurrent_connections, rpc_per_second, requests_per_second, and varies.

The profile also includes 4 backoff/retry policies defined and response codes documented for throttled, serviceUnavailable, and rpcTooManyRequests.

Tagged areas include Consul, HashiCorp, Service Mesh, and Rate Limiting.

4 Limits Throttle: 429
ConsulHashiCorpService MeshRate Limiting

Limits

Operator-Configured HTTP Connection Limit agent/client-ip
concurrent_connections
configured via limits.http_max_conns_per_client
Default Consul agent setting; tune to bound per-client HTTP concurrency against the agent.
Operator-Configured RPC Rate agent
rpc_per_second
configured via limits.rpc_rate and limits.rpc_max_burst
Token-bucket rate limit on RPCs leaving the agent; off by default.
Enterprise Read/Write Request Limits agent
requests_per_second
configured via limits.request_limits.{read_rate, write_rate} (Consul Enterprise)
Enterprise-only request-rate limiting on the HTTP API and gRPC server; supports `mode = enforcing / permissive / disabled`.
ACL Token Quota ACL token
varies
enforced via X-Consul-Token policies
Authorization (not throughput) is enforced through ACL policies; effective limits are operator-defined.

Policies

Operator-Owned Limits
HashiCorp does not impose rate limits on the self-hosted Consul HTTP API; cluster operators configure agent and Raft-leader-side rate limits via the `limits` block in the Consul agent config.
Backoff Strategy
Clients should respect 429 / 503 responses with exponential backoff and jitter; Consul returns `Retry-After` when a request is rate-limited.
Request Limits Modes
Consul Enterprise's request_limits supports enforcing, permissive, and disabled modes to allow operators to observe before enforcing.
Federation Considerations
Cross-datacenter / WAN federation traffic adds RPC load; tune `limits.rpc_*` accordingly on edge agents and the leader.

Sources