Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Increasing confidence in your system before the...

Matt Jacobs
October 08, 2019
Programming
1
130

Increasing confidence in your system before the next outage

As our systems are growing more complex, we’ve come up with a standard set of ideas to help manage the dependencies between components. Ideas like timeouts, concurrency bounds, and circuit breakers let us control these interactions.

However, these ideas are complex too. Each of them has a variety of knobs to tune, and they’re rarely exercised in steady-state. So there’s a lot of opportunity for them to behave poorly when called upon, and especially when a few of them kick in at once.

My talk will show how to use chaos engineering to increase confidence in your usage and tuning of timeouts, concurrency bounds, and circuit breakers. You can use these ideas to understand your system better and hopefully make future incidents more manageable.

Matt Jacobs

October 08, 2019
Tweet

More Decks by Matt Jacobs

See All by Matt Jacobs
RxJava: Reactive Extensions in Scala
mattrjacobs
1
5.1k

Other Decks in Programming

See All in Programming
AWS IaCの注目アップデート 2024年10月版
konokenj
3
3.3k
最新TCAキャッチアップ
0si43
0
140
Kaigi on Rails 2024 〜運営の裏側〜
krpk1900
1
200
ピラミッド、アイスクリームコーン、SMURF: 自動テストの最適バランスを求めて / Pyramid Ice-Cream-Cone and SMURF
twada
PRO
10
1.3k
「今のプロジェクトいろいろ大変なんですよ、app/services とかもあって……」/After Kaigi on Rails 2024 LT Night
junk0612
5
2.1k
シェーダーで魅せるMapLibreの動的ラスタータイル
satoshi7190
1
480
TypeScriptでライブラリとの依存を限定的にする方法
tutinoko
2
660
Ethereum_.pdf
nekomatu
0
460
EventSourcingの理想と現実
wenas
6
2.3k
初めてDefinitelyTypedにPRを出した話
syumai
0
400
Creating a Free Video Ad Network on the Edge
mizoguchicoji
0
120
Jakarta Concurrencyによる並行処理プログラミングの始め方 (JJUG CCC 2024 Fall)
tnagao7
1
290

Featured

See All Featured
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Thoughts on Productivity
jonyablonski
67
4.3k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
Being A Developer After 40
akosma
86
590k
A better future with KSS
kneath
238
17k
Agile that works and the tools we love
rasmusluckow
327
21k
Ruby is Unlike a Banana
tanoku
97
11k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
BBQ
matthewcrist
85
9.3k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k

Transcript

  1. None
  2. None

  3. 3

  4. 4

  5. None
  6. None
  7. None
  8. None
  9. None
  10. None
  11. None
  12. None

  13. 13

  14. None
  15. None
  16. None

  17. recommendations-demo

  18. None
  19. None
  20. None
  21. None
  22. None

  23. • Fail Recommendations Service at 10% • Expectation is that

    overall service will fail at 10%, since we haven’t done any work to remediate (yet)
  24. None
  25. None
  26. None
  27. None
  28. None
  29. None
  30. None

  32. None

  34. None

  35. 35

  36. • Now fallback data from S3 is being served whenever

    a Users OR Recommendations failure is encountered • Fail Recommendations Service at 10% • Expectation is that customers get 90% personalized responses, 10% unpersonalized responses, and no errors
  37. None
  38. None
  39. None

  40. • •

  41. None
  42. None

  43. • What’s the maximum we want the customer to wait?

    • How many resources can we spend per-request waiting?

  44. • Threads ◦ • File Descriptors • Locks held •

    Memory • CPU scheduler
  45. None
  46. None

  47. 47

  48. None

  50. None
  51. None

  52. • Add 7500ms to 100% of Recommendations Service • Expectation

    is that resources will be spent waiting for response - some will succeed and some will fail
  53. None
  54. None
  55. None
  56. None
  57. None
  58. None
  59. None

  60. • Add concurrency bounds to users and recommendations • Add

    7500ms to 100% of Recommendations Service • Expectation is that resources will be spent waiting for response - but service will remain healthy. • No errors, but fallback logic should get hit
  61. None
  62. None
  63. None
  64. None

  65. • •

  67. • Explicit state transitions are a useful way to think

    about the problem. • Can fail even faster than timeouts • Manual triggering of circuit open/closed is really valuable for operators • Relieves pressure on downstreams

  68. • Lot of configuration to set and validate • If

    timeouts are already being used, that should be sufficient for user-facing latency • If concurrency-bounds are already being used, that should be sufficient for system stability • Can introduce many more failures that would happen naturally ◦ • Which failures open? ◦ ◦

  69. • ◦ ◦ ◦

  70. None

  71. 71

  72. • UI resiliency - what happens when certain endpoints fail

    or are slow? • Finding hidden dependencies • Testing your monitoring • Testing your incident response • Testing your autoscaling rules • Testing your region evacuation strategy • Onboarding new SREs • (many more)
  73. None

  74. • Gremlin.com • https://github.com/dastergon/awesome-chaos-engineering •