This article has participated in the good article call order activity, click to see: back end, big front end double track submission, 20,000 yuan prize pool for you to challenge!

An overview of the

High available three musketers limited current, fusing and peak cutting finally came to the second, fusing downgraded topic, want to review the current limit related content, you can check it out, the following article, welcome to praise, collect, pay attention to three, thank you!

Current limiting series:

  • Interview Tutorial. – Tell me, what is curtailing?
  • Sentinel, the current limiter, don’t you know?
  • Ali’s P7 guru takes you through Sentinel

There are only two drawings to describe the scenarios where the circuit breaker is applicable:

  • An avalanche
  • A crash

What is a circuit breaker

Circuit breaker description from wiki:

A Circuit breaker/Trading curb is a mechanism to halt Trading on a stock market for a certain period of time when a price movement has reached a specified target (Circuit breaker point) during Trading hours. The mechanism is like a fuse that blows when the current is too high, hence the name. The purpose of the circuit breaker mechanism is to prevent systemic risks, to give the market more time to calm down, to avoid the spread of panic and market volatility, and to prevent large-scale stock price declines. However, the circuit breakers also cut off the liquidity of funds, which can also increase market sentiment and increase market risk after the circuit breakers are over.Copy the code

Translated into Internet language, this is how it can be understood:

  • whenabnormalThe amplitude reached the setThe thresholdAfter the system protection mechanism is triggered
  • The protection mechanism will be certainPartial capacity shutdownTo ensure thatMost capacitythenormal
  • This mechanism is lossy, butThe benefits outweigh the end

The circuit breaker mechanism automatically triggers recovery detection after the system is shut down for a period of time. If the service is normal, the system gradually opens the service.

1. Avalanche effect

In the distributed service deployment architecture, the overall link can be referred to as:

If DB_2 becomes unavailable due to excessive machine load, slow SQL execution, full link count, or network jitter, the impact on the overall link will be as follows:

Each stage of a service avalanche can be caused by different reasons. For example, the reasons that make a service unavailable are:

  • A hardware failure
  • Program Bug
  • Cache breakdown
  • Heavy user requests

2. Avalanche handling strategy

  • Flow control:Current limitingandPeak clippingIs a traffic control policy
  • Cache optimization: In the above case,DBAvalanches caused by excessive pressure can be introducedThe cacheTo reduceDBpressure
  • Service degradation: By exceptionBranch linktheFail fastTo ensure thatThe main linkNormal service
  • Application expansion: ForMachine pressure.The load is too high, the machine can be expanded to solve the problem, to relieve the flow pressure

Circuit breaker mode

Circuit Breaker Pattern is a design Pattern used in modern software development. To detect errors and avoid triggering the same errors over and over again (such as service unavailability during maintenance, temporary system problems, or unknown system errors).

Status description:

  • Shut down: The fuse is closed by default, and the fuse itself has a counting capability (e.gSliding window implementation), when the number of failures reaches the preset threshold, a state change is triggered, and the fuse isOpen the
  • open: All requests will be received within a certain period of timeRefused to, or useBackup linkTo deal with.
  • Half open: After refreshing the time window, it will enterHalf openState,fuseTry to accept the request if this stage appearsThe request failed, directly toopenState.

Isolation strategy

1. Thread isolation

Hystrix USES Bulkhead Partition Bulkhead isolation technique, to isolates external dependence on resources, to avoid any failure of external dependencies this service to collapse.

Bulkhead isolation means that the internal space of the hull is divided into several compartments. Once some compartments are damaged and enter water, the water will not flow between them. In this way, the ship can still have enough buoyancy and stability in case of damage, thus reducing the immediate risk of sinking.

Image credit: Avalanche Protection: Principles and Uses of the Fuse Hystrix

Hystrix implements thread pool isolation to address the following scenarios:

In the product details system, if the service is not degraded, when the comment service is abnormal, the whole product details system will be affected, and eventually users can not view the product details.

Information services, in this case, the goods from the request entry allocation thread processing, to deal with each service USES the same thread (synchronous), commenting on the service when abnormal (abnormal response is slow, deal with the timeout, service, etc.), cause the entire thread block, the server response timeout, trigger user try again refresh request, eventually lead to service an avalanche, a system crash.

Hystrix thread pool isolation solution;

Hystrix isolates each dependency and packages all calls to dependencies as HystrixCommand or HystrixObservableCommand. When a service is called, it allocates a separate thread pool for resource isolation calls. When a comment service is unavailable, as shown in the figure below, The product details system can still return the product information to the user. Commenting on service exceptions does not affect the invocation of other dependencies.

Thread isolation features

Advantages:

  • A dependency can be given to a thread pool. Exceptions to this dependency do not affect other dependencies.
  • With threads, third-party code can be completely isolated, and the requesting thread can be quickly put back.
  • When a failed dependency becomes available again, the thread pool is cleared and immediately available instead of a long recovery.
  • Asynchronous calls can be fully simulated to facilitate asynchronous programming.
  • With thread pools, real-time monitoring, statistics and encapsulation can be implemented effectively.

Disadvantages:

  • The main disadvantage of using thread pools is increased computational overhead. Each dependency call involves queuing, scheduling, and context switching, all of which may be performed in a different thread.

Performance cost of thread switching

Netflix evaluated the performance difference between asynchronous and synchronous threads in detail and found that in 99% of cases, the latency of a few milliseconds for asynchronous threads was perfectly acceptable

2. Semaphore isolation

Hystrix’s semaphore isolation limits the proportion of abnormal calls to a resource.

Sentinel provides more policy options on the limits of semaphore isolation based on slow call ratio, outlier ratio, and outlier number.

The principle of semaphore isolation

The Sentinel base uses LeapArray, a high-performance sliding window data structure, to collect real-time second-level index data. In the underlying implementation of semaphore isolation, according to different strategies, such as the exception number strategy, the ratio of abnormal requests in the sliding window interval is counted to determine the service circuit breaker and degradation processing.

Schematic diagram of sliding window:

1. SLOW_REQUEST_RATIO Sets the allowable slow call RT (that is, the maximum response time). If the response time of a request is greater than this value, the request is counted as slow call. When the number of call requests exceeds the threshold, the circuit breaker is triggered. Threshold setting, 100ms response, 10 requests as shown below:

2. Abnormal ratio (ERROR_RATIO

If the number of requests in a statistical period is greater than the minimum number and the proportion of abnormal requests is greater than the threshold, the requests are automatically fused in the following fuse breaking period. The threshold is set to 20% as shown in the figure below:

3. Number of exceptions (ERROR_COUNT)

When the number of exceptions in a statistical period exceeds the threshold, the system automatically disables the circuit breaker. Threshold setting 5 is shown in the figure below:

Comparison of fuse degraded components

Sentinel

Sentinel is an open source, lightweight and highly available flow control component for distributed service architecture developed by Ali middleware team. Sentinel mainly takes traffic as the entry point and helps users protect the stability of services from multiple dimensions such as flow control, circuit breaker degradation and system load protection.

Sentinel focuses on:

  • Diversified flow control
  • Fusing the drop
  • System load protection
  • Real-time monitoring and console

Hystrix

Hystrix is Netflix’s open source fault tolerance system that allows users to create highly fault-tolerant and robust applications. Provide demotion, circuit breaker and other functions. In late 2018, Hystrix announced on its Github home page that it would no longer be opening up new features, recommending that developers use other open source projects that are still active.

Hystrix is designed to do the following: Give protection from and control over latency and failure from dependencies accessed (typically over the network) via third-party client libraries. Stop cascading failures in a complex distributed system. Fail fast and rapidly recover. Fallback and gracefully degrade when possible. Enable near real-time monitoring, alerting, and operational control.Copy the code
  1. Protect and control delays and failures of dependencies accessed through third-party client libraries, usually over the network.
  2. Prevent cascading failures in complex distributed systems.
  3. Fast failure, fast recovery.
  4. Roll back and degrade as gracefully as possible.
  5. Enable near real time monitoring, alerts, and operational controls.

resilience4j

Resilience4j is a lightweight, easy-to-use, and assemblable high availability framework that supports multiple high availability mechanisms, including fuse, high frequency control, isolation, current limiting, time limiting, and retry. Netflix officially recommended resilience4J as an alternative after they stopped maintaining Hystrix.

Compared to the Hystrix, there are some major differences:

  • Hystrix calls must be encapsulated into HystrixCommand, and Resilience4J provides nested decorators for functional interfaces, lambda expressions, and so on, so you can combine multiple high availability mechanisms in a neat way
  • Frequency statistics of Hystrix adopted the sliding window method, and Resilience4J adopted the ring buffer method
  • With regard to the state transition of fuses in the half-open state, Hystrix uses only one execution to determine whether to make the state transition, while Resilience4J uses a configurable number of executions and thresholds to determine whether to make the state transition, which improves the stability of the circuit breaker
  • Regarding the isolation mechanism, Hystrix provides threadpool and semaphore based isolation, while Resilience4J only provides semaphore based isolation

Pay attention, don’t get lost

Well folks, that’s all for this post, and I’ll be updating it weekly with a few high-quality articles about big factory interviews and common technology stacks. Thank everyone can see here, if this article is well written, please three!! Creation is not easy, thank you for your support and recognition, we will see the next article!

I am Jiuling, there is a need to communicate children’s shoes can add me WX, JayCE-K, follow the public number: Java tutorial, master first-hand information! If there are any mistakes in this blog, please comment and comment. Thank you very much!