High Availability Series – Sentinel, don’t you know?

This article has participated in the good article call order activity, click to see: back end, big front end double track submission, 20,000 yuan prize pool for you to challenge!

An overview of the

Book: you say what is the current limit? , the overall overview of the current limiting, describes what the current limiting, the current limiting mode and the realization of the current limiting. At the end of this article, distributed flow limiting is put into this article without much introduction. Tell you a little bit about Sentinel

With the most authoritative official wiki: Alibaba-Sentinel, Beginner’s Guide

This article source address: github.com/jaycekon/Sp…

Sentinel is what?

Traffic guards for distributed systems

To quote again from the picture I drew earlier:

What capabilities does it have?

Ecology of Sentinel

With the Java ecological construction of Alibaba, including the contributions of Spring Cloud Alibaba, Rocket, Nacos and many other open source technologies, Sentinel now has a good support and adaptation for various distributed application scenarios. This is one of the reasons why we choose Sentinel learning (low learning cost, many application scenarios).

Sentinel Core Concepts

1, resources,

Resource is one of the core concepts in Sentinel. The most common resource is a Java method in our code, a piece of code, or an interface.

Java method:

@SentinelResource("HelloWorld")
public void helloWorld(a) {
    // Logic in the resource
    System.out.println("hello world");
}
Copy the code

A piece of code:

        // From version 1.5.0, you can use the try-with-resources feature to automatically exit entry
try (Entry entry = SphU.entry("HelloWorld")) {
            // Protected logic
            System.out.println("hello world");
	} catch (BlockException ex) {
            // Process flow-controlled logic
	    System.out.println("blocked!");
	}
Copy the code

An interface:

@RestController
public class TestController {
    @GetMapping("/test")
    public String test(a){
        return "test"; }}Copy the code

Use with the console:

2,

Rules in Sentinel provide users with different protection actions according to different scenarios. The types of rules include:

• trafficControl rules
• fusingDrop rules
• System protectionThe rules
• Source access control rules
• Hotspot parameter Rules

This article will mainly explain the flow, fuse and system protection of these three rules.

Define rules:

    private static void initFlowRules(a){
        List<FlowRule> rules = new ArrayList<>();
        FlowRule rule = new FlowRule();
        // Bind resources
        rule.setResource("HelloWorld");
        // The type of the traffic limiting threshold
        rule.setGrade(RuleConstant.FLOW_GRADE_QPS);
        // Quantity level
        rule.setCount(20);
        // Add to local memory
        rules.add(rule);
        FlowRuleManager.loadRules(rules);
    }
Copy the code

Important attributes of traffic limiting rules:

Field	instructions	The default value
resource	The resource name is the target of the flow limiting rule
count	Current limiting threshold
grade	Traffic limiting threshold type, QPS mode (1) or concurrent threads mode (0)	QPS model
limitApp	The call source to which flow control is directed	default, which means that the call source is not distinguishable
strategy	Call relationship traffic limiting policies: direct, link, and association	According to the resource itself (direct)
controlBehavior	Flow control effect (direct reject /WarmUp/ uniform + queue), no support for flow limiting by invocation relationship	Direct refused to
clusterMode	Whether to limit cluster traffic	no

Sentinel current-limiting

1. Single-machine current limit

1.1. Introducing dependencies

In the last article, we mentioned RateLimiter’s single-machine flow limiting. Here we introduce Sentinel’s single-machine flow limiting

// Introduce sentinel-core dependencies in the project<dependency>
    <groupId>com.alibaba.csp</groupId>
    <artifactId>sentinel-core</artifactId>
    <version>, version 1.8.1</version>
</dependency>
Copy the code

1.2. Define flow limiting rules

Define protection rules:

    private static void initFlowRules(a){
        List<FlowRule> rules = new ArrayList<>();
        FlowRule rule = new FlowRule();
        // Bind resources
        rule.setResource("HelloWorld");
        // The type of the traffic limiting threshold
        rule.setGrade(RuleConstant.FLOW_GRADE_QPS);
        // Quantity level
        rule.setCount(20);
        // Add to local memory
        rules.add(rule);
        FlowRuleManager.loadRules(rules);
    }
Copy the code

1.3. Define flow limiting resources

Based on the resource division described above, we mainly define code blocks as resources here.

public static void main(String[] args) {
    // Configure rules.
    initFlowRules();

    while (true) {
        // From version 1.5.0, you can use the try-with-resources feature to automatically exit entry
        try (Entry entry = SphU.entry("HelloWorld")) {
            // Protected logic
            System.out.println("hello world");
	} catch (BlockException ex) {
            // Process flow-controlled logic
	    System.out.println("blocked!"); }}}Copy the code

1.4 Running result

After Demo runs, we can see the following output in ~/logs/ CSP /${appName} -metric.log.xxx:

➜ CSP cat com - jaycekon - sentinel - demo - FlowRuleDemo - metrics. The 2021-07-03 | - timestamp - | -- -- -- -- -- - the date time - | - resource - | p |block|s |e|rt 1625294582000|2021-07-03 14:43:02|HelloWorld|20|1720|20|0|2|0|0|0 1625294583000|2021-07-03 14:43:03|HelloWorld|20|5072|20|0|0|0|0|0 1625294584000|2021-07-03 14:43:04|HelloWorld|20|6925|20|0|0|0|0|0Copy the code

• pThe request passed by the representative
• blockRepresents a blocked request
• sRepresents the number of successfully completed requests
• eRepresents a user-defined exception
• rtRepresents the average response time

What’s the difference between Sentinel’s single-machine limiting and RateLimiter?

Field	Difficulty of implementation in distributed environment	Spatial complexity	Time complexity	Limiting burst traffic	Smooth current limiting
The token bucket	high	Low O (1)	O (N)	is	is
The sliding window	In the	O (N)	In O (N)	is	Relative to realize

Appendix: Sentinel-Sliding Window Implementation Principles

2. Console traffic limiting

2.1 Client Access console

Super detailed documentation, reference: Sentinel-Console

Sentinel provides a lightweight open source console that provides machine discovery as well as health management, monitoring (stand-alone and clustered), rule management, and push.

Download the Jar (21M) or download the source (4M) and compile it yourself (not recommended, it will take longer than downloading the Jar directly)

Github.com/alibaba/Sen…

After compiling, start the command

java -Dserver.port=8000 -Dcsp.sentinel.dashboard.server=localhost:8000 -Dproject.name=sentinel-dashboard -jar Sentinel dashboard -, version 1.8.1. JarCopy the code

Access control console

2.2. Importing dependencies

The client needs to introduce the Transport module to communicate with the Sentinel console. You can import the JAR package through pom.xml

<dependency>
    <groupId>com.alibaba.csp</groupId>
    <artifactId>sentinel-transport-simple-http</artifactId>
    <version>, version 1.8.1</version>
</dependency>// Write down the important dependencies in advance, in case your partner can't find them<dependency>
    <groupId>com.alibaba.csp</groupId>
    <artifactId>sentinel-web-servlet</artifactId>
    <version>, version 1.8.1</version>
</dependency>

Copy the code

And then!! Tired of my place in the afternoon!! In the official document, it points out the need to introduce the corresponding dependency configuration, good guy, so important, you so understatement, brain pain!!

The corresponding adaptation dependencies are

• Cloud native micro service system
• Web adapter
• The RPC adapter
• The HTTP client adapter
• Reactive adaptation
• Reactive adaptation
• Apache RocketMQ

Boy, almost all business scenarios are covered! Since my Demo project is based on SpringBoot, then I want to see the videos of Cloud native microservices. Good guy, if you want to use SpringCloud, you can refer to: Spring-Cloud-Sentinel.

2.3. Define resources

@SpringBootApplication
@Configuration
@RestController
public class SpringBootSentinelApplication {

    public static void main(String[] args) {
        SpringApplication.run(SpringBootSentinelApplication.class, args);
    }

    @Bean
    public FilterRegistrationBean sentinelFilterRegistration(a) {
        FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>();
        registration.setFilter(new CommonFilter());
        registration.addUrlPatterns("/ *");
        registration.setName("sentinelFilter");
        registration.setOrder(1);

        return registration;
    }
    
    @RequestMapping("/index")
    public String index(a){
        return "hello index"; }}Copy the code

In the overview, we mentioned that a resource that needs to be protected can be a block of code, a method, or an interface. All requests are defined as resources (/*) by Filter, so the request process will look like this:

2.4 Operation result

Adding startup Parameters

-Dserver.port=8088 -Dcsp.sentinel.dashboard.server=localhost:8080 -Dproject.name=jaycekon-sentinel

Parameter description:

• server.port: Service startup port
• csp.sentinel.dashboard.server: IP address of the machine reporting status: Port number
• project.name: Indicates the monitoring project name

Running result:

2.5. Configure Traffic limiting

Effect of flow control

• 1. Fast failure: Direct failure
• The value of the codeFactory value (default: 3) is from the threshold /codeFactory. After the warmup period, the QPS threshold is reached. For example, if you set QPS to 90 and set preheat to 10 seconds, the initial threshold is 90/3=30 and 90 is reached after 10 seconds.
• 3. Queuing: For example, if the threshold is set to 10 and the timeout period is 500 milliseconds, when the 11th request arrives, no error will be reported directly, but wait for 500 milliseconds. If the threshold still exceeds 10 after that, the traffic will be limited.

Running result:

3. Cluster traffic limiting

Talked about so much, finally to the core cluster limiting scheme, in the seckill system design, we talked about a lot of scenarios are stand-alone as a specific case analysis, if our system to expand, then how to do a good limiting scheme. Assuming there are 10 machines in the cluster, we set a single-machine traffic limiting threshold of 10 QPS for each machine, and ideally 100 QPS for the entire cluster. However, in reality, the flow to each machine may not be uniform, which will lead to some machines to start limiting the flow when the total amount does not arrive. Therefore, it is impossible to accurately limit the total traffic if only the single machine dimension is used to limit it. Cluster flow control can accurately control the total number of calls of the whole cluster, combined with single-machine flow limiting pocket, can better play the effect of flow control.

To introduce the core role of cluster traffic limiting:

• Token Client: Cluster flow control client. It is used to communicate with the owning Token Server and request tokens. The server returns the result to the client to determine whether to limit the cluster traffic.
• Token Server: The cluster flow control server processes requests from Token clients and determines whether to issue tokens (whether to allow tokens to pass) according to the configured cluster rules.

Structure diagram in embedded mode:

Structure diagram in standalone mode:

In embedded mode, one instance sends a Token, and other clients request the Server for access permission.

In independent mode, the system starts as an independent token Server process and is deployed independently. However, additional deployment operations are required.

3.1. Ali Cloud AHAS

In the above example code, the Demo of the local mode is used, in the cluster flow limiting scenario, here with the AHAS service provided by Ali Cloud.

Address: console ahas.console.aliyun.com/index?ns=de…

Introducing a dependency:

// Sentinel ahas dependencies include the use dependencies of Sentinel<dependency>
    <groupId>com.alibaba.csp</groupId>
    <artifactId>ahas-sentinel-client</artifactId>
    <version>1.8.8</version>
</dependency>

Copy the code

One thing to note here is that the dependencies of AHAS include the dependencies that Sentinel needs to use, including sentinel-core, Sentinel-Web-servlet and Sentinel-Transport-simplet-HTTP.

Otherwise, there will be an Spi exception. If you don’t know much about Spi, add group questions

com.alibaba.csp.sentinel.spi.SpiLoaderException

3.2. Start Aliyun AHAS service

Here is the official opening document, I will not repeat, document address

Find Lincense in Application Protection and add the boot parameters:

-Dserver.port=8092 -Dproject.name=jaycekon-sentinel -Dahas.license=d1e21b0c8f2e4d87b5ac460b118dc58d -Dcsp.sentinel.log.use.pid=true

Since we want to start multiple instances locally, we need to modify multiple ports of the service:

java -Dserver.port=8090 -Dproject.name=jaycekon-sentinel -Dahas.license=d1e21b0c8f2e4d87b5ac460b118dc58d - Dcsp. Sentinel. Log. Use the pid = true - jar sentinel - ahas - 0.0.1 - the SNAPSHOT. Java jar - Dserver. Port = 8091 -Dproject.name=jaycekon-sentinel -Dahas.license=d1e21b0c8f2e4d87b5ac460b118dc58d -Dcsp.sentinel.log.use.pid=true -jar Sentinel ahas - 0.0.1 - the SNAPSHOT. Java jar - Dserver. Port = 8092 - Dproject. Name = jaycekon - sentinel - Dahas. License = d1e21b0c8f2e4d87b5ac460b118dc58d - Dcsp. Sentinel. Log. Use the pid = true - jar sentinel - ahas - 0.0.1 - the SNAPSHOT. The jarCopy the code

After generating access traffic, you can see the link state of the machine in the market:

http://localhost:8092/index

3.3. Configure cluster flow control rules

There are two concepts:

• Cluster threshold: Refers to the total volume of traffic that can pass through our cluster, which may be unevenly distributed (to avoid single-machine error limit).
• Degraded single machine: When the Token Server access times out, that is, the Token cannot be obtained from the remote device, the system rolls back to single-machine traffic limiting

Test current limit, just visit http://localhost:8092/index

Through the hand brush (hand speed is very hard ~), touch the critical value of current limiting, and then the overall current limiting is consistent with our expectations.

Degradation of single

In cluster flow control, there is a Token request timeout period, the Client requests the Server, and then returns the data result. The whole process will take time for network requests. In the above test process, I increased the timeout period so that each request can get the Token. By modifying the timeout period of the request, degraded single-machine traffic limiting is triggered.

Running result:

3.4 Server role conversion

In embedded mode, the HTTP API is used to convert the role to Server or client

http://<ip>:<port>/setClusterMode?mode=<xxx>
Copy the code

Mode is 0 for client, 1 for server, and -1 for shutdown. Notice The application must import the dependencies of the cluster traffic limiting client or server.

In standalone mode, we can directly create the corresponding ClusterTokenServer instance and start the TokenServer in the main function using the start method.

Sentinel fusing

In the case of seckill systems, a complete link might contain multiple services such as order placing, payment, and logistics docking (actually more than that). In a complete link, each system interacts through RPC/HTTP. In the following link diagram, if the payment method selected by the user has a high delay, unstable service, or abnormal service, the link fails to complete. The final result is that the user clearly grabbed the order, but could not pay, resulting in the loss of the order.

Modern microservices architectures are distributed and made up of a very large number of services. Different services invoke each other to form complex invocation links. The above problems can have a magnified effect on link calls. If a link on a complex link is unstable, the link may be cascered. As a result, the whole link may become unavailable. Therefore, we need to fuse down unstable weakly dependent service invocations to temporarily cut off unstable invocations to avoid local instability causing an overall avalanche. As a means of protecting itself, circuit breaker degradation is usually configured on the client (calling side).

1. Circuit breaker downgrade

Add test code

    @RequestMapping("/myError")
    public String error(a){
        if (true) {throw new RuntimeException("sentinel run error");
        }
        return "error";
    }
Copy the code

Configure degradation rules in the Sentinel-Dashboard

! [image-20210706005136317](/Users/huangweijie/Library/Application Support/typora-user-images/image-20210706005136317.png)

! [image-20210706005159415](/Users/huangweijie/Library/Application Support/typora-user-images/image-20210706005159415.png)

Degraded protection effect:

The user accesses the interface/myErrorAfter an exception occurs, in the following10 seconds, will go to the demoting strategy, directly back. It can well protect the server to avoid excessive exceptions and occupy machine resources. At the same time, quickly respond to user requests.

2. Circuit breaker strategy

Sentinel offers the following circuit breaker strategies:

• Slow call ratio (SLOW_REQUEST_RATIO) : Select the ratio of slow calls as the threshold, and set the allowed slow call RT (that is, the maximum response time). If the response time of the request is greater than this value, it is counted as slow calls. When the unit statistics duration (statIntervalMsIf the number of requests is greater than the set minimum number of requests and the proportion of delayed calls is greater than the threshold, the requests will be automatically fuses in the following fuse breaking period. If the response time of the next request is less than the set slow call RT, the fuse is terminated. If the response time is greater than the set slow call RT, the fuse will be fused again.
• Abnormal proportion (ERROR_RATIO) : When the unit statistics period (statIntervalMs) If the number of requests is greater than the minimum number set and the proportion of exceptions is greater than the threshold, the requests will be automatically fused in the following fuse breaking period. The fuse will enter the probe recovery state (half-open state) after the fuse is broken for a long time. If the next request is completed successfully (without error), the fuse will be broken again. The threshold range of the abnormal ratio is[0.0, 1.0], represents 0% – 100%.
• Abnormal number (ERROR_COUNT) : When the number of exceptions in a statistical period exceeds the threshold, the circuit breaker is automatically performed. The fuse will enter the probe recovery state (half-open state) after the fuse is broken for a long time. If the next request is completed successfully (without error), the fuse will be broken again.

conclusion

This article mainly explains in detail how to use Sentinel to actual contact current limiting and circuit breaker. For the underlying implementation of current limiting, there will be a special source analysis section later. This article doesn’t go into the details of circuit breakers either, but the next article will give you a look at what circuit breakers are, how they are actually used in a system, and common circuit breakers.

Project source address: github.com/jaycekon/Sp… Welcome to Star and Fork

Pay attention, don’t get lost

Well folks, that’s all for this post, and I’ll be updating it weekly with a few high-quality articles about big factory interviews and common technology stacks. Thank everyone can see here, if this article is well written, please three!! Creation is not easy, thank you for your support and recognition, we will see the next article!

I am Jiuling, there is a need to communicate children’s shoes can add me WX, JayCE-K, follow the public number: Java tutorial, master first-hand information!

If there are any mistakes in this blog, please comment and comment. Thank you very much!