Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The Walking Dead - A Survival Guide to Resilien...
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Michael Nitschinger
April 23, 2015
Programming
370
0
Share
The Walking Dead - A Survival Guide to Resilient Reactive Applications
This talk was given at JAX 2015 in Mainz.
Michael Nitschinger
April 23, 2015
More Decks by Michael Nitschinger
See All by Michael Nitschinger
High Performance JVM Networking with Netty
daschl
5
1.3k
Reactive Data Access with RxJava... and N1QL!
daschl
0
210
Spark with Couchbase
daschl
0
150
Reactive Data Access with RxJava ... and N1QL!
daschl
0
180
The Walking Dead - A Survival Guide to Resilient Reactive Applications
daschl
0
220
State of the Art JVM Networking with Netty
daschl
2
450
The Walking Dead - A Survival Guide to Resilient Reactive Applications
daschl
1
440
The Walking Dead - A Survival Guide to Resilient Applications
daschl
0
1.4k
Building a Reactive Database Driver on the JVM
daschl
2
960
Other Decks in Programming
See All in Programming
検索設計から 推論設計への重心移動と Recall-First Retrieval
po3rin
2
510
煩雑なSkills管理をSoC(関心の分離)により解決する――関心を分離し、プロンプトを部品として育てるためのOSSを作った話 / Solving Complex Skills Management Through SoC (Separation of Concerns)
nrslib
4
970
Surviving Black Friday: 329 billion requests with Falcon!
ioquatix
0
460
AI時代のPhpStorm最新事情 #phpcon_odawara
yusuke
0
190
Liberating Ruby's Parser from Lexer Hacks
ydah
2
1.5k
Server-Side Kotlin LT大会 vol.18 [Kotlin-lspの最新情報と Neovimのlsp設定例]
yasunori0418
1
160
Cache-moi si tu peux : patterns et pièges du cache en production - Devoxx France 2026 - Conférence
slecache
0
270
書籍「ユーザーストーリーマッピング」が私のバイブル
asumikam
4
380
AI時代のエンジニアリングの原則 / Engineering Principles in the AI Era
haru860
0
480
Offline should be the norm: building local-first apps with CRDTs & Kotlin Multiplatform
renaudmathieu
0
220
ついに来た!本格的なマルチクラウド時代の Google Cloud
maroon1st
0
170
2026_04_15_量子計算をパズルとして解く
hideakitakechi
0
110
Featured
See All Featured
Kristin Tynski - Automating Marketing Tasks With AI
techseoconnect
PRO
0
230
Optimizing for Happiness
mojombo
378
71k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.4k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
31
3.2k
Primal Persuasion: How to Engage the Brain for Learning That Lasts
tmiket
0
320
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.6k
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
twada
PRO
118
110k
How STYLIGHT went responsive
nonsquared
100
6.1k
Deep Space Network (abreviated)
tonyrice
0
120
Code Reviewing Like a Champion
maltzj
528
40k
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
1
240
Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes
mfonobong
2
370
Transcript
Michael Nitschinger | Couchbase, Inc. The Walking Dead A Survival
Guide to Reactive Resilient Applications
the right Mindset 2
– U.S. Marine Corps “The more you sweat in peace,
the less you bleed in war.” 3
4
5
Not so fast, mister fancy tests! 6
What can go wrong? Always ask yourself 7
Fault Tolerance 101 8
Fault Error Failure A fault is a latent defect that
can cause an error when activated. 9
Fault Error Failure Errors are the manifestations of faults. 10
Fault Error Failure Failure occurs when the service no longer
complies with its specifications. 11
Fault Error Failure Errors are inevitable. We need to detect,
recover and mitigate them before they become failures. 12
Reliability is the probability that a system will perform failure
free for a given amount of time. MTTF Mean Time To Failure MTTR Mean Time To Repair 13
Availability is the percentage of time the system is able
to perform its function. availability = MTTF MTTF + MTTR 14
Expression Downtime/Year Three 9s 99.9% 525.6 min Four 9s 99.99%
52.56 min Four 9s and a 5 99.995% 26.28 min Five 9s 99.999% 5.256 min Six 9s 99.9999% 0.5256 min 100% 0 15
Pop Quiz! Edge Service User Service Session Store Data Warehouse
Wanted: 99.99% Availability ??? ??? ??? 16
Pop Quiz! Edge Service User Service Session Store Data Warehouse
Wanted: 99.99% Availability 99.99% 17 99.99% 99.99%
Pop Quiz! Edge Service User Service Session Store Data Warehouse
Wanted: 99.99% Availability ~99.999% ~99.999% ~99.999% 18
Fault Tolerant Architecture 19
Units of Mitigation are the basic units of error containment
and recovery. 20
Escalation is used when recovery or mitigation is not possible
inside the unit. 21
Escalation 22 Cluster Node Node Service Service Service Service Service
Endpoint Endpoint Endpoint Endpoint Endpoint
Escalation 23 Cluster Node Node Service Service Service Service Service
Endpoint Endpoint Endpoint Endpoint Endpoint
Escalation 24 Cluster Node Node Service Service Service Service Service
Endpoint Endpoint Endpoint Endpoint Endpoint
Escalation 25 Cluster Node Node Service Service Service Service Service
Endpoint Endpoint Endpoint Endpoint Endpoint
Redundancy Cost Active/Active Active/Standby N+M Active/Passive Cost Time To Recover
26
The Fault Observer receives system and error events and can
guide and orchestrate detection and recovery Unit Unit Observer Listener Listener Unit Unit 27
28
29
Detecting Errors 30
A silent system is a dead system. 31
A System Monitor helps to study behaviour and to make
sure it is operating as specified. 32 http://cdn-www.airliners.net/aviation-photos/photos/9/2/1/0982129.jpg
https://github.com/Netflix/Turbine 33
Periodic Checking Heartbeats monitor tasks or remote services and initiate
recovery Routine Exercises prevent idle unit starvation and surface malfunctions 34
35 Encoder( Encoder( Ne*y( Writes( Ne*y( Reads( Decoder( Decoder( Event
on Idle No Traffic Endpoint
Riding over Transients is used to defer error recovery if
the error is temporary. “‘Patience is a virtue’ to allow the true signature of an error to show itself.” - Robert S. Hanmer 36
37 The Leaky Bucket
And more! • Complete Parameter Checking • Watchdogs • Voting
• Checksums • Routine Audits 38
Recovery and Mitigation of Errors 39
Timeout to not wait forever and keep holding up the
resource. 40 X
Failover to a redundant unit when the error has been
detected and isolated. Cost Active/Active Active/Standby N+M Cost Time To Recover Redundancy Reminder 41
Intelligent Retries Time between Retries Number of Attempts Fixed Linear
Exponential 42
Restart can be used as a last resort with the
trade-off to lose state and time. 43
Fail Fast to shed load and give a partial great
service than a complete bad one. Boundary 44
Backpressure & Batching! 45
Case Study: Hystrix https://raw.githubusercontent.com/wiki/Netflix/Hystrix/images/hystrix-flow-chart-original.png 46
And more! • Rollback • Roll-Forward • Checkpoints • Data
Reset Recovery Mitigation • Bounded Queuing • Expansive Controls • Marking Data • Error Correcting Codes 47
And more! • Rollback • Roll-Forward • Checkpoints • Data
Reset Recovery Mitigation • Bounded Queuing • Expansive Controls • Marking Data • Error Correcting Codes 48
Recommended Reading 49
Patterns for Fault-Tolerant Software by Robert S. Hanmer 50
Release It! by Michael T. Nygard 51
Announcement CB Server 4.0 dp! 52 http://blog.couchbase.com/introducing-developer-preview-for-couchbase-server-4.0
Any Questions? 53
twitter @daschl email
[email protected]
Thank you! 54
daschl
po3rin
nrslib
ioquatix
yusuke
ydah
yasunori0418
slecache
asumikam
haru860
renaudmathieu
maroon1st
hideakitakechi
techseoconnect
mojombo
rmw
danielanewman
tmiket
inesmontani
twada
nonsquared
tonyrice
maltzj
minecr
mfonobong
![twitter @daschl email [email protected] Thank you! 54](https://files.speakerdeck.com/presentations/653d12d90db14a15a90a89d195c246ea/slide_53.jpg){kind=link}