Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
The Walking Dead - A Survival Guide to Resilien...
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Michael Nitschinger
May 12, 2015
Programming
0
210
The Walking Dead - A Survival Guide to Resilient Reactive Applications
I gave this talk at GeeCon 2015 in Krakow. Recording will be available through the GeeCon channels.
Michael Nitschinger
May 12, 2015
Tweet
Share
More Decks by Michael Nitschinger
See All by Michael Nitschinger
High Performance JVM Networking with Netty
daschl
5
1.3k
Reactive Data Access with RxJava... and N1QL!
daschl
0
200
Spark with Couchbase
daschl
0
150
Reactive Data Access with RxJava ... and N1QL!
daschl
0
180
State of the Art JVM Networking with Netty
daschl
2
440
The Walking Dead - A Survival Guide to Resilient Reactive Applications
daschl
0
370
The Walking Dead - A Survival Guide to Resilient Reactive Applications
daschl
1
440
The Walking Dead - A Survival Guide to Resilient Applications
daschl
0
1.3k
Building a Reactive Database Driver on the JVM
daschl
2
950
Other Decks in Programming
See All in Programming
Claude Codeと2つの巻き戻し戦略 / Two Rewind Strategies with Claude Code
fruitriin
0
140
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
610
React Native × React Router v7 API通信の共通化で考えるべきこと
suguruooki
0
100
Apache Iceberg V3 and migration to V3
tomtanaka
0
170
React 19でつくる「気持ちいいUI」- 楽観的UIのすすめ
himorishige
11
7.5k
日本だけで解禁されているアプリ起動の方法
ryunakayama
0
190
コマンドとリード間の連携に対する脅威分析フレームワーク
pandayumi
1
460
Rust 製のコードエディタ “Zed” を使ってみた
nearme_tech
PRO
0
210
2026年 エンジニアリング自己学習法
yumechi
0
140
カスタマーサクセス業務を変革したヘルススコアの実現と学び
_hummer0724
0
740
CSC307 Lecture 04
javiergs
PRO
0
660
OSSとなったswift-buildで Xcodeのビルドを差し替えられるため 自分でXcodeを直せる時代になっている ダイアモンド問題編
yimajo
3
630
Featured
See All Featured
First, design no harm
axbom
PRO
2
1.1k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
49
9.9k
Designing for humans not robots
tammielis
254
26k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
287
14k
BBQ
matthewcrist
89
10k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
baasie
0
450
Paper Plane (Part 1)
katiecoart
PRO
0
4.3k
A designer walks into a library…
pauljervisheath
210
24k
The Curious Case for Waylosing
cassininazir
0
240
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
65
The Art of Programming - Codeland 2020
erikaheidi
57
14k
Transcript
The Walking Dead A Survival Guide to Resilient Reactive Applications
Michael Nitschinger @daschl
the right Mindset 2
– U.S. Marine Corps “The more you sweat in peace,
the less you bleed in war.” 3
4
5
Not so fast, mister fancy tests! 6
What can go wrong? Always ask yourself 7
Fault Tolerance 101 8
Fault Error Failure A fault is a latent defect that
can cause an error when activated. 9
Fault Error Failure Errors are the manifestations of faults. 10
Fault Error Failure Failure occurs when the service no longer
complies with its specifications. 11
Fault Error Failure Errors are inevitable. We need to detect,
recover and mitigate them before they become failures. 12
Reliability is the probability that a system will perform failure
free for a given amount of time. MTTF Mean Time To Failure MTTR Mean Time To Repair 13
Availability is the percentage of time the system is able
to perform its function. availability = MTTF MTTF + MTTR 14
Expression Downtime/Year Three 9s 99.9% 525.6 min Four 9s 99.99%
52.56 min Four 9s and a 5 99.995% 26.28 min Five 9s 99.999% 5.256 min Six 9s 99.9999% 0.5256 min 100% 0 15
Pop Quiz! Edge Service User Service Session Store Data Warehouse
Wanted: 99.99% Availability ??? ??? ??? 16
Pop Quiz! Edge Service User Service Session Store Data Warehouse
Wanted: 99.99% Availability 99.99% 17 99.99% 99.99%
Pop Quiz! Edge Service User Service Session Store Data Warehouse
Wanted: 99.99% Availability ~99.999% ~99.999% ~99.999% 18
Fault Tolerant Architecture 19
Units of Mitigation are the basic units of error containment
and recovery. 20
Escalation is used when recovery or mitigation is not possible
inside the unit. 21
Escalation 22 Cluster Node Node Service Service Service Service Service
Endpoint Endpoint Endpoint Endpoint Endpoint
Escalation 23 Cluster Node Node Service Service Service Service Service
Endpoint Endpoint Endpoint Endpoint Endpoint
Escalation 24 Cluster Node Node Service Service Service Service Service
Endpoint Endpoint Endpoint Endpoint Endpoint
Escalation 25 Cluster Node Node Service Service Service Service Service
Endpoint Endpoint Endpoint Endpoint Endpoint
Redundancy Cost Active/Active Active/Standby N+M Active/Passive Cost Time To Recover
26
The Fault Observer receives system and error events and can
guide and orchestrate detection and recovery Unit Unit Observer Listener Listener Unit Unit 27
28
29
Detecting Errors 30
A silent system is a dead system. 31
A System Monitor helps to study behaviour and to make
sure it is operating as specified. http://upload.wikimedia.org/wikipedia/commons/3/3b/Mission_control_center.jpg 32
https://github.com/Netflix/Turbine 33
Periodic Checking Heartbeats monitor tasks or remote services and initiate
recovery Routine Exercises prevent idle unit starvation and surface malfunctions 34
35 Encoder( Encoder( Ne*y( Writes( Ne*y( Reads( Decoder( Decoder( Event
on Idle No Traffic Endpoint
Riding over Transients is used to defer error recovery if
the error is temporary. “‘Patience is a virtue’ to allow the true signature of an error to show itself.” - Robert S. Hanmer 36
37
And more! • Complete Parameter Checking • Watchdogs • Voting
• Checksums • Routine Audits 38
Recovery and Mitigation of Errors 39
Timeout to not wait forever and keep holding up the
resource. 40 X
Failover to a redundant unit when the error has been
detected and isolated. Cost Active/Active Active/Standby N+M Cost Time To Recover Redundancy Reminder 41
Intelligent Retries Time between Retries Number of Attempts Fixed Linear
Exponential 42
Restart can be used as a last resort with the
trade-off to lose state and time. 43
Fail Fast to shed load and give a partial great
service than a complete bad one. Boundary 44
Backpressure & Batching! 45
Case Study: Hystrix https://raw.githubusercontent.com/wiki/Netflix/Hystrix/images/hystrix-flow-chart-original.png 46
And more! • Rollback • Roll-Forward • Checkpoints • Data
Reset Recovery Mitigation • Bounded Queuing • Expansive Controls • Marking Data • Error Correcting Codes 47
And more! • Rollback • Roll-Forward • Checkpoints • Data
Reset Recovery Mitigation • Bounded Queuing • Expansive Controls • Marking Data • Error Correcting Codes 48
Recommended Reading 49
Patterns for Fault-Tolerant Software by Robert S. Hanmer 50
Release It! by Michael T. Nygard 51
Any Questions? 52
twitter @daschl email
[email protected]
Thank you! 53
daschl
fruitriin
ivargrimstad
suguruooki
tomtanaka
himorishige
ryunakayama
pandayumi
nearme_tech
yumechi
_hummer0724
javiergs
yimajo
axbom
chrisshort
mongodb
tammielis
stephaniewalter
matthewcrist
baasie
katiecoart
pauljervisheath
cassininazir
techseoconnect
erikaheidi
![twitter @daschl email [email protected] Thank you! 53](https://files.speakerdeck.com/presentations/8f24abb973b84de09bd696b927e1de18/slide_52.jpg){kind=link}