Software Architecture Books Summary And Highlights -- Part 5 Availability

-

 

Availability

Highlights

How to detect faults?

many ways, interesting one:

voting (3 ways)

  1. replication
  2. functioning redundancy: same function implemented by different pieces of code
  3. analytics redundancy: One function’s one input can come from different sources so that it can pick most reliable source to use

SAP Ch 4 Availability


How to recover from faults?

preparation and repair:

many ways, some interesting ones:

  • ignore fault behavior. e.g. ignore bad sensor output
  • graceful degradation: This tactic maintains the most critical system functions in the presence of component failures, while dropping less critical functions.
  • reconfiguration resources

Reintroduction tactics:

  1. Re-sync a previous failed component in shadow for a predefined duration
  2. state re-sync
  3. escalating restart: different level of restarts
  4. nonstop forwarding
    1. if a router’s supervisor fails, router can continue forwarding information based on known path

SAP Ch 4 Availability


How to Prevent faults?

many ways, some interesting ones:

  1. temporarily remove a service to prevent the service’s own fault affecting others.
  2. transactions
  3. predict system faults based on system status

SAP Ch 4 Availability


How to improve availability?

  • redundancy
  1. active redundancy: all nodes receive and process identical inputs
  2. passive redundancy: some nodes are loosely coupled and synced
  3. spare (cold spare)

The tradeoff among the three alternatives is the time to recover from a failure versus the runtime cost incurred to keep a spare up-to-date. A hot spare carries the highest cost but leads to the fastest recovery time, for example.

  • replicas voting
  • circuit breaker which stops callers from too many retrying until reset

SAP Ch 4 Availability


Elasticity

the ability of a system to remain responsive during significantly high instantaneous and erratic spikes in user load.

How to improve elasticity?

  1. have very small, fine-grained services so that the mean time to startup (MTTS) is very small
  2. keep synchronous communication among services to a minimum.
    1. The more services communicate with one other to complete a single business transaction, the greater the negative impact on scalability and elasticity.

SAH Ch 3 Architectural Modularity


Circuit breaker

  • With a circuit breaker, after a certain number of requests to the downstream resource have failed, the circuit breaker is blown.
    • The failure can be timeout or others
    • It is tricky to decide the criteria. you don’t want to blow too frequently or wait too long to blow
  • All further requests fail fast while the circuit breaker is in its blown state.
    • for async call, just queue up the requests
    • for sync call, just fail fast
  • After a certain period of time, the client sends a few requests through to see if the downstream service has recovered, and if it gets enough healthy responses it resets the circuit breaker.

Bulkhead

  • In shipping, a bulkhead is a part of the ship that can be sealed off to protect the rest of the ship. So if the ship springs a leak, you can close the bulkhead doors. You lose part of the ship, but the rest of it remains intact.
  • e.g. separate connection pool

MSV Ch 11 Microservices at Scale


Types of Failure in cloud and how to handle

  1. timeout: if service timeout, may need to request a new VM in cloud which is expensive
    1. Most systems do not trigger failure recovery after a single missed response.
    2. the typical approach is to look for some number of missed responses over a longer time interval
  2. long tail latency; solution:
    1. Hedged requests. Make more requests than are needed and then cancel the requests (or ignore responses) after sufficient responses have been received.

SAP ch 17 Cloud and distributed computation


Architecting for Failure

treating your containers or servers as cattle means that your service can get back to a healthy state automatically, but additional effort is needed to make sure that it can function smoothly while experiencing a moderate rate of failures. because scheduler can kill nodes

Solution: smaller tasks and better load balancer

SWG Ch 25 compute as a service

An essential part of building a resilient system, especially when your functionality is spread over a number of different microservices that may be up or down, is the ability to safely degrade functionality. e.g. fallback mechanism

MSV Ch 11 Microservices at Scale


Related Chapters

SAP Ch 4 Availability

SAP ch 17 Cloud and distributed computation

SAH Ch 3 Architectural Modularity

MSV Ch 11 Microservices at Scale

SWG Ch 25 compute as a service

Popular posts from this blog

Does Free Consciousness exist ?

-
Image
I see a study:  Discovery of quantum vibrations in ‘microtubules’ inside brain neurons supports controversial theory of consciousness  shared on social media. Some one comments that this study indicates that human have free consciouness and the freedom comes from quantum process. I disagree with this comments. To oppose this comment clearly, I will raise and answer two questions. First, what does ‘microtubules’ do inside neurons ? Second what is free consciousness ? What does ‘microtubules’ do inside neurons ? The above picture is from Wikipedia. It shows the structure of a neuron and what ‘microtubules’ is in neuron. The way how neuron works is: A neuron collect chemical signals from many other neurons and generate a signal in the left side of the above picture and send the signal to the right side the above picture through the ‘microtubules’ and finally convert that signal to chemical material and emit them. So ‘microtubules’ is more ...
Read more

Software Architecture Books Summary And Highlights -- Part 1 Goal, Introduction And Index

-
  Goal And Target Audience This is a summary and highlights of 6 software engineering and architecture related books I recently read. All the 6 books are very heavy and interesting. Reading real contents of them is always recommended. The target audience is experienced software engineers who want to learn more in larger system design and architecture. The goal of this article is to provide summaries of the 6 books as well as brief highlights of interesting or important contents from the 6 books so that the target audience could learn the 6 books’ important ideas quickly and read only important chapters and save time. The highlights and summaries will be divided into several general categories. Each category contains a highlight section and a related chapters section. The related chapters section contains all chapter references which are related to the category’s topic. The highlight section contains a brief summary of interesting or important or enlightening contents from the r...
Read more

拉美500年,荆棘丛生的自由繁荣之路

-
  缘起 最近对拉美的政治经济历史感兴趣,所以读了一些相关书籍,看了一些相关视频,感觉拉美还是一个很有趣的地区:资源丰富,悠久的被殖民的历史,灾难性的通货膨胀,贫民窟,贫富差距大etc。 所以把阅读的笔记和思考重新整理如下。 注 :下面的很多内容都是来自读书笔记,如有雷同,那是真的在抄书 lol 参考材料: 從「已開發」倒退回「發展中水準」的國家,經濟學家眼中最離奇的案例 (视频) 阿根廷国家崩溃报告 (视频) 《掉队的拉美》 [智]塞巴斯蒂安.爱德华兹 (书)  《拉丁美洲被切开的血管》 [乌拉圭] 爱德华多·加莱亚诺 (书) 正文 拉美的问题 相比其他国家,拉美有很多优势,比如资源丰富,有丰富的矿产资源,气候也很适合农业发展;比如比亚洲和非洲国家更早实现独立和民主制度;比如没有直接卷入一战和二战,二战期间由于欧州陷入战乱无暇输出工业品,拉美的民族工业从而获得了更多市场,并得到了长足发展。但是二战之后拉美的发展速度却远远落后于一片废墟的欧洲,还被东亚诸国后发超车。 《掉队的拉美》中把经济的增长转型分为三个阶段: 第一个阶段 ,产量增加和收入提高主要是由生产率增长驱动的。简单来说,第一个阶段的经济增长不是由于使用了更多机器或雇用了更多工人,而是由于做事的效率提高了。 第二个阶段 ,效率的提高和生产率的增长仍然强劲,整体经济持续快速发展。与第一个阶段不同的是,第二个阶段对机器、建筑物、公路和港口的投资成为增长的另一重要来源。 第三个阶段 ,包括实物资本和人力资本在内的资本积累成为增长最主要的来源,有助于维持相对较快的经济扩张。有时第三个阶段会引起新的结构或技术变革,使生产率有新的跃升,于是上述过程进入一个层次更高的新周期。 作者认为绝大多数拉美国家并没有跨越增长转型的第一个阶段。从各项经济、社会指标上,拉美的各个国家也很落后。比如拉美的贫困人口多。1970年,在实施进口替代发展战略整整30年之后,所有拉美家庭中仍有40%生活在贫困线以下,农村地区的贫困发生率达到令人震惊的62%。还比如拉美的人均收入低。1975年拉美平均人均收入相当于美国的24%,至2006年,这一数值跌至19%。再比如拉美的贫富差距很大,受教育程度普遍偏低,失业率高企,通胀失控等等。 根据经济学研究,一个国家的自由繁荣主要取决于以下几个因素: ...
Read more