Microservice - Circuit breaker design

Circuit breaker is a micro – service link protection mechanism to deal with avalanche effect. When a microservice on the link fails to be available or the response time is too long, the service will be degraded, and then the invocation of the microservice on the node will be fused, and the response information will be returned quickly. When the microservice invocation response of the node is normal, the invocation link is recovered. The design architecture of the service circuit breaker is as follows:

1 Circuit breaker Status

The service caller maintains a state machine for each invoked service (call path), in which there are three states:

CLOSED: Default status. The circuit breaker detects that the request failure rate does not reach the threshold, and considers that the proxy service status is good
OPEN: The circuit breaker detects that the request failure rate reaches the threshold. The circuit breaker considers that the proxy service is faulty and turns on the switch. The requests no longer reach the proxy service but rapidly fail
HALF OPEN: After the circuit breaker is opened, in order to automatically restore access to the proxy service, it switches to the semi-open state and attempts to request the proxy service to check whether the service has recovered. If it works, it will turn intoCLOSEDState, otherwise go toOPENstate

2 Circuit breaker policy

The failure rate exceeds the specified threshold within a specified period
The number of failures in a specified period exceeds the specified threshold
Follow up the fuse level and adjust the fuse timeout time appropriately

3 Recovery Policy

The failure rate within a specified period is lower than the specified threshold
The number of failures within a specified period is lower than the specified threshold

4 Rejection Policy

Throws the specified exception directly
Call the demotion policy for processing

5 FaQs

There are some issues to consider when using circuit breakers:

According to different exceptions, different post-fuse processing logic is defined
Set the duration of the circuit breaker. When the duration exceeds the circuit breaker, switch toHALF OPENretry
Record request failure logs for monitoring
Active retry, such as forconnection timeoutThe resulting circuit breaker can be detected using asynchronous threads, such astelenetTo switch to when the network is unblockedHALF OPENretry
Compensation interface. The circuit breaker provides a compensation interface for the o&M personnel to manually close
When retrying, you can use previously failed requests to retry, but be careful whether this is allowed by the service

6 Application Scenarios

The client fails quickly when the service is faulty or upgraded
Failure processing logic is easy to define
The response time is long, which is set on the clientread timeoutIn this case, the connection and thread resources cannot be released due to a large number of client retries

More on JAVA, high concurrency, microservices, architectures, solutions, middleware at github.com/yu120/lemon…

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Microservice — Circuit breaker design

1 Circuit breaker Status

2 Circuit breaker policy

3 Recovery Policy

4 Rejection Policy

5 FaQs

6 Application Scenarios

Microservice — Circuit breaker design

1 Circuit breaker Status

2 Circuit breaker policy

3 Recovery Policy

4 Rejection Policy

5 FaQs

6 Application Scenarios

Related Posts

Aliyun experts explain the development trend of 2020 service grid in detail

Assault Concurrent programming JUC series -ReentrantReadWriteLock

Barehanded framework – RPC remote call implementation