t owards a resilience pattern language
play

T owards a resilience pattern language or how to get resilient - PowerPoint PPT Presentation

Mar 05, 2024 •261 likes •1.34k views

T owards a resilience pattern language or how to get resilient software design right Uwe Friedrichsen (codecentric AG) Berlin Expert Days Berlin, 16. September 2016 @ufried Uwe Friedrichsen | uwe.friedrichsen@codecentric.de |

  1. Checkpoint Safe point Limit retries Rollback Roll-forward Failover Retry Reconnect Recovery Startup consistency Restart Reset Data Reset Core Detection Treatment Prevention (Architectural) Mitigation

  2. Failover • Used as escalation if other measures failed or would take too long • Requires redundancy – trades resources for availability • Many implementation variants available, incl. out-of-the-box solutions • Usually implemented as a monitor-dynamic router combination

  3. Checkpoint Safe point Limit retries Rollback Roll-forward Failover Retry Reconnect Recovery Startup Read repair consistency Restart Reset Data Reset Core Detection Treatment Prevention (Architectural) Mitigation

  4. Read repair • Handle response failures due to relaxed temporal constraints • Requires redundancy – trades resources for availability • Decides correct state based on conflicting siblings • Often implemented in NoSQL databases (but not always accessible)

  5. Read repair example (Riak, Java) 1/2 public class FooResolver implements ConflictResolver<Foo> { @Override public Foo resolve(List<Foo> siblings) { // Insert your sibling resolution logic here } } public class Buddy { public String name; public Set<String> nicknames; public Buddy(String name, Set<String> nicknames) { this.name = name; this.nicknames = nicknames; } }

  6. Read repair example (Riak, Java) 2/2 public class BuddyResolver implements ConflictResolver<Buddy> { @Override public Buddy resolve(List<Buddy> siblings) { if (siblings.size == 0) { return null; } else if (siblings.size == 1) { return siblings.get(0); } else { // Name is also used as key. Thus, all siblings have the same name String name = siblings.get(0).name; Set<String> mergedNicknames = new HashSet<String>(); for (Buddy buddy : siblings) { mergedNicknames.addAll(buddy.nicknames); } return new Buddy(name, mergedNicknames); } } }

  7. Checkpoint Safe point Limit retries Rollback Roll-forward Failover Retry Reconnect Recovery Startup Read repair consistency Restart Reset Error handler Data Reset Core Detection Treatment Prevention (Architectural) Mitigation

  8. Error Handler • Separate business logic and error handling • Business logic just focuses on getting the task done • Error handler focuses on recovering from errors • Easier to maintain – can be extended to structural escalation

  9. Checkpoint Safe point Limit retries Rollback Roll-forward Failover Retry Reconnect Recovery Startup Read repair consistency Restart Reset Error handler Data Reset Core Detection Treatment Prevention (Architectural) Mitigation

  10. Recovery Core Detection Treatment Prevention (Architectural) Mitigation

  11. Recovery Core Detection Treatment Prevention (Architectural) Mitigation Fail silently Fallback Default value Alternative action

  12. Fallback • Execute an alternative action if the original action fails • Basis for most mitigation patterns • Fail silently – silently ignore the error and continue processing • Default value – return a predefined default value if an error occurs

  13. Fail silently example (Hystrix, Java) 1/2 public class FailSilentlyCommand extends HystrixCommand<String> { private static final String COMMAND_GROUP = "default"; private final boolean preCondition; public FailSilentlyCommand(boolean preCondition) { super(HystrixCommandGroupKey.Factory.asKey(COMMAND_GROUP)); this.preCondition = preCondition; } @Override protected String run() throws Exception { if (!preCondition) throw new RuntimeException((”Action failed")); return ”I am a result"; } @Override protected String getFallback() { return null; // Turn into silent failure } }

  14. Fail silently example (Hystrix, Java) 2/2 @Test public void shouldSucceed() { FailSilentlyCommand command = new FailSilentlyCommand(true); String s = command.execute(); assertEquals(”I am a result", s); } @Test public void shouldFailSilently() { FailSilentlyCommand command = new FailSilentlyCommand(false); String s = ”Dummy"; try { s = command.execute(); } catch (Exception e) { fail("Did not fail silently"); } assertNull(s); }

  15. Default value example (Hystrix, Java) 1/2 public class DefaultValueCommand extends HystrixCommand<String> { private static final String COMMAND_GROUP = "default”; private final boolean preCondition; public DefaultValueCommand(boolean preCondition) { super(HystrixCommandGroupKey.Factory.asKey(COMMAND_GROUP)); this.preCondition = preCondition; } @Override protected String run() throws Exception { if (!preCondition) throw new RuntimeException((”Action failed")); return ”I am a smart result"; } @Override protected String getFallback() { return ”I am a default value"; // Return default value if action fails } }

  16. Default value example (Hystrix, Java) 2/2 @Test public void shouldSucceed() { DefaultValueCommand command = new DefaultValueCommand(true); String s = command.execute(); assertEquals(”I am a smart result", s); } @Test public void shouldProvideDefaultValue () { DefaultValueCommand command = new DefaultValueCommand(false); String s = null; try { s = command.execute(); } catch (Exception e) { fail("Did not return default value"); } assertEquals(”I am a default value", s); }

  17. Recovery Core Detection Treatment Prevention (Architectural) Queue for resources Mitigation Fail silently Fallback Default value Bounded queue Alternative action Fresh work Finish work before stale in progress

  18. Queues for resources • Protect resource from temporary overload situations • Limit queue size to limit latency at longer-lasting overload • Finish work in progress – Create pushback on the callers • Fresh work before stale – Discard old entries

  19. Recovery Core Detection Treatment Prevention (Architectural) Queue for resources Mitigation Fail silently Fallback Default value Bounded queue Shed load Alternative action Fresh work Finish work before stale in progress

  20. Shed Load • Use if overload will lead to unacceptable throughput of resource • Shed requests in order to keep throughput of resource acceptable • Shed load at periphery – Minimize impact on resource itself • Usually combined with monitor to watch load of resource

  21. Recovery Core Detection Treatment Prevention (Architectural) Queue for resources Mitigation Fail silently Fallback Default value Bounded queue Share load Shed load Alternative action Fresh work Finish work Dynamically Statically before stale in progress

  22. Share Load • Use if overload will lead to unacceptable throughput of resource • Share load between (added) resources to keep throughput good • Minimize amount of synchronization needed between resources • Usually combined with monitor to watch load of resource(s)

  23. Recovery Core Detection Treatment Prevention (Architectural) Deferrable work Queue for resources Mitigation Fail silently Fallback Default value Bounded queue Share load Shed load Alternative action Fresh work Finish work Dynamically Statically before stale in progress

  24. Deferrable work • Maximize resources for online request processing under high load • Pause or slow down routine and batch jobs • Provide a means to pause routine and batch jobs from outside • Alternatively use a scheduler with dynamic resource allocation

  25. Deferrable work example 1/2 // Do or wait variant <init batch> while(<more to process>) { int load = getLoad(); if (load > THRESHOLD) { waitFixedDuration(); } else { <process next batch of work> } } void waitFixedDuration() { Thread.sleep(DELAY); // try-catch left out for better readability }

  26. Deferrable work example 2/2 // Adaptive load variant <init batch> while(<more to process>) { waitLoadBased(); <process next batch of work> } void waitLoadBased() { int load = getLoad(); long delay = calcDelay(load); Thread.sleep(delay); // try-catch left out for better readability } long calcDelay(int load) { // Simple example implementation if (load < THRESHOLD) { return 0L; } return (load – THRESHOLD) * DELAY_FACTOR; }

  27. Recovery Core Detection Treatment Prevention (Architectural) Deferrable work Marked data Queue for resources Mitigation Fail silently Fallback Default value Bounded queue Share load Shed load Alternative action Fresh work Finish work Dynamically Statically before stale in progress

  28. Marked data • Avoid repeated and/or spreading errors due to erroneous data • Use if time or information to correct data immediately is missing • Mark data as being erroneous – check flag before processing data • Use routine maintenance job to correct data

  29. Recovery Core Detection Treatment Prevention (Architectural) Deferrable work Marked data Queue for resources Mitigation Fail silently Fallback Default value Bounded queue Share load Shed load Alternative action Fresh work Finish work Dynamically Statically before stale in progress

  30. Recovery Core Detection Treatment Prevention (Architectural) Mitigation

  31. Recovery Let sleeping dogs lie Core Detection Treatment Prevention (Architectural) Hot deployments Small releases Mitigation

  32. Recovery Core Detection Treatment Prevention (Architectural) Mitigation

  33. Recovery Routine maintenance Anti-entropy Core Detection Treatment Prevention (Architectural) Mitigation

  34. Routine maintenance • Reduce system entropy – keep preventable errors from occurring • Especially important if errors were only mitigated, not corrected • Check system periodically and fix detected faults and errors • Balance benefits, costs and additional system load

  35. Spread the news Recovery Routine maintenance Anti-entropy Core Detection Treatment Prevention (Architectural) Mitigation

  36. Spread the news • Pro-actively spread information about changes in system state • Use a gossip or epidemic protocol for robustness and efficiency • Can also be used for data reconciliation • Balance benefits, costs and additional network load

  37. Spread the news Recovery Routine maintenance Backup request Anti-entropy Core Detection Treatment Prevention (Architectural) Mitigation

  38. Backup request • Send request to multiple workers (optionally a bit offset) • Use quickest reply and discard all other responses • Prevents latent responses (or at least reduces probability) • Requires redundancy – trades resources for availability

  39. Spread the news Recovery Routine maintenance Backup request Anti-entropy Core Detection Treatment Prevention (Architectural) Anti-fragility Diversity Jitter Mitigation

  40. Anti-fragility • Avoid fragility caused by homogenization and standardization • Protect against disastrous failures by using diverse solutions • Protect against cumulating effects by introducing jitter • Balance risks, benefits and added costs and efforts carefully

  41. Spread the news Recovery Routine maintenance Backup request Anti-entropy Core Detection Treatment Prevention (Architectural) Anti-fragility Error injection Diversity Jitter Mitigation

  42. Error injection • Make resilient software design sustainable • Inject errors at runtime and observe how the system reacts • Can also be used to detect yet unknown failure modes • Make sure to inject errors of all types

  43. • Chaos Monkey • Chaos Gorilla • Chaos Kong • Latency Monkey • Compliance Monkey • Security Monkey • Janitor Monkey • Doctor Monkey https://github.com/Netflix/SimianArmy

  44. Spread the news Recovery Routine maintenance Backup request Anti-entropy Core Detection Treatment Prevention (Architectural) Anti-fragility Error injection Diversity Jitter Mitigation

  45. T owards a pattern language …

  46. Decisions to make General decisions • Bulkhead type • Communication paradigm • Decisions per failure scenario (repeat) • Error detection on node & system level • Recovery/mitigation mechanism • Supporting treatment mechanism • Supporting prevention mechanism • Complementing decisions • Complementing redundancy mechanism(s) • Complementing architectural patterns •

  47. Choose patterns per failure scenario 1 3 2 (Have the different failure types in mind) Decide core Decide Recovery system complementing properties patterns Isolation Redundancy Node level Core Detection Treatment Prevention (Architectural) Communication Supporting System level paradigm patterns Mitigation Create and refine system design and functional decomposition. Functionally decouple bulkheads Ongoing (A good functional decomposition on business level is the prerequisite for an effective resilience)

  48. Restart (Let it crash) Recovery Actor Isolation Redundancy Node level Core Detection Treatment Prevention (Architectural) Communication Supporting System level Hot deployments paradigm patterns Mitigation Messaging Escalation Heartbeat Monitor Example: Erlang (Akka)

Recommend

Awk, Awk Pattern matching and processing language Looks for pattern in file If pattern

Awk, Awk Pattern matching and processing language Looks for pattern in file If pattern

CSC209 Fall 2001 What is AWK? Awk, Awk Pattern matching and processing language Looks for pattern in file If pattern matches, do something Many details handled automatically very easy to one off (write and throw away)

673 views • 12 slides
a forward look at federated wiki ward cunningham wiki as pattern language structured essays

a forward look at federated wiki ward cunningham wiki as pattern language structured essays

a forward look at federated wiki ward cunningham wiki as pattern language structured essays offering solutions to recurring problems in context. body that evolves through repeated application and evaluation. A Pattern Language Alexander

1.82k views • 144 slides
A Pattern Pattern Taxonomy Creational Behavioral Structural Pattern Pattern Pattern

A Pattern Pattern Taxonomy Creational Behavioral Structural Pattern Pattern Pattern

Podcast Ch08-15 Title : Template Design Pattern Description : Generic class diagram; examples; template vs. inheritance Participants : Barry Kurtz (instructor); Brandon Winters, Sara Hyde, Cheng Vue, Dan Baehr (students) Textbook

315 views • 3 slides
OMeta an OO Language for Pattern Matching Alessandro Warth and Ian Piumarta UCLA / Viewpoints

OMeta an OO Language for Pattern Matching Alessandro Warth and Ian Piumarta UCLA / Viewpoints

OMeta an OO Language for Pattern Matching Alessandro Warth and Ian Piumarta UCLA / Viewpoints Research Institute 1 Programming language research idea prototype validation Lexical Analysis Parsing AST Transformations Code Generation 2

549 views • 32 slides
resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the

resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the

How to improve our resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the process of adapting well in the face of adversity, trauma, tragedy, threats or significant sources of stress Resilience is

287 views • 9 slides
Pattern Markup-Language Pattern Markup-Language A tool for simplifying data extraction A tool

Pattern Markup-Language Pattern Markup-Language A tool for simplifying data extraction A tool

Pattern Markup-Language Pattern Markup-Language A tool for simplifying data extraction A tool for simplifying data extraction from semi-structured sources from semi-structured sources , Jonathan Baker, Hilton Campbell , Jonathan Baker,

701 views • 31 slides
Pla i d: Pattern Language for Abstract Datatypes Austin Clements Irene Zhang Dan Ports Friday,

Pla i d: Pattern Language for Abstract Datatypes Austin Clements Irene Zhang Dan Ports Friday,

Motivation Patternology Applications Implementation Pla i d: Pattern Language for Abstract Datatypes Austin Clements Irene Zhang Dan Ports Friday, May 11, 2007 Austin Clements, Irene Zhang, Dan Ports Pla i d: Pattern Language for Abstract

889 views • 51 slides
Unparsing (pretty printing) Prof. Dr. Ralf Lmmel Universitt Koblenz-Landau Software

Unparsing (pretty printing) Prof. Dr. Ralf Lmmel Universitt Koblenz-Landau Software

Unparsing (pretty printing) Prof. Dr. Ralf Lmmel Universitt Koblenz-Landau Software Languages Team Language processing patterns 1. The Chopper Pattern 2. The Lexer Pattern 3. The Copy/Replace Pattern 4. The Acceptor Pattern 5.

654 views • 20 slides
The XML Query Language Xcerpt Pattern Queries for XML and Semistructured Data Franc ois Bry

The XML Query Language Xcerpt Pattern Queries for XML and Semistructured Data Franc ois Bry

L M U Ludwig Maximilians Universitt Mnchen The XML Query Language Xcerpt Pattern Queries for XML and Semistructured Data Franc ois Bry and Sebastian Schaffert http://www.pms.informatik.uni-muenchen.de Institut f ur Informatik, LMU

217 views • 21 slides
Do Now: Resilience 1. Create a Circle Map for resilience. 2. Look at the pictures. What

Do Now: Resilience 1. Create a Circle Map for resilience. 2. Look at the pictures. What

Do Now: Resilience 1. Create a Circle Map for resilience. 2. Look at the pictures. What do you think resilience means? 3. Write your ideas in a Circle Map. Unit 3 Stories of Resilience 1. Write your definition of Resilience is...

455 views • 6 slides
Declarative Language for Geometric Pattern Matching in in VLSI Process Rule le Modeling 2019

Declarative Language for Geometric Pattern Matching in in VLSI Process Rule le Modeling 2019

Declarative Language for Geometric Pattern Matching in in VLSI Process Rule le Modeling 2019 International Symposium on Physical Design San Francisco, CA Gyuszi Suto, Geoff S. Greenleaf, Phanindra Bhagavatula, Heinrich R. Fischer Sanjay K.

385 views • 27 slides
Toward a Pattern Language for CSCW THOMAS John, IBM Research 2011 March 19 Potential Forms of

Toward a Pattern Language for CSCW THOMAS John, IBM Research 2011 March 19 Potential Forms of

Toward a Pattern Language for CSCW THOMAS John, IBM Research 2011 March 19 Potential Forms of Knowledge Known, Predictable, Unchanging, Simple Algorithms, Formulae, Programs, Machines Patterns Heuristics, Principles, Properties Case Studies

507 views • 26 slides
On Querying OBO Ontologies using a DAG Pattern Query Language Amarnath Gupta Simone Santini

On Querying OBO Ontologies using a DAG Pattern Query Language Amarnath Gupta Simone Santini

On Querying OBO Ontologies using a DAG Pattern Query Language Amarnath Gupta Simone Santini Univ. of California San Diego What is an OBO Ontology? OBO Open Biomedical Ontologies is a consortium Serves a standard for developing

483 views • 29 slides
What impact language do you speak? USAID, Bureau for Resilience and Food Security 1 New Results

What impact language do you speak? USAID, Bureau for Resilience and Food Security 1 New Results

What impact language do you speak? USAID, Bureau for Resilience and Food Security 1 New Results Framework 2017 to 2021 What do we measure and how? Focus on farm-level productivity, sustainable intensification and farm profitability. We

484 views • 12 slides
Tow owards a a Com Comprehensiv ive &amp; Ambit itious FT FTA Juli liana Nam Nam, ,

Tow owards a a Com Comprehensiv ive &amp; Ambit itious FT FTA Juli liana Nam Nam, ,

Tow owards a a Com Comprehensiv ive &amp; Ambit itious FT FTA Juli liana Nam Nam, , Counsellor (FT (FTA Adv dvocacy) ) Austr tralian Em Embassy to to Belg elgium and and Luxembourg Australian Embassy to Austria, Slovakia,

204 views • 16 slides
Pattern Matching a b a c a a b 1 a b a c a b 4 3 2 a b a c a b Pattern

Pattern Matching a b a c a a b 1 a b a c a b 4 3 2 a b a c a b Pattern

Pattern Matching a b a c a a b 1 a b a c a b 4 3 2 a b a c a b Pattern Matching 1 Outline and Reading Strings (11.1) Pattern matching algorithms Brute-force algorithm (11.2.1) Boyer-Moore algorithm (11.2.2)

612 views • 14 slides
Developing Resilience Parent Council Meeting What is resilience . Resilience is the ability to

Developing Resilience Parent Council Meeting What is resilience . Resilience is the ability to

Developing Resilience Parent Council Meeting What is resilience . Resilience is the ability to bounce back after something negative like a tough situation or difficult time and then get back to feeling just about as good as you felt

517 views • 12 slides
Pattern Review Pattern Name and Classification: A descriptive and unique name that helps in

Pattern Review Pattern Name and Classification: A descriptive and unique name that helps in

Pattern Review Pattern Name and Classification: A descriptive and unique name that helps in identifying and referring to the pattern. Intent: A description of the goal behind the pattern and the reason for using it. Also Known As: Other names for

352 views • 4 slides
I get NOC'd down... ...but I get up again T owards excellent NOC customer service even

I get NOC'd down... ...but I get up again T owards excellent NOC customer service even

I get NOC'd down... ...but I get up again T owards excellent NOC customer service even when things go wrong Gareth Eason (HEAnet) TF-NOC Meeting, Barcelona, 2 nd Sep 2010 Who am I? Gareth Eason Network Operations Manager, HEAnet

655 views • 31 slides
GI L ST ON ARE A CONCE PT DE VE L OPME NT F RAME WORK : T OWARDS A COMMON

GI L ST ON ARE A CONCE PT DE VE L OPME NT F RAME WORK : T OWARDS A COMMON

GI L ST ON ARE A CONCE PT DE VE L OPME NT F RAME WORK : T OWARDS A COMMON GROUND H U NSDON E AST WI CK AND GI L ST ON NE I GH B OU RH OOD PL AN GROU P 21 OCT OBE R 2017 WWW.URBANSIL E NCE L T D.COM

480 views • 36 slides
How do we assess resilience? Paul Ryan, Australian Resilience Centre Allyson Quinlan, Resilience

How do we assess resilience? Paul Ryan, Australian Resilience Centre Allyson Quinlan, Resilience

How do we assess resilience? Paul Ryan, Australian Resilience Centre Allyson Quinlan, Resilience Alliance Introduction q Presenters q Structure of this weeks session q Overview (Paul) Conceptual framing Overview of resilience assessment

644 views • 26 slides
SAME Resilience Webinar Dedicated to National Security Since 1920 JETC Resilience Program Wed, 23

SAME Resilience Webinar Dedicated to National Security Since 1920 JETC Resilience Program Wed, 23

SAME Resilience Webinar Dedicated to National Security Since 1920 JETC Resilience Program Wed, 23 May Government Panel on Priority Resilience Issues Cyber Resiliency of Mission Critical Automation Systems Thr, 24 May Resilience

564 views • 27 slides
Mission: Resilience Keeping going &amp; not giving up! We are going to learn all about the

Mission: Resilience Keeping going &amp; not giving up! We are going to learn all about the

Mission: Resilience Keeping going &amp; not giving up! We are going to learn all about the importance of resilience and what it means. Video What is resilience and when do we need it? Who has heard of resilience? Resilience is being able to

295 views • 12 slides
RESILIENCE THROUGH MOBILITY DEPARTMENT OF OPERATIONS &amp; EMERGENCIES RESILIENCE AND DRR

RESILIENCE THROUGH MOBILITY DEPARTMENT OF OPERATIONS &amp; EMERGENCIES RESILIENCE AND DRR

RESILIENCE THROUGH MOBILITY DEPARTMENT OF OPERATIONS &amp; EMERGENCIES RESILIENCE AND DRR Reduce the impacts of natural hazards Activities Enhance the peoples resilience Frameworks Analyze root causes of disasters Reduce

686 views • 10 slides

More recommend