SlideShare a Scribd company logo

Expect the unexpected: Anticipate and prepare for failures in microservices based architectures

Download as PPTX, PDF
Bhakti Mehta
Bhakti Mehta

Bhakti Mehta discusses strategies for building resilient microservices architectures. Mehta covers challenges like cascading failures and latency that can occur at scale. Techniques like circuit breakers, timeouts, retries, and bulkheading are presented to isolate failures and prevent them from spreading. Logging and metrics are also important for monitoring systems and identifying issues after deployment. The talk emphasizes anticipating failures through approaches like load testing and designing systems to automatically recover from failures.

Related slideshows

Oracle WebLogic Server 12.2.1 Do More with Less
Oracle WebLogic Server 12.2.1 Do More with LessOracle WebLogic Server 12.2.1 Do More with Less
Oracle WebLogic Server 12.2.1 Do More with Less
 
Oracle Fuson Middleware Diagnostics, Performance and Troubleshoot
Oracle Fuson Middleware Diagnostics, Performance and TroubleshootOracle Fuson Middleware Diagnostics, Performance and Troubleshoot
Oracle Fuson Middleware Diagnostics, Performance and Troubleshoot
 
Why Play Framework is fast
Why Play Framework is fastWhy Play Framework is fast
Why Play Framework is fast
 
1 of 63
Expect the unexpected: Anticipate and prepare for failures in microservices based architectures Bhakti Mehta @bhakti_mehta
Introduction • Senior Software Engineer at Blue Jeans Network • Worked at Sun Microsystems/Oracle for 13 years • Committer to numerous open source projects including GlassFish Application Server
My recent book
Previous book
Blue Jeans Network • Video conferencing in the cloud • 4000+ customers • Millions of users
What you will learn • Monoliths v/s microservices • Challenges at scale • Preventing Cascading failures • Resilience planning at various stages • Dealing with latencies in response • Real world examples
Monolithic Service Bundle Billing Notification Provisioning accounts Meeting
Scaling monolithic service
Microservices Billing Provisioning accounts Notification Meeting A micro service based application puts each element of functionality in a separate service
Scaling microservices
Microservices • Advantages – Simplicity – Isolation of problems – Scale up and scale down – Easy deployment – Clear separation of concerns – Heterogeneity and polyglotism
Microservices • Disadvantages – Not a free lunch! – Distributed systems prone to failures – Eventual consistency – More effort in terms of deployments, release managements – Challenges in testing the various services evolving independently, regression tests etc
API Gateway
Resilient system • Processes transactions, even when there are transient impulses, persistent stresses • Functions even when there are component failures disrupting normal processing • Accepts failures will happen • Designs for crumple zones
Kinds of failures • Challenges at scale • Integration point failures – Network errors – Semantic errors. – Slow responses – Outright hang – GC issues
Expect the unexpected: Anticipate and prepare for failures in microservices based architectures
Expect the unexpected: Anticipate and prepare for failures in microservices based architectures
Anticipate failures at scale • Anticipate growth • Design for next order of magnitude • Design for 10x plan to rewrite for 100x
Resiliency planning Stage 1 • When developing code – Avoiding Cascading failures • Circuit breaker • Timeouts • Retry • Bulkhead • Cache optimizations – Avoid malicious clients • Rate limiting
Resiliency planning Stage 2 • Planning for dealing with failures before deploy – load test – a/b test – longevity
Resiliency planning Stage 3 • Watching out for failures after deploy – health check – metrics
Expect the unexpected: Anticipate and prepare for failures in microservices based architectures
Cascading failures Caused by Chain reactions For example One node in a load balance group fails Others need to pick up work Eventually performance can degenerate
Cascading failures with aggregation
Cascading failure with aggregation
Expect the unexpected: Anticipate and prepare for failures in microservices based architectures
Timeouts • Clients may prefer a response – failure – success – job queued for later All aggregation requests to microservices should have reasonable timeouts set
Types of Timeouts • Connection timeout – Max time before connection can be established or Error • Socket timeout – Max time of inactivity between two packets once connection is established
Timeouts pattern • Timeouts + Retries go together • Transient failures can be remedied with fast retries • However problems in network can last for a while so probability of retries failing
Timeouts in code In JAX-RS Client client = ClientBuilder.newClient(); client.property(ClientProperties.CONNECT_TIMEOUT, 5000); client.property(ClientProperties.READ_TIMEOUT, 5000)
Retry pattern • Retry for failures in case of network failures, timeouts or server errors • Helps transient network errors such as dropped connections or server fail over
Retry pattern • If one of the services is slow or malfunctioning and other services keep retrying then the problem becomes worse • Solution – Exponential backup – Circuit breaker pattern
Circuit breaker pattern Circuit breaker A circuit breaker is an electrical device used in an electrical panel that monitors and controls the amount of amperes (amps) being sent through
Circuit breaker pattern • Safety device • If a power surge occurs in the electrical wiring, the breaker will trip. • Flips from “On” to “Off” and shuts electrical power from that breaker
Circuit breaker • Netflix Hystrix follows circuit breaker pattern • If a service’s error rate exceeds a threshold it will trip the circuit breaker and block the requests for a specific period of time
Bulkhead
Bulkhead • Avoiding chain reactions by isolating failures • Helps prevent cascading failures
Bulkhead • An example of bulkhead could be isolating the database dependencies per service • Similarly other infrastructure components can be isolated such as cache infrastructure
Rate Limiting • Restricting the number of requests that can be made by a client • Client can be identified based on the access token used • Additionally clients can be identified based on IP address
Rate Limiting • With JAX-RS Rate limiting can be implemented as a filter • This filter can check the access count for a client and if within limit accept the request • Else throw a 429 Error • Code at https://github.com/bhakti- mehta/samples/tree/master/ratelimiting
Cache optimizations • Stores response information related to requests in a temporary storage for a specific period of time • Ensures that server is not burdened processing those requests in future when responses can be fulfilled from the cache
Cache optimizations Getting from first level cache Getting from second level cache Getting from the DB
Dealing with latencies in response • Have a timeout for the aggregation service • Dispatch requests in parallel and collect responses • Associate a priority with all the responses collected
Handling partial failures best practices • One service calls another which can be slow or unavailable • Never block indefinitely waiting for the service • Try to return partial results • Provide a caching layer and return cached data
Asynchronous Patterns • Pattern to deal with long running jobs • Some resources may take longer time to provide results • Not needing client to wait for the response
Reactive programming model • Use reactive programming such as CompletableFuture in Java 8, ListenableFuture • Rx Java
Asynchronous API • Reactive patterns • Message Passing – Akka actor model • Message queues – Communication between services via shared message queues – Websockets
Logging • Complex distributed systems introduce many points of failure • Logging helps link events/transactions between various components that make an application or a business service • ELK stack • Splunk, syslog • Loggly • LogEntries
Logging best practices • Include detailed, consistent pattern across service logs • Obfuscate sensitive data • Identify caller or initiator as part of logs • Do not log payloads by default
Best practices when designing APIs for mobile clients – Avoid chattiness – Use aggregator pattern
Resilience planning Stage 2 • Before deploy – Load testing – Longevity testing – Capacity planning
Load testing • Ensure that you test for load on APIs – Jmeter • Plan for longevity testing
Capacity Planning • Anticipate growth • Design for handling exponential growth
Resilience planning Stage 3 • After deploy – Health check – Metrics – Phased rollout of features
Expect the unexpected: Anticipate and prepare for failures in microservices based architectures
Health Check • Memory • CPU • Threads • Error rate • If any of the checks exceed a threshold send alert
Expect the unexpected: Anticipate and prepare for failures in microservices based architectures
Metrics • Response times, throughput – Identify slow running DB queries • GC rate and pause duration – Garbage collection can cause slow responses • Monitor unusual activity • Third party library metrics – For example Couchbase hits – atop
Rollout of new features • Phasing rollout of new features • Have a way to turn features off if not behaving as expected • Alerts and more alerts!
Real time examples • Netflix's Simian Army induces failures of services and even datacenters during the working day to test both the application's resilience and monitoring. • Latency Monkey to simulate slow running requests • Wiremock to mock services • Saboteur to create deliberate network mayhem
Takeaway • Inevitability of failures – Expect systems will fail – Failure prevention
Expect the unexpected: Anticipate and prepare for failures in microservices based architectures
References • https://commons.wikimedia.org/wiki/File:Bulkhead_PSF.png • https://en.wikipedia.org/wiki/Circuit_breaker#/media/File:Four_1_pole_circuit_breakers_fitted_in_a_met er_box.jpg • https://www.flickr.com/photos/skynoir/ Beer in hand: skynoir/Flickr/Creative Commons License

More Related Content

Expect the unexpected: Anticipate and prepare for failures in microservices based architectures

  • 1. Expect the unexpected: Anticipate and prepare for failures in microservices based architectures Bhakti Mehta @bhakti_mehta
  • 2. Introduction • Senior Software Engineer at Blue Jeans Network • Worked at Sun Microsystems/Oracle for 13 years • Committer to numerous open source projects including GlassFish Application Server
  • 5. Blue Jeans Network • Video conferencing in the cloud • 4000+ customers • Millions of users
  • 6. What you will learn • Monoliths v/s microservices • Challenges at scale • Preventing Cascading failures • Resilience planning at various stages • Dealing with latencies in response • Real world examples
  • 9. Microservices Billing Provisioning accounts Notification Meeting A micro service based application puts each element of functionality in a separate service
  • 11. Microservices • Advantages – Simplicity – Isolation of problems – Scale up and scale down – Easy deployment – Clear separation of concerns – Heterogeneity and polyglotism
  • 12. Microservices • Disadvantages – Not a free lunch! – Distributed systems prone to failures – Eventual consistency – More effort in terms of deployments, release managements – Challenges in testing the various services evolving independently, regression tests etc
  • 14. Resilient system • Processes transactions, even when there are transient impulses, persistent stresses • Functions even when there are component failures disrupting normal processing • Accepts failures will happen • Designs for crumple zones
  • 15. Kinds of failures • Challenges at scale • Integration point failures – Network errors – Semantic errors. – Slow responses – Outright hang – GC issues
  • 18. Anticipate failures at scale • Anticipate growth • Design for next order of magnitude • Design for 10x plan to rewrite for 100x
  • 19. Resiliency planning Stage 1 • When developing code – Avoiding Cascading failures • Circuit breaker • Timeouts • Retry • Bulkhead • Cache optimizations – Avoid malicious clients • Rate limiting
  • 20. Resiliency planning Stage 2 • Planning for dealing with failures before deploy – load test – a/b test – longevity
  • 21. Resiliency planning Stage 3 • Watching out for failures after deploy – health check – metrics
  • 23. Cascading failures Caused by Chain reactions For example One node in a load balance group fails Others need to pick up work Eventually performance can degenerate
  • 24. Cascading failures with aggregation
  • 25. Cascading failure with aggregation
  • 27. Timeouts • Clients may prefer a response – failure – success – job queued for later All aggregation requests to microservices should have reasonable timeouts set
  • 28. Types of Timeouts • Connection timeout – Max time before connection can be established or Error • Socket timeout – Max time of inactivity between two packets once connection is established
  • 29. Timeouts pattern • Timeouts + Retries go together • Transient failures can be remedied with fast retries • However problems in network can last for a while so probability of retries failing
  • 30. Timeouts in code In JAX-RS Client client = ClientBuilder.newClient(); client.property(ClientProperties.CONNECT_TIMEOUT, 5000); client.property(ClientProperties.READ_TIMEOUT, 5000)
  • 31. Retry pattern • Retry for failures in case of network failures, timeouts or server errors • Helps transient network errors such as dropped connections or server fail over
  • 32. Retry pattern • If one of the services is slow or malfunctioning and other services keep retrying then the problem becomes worse • Solution – Exponential backup – Circuit breaker pattern
  • 33. Circuit breaker pattern Circuit breaker A circuit breaker is an electrical device used in an electrical panel that monitors and controls the amount of amperes (amps) being sent through
  • 34. Circuit breaker pattern • Safety device • If a power surge occurs in the electrical wiring, the breaker will trip. • Flips from “On” to “Off” and shuts electrical power from that breaker
  • 35. Circuit breaker • Netflix Hystrix follows circuit breaker pattern • If a service’s error rate exceeds a threshold it will trip the circuit breaker and block the requests for a specific period of time
  • 37. Bulkhead • Avoiding chain reactions by isolating failures • Helps prevent cascading failures
  • 38. Bulkhead • An example of bulkhead could be isolating the database dependencies per service • Similarly other infrastructure components can be isolated such as cache infrastructure
  • 39. Rate Limiting • Restricting the number of requests that can be made by a client • Client can be identified based on the access token used • Additionally clients can be identified based on IP address
  • 40. Rate Limiting • With JAX-RS Rate limiting can be implemented as a filter • This filter can check the access count for a client and if within limit accept the request • Else throw a 429 Error • Code at https://github.com/bhakti- mehta/samples/tree/master/ratelimiting
  • 41. Cache optimizations • Stores response information related to requests in a temporary storage for a specific period of time • Ensures that server is not burdened processing those requests in future when responses can be fulfilled from the cache
  • 42. Cache optimizations Getting from first level cache Getting from second level cache Getting from the DB
  • 43. Dealing with latencies in response • Have a timeout for the aggregation service • Dispatch requests in parallel and collect responses • Associate a priority with all the responses collected
  • 44. Handling partial failures best practices • One service calls another which can be slow or unavailable • Never block indefinitely waiting for the service • Try to return partial results • Provide a caching layer and return cached data
  • 45. Asynchronous Patterns • Pattern to deal with long running jobs • Some resources may take longer time to provide results • Not needing client to wait for the response
  • 46. Reactive programming model • Use reactive programming such as CompletableFuture in Java 8, ListenableFuture • Rx Java
  • 47. Asynchronous API • Reactive patterns • Message Passing – Akka actor model • Message queues – Communication between services via shared message queues – Websockets
  • 48. Logging • Complex distributed systems introduce many points of failure • Logging helps link events/transactions between various components that make an application or a business service • ELK stack • Splunk, syslog • Loggly • LogEntries
  • 49. Logging best practices • Include detailed, consistent pattern across service logs • Obfuscate sensitive data • Identify caller or initiator as part of logs • Do not log payloads by default
  • 50. Best practices when designing APIs for mobile clients – Avoid chattiness – Use aggregator pattern
  • 51. Resilience planning Stage 2 • Before deploy – Load testing – Longevity testing – Capacity planning
  • 52. Load testing • Ensure that you test for load on APIs – Jmeter • Plan for longevity testing
  • 53. Capacity Planning • Anticipate growth • Design for handling exponential growth
  • 54. Resilience planning Stage 3 • After deploy – Health check – Metrics – Phased rollout of features
  • 56. Health Check • Memory • CPU • Threads • Error rate • If any of the checks exceed a threshold send alert
  • 58. Metrics • Response times, throughput – Identify slow running DB queries • GC rate and pause duration – Garbage collection can cause slow responses • Monitor unusual activity • Third party library metrics – For example Couchbase hits – atop
  • 59. Rollout of new features • Phasing rollout of new features • Have a way to turn features off if not behaving as expected • Alerts and more alerts!
  • 60. Real time examples • Netflix's Simian Army induces failures of services and even datacenters during the working day to test both the application's resilience and monitoring. • Latency Monkey to simulate slow running requests • Wiremock to mock services • Saboteur to create deliberate network mayhem
  • 61. Takeaway • Inevitability of failures – Expect systems will fail – Failure prevention

Editor's Notes

  1. The service will have a caching layer and a database layer