Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Resiliency and Availability Design Patterns

Adrian Hornsby
April 11, 2019
Programming
2
180

Resiliency and Availability Design Patterns

As presented at https://devone.at/speakers/#adrianhornsby

---
We have traditionally built robust software systems by trying to avoid mistakes and by dodging failures when they occur in production or by testing parts of the system in isolation from one another. Modern methods and techniques take a very different approach based on resiliency, which promotes embracing failure instead of trying to avoid it. Resilient architectures enhance observability, leverage well-known patterns such as graceful degradation, timeouts and circuit breakers. In this session, will review the most useful patterns for building resilient software systems and especially show the audience how they can benefit from the patterns.

Adrian Hornsby

April 11, 2019
Tweet

More Decks by Adrian Hornsby

See All by Adrian Hornsby
Looking back to look forward
adhorn
0
390
Reliability, consistency, and confidence through immutability
adhorn
0
190
Ten lessons from twelve years of AWS
adhorn
0
1.2k
Towards Operational Excellence
adhorn
0
2.7k
Applying chaos engineering principles for building fault-tolerant applications
adhorn
8
2.6k
Chaos Engineering, Community, and AWS
adhorn
1
170
Building Multi-Region Serverless Architecture and Breaking them using Chaos Engineering
adhorn
2
300
Building Resilient Applications using Chaos Engineering on AWS
adhorn
1
420
Chaos Engineering: getting out of the starting blocks
adhorn
2
360

Other Decks in Programming

See All in Programming
ふんわり使うPlantUML
suzuki
0
240
改めて整理するWebアプリのビルド・デプロイの基本【コンテナ編】
os1ma
2
330
本当に 0 からの 関数型プログラミングの歩き始め方 / How to Walk into Functional Programming from Scratch
guvalif
1
440
Spring と AWS サービスを活用して実現する安全なデプロイメント / How to launch safely using Spring and AWS services
kanamasa
4
220
Les tests dans une application Symfony
alexandresalome
1
710
Kubernetesコントローラーのパフォーマンスチューニング
zoetrope
4
450
macのunicode正規化.pdf
mski_iksm
0
10k
Cloudflare 概論 Cloudflare Meetup Kick Off! #CloudflareUG
maroon1st
0
620
アンドキュメンテッド ちょうぜつソフトウェア 設計入門 「オブジェクト指向に定義はない」のか?
tanakahisateru
4
1.1k
[a11y] カート UI のフォーカスを可視化する
ryamakuchi
0
130
6年以上メンテされていない!? クレカ読み取りライブラリの廃止とDataScannerViewControllerを使ってクレカ読み取りを実装しよう!
terukinakano
0
110
Run Your Firebase for Web App Locally Using Firebase Emulator Suite
dicoding
0
450

Featured

See All Featured
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
101
6.2k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
2
480
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
270
12k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
236
1.1M
Agile that works and the tools we love
rasmusluckow
321
20k
Why You Should Never Use an ORM
jnunemaker
PRO
49
8k
Stop Working from a Prison Cell
hatefulcrawdad
264
18k
Testing 201, or: Great Expectations
jmmastey
25
5.8k
A designer walks into a library…
pauljervisheath
199
16k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
22
1.8k
Designing the Hi-DPI Web
ddemaree
273
33k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
176
9.2k

Transcript

  1. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
    Resiliency and Availability Design
    Patterns
    Adrian Hornsby
    Sr. Technical Evangelist
    Amazon Web Services
    @adhorn

    View Slide

  2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Looks familiar?

    View Slide

  3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Distributed Systems are hard
    Amazon Twitter Netflix

    View Slide

  4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Resiliency: Ability for a system to handle and
    eventually recover from unexpected conditions

    View Slide

  5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Partial failure mode

    View Slide

  6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    How do we build resilient software
    systems?

    View Slide

  7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    People
    Application
    Network & Data
    Infrastructure

    View Slide

  8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Let’s talk about isolation and containment

    View Slide

  9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

    View Slide

  10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Typical service application
    Compute
    Cell
    Storage

    View Slide

  11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Cell-based architecture
    Compute
    Cell 0
    Compute
    Cell n
    Regional Service
    Storage
    Compute
    Cell 1
    Storage Storage

    View Slide

  12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    REGIONAL
    SERVICE
    Zone A Zone B Zone C Zone A Zone B Zone C
    Zone A Zone B Zone C
    Z O N A L
    S E R V I C E
    Z O N A L
    S E R V I C E
    Z O N A L
    S E R V I C E
    S E R V I C E C E L L
    S E R V I C E C E L L
    S E R V I C E C E L L
    Zone A Zone B Zone C
    S E R V I C E
    C E L L
    S E R V I C E
    C E L L
    S E R V I C E
    C E L L
    S E R V I C E
    C E L L
    S E R V I C E
    C E L L
    S E R V I C E
    C E L L
    S E R V I C E
    C E L L
    S E R V I C E
    C E L L
    S E R V I C E
    C E L L
    W I T H O U T C E L L S W I T H C E L L S

    View Slide

  13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    System properties
    Cell 0
    Service
    Cell 1 Cell n
    • Workload isolation
    • Failure containment
    • Scale-out vs. scale-up
    • Testability
    • Manageability Cell n+1

    View Slide

  14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Let’s talk about blast radius

    View Slide

  15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

    View Slide

  16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    X X X X X X X
    X


    ♢ ⚀ ⚁ ⚂ ⚃


    View Slide

  17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Cell-based architecture
    X
    X


    ♢ ⚀ ⚁ ⚂ ⚃


    View Slide

  18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Shuffle sharding
    X
    X


    ♢ ⚀ ⚁⚂ ⚃
    ♡ ♤ ♧
    ♢ ⚀⚂
    ♧ ⚁⚃
    ♢ ♢
    ♡ ♧

    View Slide

  19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Shuffle sharding
    Nodes = 8
    Shard size = 2
    Combinations = 28
    Overlap % customers
    0 53.6%
    1 42.8%
    2 3.6%

    View Slide

  20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Shuffle sharding
    Nodes = 100
    Shard size = 5
    Combinations = 75 million!
    Overlap % customers
    0 77%
    1 21%
    2 1.8%
    3 0.06%
    4 0.0006%
    5 0.0000013%

    View Slide

  21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Shuffle sharding

    View Slide

  22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Better to react without reacting

    View Slide

  23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Region
    Availability zone a Availability zone b Availability zone c
    Application
    Lets take an application …

    View Slide

  24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Region
    Availability zone a Availability zone b Availability zone c
    Application
    Requires 8 Instances
    or containers

    View Slide

  25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Overload Failures

    View Slide

  26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Region
    Availability zone a Availability zone b Availability zone c
    Application

    View Slide

  27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Region
    Availability zone a Availability zone b Availability zone c
    Application
    Requires 6 Instances
    or Containers

    View Slide

  28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Let’s talk about timeouts, backoff &
    retries.

    View Slide

  29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

    View Slide

  30. https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-configuration-properties.html

    View Slide

  31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    User 1
    App DB
    Conn
    Pool
    INSERT
    Timeout client side = 10s Timeout backend side = default
    Retry INSERT
    Retry INSERT
    ERROR: Failed to get connection from pool
    Retry

    View Slide

  32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Set the timeouts through inheritance
    Timeout backend = Timeout client – time elapsed

    View Slide

  33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    User 1
    DB
    Conn
    Pool
    INSERT
    Timeout client side = 10s Timeout backend side = 10s – time elapsed
    Wait 2s before Retry
    Wait 4s before Retry
    Wait 8s before Retry
    Wait 16s before Retry
    Backoff between retries
    Backoff

    View Slide

  34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    No jitter With jitter
    https://aws.amazon.com/blogs/architecture/exponential-backoff-and-jitter/
    Simple Exponential Backoff is not enough: Add Jitter

    View Slide

  35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Adding Jitter

    View Slide

  36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Circuit Breaker
    • Wrap a protected function
    call in a circuit breaker
    object, which monitors for
    failures.
    • If failures reach a certain
    threshold, the circuit
    breaker trips.
    Producer Circuit Breaker Consumer
    Connection
    Monitoring
    Timeouts
    Breaking Circuit

    View Slide

  37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Let’s talk about load shedding.

    View Slide

  38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

    View Slide

  39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

    View Slide

  40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Cheaply reject excess work

    View Slide

  41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

    View Slide

  42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Degrade & prioritize traffic
    with queues
    Worker
    Instance
    Worker
    Instance
    API
    Instance
    API
    Instance
    API
    Instance
    High Priority Queue
    Low Priority Queue

    View Slide

  43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Let’s talk about databases.

    View Slide

  44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Read / Write separation
    DB Instance DB instance read
    replica
    DB instance read
    replica
    DB instance read
    replica
    Instance Instance
    Instance
    Supports degradation through Read-Only mode

    View Slide

  45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Service Degradation & Fallbacks

    View Slide

  46. https://twitter.com/redditstatus/status/1116204502703493120

    View Slide

  47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Transient state does not
    belong in the database.

    View Slide

  48. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Let’s talk about chaos engineering.

    View Slide

  49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Fire Drills

    View Slide

  50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    GameDay at Amazon
    Creating Resiliency Through Destruction
    https://www.youtube.com/watch?v=zoz0ZjfrQ9s

    View Slide

  51. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Chaos engineering
    https://github.com/Netflix/SimianArmy

    View Slide

  52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Failure injection
    • Start small & build confidence
    • Application level
    • Host failure
    • Resource attacks (CPU, memory, …)
    • Network attacks (dependencies, latency, …)
    • Region attacks
    • People attack
    https://www.gremlin.com
    https://github.com/Netflix/SimianArmy https://chaostoolkit.org

    View Slide

  53. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    "Chaos engineering is NOT about breaking
    things randomly without a purpose, chaos
    engineering is about breaking things in a
    controlled environment and through well-
    planned experiments in order to build
    confidence in your application to withstand
    turbulent conditions.”

    View Slide

  54. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    And before we go.

    View Slide

  55. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    DON’T blame people for failure…

    View Slide

  56. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
    Thanks you!
    @adhorn
    https://medium.com/@adhorn
    https://speakerdeck.com/adhorn/patterns-for-building-resilient-software-systems-2019

    View Slide