An overview of the

Book on: you say what is flow limit? In the overall overview of current limiting, it describes what current limiting is, the mode of current limiting and the realization of current limiting. The distributed current limiting at the end of the article is not introduced too much, and is chosen to be put in this article. Let’s talk about Sentinel in detail

<div align=center ><img src=”https://p6-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/999bd67295d6470a8eec329f9e6eb83d~tplv-k3u1fbpfcp-watermark.image” / width=400></div>

With the most authoritative official wiki: “Alibaba-Sentinel, Guide for Beginners”

This article the source address: https://github.com/jaycekon/S…

Sentinel is what?

Traffic Guard for Distributed Systems

To quote the picture I drew earlier:

Flow Guard What capabilities does it have?

The ecology of Sentinel

With the construction of Java ecology in Alibaba, including the contribution of Spring Cloud Alibaba, Rocket, Nacos and other open source technologies, Sentinel now has good support and adaptation for all kinds of distributed application scenarios. This is also one of the reasons why we choose Sentinel for learning (low learning cost and multiple application scenarios).

<div align=center ><img src=”https://p3-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/c6f0ccb1c49c42c7a745da25dac1f309~tplv-k3u1fbpfcp-watermark.image” / width=400></div>

Sentinel Core Concepts

1, resources,

Resources are one of the core concepts in Sentinel. The most commonly used resources are Java methods in our code, a piece of code, or an interface.

Java method:

@SentInelResource ("HelloWorld") public void HelloWorld () {System.out.println(" HelloWorld"); }

A piece of code:

// The try-with-resources feature can be directly utilized in version 1.5.0. Automatic exit entry try(entry entry = sphu.entry ("HelloWorld")) {// Protented logic System.out.println(" HelloWorld"); } catch (BlockException Ex) {// Handle the flow-controlled logic System.out.println(" Blocked!"); ); }

An interface:

@RestController public class TestController { @GetMapping("/test") public String test(){ return "test"; }}

Used with the console:

2,

The Sentinel rules provide users with different protection actions for different scenarios. The types of rules include:

  • trafficControl rules
  • fusingDrop rules
  • System protectionThe rules
  • Source access control rules
  • Hot spot parameter rule

This article will mainly explain the flow, fuse and system protection of the three rules.

Defining rules:

private static void initFlowRules(){ List<FlowRule> rules = new ArrayList<>(); FlowRule rule = new FlowRule(); // Bind resource rule.setResource("HelloWorld"); // Flow limiting threshold type Rule. setGrade(RuleConstant.flow_grade_qps); // Quantity level Rule.setCount (20); // Add to local memory rules.add(rule); FlowRuleManager.loadRules(rules); }

Important attributes of current limiting rules:

Field instructions The default value
resource The resource name, which is the object of the stream-limiting rule
count Current limiting threshold
grade Current limiting threshold type, QPS mode (1) or concurrent thread count mode (0) QPS model
limitApp The call source to which flow control is directed default, which represents no distinction between invocation sources
strategy Call relation flow limiting policy: direct, link, association According to the resource itself (directly)
controlBehavior Flow control effect (direct reject /WarmUp/ constant speed + queuing), does not support flow limiting by call relationship Direct refused to
clusterMode Whether to cluster to limit flow no

Sentinel current-limiting

1. Single machine current limit

1.1. Introducing dependencies

In the previous article, we mentioned the single machine current limiting implemented by the rateLimiter, but here we introduce the single machine current limiting implemented by Sentinel

Sentinel-core <dependency dependency> < grouppid >com.alibaba. CSP </ grouppid > <artifactId>sentinel-core</artifactId> The < version >, version 1.8.1 < / version > < / dependency >

1.2. Define current limiting rules

Define protection rules:

private static void initFlowRules(){ List<FlowRule> rules = new ArrayList<>(); FlowRule rule = new FlowRule(); // Bind resource rule.setResource("HelloWorld"); // Flow limiting threshold type Rule. setGrade(RuleConstant.flow_grade_qps); // Quantity level Rule.setCount (20); // Add to local memory rules.add(rule); FlowRuleManager.loadRules(rules); }

1.3. Define flow limiting resources

Based on the resource partitioning described above, we define code blocks here primarily as resources.

Public static void main(String[] args) {initFlowRules(); While (true) {// Starting with version 1.5.0, it is possible to take advantage of the try-with-resources feature directly, Automatic exit entry try(entry entry = sphu.entry ("HelloWorld")) {// Protented logic System.out.println(" HelloWorld"); } catch (BlockException Ex) {// Handle the flow-controlled logic System.out.println(" Blocked!"); ); }}}

1.4. Running results

After the Demo runs, we can log in
~/logs/csp/${appName}-metrics.log.xxxSee the following output in:

➜ CSP cat com - jaycekon - sentinel - demo - FlowRuleDemo - metrics. The 2021-07-03 | - timestamp - | -- -- -- -- -- - the date time - | - resource - | p |block|s |e|rt 1625294582000|2021-07-03 14:43:02|HelloWorld|20|1720|20|0|2|0|0|0 1625294583000|2021-07-03 14:43:03|HelloWorld|20|5072|20|0|0|0|0|0 1625294584000|2021-07-03 14:43:04|HelloWorld|20|6925|20|0|0|0|0|0
  • pRepresents the approved request
  • blockRepresents a blocked request
  • sRepresents the number of requests successfully executed
  • eRepresents a user-defined exception
  • rtIs the average response time

<div align=center ><img src=”https://p9-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/277ebb0c20884448ad67485f3aa389f6~tplv-k3u1fbpfcp-watermark.image” / width=400></div>

What’s the difference between a Sentinel’s single-machine current limiting and a RateLimiter?

Field Difficulty to implement in a distributed environment Spatial complexity Time complexity Limit burst flow Smooth current limiting
The token bucket high Low O (1) O (N) is is
The sliding window In the O (N) In O (N) is Relative to realize

Appendix: Sentinel – The Principle of Sliding Window Implementation

2. Console current limit

2.1. Client access console

Hyperdetailed documentation, see Sentinel – Console

Sentinel provides a lightweight open source console that provides machine discovery and health management, monitoring (stand-alone and clustered), rule management, and push capabilities.

Download the JAR package (21M), or download the source code (4M) and compile by yourself (not recommended, the compilation will take longer than directly download the JAR package)

https://github.com/alibaba/Se…

After compiling, start the command

java -Dserver.port=8000 -Dcsp.sentinel.dashboard.server=localhost:8000 -Dproject.name=sentinel-dashboard -jar Sentinel dashboard -, version 1.8.1. Jar

Access console

2.2. Introduce dependencies

The client needs to introduce the Transport module to communicate with the Sentinel console. You can introduce the JAR package through pom.xml

<dependency> <groupId>com.alibaba.csp</groupId> <artifactId>sentinel-transport-simple-http</artifactId> <version>1.8.1</version> </dependency> // Dependency > // <dependency> < grouppid >com.alibaba. CSP </ grouppid > <artifactId>sentinel-web-servlet</artifactId> The < version >, version 1.8.1 < / version > < / dependency >

Then!! The place that annoyed me all afternoon came!! In the official documentation, it is pointed out that the corresponding dependency configuration needs to be introduced. Boy, if it is so important, it will hurt your head if you downplay it!!

<div align=center ><img src=”https://p3-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/70dd65404acc4a9c91a909a1456284e9~tplv-k3u1fbpfcp-watermark.image” / width=400></div>

The corresponding adaptation dependencies are

  • Cloud native micro-service system
  • Web adapter
  • The RPC adapter
  • The HTTP client adapter
  • Reactive adaptation
  • Reactive adaptation
  • Apache RocketMQ

Boy, almost all business scenarios are covered! Since my Demo project is based on SpringBoot, and I want to watch a video of the Cloud native microservice, boy, I want to use SpringCloud. For more information, please refer to “Spring-Cloud-Sentinel”.

2.3. Define resources

@SpringBootApplication @Configuration @RestController public class SpringBootSentinelApplication { public static void main(String[] args) { SpringApplication.run(SpringBootSentinelApplication.class, args); } @Bean public FilterRegistrationBean sentinelFilterRegistration() { FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<>(); registration.setFilter(new CommonFilter()); registration.addUrlPatterns("/*"); registration.setName("sentinelFilter"); registration.setOrder(1); return registration; } @RequestMapping("/index") public String index(){ return "hello index"; }}

In the overview, we mentioned that a resource that needs to be protected can be a block of code, a method, or an interface. If all requests are defined as resources (/*) by Filter, the process of the request will look like this:

2.4. Operation results

Add startup parameters

-Dserver.port=8088 -Dcsp.sentinel.dashboard.server=localhost:8080 -Dproject.name=jaycekon-sentinel

Parameter description:

  • server.port: Service startup port
  • csp.sentinel.dashboard.server: status report machine IP: port
  • project.name: Name of monitoring project

Running results:

2.5. Current limiting configuration

Effect of flow control

  • 1. Fail Fast: Fail Direct
  • 2. Warm Up: in the preheating mode, according to the value of CodeFactory (default 3), from the threshold/CodeFactory, after the preheating time, the set QPS threshold value can be reached. For example, if the QPS is set to 90 and the preheat is set to 10 seconds, the initial threshold is 90/3=30, and it takes 10 seconds to reach 90.
  • Waiting in queue: for example, if the threshold is set to 10 and the timeout is 500 milliseconds, when the 11th request arrives, it will not report an error directly, but wait for 500 milliseconds. If the threshold is still over 10, then the flow will be restricted.

Running results:

3. Cluster limiting

After talking so much, we finally come to the core cluster current limiting scheme. In the design of seckill system, we talked about many scenarios based on the single machine as a specific case to analyze, if our system to expand capacity, then how to do a good job of current limiting scheme. Suppose there are 10 machines in the cluster and we set a current limiting threshold of 10 Qps for each machine, ideally 100 Qps for the entire cluster. However, the actual flow to each machine may not be uniform, will lead to the total amount of the case of some machines began to limit the flow. Therefore, it is not possible to limit the overall traffic accurately by the single machine dimension alone. Cluster flow control can accurately control the total number of calls of the whole cluster. Combined with single machine flow limit, the effect of flow control can be better exerted.

A brief introduction to the core role of cluster flow limiting:

  • Token Client: Clustered streaming client, used to communicate requests for tokens to the Token Server of which it belongs. The cluster throttling server returns the result to the client to decide whether to throttle the traffic.
  • Token Server: A cluster flow control server that handles requests from Token clients and determines whether tokens should be issued (or allowed to pass) according to configured cluster rules.

Structure diagram in embedded mode:

Structure diagram in standalone mode:

Embedded mode, i.e. the operation of issuing Token, is completed by one of the instances, and the other clients obtain the access permission from the Server by requesting it.

Standalone mode, that is, started as a separate Token Server process, deployed independently, good isolation, but requires additional deployment operations.

3.1. Ali Cloud AHAS

In the above example code, the Demo of local mode is used. In the scenario of cluster limited flow, the AHAS service provided by Ali Cloud is used here.

Control console address:
https://ahas.console.aliyun.c…

Introducing dependencies:

//sentinel ahas Sentinel dependency <dependency> < grouppid >com.alibaba. CSP </ grouppid > <artifactId>ahas-sentinel-client</artifactId> The < version > 1.8.8 < / version > < / dependency >

Sentinel-core, Sentinel-web-servlet, and Sentinel-transport-simple-HTTP are the dependencies that AHAS uses to support Sentinel-core, Sentinel-web-servlet and Sentinel-transport-simple-HTTP.

Otherwise, there will be SPI exception. If you don’t know much about SPI, it is suggested that you add questions to the group

com.alibaba.csp.sentinel.spi.SpiLoaderException

3.2. Start the Aliyun AHAS service

There is an official opening document here, and I won’t repeat it here, the document address

Find Lincense in the application guard and add startup parameters:

-Dserver.port=8092 -Dproject.name=jaycekon-sentinel -Dahas.license=d1e21b0c8f2e4d87b5ac460b118dc58d -Dcsp.sentinel.log.use.pid=true

Since we want to start multiple instances locally, we need to modify multiple ports of the service:

java -Dserver.port=8090 -Dproject.name=jaycekon-sentinel -Dahas.license=d1e21b0c8f2e4d87b5ac460b118dc58d - Dcsp. Sentinel. Log. Use the pid = true - jar sentinel - ahas - 0.0.1 - the SNAPSHOT. Java jar - Dserver. Port = 8091 -Dproject.name=jaycekon-sentinel -Dahas.license=d1e21b0c8f2e4d87b5ac460b118dc58d -Dcsp.sentinel.log.use.pid=true -jar Sentinel ahas - 0.0.1 - the SNAPSHOT. Java jar - Dserver. Port = 8092 - Dproject. Name = jaycekon - sentinel - Dahas. License = d1e21b0c8f2e4d87b5ac460b118dc58d - Dcsp. Sentinel. Log. Use the pid = true - jar sentinel - ahas - 0.0.1 - the SNAPSHOT. The jar

After generating access traffic, you can see the link status of the machine in the market:

http://localhost:8092/index

3.3 Configuration of cluster flow control rules

Here are two concepts:

  • Cluster threshold: refers to the number of visits that can be passed by our cluster as a whole, which may be unevenly distributed (to avoid single machine error limit).
  • Degenerate stand-alone: When the Token Server access times out, i.e. the Token cannot be fetched from the remote end, fallback to stand-alone flow limiting

Test current limit, just visit http://localhost:8092/index

Through the hand brush (hand speed is too hard ~), the critical value of current limiting was hit, and the overall current limiting was consistent with our expectations.

Degradation of single

In the case of cluster flow control, there is a Token request timeout. The Client requests the Server and returns the data result. The whole process will take some time for network request. In the above test process, I increased the timeout time, so that I could get the Token for each request. By modifying the timeout time of the request, I triggered the degenerated single machine flow limit.

Running results:

3.4, Server role conversion

In embedded mode, roles are converted to Server or Client via the HTTP API

http://<ip>:<port>/setClusterMode?mode=<xxx>

Where mode 0 represents client, 1 represents server, and -1 represents off. Note that the application needs to introduce corresponding dependencies on the cluster-limited client or server.

In stand-alone mode, we can directly create the corresponding instance of ClusterTokenServer and start the TokenServer through the start method in the main function.

Sentinel fusing

In the case of a seckill system, a complete link may contain multiple services (actually more than that), such as placing orders, making payments, and connecting logistics. In a complete link, each system interacts with each other in the form of RPC/HTTP. As shown in the link diagram below, if the payment method selected by the user is too delayed, the service is unstable or the service is abnormal, the whole link cannot be completed. The final result is that the user clearly grabbed, but can not pay, resulting in the loss of order.

Modern microservice architectures are distributed and consist of a very large number of services. Different services call each other to form a complex call link. The above problems in the link call will have a magnifying effect. Instability of a single link on a complex link can lead to cascading, and ultimately render the entire link unusable. Therefore, we need to fuse and downgrade the unstable weakly dependent service calls to temporarily cut off the unstable calls and avoid the overall avalanche caused by the local unstable factors. As a means of protecting itself, fuse degradation is typically configured on the client side (the calling side).

1, fuse degradation

Add test code

    @RequestMapping("/myError")
    public String error(){
        if (true){
            throw new RuntimeException("sentinel run error");
        }
        return "error";
    }

Configure the demotion rules in Sentinel-Dashboard

Degeneration protection effect:

The user accesses the interface/myError, after an exception occurs in the following10 seconds, will follow the downgrade strategy and return directly. Can very good protection of the server to avoid excessive, occupy machine resources. At the same time, rapid response to user requests.

2. Circuit breaker strategy

Sentinel provides the following circuit break strategies:

  • Slow call ratio (SLOW_REQUEST_RATIO) : Select the slow call ratio as the threshold value. The allowable slow call RT (i.e., the maximum response time) needs to be set. If the response time of the request is greater than this value, it will be counted as slow call. When measured per unit length (statIntervalMs), if the number of requests is greater than the set minimum number of requests, and the proportion of slow calls is greater than the threshold value, the request will be automatically blown out during the following fuse duration. After the fusing time, the fuse will enter the detection and recovery state (half-open state). If the response time of the next request is less than the set slow call RT, the fuse will be broken; if the response time is longer than the set slow call RT, the fuse will be broken again.
  • Abnormal proportion (ERROR_RATIO) : When unit time is calculated (statIntervalMs), if the number of requests is greater than the set minimum number of requests, and the proportion of exceptions is greater than the threshold value, the requests will be automatically blown out within the following fuse duration. The fuse will enter the half-open state after the duration of the fuse. If the next request is completed successfully (without error), the fuse will be shut down, otherwise it will be blown out again. The threshold range of the abnormal rate is[0.0, 1.0], represents 0%-100%.
  • Abnormal number (ERROR_COUNT) : When the number of anomalies in a unit statistical time exceeds the threshold value, it will automatically fuse. The fuse will enter the half-open state after the duration of the fuse. If the next request is completed successfully (without error), the fuse will be shut down, otherwise it will be blown out again.

conclusion

This article mainly explains how to use Sentinel to actually touch the current limiting and fuse. For the underlying implementation of current limiting, there will be a special source code analysis. For circuit breakers, this paper does not elaborate on exactly, the next article will bring you what circuit breakers are, how they are actually used in the system, and common circuit breakers strategy.

The project source address: https://github.com/jaycekon/S… Welcome to Star and Fork

Point of attention, not lost

Okay, guys, that’s all for this article, and I’ll be updating a few high quality articles about Big Factory interviews and common technology stacks each week. Thank you for reading here, if this article is written well, beg for three lianlian!! It is not easy to create, thank you for your support and recognition, we will see you in the next article!

I am nine Ling, there is a need to communicate children’s shoes can add me WX, JAYCE-K, pay attention to the public number: Java tutorial, master first-hand information!

If there are any mistakes in this blog, please comment and comment. Thank you very much!