Alibaba has developed a set of industry-leading high availability technologies after more than ten years of double 11. Some of them have been commercialized (PTS and AHAs), while others have been open source, such as sentinel and chaosblade. Our series of high availability chapters also focus on this aspect. Today, we will introduce the core competence of the open source product sentinel.
In a common distributed application, a request first arrives at the gateway through the terminal, then goes through the firewall and network load balancing, which also includes calling other downstream services and third-party applications to reach the front-end network services, as shown in the figure below.
Like such an architecture, you may encounter some familiar cases as follows:
- The instantaneous peak flow caused the system to exceed the maximum load, the load soared, and the system collapsed, resulting in the failure to provide normal services.
- “Black horse” hot data breakdown cache, dB was destroyed, crowding out normal traffic.
- The callers are dragged down by unstable services, and the thread pool is full, resulting in the whole call link stuck or even system avalanche
These unstable scenarios can lead to serious consequences. You may want to ask: how to achieve uniform and smooth user access? How to prevent the impact of excessive traffic or unstable service? At this time, we need to bring out the magic weapon of microservice stability – high available traffic protection, in which the important means are traffic control and fuse degradation, which are important to ensure the stability of the whole system.
Traffic is very random and unpredictable. The first second may be calm, and the next second may have a flood peak (for example, the scene of double 11:00). However, the capacity of our system is always limited. If the sudden traffic exceeds the system’s capacity, it may lead to the failure of processing requests, slow processing of accumulated requests, high CPU / load, and finally system crash. Therefore, we need to limit this kind of burst traffic to ensure that the service will not be destroyed while processing the request as much as possible, which is called traffic control.
A service often calls other modules, such as another remote service, database, or third-party API. For example, when paying, you may need to call the API provided by UnionPay remotely; when querying the price of a commodity, you may need to query the database. However, the stability of this dependent service cannot be guaranteed. If the dependent service is unstable and the response time of the request becomes longer, the response time of the method calling the service will also become longer, and the threads will accumulate, which may eventually exhaust the thread pool of the business itself, and the service itself will become unusable.
What to do in spring cloud?
In the original spring cloud product family, there is its own fusing component hystrix, which is an open source component provided by Netflix company. It provides fusing, isolation and degradation features. However, since November 2018, hystrix has stopped iterative development and entered the maintenance mode. But the good news is that spring cloud for Alibaba product family was opened this year. Sentinel is a perfect supplement to hystrix. Here’s a brief introduction to sentinel.
How does sentinel work?
Sentinel takes the resource traffic (URL, thread, local function, Dubbo service, etc.) as the breakthrough point, according to the rules of user input, adaptively achieves multiple dimensions, such as traffic control, fuse degradation, system load protection, etc., to ensure the stability of the system in an all-round way. It also provides a set of perfect high availability solution products with rich application scenarios, complete real-time monitoring, extensive open-source ecology, perfect and flexible SPI extension points. A basic schematic diagram is as follows, please refer to for detailsOfficial documents。
In terms of usage, the mainstream framework provides the ability of automatic adaptation by default to define the resources to be protected, and provides facilities for real-time statistics and call link analysis of resources. At the same time, sentinel also provides an open interface for you to customize and change rules.
How to use sentinel quickly
In addition to the solutions provided by open source, sentinel has entered into the combined solutions of various cloud products in various forms, as follows:
1、 Use in AHAS
Sentinel is now an important capability of Alibaba cloud product AHAS. Please refer toOfficial documentsCompared with open source access, cloud products mainly save the tedious configuration, provide faster access mode, more friendly product control interface, and more powerful capabilities; of course, in addition, the most important thing is that in the process of access and operation, they can get the direct support of the original students.
2、 Using in container service kubernetes cluster
In the container service, we have installed it in the way of pure white screen and cloud native. Please refer toOfficial documentsAfter the pilot is installed in the cluster, the pod marked with the corresponding AHAS annotation in the cluster will be automatically selected to mount the sentinel agent. The configuration is as follows:
annotations: #Whether to open the AHAS application flow control plug-in, on and true means to open, off and false means to close ahasPilotAutoEnable: "on" #The name of the service will be displayed on the AHAS console ahasAppName: "<your-service-name>"
3、 Use in EDAs
In EDAs, if you choose the application deployed in container service k8s cluster or serverless k8s cluster, you can access AHAS through re deployment, and monitor the traffic rules in real time in the monitoring page embedded in EDAs. All the configuration capabilities can be completed through a console white screen operation, which can fully and visually guarantee the availability of your application, and the use mode can be changedReference documents。
This paper briefly introduces the background and means of high availability traffic protection. In the scene of fusing, we understand the accumulation of ten years and polish the high availability product AHAS to escort the application of kubernetes spring cloud. In addition, AHAS high availability protection also provides the following capabilities:
- For the unstable weak dependence of fuse degradation ability, it supports slow call ratio / abnormal ratio strategy, and supports progressive recovery strategy.
- Machine dimension system adaptive protection, intelligent deployment of system traffic
- Automatic hosting and highly available cluster traffic control
- Gateway flow control for nginx gateway and API gateways such as spring cloud gateway and zuul
- Mesh high availability protection for istio / envoy cluster
This article is the original content of Alibaba cloud and cannot be reproduced without permission.