Rate Limiting

Rate limiting protects both the service and the destination during failure storms. It should reduce repeated incident volume without hiding the fact that the service is unhealthy.

A good policy:

• keeps the first incidents
• suppresses identical bursts after the threshold
• exposes that suppression happened

The objective is stability, not silence.