Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The Walking Dead - A Survival Guide to Resilien...
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Michael Nitschinger
May 12, 2015
Programming
0
210
The Walking Dead - A Survival Guide to Resilient Reactive Applications
I gave this talk at GeeCon 2015 in Krakow. Recording will be available through the GeeCon channels.
Michael Nitschinger
May 12, 2015
Tweet
Share
More Decks by Michael Nitschinger
See All by Michael Nitschinger
High Performance JVM Networking with Netty
daschl
5
1.3k
Reactive Data Access with RxJava... and N1QL!
daschl
0
200
Spark with Couchbase
daschl
0
150
Reactive Data Access with RxJava ... and N1QL!
daschl
0
180
State of the Art JVM Networking with Netty
daschl
2
440
The Walking Dead - A Survival Guide to Resilient Reactive Applications
daschl
0
370
The Walking Dead - A Survival Guide to Resilient Reactive Applications
daschl
1
440
The Walking Dead - A Survival Guide to Resilient Applications
daschl
0
1.3k
Building a Reactive Database Driver on the JVM
daschl
2
950
Other Decks in Programming
See All in Programming
Smart Handoff/Pickup ガイド - Claude Code セッション管理
yukiigarashi
0
150
インターン生でもAuth0で 認証基盤刷新が出来るのか
taku271
0
190
CSC307 Lecture 08
javiergs
PRO
0
670
AIエージェント、”どう作るか”で差は出るか? / AI Agents: Does the "How" Make a Difference?
rkaga
4
2k
Automatic Grammar Agreementと Markdown Extended Attributes について
kishikawakatsumi
0
200
副作用をどこに置くか問題:オブジェクト指向で整理する設計判断ツリー
koxya
1
610
ぼくの開発環境2026
yuzneri
0
240
Apache Iceberg V3 and migration to V3
tomtanaka
0
170
IFSによる形状設計/デモシーンの魅力 @ 慶應大学SFC
gam0022
1
310
izumin5210のプロポーザルのネタ探し #tskaigi_msup
izumin5210
1
140
プロダクトオーナーから見たSOC2 _SOC2ゆるミートアップ#2
kekekenta
0
230
Raku Raku Notion 20260128
hareyakayuruyaka
0
360
Featured
See All Featured
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
230
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
57
Building AI with AI
inesmontani
PRO
1
710
WENDY [Excerpt]
tessaabrams
9
36k
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
110
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.7k
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.1k
Designing Powerful Visuals for Engaging Learning
tmiket
0
240
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.8k
What the history of the web can teach us about the future of AI
inesmontani
PRO
1
440
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
akademiya2063
PRO
1
56
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
650
Transcript
The Walking Dead A Survival Guide to Resilient Reactive Applications
Michael Nitschinger @daschl
the right Mindset 2
– U.S. Marine Corps “The more you sweat in peace,
the less you bleed in war.” 3
4
5
Not so fast, mister fancy tests! 6
What can go wrong? Always ask yourself 7
Fault Tolerance 101 8
Fault Error Failure A fault is a latent defect that
can cause an error when activated. 9
Fault Error Failure Errors are the manifestations of faults. 10
Fault Error Failure Failure occurs when the service no longer
complies with its specifications. 11
Fault Error Failure Errors are inevitable. We need to detect,
recover and mitigate them before they become failures. 12
Reliability is the probability that a system will perform failure
free for a given amount of time. MTTF Mean Time To Failure MTTR Mean Time To Repair 13
Availability is the percentage of time the system is able
to perform its function. availability = MTTF MTTF + MTTR 14
Expression Downtime/Year Three 9s 99.9% 525.6 min Four 9s 99.99%
52.56 min Four 9s and a 5 99.995% 26.28 min Five 9s 99.999% 5.256 min Six 9s 99.9999% 0.5256 min 100% 0 15
Pop Quiz! Edge Service User Service Session Store Data Warehouse
Wanted: 99.99% Availability ??? ??? ??? 16
Pop Quiz! Edge Service User Service Session Store Data Warehouse
Wanted: 99.99% Availability 99.99% 17 99.99% 99.99%
Pop Quiz! Edge Service User Service Session Store Data Warehouse
Wanted: 99.99% Availability ~99.999% ~99.999% ~99.999% 18
Fault Tolerant Architecture 19
Units of Mitigation are the basic units of error containment
and recovery. 20
Escalation is used when recovery or mitigation is not possible
inside the unit. 21
Escalation 22 Cluster Node Node Service Service Service Service Service
Endpoint Endpoint Endpoint Endpoint Endpoint
Escalation 23 Cluster Node Node Service Service Service Service Service
Endpoint Endpoint Endpoint Endpoint Endpoint
Escalation 24 Cluster Node Node Service Service Service Service Service
Endpoint Endpoint Endpoint Endpoint Endpoint
Escalation 25 Cluster Node Node Service Service Service Service Service
Endpoint Endpoint Endpoint Endpoint Endpoint
Redundancy Cost Active/Active Active/Standby N+M Active/Passive Cost Time To Recover
26
The Fault Observer receives system and error events and can
guide and orchestrate detection and recovery Unit Unit Observer Listener Listener Unit Unit 27
28
29
Detecting Errors 30
A silent system is a dead system. 31
A System Monitor helps to study behaviour and to make
sure it is operating as specified. http://upload.wikimedia.org/wikipedia/commons/3/3b/Mission_control_center.jpg 32
https://github.com/Netflix/Turbine 33
Periodic Checking Heartbeats monitor tasks or remote services and initiate
recovery Routine Exercises prevent idle unit starvation and surface malfunctions 34
35 Encoder( Encoder( Ne*y( Writes( Ne*y( Reads( Decoder( Decoder( Event
on Idle No Traffic Endpoint
Riding over Transients is used to defer error recovery if
the error is temporary. “‘Patience is a virtue’ to allow the true signature of an error to show itself.” - Robert S. Hanmer 36
37
And more! • Complete Parameter Checking • Watchdogs • Voting
• Checksums • Routine Audits 38
Recovery and Mitigation of Errors 39
Timeout to not wait forever and keep holding up the
resource. 40 X
Failover to a redundant unit when the error has been
detected and isolated. Cost Active/Active Active/Standby N+M Cost Time To Recover Redundancy Reminder 41
Intelligent Retries Time between Retries Number of Attempts Fixed Linear
Exponential 42
Restart can be used as a last resort with the
trade-off to lose state and time. 43
Fail Fast to shed load and give a partial great
service than a complete bad one. Boundary 44
Backpressure & Batching! 45
Case Study: Hystrix https://raw.githubusercontent.com/wiki/Netflix/Hystrix/images/hystrix-flow-chart-original.png 46
And more! • Rollback • Roll-Forward • Checkpoints • Data
Reset Recovery Mitigation • Bounded Queuing • Expansive Controls • Marking Data • Error Correcting Codes 47
And more! • Rollback • Roll-Forward • Checkpoints • Data
Reset Recovery Mitigation • Bounded Queuing • Expansive Controls • Marking Data • Error Correcting Codes 48
Recommended Reading 49
Patterns for Fault-Tolerant Software by Robert S. Hanmer 50
Release It! by Michael T. Nygard 51
Any Questions? 52
twitter @daschl email
[email protected]
Thank you! 53
daschl
yukiigarashi
taku271
javiergs
rkaga
kishikawakatsumi
koxya
yuzneri
tomtanaka
gam0022
izumin5210
kekekenta
hareyakayuruyaka
inesmontani
marketingsoph
tessaabrams
pwiseman
bcantrill
tmiket
reverentgeek
akademiya2063
nmsamuel
![twitter @daschl email [email protected] Thank you! 53](https://files.speakerdeck.com/presentations/8f24abb973b84de09bd696b927e1de18/slide_52.jpg){kind=link}