[dry goods!!] Understand redis cache penetration, breakdown and avalanche in three sentences

Time:2022-5-7

preface

How to effectively understand and distinguish the differences between IDS penetration, breakdown and avalanche has always bothered me. In particular, penetration and breakdown are confused after a period of time.

In order to effectively help the author himself and friends with the same troubles, distinguish these three scenes. The author summarizes somekey word, I hope you can distinguish and understand the differences between the three scenes through association like me!

Cache penetration:

key wordThrough redis and database

When there is no data we want in redis or database, we need to consider the problem of cache penetration

You will use the following logic more often: first go to redis to find a resource. If you can’t find it in redis, go to DB. After it is found in dB, write back a data to redis.
[dry goods!!] Understand redis cache penetration, breakdown and avalanche in three sentences

This logic is not a big problem under normal circumstances, but if the user maliciously repeatedly requests resource x, the resource does not exist in redis and DB. Then every request will directly hit the DB, and even cause the physical DB to go down.

Solution

1. Cache empty results

If the system finds that the resource does not exist in redis and DB, it will cache the empty result for a period of time. It should be noted that the failure time cannot be set too long this time, otherwise the effectiveness of the data will cause great problems.

2. User legitimacy verification

Verify the legitimacy of the user’s request and intercept malicious repeated requests

3. Bloom filter

Don’t panic when you see this noun. In short, the purpose of Bloom filter is to help you determine whether a value exists.

For example:
Suppose we now have a bit array with a length of 9. Each position of the array can only hold 1 or 0. 1 indicates that the position is occupied, and 0 indicates that the position is not used.

  1. For key1, we hash it with the help of three hash functions
  2. Then the obtained three hash values are modulo 9.
  3. Finally, the three modulus values are dropped into the bit array.
  4. Key2 and Key3 are processed again in the same way.

Key value | modulus value

key1 | 1、4、6
key2 | 2、5、7
key3 | 6、8、9

[dry goods!!] Understand redis cache penetration, breakdown and avalanche in three sentences
Finally, we will find that only position 3 in the bit array is empty. If a new key4 comes at this time, and the hash values obtained by the three hash algorithms are 1, 2 and 3, we can conclude that key4 must not exist.
[dry goods!!] Understand redis cache penetration, breakdown and avalanche in three sentences

The principle of Bloom filter is relatively simple. Here we need to note that the bloom filter may have the possibility of misjudgment, but it can still help you intercept most of the data that must not exist.

Buffer breakdown

key wordFixed point strike

Imagine if all requests are directed at a key, is this a fixed-point attack?

How to understand? Take an extreme example: for example, a star broke a shocking and cruel news. A large number of melon eaters visited the microblog to view the gossip news at the same time, and the data in the microblog redis cluster just expired at the moment, so countless requests directly hit the physical dB of the microblog system, and the DB hung up instantly.

Solution

1. Hotspot data never expires

For example, we can set the cache time of a key to 25 hours, and then a job in the background will refresh the hot data in batches every 24 hours. This problem can be solved

2. Use mutex

It is easy to affect the throughput. For most projects, it is appropriate to set the hotspot key to never expire

Cache avalanche

key word:Redis crashed and there is no data

The redis crash here does not mean that the redis cluster is down. It means that at some point, the hotspot keys in the redis cluster are invalid.

If the hot keys in the cluster fail at the same time at a certain time, imagine that a large number of requests will be directly hit to the DB, and the DB may be blown up in an instant.

Solution

1. Redis expiration time plus random number

Redis failure time plus random number is a more ingenious solution. To a certain extent, it reduces the instantaneous pressure of DB, but this scheme also increases the maintenance cost to a certain extent.

2. Redis never expires

The implementation scheme is briefly mentioned above

summary

Finally, let’s return to the theme!

How to easily distinguish redis cache penetration, breakdown and avalanche through association
  • Cache penetration – Cross (bypass) redis and DB to get you
  • Cache breakdown – Fixed Point attack to get you
  • Cache avalanche — hot keys fail at the same time at a certain time

If you think the article is well written, give the author a compliment. Your encouragement is the greatest support for the author’s creation!!!!!!

Recommended Today

[Android] materialdatepicker usage notes

Materialdatepicker usage background Previously, we used datepicker for program development. But because my tablet is Nokia N1. The system is always stopped on version 5.1, and datepicker cannot be used. So we must think of another solution to replace it. Replace here with materialdatepicker. Here, try the selection method of time period of materialdatepicker. Gradle […]