Upgrade to Pro — share decks privately, control downloads, hide ads and more …

When Failure is Not an Option: Processing Real ...

Oliver Gould
March 29, 2017
Technology
0
730

When Failure is Not an Option: Processing Real Money at Monzo with Kubernetes and Linkerd

In this talk, we describe how Monzo processes financial transactions involving real money and real people in way that's safe, secure, and resilient. We show how combining Kubernetes with Linkerd creates a highly adaptive system, where Kubernetes provides a baseline level of protection against hardware and software failures and Linkerd layers on request-level resilience, including including latency-aware load-balancing, intelligent retries, and service-level measures of success rates and latency. We show how the resulting system is resilient to a wide variety of failures and protects the financial transactions that flow through it from failure, yet still allows for a rapid pace of feature development and iteration.

Oliver Gould

March 29, 2017
Tweet

More Decks by Oliver Gould

See All by Oliver Gould
Conduit: Open source, Ultralight Service Mesh for Kubernetes
olix0r
0
300
The service mesh: Distributed resilience for a cloud-native world
olix0r
0
200
The Service Mesh
olix0r
0
170
Freeing the Whale: How to Fail at Scale
olix0r
0
130
The once and future layer 5: Resilient, Twitter-style microservices
olix0r
2
700
The Once and Future Layer 5:
Twitter-style Microservices at Scale with Finagle and linkerd #🎩💪✨
olix0r
1
380
Finagle, linkerd, and Mesos
Magic Operability Sprinkles for Microservices
olix0r
2
800
Finagle, linkerd, and Apache Mesos: Twitter-style microservices at scale
olix0r
1
1.1k
Kubernetes meets Finagle for Resilient Microservices
olix0r
4
2k

Other Decks in Technology

See All in Technology
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
Terraform CI/CD パイプラインにおける AWS CodeCommit の代替手段
hiyanger
1
240
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
オープンソースAIとは何か? --「オープンソースAIの定義 v1.0」詳細解説
shujisado
6
670
Amazon CloudWatch Network Monitor のススメ
yuki_ink
1
200
Terraform未経験の御様に対してどの ように導⼊を進めていったか
tkikuchi
2
430
マルチプロダクトな開発組織で 「開発生産性」に向き合うために試みたこと / Improving Multi-Product Dev Productivity
sugamasao
1
300
スクラムチームを立ち上げる〜チーム開発で得られたもの・得られなかったもの〜
ohnoeight
2
350
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
870
Can We Measure Developer Productivity?
ewolff
1
150
障害対応指揮の意思決定と情報共有における価値観 / Waroom Meetup #2
arthur1
5
470
透過型SMTPプロキシによる送信メールの可観測性向上: Update Edition / Improved observability of outgoing emails with transparent smtp proxy: Update edition
linyows
2
210

Featured

See All Featured
For a Future-Friendly Web
brad_frost
175
9.4k
How STYLIGHT went responsive
nonsquared
95
5.2k
Building Applications with DynamoDB
mza
90
6.1k
Writing Fast Ruby
sferik
627
61k
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
Optimizing for Happiness
mojombo
376
70k
Building Adaptive Systems
keathley
38
2.3k
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Keith and Marios Guide to Fast Websites
keithpitt
409
22k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
109
49k

Transcript

  1. Processing Real Money at Monzo with Kubernetes and Linkerd oliver

    beattie
 head of eng, monzo Kubecon EU, March 29, 2017 oliver gould
 creator, linkerd
 cto, buoyant inc. When Failure is Not an Option
  2. None
  3. None
  4. None

  5. Improving everyone’s relationship with their money

  6. Fast-paced tech startup but also a Regulated retail bank

  7. Extensible Efficient Resilient Secure

  8. None

  9. Reduced infrastructure spend 60% by moving to Kubernetes

  10. Host A Host B Service A Service B

  11. Load balancing Tracing Circuit breakers Retries Canarying Load shedding Error

    tracking Metrics Service discovery Logging Timeouts Expirations Security policies Back-offs Retry budgets Dynamic routing

  12. Host A Host B Service A Service B

  13. linkerd

  14. datacenter [1] physical [2] link [3] network [4] transport 


    
 kubernetes, mesos, swarm, … 
 canal, weave, … aws, azure, digitalocean, gce, … business languages, libraries [7] application rpc [5] session [6] presentation json, protobuf, thrift, … linkerd

  15. datacenter [1] physical [2] link [3] network [4] transport linkerd-tcp

    
 kubernetes, mesos, swarm, … 
 canal, weave, … aws, azure, digitalocean, gce, … business languages, libraries [7] application rpc [5] session [6] presentation json, protobuf, thrift, … linkerd

  16. Linkers and Loaders, John R. Levine, Academic Press

  17. a historical perspective: tcp/ip 1975: Internet Protocol Suite Layer 3:

    /etc/hosts Layer 4: /etc/services

  18. 
 Entire companies were formed around selling TCP/IP stacks before

    Windows 95. REMINDER

  19. a historical perspective: dns 1984: Domain Name Service /etc/hosts-as-a-service

  20. host app: b app: a app: c service: a host

    app: a app: b app: a the new world of service discovery!

  21. what would a cloud native linker do?

  22. logical naming applications refer to logical names
 requests are bound

    to concrete names
 delegations express routing /svc/users /#/io.l5d.zk/prod/users /#/io.l5d.k8s/staging/http/users /svc => /#/io.l5d.k8s/prod/http

  23. per-request routing: staging GET / HTTP/1.1
 Host: mysite.com
 l5d-dtab: /s/B

    => /s/B2

  24. per-request routing: debug proxy GET / HTTP/1.1
 Host: mysite.com
 l5d-dtab:

    /s/E => /s/P/s/E

  25. observability counters (e.g. client/users/failures) histograms (e.g. client/users/latency/p99) tracing

  26. linkerd-viz

  27. tracing

  28. timeouts & retries timelines users web db timeout=400ms retries=3 timeout=400ms

    retries=2 timeout=200ms retries=3 timelines users web db

  29. timeouts & retries timelines users web db timeout=400ms retries=3 timeout=400ms

    retries=2 timeout=200ms retries=3 timelines users web db 800ms! 600ms!

  30. deadlines timelines users web db timeout=400ms deadline=323ms deadline=210ms 77ms elapsed

    113ms elapsed

  31. retries typical: retries=3

  32. retries typical: retries=3 worst-case: 300% more load!!!

  33. budgets typical: retries=3 better:
 retryBudget=20% worst-case: 300% more load!!! worst-case:

    20% more load

  34. load shedding via cancellation timelines users web db timelines users

    web db timeout!

  35. load shedding via cancellation timelines users web db timelines users

    web db timeout!

  36. backpressure timelines users web db timelines users web db 1000

    requests 100 requests 1000 requests

  37. backpressure timelines users web db timelines users web db 1000

    failed 1000 failed

  38. backpressure timelines users web db 100 ok 100 ok 100

    ok + 900 failed/redirected/etc

  39. lb algorithms: • round-robin • fewest connections • queue depth

    • exponentially-weighted moving average (ewma) • aperture request-level load balancing

  40. github.com/linkerd/linkerd • Donated to CNCF in January 2017! • K8s

    Ingress API in the next release • gRPC and HTTP/2 battle testing • Fine-grained client policy API • Hitting 1.0 this next month! • Help us test RC1 this week

  41. github.com/linkerd/linkerd-tcp • LIghtweight, service-discovery-aware TCP LB • Supports endpoint weighting

    • Modern TLS: ALPN, SNI, forward secrecy, … • Written in Rust: native, safe, fast, & tiny! • Currently beta: get involved!

  42. linkerd.io slack.linkerd.io monzo.com/careers