evolve or die
play

Evolve or Die High-Availability Design Principles Drawn from - PowerPoint PPT Presentation

Dec 30, 2022 •9 likes •959 views

Ramesh Govindan, Ina Minei, Mahesh Kallahalla, Bikash Koley and Amin Vahdat and a cast of hundreds at Google Evolve or Die High-Availability Design Principles Drawn from Googles Network Infrastructure Network availability is the

  1. Ramesh Govindan, Ina Minei, Mahesh Kallahalla, Bikash Koley and Amin Vahdat … and a cast of hundreds at Google Evolve or Die High-Availability Design Principles Drawn from Google’s Network Infrastructure

  2. Network availability is the biggest challenge facing large content and cloud providers today 2

  3. Why? The push towards higher 9s of availability At four 9s availability ❖ Outage budget is 4 mins per month At five 9s availability ❖ Outage budget is 24 seconds per month 3

  4. How do providers achieve these levels? By learning from failures 4

  5. Paper’s What has Google Learnt from Focus Failures? Why is high What are the What design network characteristics principles can availability a of network achieve high challenge? availability availability? failures? 5

  6. Velocity of Evolution Scale Management Complexity Why is high network availability a challenge? 6

  7. Evolution Network hardware evolves continuously Capacity Jupiter Watchtowe r Firehose 1.0 Saturn Firehose 1.1 4 Post Time 7

  8. Evolution So does network software QUIC gRPC Jupiter Freedome Andromeda BwE B4 Watchtower Google Global 2014 Cache 2012 2010 2008 2006 8

  9. Evolution New hardware and software can ❖ Introduce bugs ❖ Disrupt existing software Result: Failures! 9

  10. Other ISPs B4 B2 Scale and Complexity Data centers 10

  11. Scale and Complexity Design Differences B4 and Data Centers ❖ Use merchant silicon chips ❖ Centralized control planes B2 ❖ Vendor gear ❖ Decentralized control plane 11

  12. Scale and Complexity Design Differences These differences increase management complexity and pose availability challenges 12

  13. The Management Plane Manages network Management Plane Software evolution 13

  14. Management Plane Temporarily Operations remove from service Connect a new data Upgrade B4 or data Drain or undrain links, center to B2 and B4 center control plane switches, routers, software services Many operations require multiple steps and can take hours or days 14

  15. The Low-level abstractions for Management Plane management operations ❖ Command-line interfaces to high capacity routers A small mistake by operator can impact a large part of network 15

  16. Duration, Severity, Prevalence Root-cause Categorization Why is high network availability a challenge? What are the characteristics of network availability failures? 16

  17. Key Takeaway Content provider networks evolve rapidly The way we manage evolution can impact availability We must make it easy and safe to evolve the network daily 17

  18. We analyzed over 100 Post- mortem reports written over a 2 year period 18

  19. Blame-free process What is a Post-mortem? Carefully curated description of a previously unseen failure that had significant availability impact Helps learn from failures 19

  20. What a Post- Mortem Description of failure, with detailed timeline Contains Root-cause(s) confirmed by reproducing the failure Discussion of fixes, follow up action items 20

  21. Failure Examples Examples and Impact ❖ Entire control plane fails ❖ Upgrade causes backbone traffic shift ❖ Multiple top-of-rack switches fail Impact ❖ Data center goes offline ❖ WAN capacity falls below demand ❖ Several services fail concurrently 21

  22. Key Quantitative 70% of failures occur when management plane operation is Results in progress Evolution impacts availability Failures are everywhere: all three networks and three planes see comparable failure rates No silver bullet 80% of failure durations between 10 and 100 minutes Need fast recovery 22

  23. Root causes Lessons learned from root causes motivate availability design principles 23

  24. Re-Think Management Plane Why is high network availability Avoid and Mitigate Large Failures a challenge? Evolve or Die What are the characteristics of network availability failures? What design principles can achieve high availability? 24

  25. Re-think the Management Plane 25

  26. Availability Principle Operator types wrong CLI command, runs wrong script Backbone router fails Minimize Operator Intervention 26

  27. Availability Principle Necessary for upgrade-in-place To upgrade part of a large device… ❖ Line card, block of Clos fabric … proceed while rest of device carries traffic ❖ Enables higher availability 27

  28. Availability Principle Risky! Ensure residual capacity > demand Early risk assessments were manual High packet loss Assess risk continuously 28

  29. Re-think the Management “Intent” Plane I want to upgrade this router Management Plane Software Management Device Tests to Verify Operations Configurations Operation 29

  30. Re-think the Management Device Tests to Verify Management Operations Configurations Operation Plane Management Plane Run-time Apply Configuration Perform management Automated operation Risk Verify operation Assessment Minimize Assess Operator Risk Intervention Continuously 30

  31. Avoid and Mitigate Large Failures 31

  32. Availability Principle B4 and data-centers have dedicated control- plane network ❖ Failure of this can bring down entire control plane Contain failure Fail open radius 32

  33. Fail Open Centralized Control Plane Data center Traffic Exceedingly tricky! Preserve forwarding state of all switches ❖ Fail-open the entire data center 33

  34. Availability Principle A bug can cause state inconsistency between control plane components ➔ Capacity reduction in WAN or data center Design fallback strategies 34

  35. Design Fallback Strategies B4 A large section of the WAN fails, so demand exceeds capacity 35

  36. Design Fallback Strategies B4 Can shift large B2 traffic volumes from many data centers Fallback to B2! 36

  37. Design Fallback Strategies When centralized traffic engineering fails... ❖ … fallback to IP routing Big Red Buttons ❖ For every new software upgrade, design controls so operator can initiate fallback to “safe” version 37

  38. Evolve or Die! 38

  39. We cannot treat a change to the network as an exceptional event 39

  40. Evolve or Die Make change the common case Make it easy and safe to evolve the network daily ❖ Forces management automation ❖ Permits small, verifiable changes 40

  41. Conclusion Content provider networks evolve rapidly The way we manage evolution can impact availability We must make it easy and safe to evolve the network daily 41

  42. Evolve or Die High-Availability Design Principles Drawn from Google’s Network Infrastructure Presentation template from SlidesCarnival

  43. Older Slides 43

  44. Popular root- cause categories Cabling error, interface card failure, cable cut…. 44

  45. Popular root- cause categories Operator types wrong CLI command, runs wrong script 45

  46. Popular root- cause categories Incorrect demand or capacity estimation for upgrade-in-place 46

  47. Upgrade in place 47

  48. Assessing Risk Correctly Residual Capacity? Demand? Varies by interconnect Can change dynamically 48

  49. Popular root- cause categories Hardware or link layer failures in control plane network 49

  50. Popular root- cause categories Two control plane components have inconsistent views of control plane state, caused by bug 50

  51. Popular root- cause categories Running out of memory, CPU, OS resources (threads)... 51

  52. Lessons from Failures The role of evolution The prevalence of Long failure durations in failures large, severe, failures ▸ Recover fast ▸ Rethink the ▸ Prevent and Management mitigate large Plane failures 52

  53. High-level Management “Intent” Plane Abstractions I want to upgrade this router Why is this difficult? Modern high capacity routers: ❖ Carry Tb/s of traffic ❖ Have hundreds of interfaces ❖ Interface with associated optical equipment ❖ Run a variety of control plane protocols: MPLS, IS-IS, BGP all of which have network-wide impact ❖ Have high capacity fabrics with complicated dynamics ❖ Have configuration files which run into 100s of thousands of lines 53

  54. High-level Management “Intent” Plane Abstractions I want to upgrade this router Management Plane Software Management Device Tests to Verify Operations Configurations Operation 54

  55. Management Management Device Tests to Verify Plane Operations Configurations Operation Automation Management Plane Software Apply Configuration Perform management operation Verify operation Minimize Assess Operator Risk Intervention Continuously 55

  56. Large Control Centralized Control Plane Plane Failures 56

  57. Contain the blast radius Centralized Centralized Control Plane Control Plane Smaller failure impact, but increased complexity 57

  58. Fail-Open Centralized Control Plane Preserve forwarding state of all switches ❖ Fail-open the entire fabric 58

  59. Defensive One piece of this large update Control-Plane seems wrong!! Design Topology TE Server Modeler BwE Gateway 59

  60. Trust but Verify Let me check the correctness of the update... Topology TE Server Modeler BwE Gateway 60

Recommend

EVolve Houston Shared Vision and Roadmap for the Greater Houston Area Presented by : EVolve

EVolve Houston Shared Vision and Roadmap for the Greater Houston Area Presented by : EVolve

EVolve Houston Shared Vision and Roadmap for the Greater Houston Area Presented by : EVolve Houston Coalition www.EVolveHouston.org EVolve Houston EVolve Houston is a coalition of sustainability-minded business leaders who want to accelerate

152 views • 4 slides
Instrumenting Your Business For Success With DevOps Robert Benefield Evolve Beyond, Ltd

Instrumenting Your Business For Success With DevOps Robert Benefield Evolve Beyond, Ltd

Instrumenting Your Business For Success With DevOps Robert Benefield Evolve Beyond, Ltd rbenefield@evolvebeyond.com About Me CTO, Evolve Beyond @leandevops Over 20 years of experience in Development, Operations and Executive levels from

602 views • 32 slides
Evolve Recycling Industry Leading Inkjet, Toner and Small Electronics Recycling Program for

Evolve Recycling Industry Leading Inkjet, Toner and Small Electronics Recycling Program for

Evolve Recycling Industry Leading Inkjet, Toner and Small Electronics Recycling Program for Businesses of all Sizes Recycling Program for Businesses of all Sizes Evolve Recycling Driving to Enhance our Environment Evolve Recycling Overview

344 views • 11 slides
Its Time To Evolve: O u r F u t u r e a s N o n p r o f i t L e a d e r s PRESENTER

Its Time To Evolve: O u r F u t u r e a s N o n p r o f i t L e a d e r s PRESENTER

2016 U.P. Nonprofit Conference Its Time To Evolve: O u r F u t u r e a s N o n p r o f i t L e a d e r s PRESENTER Matthew Downey Program Director of Nonprofit Services Dorothy A. Johnson Center for Philanthropy

687 views • 33 slides
It's time to evolve. Change your MOP! Until now, you have been using a mop and bucket to clean

It's time to evolve. Change your MOP! Until now, you have been using a mop and bucket to clean

Scrubbing machine LITHIUM-ION BATTERY TECHNOLOGY It's time to evolve. Change your MOP! Until now, you have been using a mop and bucket to clean floors, but now you can scrub and dry with FIMOP: the solution to replace manual floor cleaning

617 views • 35 slides
The Box - Plymouth 3 4 Culture is necessary for human beings to evolve into better

The Box - Plymouth 3 4 Culture is necessary for human beings to evolve into better

The Box - Plymouth 3 4 Culture is necessary for human beings to evolve into better creatures. It helps us get a life Vivienne Westwood 5 Johannes Vermeer 6 Rembrandt van Rijn 7 Vincent van Gogh 8 Contemporary artists tend to

1.03k views • 75 slides
Evolve with EcoSystem Call: +61 2 8916 6391 Level 5, 14 Martin Place www.enov8.com Sydney, NSW,

Evolve with EcoSystem Call: +61 2 8916 6391 Level 5, 14 Martin Place www.enov8.com Sydney, NSW,

Evolve with EcoSystem Call: +61 2 8916 6391 Level 5, 14 Martin Place www.enov8.com Sydney, NSW, 2000 Govern > Measure > Standardise > Automate EcoSystem EM* IT & Test Environment Manager Evolve with EcoSystem Call: +61 2 8916

269 views • 9 slides
Learn. Experience. Evolve. We Believe In extending educa5on

Learn. Experience. Evolve. We Believe In extending educa5on

Srishti School of Art, Design & Technology Learn. Experience. Evolve. We Believe In extending educa5on beyond the gated and the preserved It should be permeable

280 views • 17 slides
Classification of the Dinosauria Dinosaurs are vertebrates Evolve in the Cambrian along with

Classification of the Dinosauria Dinosaurs are vertebrates Evolve in the Cambrian along with

Classification of the Dinosauria Dinosaurs are vertebrates Evolve in the Cambrian along with other multicellular animals Tissues mineralized with calcium phosphate - teeth, bones, spines, plates, scutes Spinal cord usually protected

183 views • 14 slides
Evolve with EcoSystem Call: +61 2 8916 6391 Level 5, 14 Martin Place www.enov8.com Sydney, NSW,

Evolve with EcoSystem Call: +61 2 8916 6391 Level 5, 14 Martin Place www.enov8.com Sydney, NSW,

Evolve with EcoSystem Call: +61 2 8916 6391 Level 5, 14 Martin Place www.enov8.com Sydney, NSW, 2000 Govern > Measure > Standardise > Automate EcoSystem RM* IT Resilience Manager Evolve with EcoSystem Call: +61 2 8916 6391 Level

380 views • 10 slides
Primary Outcomes of the EVOLVE II Trial: A Prospective Randomized Investigation of a Novel

Primary Outcomes of the EVOLVE II Trial: A Prospective Randomized Investigation of a Novel

Primary Outcomes of the EVOLVE II Trial: A Prospective Randomized Investigation of a Novel Bioabsorbable Polymer-Coated, Everolimus-Eluting Coronary Stent Dean J. Kereiakes The Christ Hospital Heart and Vascular Center/ The Lindner Research

703 views • 26 slides
An Olympia masterplan for everyone Overview Our masterplan vision is to evolve Olympia in to a

An Olympia masterplan for everyone Overview Our masterplan vision is to evolve Olympia in to a

An Olympia masterplan for everyone Overview Our masterplan vision is to evolve Olympia in to a new cultural district for west London; a hub for the creative industries in art, music and entertainment. With multiple world-class performing arts

360 views • 7 slides
Outline 1 Basics 2 Traceability links 3 Evolve requirements 4 Way More Stuff Requirements

Outline 1 Basics 2 Traceability links 3 Evolve requirements 4 Way More Stuff Requirements

Basics Traceability links Evolve requirements Way More Stuff Outline 1 Basics 2 Traceability links 3 Evolve requirements 4 Way More Stuff Requirements Engineering - DOORS 2/ 20 Matthieu Vergne ( vergne@fbk.eu ) FBK - ICT Doctoral School

1.04k views • 79 slides
COVID-19 HPE RESPONSE WERE HERE TO HELP YOUR ORGANIZATION RECOVER, EVOLVE AND THRIVE We

COVID-19 HPE RESPONSE WERE HERE TO HELP YOUR ORGANIZATION RECOVER, EVOLVE AND THRIVE We

HERE TO HELP COVID-19 HPE RESPONSE WERE HERE TO HELP YOUR ORGANIZATION RECOVER, EVOLVE AND THRIVE We took decisive steps to ensure our team member safety and well-being Crisis Management Team activated in KEEP January

343 views • 17 slides
North Carolina Division of Vocational Rehabilitation Offering New Solutions to Evolve Your

North Carolina Division of Vocational Rehabilitation Offering New Solutions to Evolve Your

North Carolina Division of Vocational Rehabilitation Offering New Solutions to Evolve Your Workforce The Dual Customer Approach People with Disabilities Obtain and maintain suitable employment Businesses Reduce hiring process time and costs,

367 views • 7 slides
CH CHALLENGES ALLENGES OF OF CS CSR Intr troduction oduction CSR continues to evolve CSR

CH CHALLENGES ALLENGES OF OF CS CSR Intr troduction oduction CSR continues to evolve CSR

CH CHALLENGES ALLENGES OF OF CS CSR Intr troduction oduction CSR continues to evolve CSR a shift from CWP CSR lends toward Sustainability Pu Purvi view ew -Drivers -Challenges -Innovations People -JSL CSR Initiatives

898 views • 21 slides
Divide-and-Evolve An Evolutionary Metaheuristic for Domain- Independent Satisficing Planning ,2 ,

Divide-and-Evolve An Evolutionary Metaheuristic for Domain- Independent Satisficing Planning ,2 ,

Divide-and-Evolve An Evolutionary Metaheuristic for Domain- Independent Satisficing Planning ,2 , Pierre Savant 2 , Marc Schoenauer 1 , Vincent Vidal 3 Jacques Bibai 1 7th Annual HUMIES Awards GECCO 2010 1 Project-team TAO, INRIA Saclay

656 views • 14 slides
SHIFTING IDENTITIES, HOW DOES HERITAGE EVOLVE Experiences Shared from Indonesia by: Catrini

SHIFTING IDENTITIES, HOW DOES HERITAGE EVOLVE Experiences Shared from Indonesia by: Catrini

SHIFTING IDENTITIES, HOW DOES HERITAGE EVOLVE Experiences Shared from Indonesia by: Catrini Pratihari Kubontubuh Chairpeson of BPPI-Indonesian Heritage Trust INTO Executive Committee Member INTBAU 2016 World Congress Programme London, 14-15

660 views • 34 slides
How do galaxies evolve into the forms they have today? Spheroid Galaxies Disk Galaxies Hubble

How do galaxies evolve into the forms they have today? Spheroid Galaxies Disk Galaxies Hubble

How do galaxies evolve into the forms they have today? Spheroid Galaxies Disk Galaxies Hubble 1936 Susan Kassin (Space Telescope Science Institute) Raymond Simons (Johns Hopkins), Camilla Pacifici (STScI), DEEP2 & SIGMA Survey teams, VELA

598 views • 59 slides
How do you evolve your data infrastructure? Neelesh Srinivas Salian Strata Data Conference,

How do you evolve your data infrastructure? Neelesh Srinivas Salian Strata Data Conference,

How do you evolve your data infrastructure? Neelesh Srinivas Salian Strata Data Conference, London May 1, 2019 Stitch Fix Personalized styling service serving Men, Women, and Kids Founded in 2011, Led by CEO & Founder, Katrina Lake

1.47k views • 64 slides
Catalyst: Evolve Briefing Session Outline for the Session 1.30pm Welcome and Introductions

Catalyst: Evolve Briefing Session Outline for the Session 1.30pm Welcome and Introductions

Catalyst: Evolve Briefing Session Outline for the Session 1.30pm Welcome and Introductions Amanda Rigali, Arts Fundraising & Philanthropy 1.35pm Arts Council England introduction Anna Mandlik, Senior Manager, London 1.45pm

771 views • 38 slides
Air Carrier Pilot Training AABI Luncheon Atlanta, GA Feb 25, 2016 Why Evolve? Capacity

Air Carrier Pilot Training AABI Luncheon Atlanta, GA Feb 25, 2016 Why Evolve? Capacity

Recent Evolution of Air Carrier Pilot Training AABI Luncheon Atlanta, GA Feb 25, 2016 Why Evolve? Capacity pressure at our nations airports Changes to the National Airspace System Performance-based Navigation Adaptation of

311 views • 16 slides
Evolve Leadership to Promote Justice in Child Welfare Introduction to the ABA Safety Guide for

Evolve Leadership to Promote Justice in Child Welfare Introduction to the ABA Safety Guide for

Evolve Leadership to Promote Justice in Child Welfare Introduction to the ABA Safety Guide for Judges and Lawyers ____________ A Practical Learning Experience Speed networking 1. What do you hope is accomplished during this training

640 views • 24 slides
Strategies for supporting European schools to evolve into open and committed learning communities

Strategies for supporting European schools to evolve into open and committed learning communities

Strategies for supporting European schools to evolve into open and committed learning communities Initial suggestions from the Open Discovery Space project large-scale implementation Eleni-Maria Chelioti Research & Development Department

750 views • 36 slides

More recommend