Loading

MuleSoft Rate Limiting Policy Exceeds Configured Limit in Clustered Deployments

Publish Date: Jun 4, 2026
Description

CAUSE

In clustered deployments (e.g., CloudHub with multiple replicas, or on-premise clusters), if the Rate Limiting policy is not configured for distributed enforcement, each replica independently applies the rate limit. This means that if you have N replicas, and the policy is set to X requests per time period, the effective total requests allowed across the cluster can be up to N * X requests per time period. The policy's state (e.g., current request count) is not shared or synchronized across the replicas.

 

This often occurs when:

* The "distributed" option within the Rate Limiting policy configuration is not enabled.
* A distributed object store (like Redis or Object Store V2) is not configured or utilized by the policy to share state across replicas.
 

SOLUTION

To ensure the Rate Limiting policy enforces the configured limit uniformly across all replicas in a clustered environment, you must enable distributed enforcement.

 
1. Verify Policy Configuration in API Manager:

* Navigate to API Manager and select the API instance where the rate limiting policy is applied.

* Review the configuration of the Rate Limiting policy.

For On-Premise Mule Runtime Clusters: Ensure the "distributed" option is checked within the policy configuration. This option ensures that the rate limit state is shared across all nodes in your cluster.

For CloudHub 2.0 with Multiple Replicas:

* Ensure your application is running in Runtime Cluster Mode. This mode is essential for policies to distribute their state correctly across replicas.

* Confirm that Object Store V2 is configured and enabled for your application. Rate Limiting policies in CloudHub 2.0 often rely on Object Store V2 for distributed state management. If Object Store V2 is not configured, the policy may not function as expected.

For policies using an external distributed store (e.g., Redis):

* Confirm that the policy is correctly configured to use the external store for state persistence.

* Verify that the external store (e.g., Redis) is accessible from all application replicas and is functioning correctly.

 
2. Redeploy the Application: After making any changes to the policy configuration or application deployment settings, redeploy the application to ensure the new configuration takes effect.
Resolution
1. Verify whether the Rate Limiting policy is configured in distributed mode using Redis and confirm the number of replicas in the deployment. 2. Confirm whether traffic is being distributed using a round-robin strategy and whether Redis is not being used for distributed rate-limit enforcement. If Redis is not used, account for the fact that each replica enforces the configured quota independently.
Knowledge Article Number

005386261

 
Loading
Salesforce Help | Article