Sentinel, a brief introduction to

With the popularity of microservices, stability between services becomes more and more important. Sentinel takes traffic as the entry point to protect the stability of services from multiple dimensions such as flow control, circuit breaker degradation and system load protection.

Sentinel has the following characteristics:

• Rich application scenarios: Sentinel undertakes the core scenarios of Alibaba’s Double Eleven Traffic promotion in the past 10 years, such as SEC killing (that is, burst traffic control within the system capacity can withstand), message peak filling, cluster traffic control, real-time fusing of downstream unavailable applications, etc.
• Complete real-time monitoring: Sentinel also provides real-time monitoring. In the console, you can see second-level data from a single machine accessing an application, or even a summary of the performance of clusters of less than 500 units.
• Extensive open source ecosystem: Sentinel offers integration modules with other open source frameworks/libraries out of the box, such as Spring Cloud, Dubbo, and gRPC. You just need to introduce the appropriate dependencies and do a simple configuration to quickly access Sentinel.
• Sophisticated SPI extension points: Sentinel provides an easy-to-use, sophisticated SPI extension interface. You can quickly customize the logic by implementing extension interfaces. For example, custom rule management and dynamic data source adaptation.

Sentinel’s main features:

Sentinel’s Open source ecology:

Sentinel is divided into two parts:

• The core libraries (Java clients) are independent of any framework/library, can run in any Java runtime environment, and have good support for frameworks such as Dubbo/Spring Cloud.
• The Dashboard is developed based on Spring Boot and can be packaged and run directly without the need for additional application containers such as Tomcat.

Comparison of Sentinel, Hystrix, and Resilience4J

Functional comparison

	Sentinel	Hystrix	resilience4j
Isolation strategy	Semaphore isolation (concurrency control)	Thread pool isolation/semaphore isolation	Semaphore isolation
Circuit breaker downgrade policy	Based on slow call ratio, outlier ratio, outlier number	Based on outlier ratio	Based on abnormal ratio, response time
Real-time statistical implementation	Sliding Window (LeapArray)	Sliding Windows (based on RxJava)	Ring Bit Buffer
Dynamic rule configuration	Support for multiple data sources	Support for multiple data sources	Support co., LTD.
scalability	Multiple extension points	Form of plug-in	Form of interface
Annotation-based support	support	support	support
Current limiting	QPS – based flow limiting based on call relationship is supported	Limited support	Rate Limiter
Traffic shaping	Support preheating mode and uniform queuing control effect	Does not support	Simple Rate Limiter mode
System adaptive protection	support	Does not support	Does not support
Multilanguage support	Java/Go/C++	Java	Java
Service Mesh support	Support Envoy/Istio	Does not support	Does not support
The console	Provides out-of-the-box console for configurable rules, real-time monitoring, machine discovery, and more	Simple monitoring view	No console is provided and can be connected to other monitoring systems

Sentinel noun

resources

Resource is a key concept of Sentinel. It can be anything in a Java application, such as a service provided by the application, or a service provided by another application invoked by the application, or even a piece of code. For the rest of the documentation, we will describe code blocks in terms of resources.

Any code defined by the Sentinel API is a resource that can be protected by Sentinel. In most cases, resources can be identified using method signatures, URLS, or even service names as resource names.

The rules

Rules can be set based on the real-time status of resources, including flow control rules, circuit breaker degradation rules, and system protection rules. All rules can be adjusted dynamically and in real time.

Flow control

What is flow control

Flow control is a commonly used concept in network transmission, which is used to adjust the transmitted data of network packets. However, from a system stability perspective, there are also a lot of concerns about how fast requests can be processed. Requests coming at any time are often random and uncontrollable, and the system’s processing capacity is limited. We need to control the flow according to the capacity of the system. Sentinel, as a modulator, can adjust random requests into appropriate shapes as required, as shown in the figure below:

Flow control design concept

Flow control has the following angles:

• The calling relationship of resources, such as the calling link of resources, and the relationship between resources;
• Performance metrics, such as QPS, thread pool, system load, etc.
• Effects of control, such as direct flow limiting, cold start, queuing, etc.

Sentinel is designed to give you the freedom to choose the angles of control you want and to combine them flexibly to achieve the desired effect.

Fusing the drop

What is a circuit breaker downgrade

In addition to flow control, one of the missions of Sentinel is to fuse unstable factors in the call link in time. Due to the complexity of the calling relationship, if a resource in the calling link becomes unstable, it may cause requests to pile up, leading to cascading errors.

The principle of Sentinel and Hystrix is the same: When a resource in the call link is detected to show unstable performance, such as long request response time or abnormal ratio, the call on this resource is restricted to make the request fail quickly, so as to avoid affecting other resources and causing cascading failure.

Fuse downgrade design concept

Sentinel and Hystrix take completely different approaches to limiting their use.

Hystrix isolates dependencies (resources in Sentinel’s concept) by isolating thread pools. This has the advantage of providing the most complete isolation of resources from one another. The downside is that in addition to the increased cost of thread switching (too many thread pools result in too many threads), each resource needs to be preallocated to the thread pool size.

Sentinel takes two approaches to this problem:

• Limit by number of concurrent threads

Different from resource pool isolation, Sentinel reduces the impact of unstable resources on other resources by limiting the number of concurrent threads of resources. Not only is there no thread switching loss, but you don’t need to preallocate the size of the thread pool. When a resource becomes unstable, such as with a longer response time, the immediate impact on the resource is a gradual accumulation of threads. When the number of threads on a given resource accumulates to a certain amount, new requests for that resource will be rejected. The stacked thread finishes the task before continuing to receive requests.

• Degrade resources by response time

In addition to controlling the number of concurrent threads, Sentinel can quickly degrade volatile resources through response time. If the response time of a dependent resource is too long, all access to the resource will be denied until the specified time window is expired.

System adaptive protection

Sentinel also provides adaptive protection in the system dimension. Avalanche prevention is an important part of system protection. If the system continues to receive requests when the load is high, the system may crash and fail to respond. In a clustered environment, network load balancing redirects traffic destined for one machine to other machines. If other machines are in an edge state at the same time, the increased traffic will cause this machine to crash as well, resulting in the entire cluster becoming unavailable.

In this case, Sentinel provides a corresponding protection mechanism to balance the system’s incoming traffic with the system’s load, ensuring that the system can handle the most requests within its capacity.

Sentinel principle

The main working mechanism of Sentinel is as follows:

• Provides adaptive or display apis to mainstream frameworks to define resources to be protected, and provides facilities for real-time resource statistics and call link analysis.
• Traffic is controlled based on preset rules and real-time resource statistics. Sentinel also provides an open interface for you to define and change the rules.
• Sentinel provides a real-time monitoring system so that you can quickly learn about the current system status.

Sentinel use

Normal use

1. If the application uses POM projects, inpom.xmlAdd the following code to the file:

<dependency>
  <groupId>com.alibaba.csp</groupId>
  <artifactId>sentinel-core</artifactId>
  <version>, version 1.8.1</version>
</dependency>
Copy the code

2. Next, we use the Sentinel API for code that needs to control trafficSphU.entry("HelloWorld") 和 entry.exit()Just surround it. In the following example, we willSystem.out.println("hello world");This side of the code acts as a resource, surrounded by apis (buried points). The reference code is as follows:

while (true) {
  Entry entry = null;
  try {
    entry = SphU.entry("HelloWorld");
    /* Your business logic - start */
    System.out.println("hello world");
    TimeUnit.MILLISECONDS.sleep(10);
    /* Your business logic - end */
  } catch (BlockException e1) {
    /* Flow control logic processing - start */
    System.out.println("block!");
    /* Flow control logic processing - End */
  } catch (InterruptedException e) {
    e.printStackTrace();
  } finally {
    if(entry ! =null) { entry.exit(); }}}Copy the code

3. Next, the rule specifies the number of requests to allow the resource to pass, such as the following code that defines the resourceHelloWorldA maximum of 20 requests can pass per second.

// Rule configuration
private static void initFlowRules(a) {
  List<FlowRule> rules = new ArrayList<>();
  FlowRule rule = new FlowRule();
  rule.setResource("HelloWorld");
  rule.setGrade(RuleConstant.FLOW_GRADE_QPS);
  // Set limit QPS to 20.
  rule.setCount(20);
  rules.add(rule);
  FlowRuleManager.loadRules(rules);
}
Copy the code

4. After the Demo runs, we can log in~/logs/csp/${appName}-metrics.log.xxxSee the following output:

|--timestamp-|------date time----|-resource-|p |block|s |e|rt
1619954886000|2021-05-02 19:28:06|HelloWorld|20|1|20|0|12|0|0|0
1619954887000|2021-05-02 19:28:07|HelloWorld|20|3197|20|0|11|0|0|0
1619954888000|2021-05-02 19:28:08|HelloWorld|20|2857|20|0|11|0|0|0
Copy the code

P represents the passed requests, block represents the blocked requests, s represents the number of successfully executed requests, e represents user-defined exceptions, and RT represents the average response time.

As you can see, this program consistently outputs “Hello World” 20 times per second, which is the same as the preset threshold in the rule.

Annotation way

1. Sentinel provides@SentinelResourceAnnotations are used to define resources and provide AspectJ extensions for automatically defining resources and processingBlockExceptionAnd so on. useSentinel Annotation AspectJ ExtensionThe following dependencies need to be introduced when:

<dependency>
    <groupId>com.alibaba.csp</groupId>
    <artifactId>sentinel-annotation-aspectj</artifactId>
    <version>x.y.z</version>
</dependency>
Copy the code

2. The sample

// The corresponding 'handleException' function needs to be in the 'ExceptionUtil' class and must be public static.
// The corresponding return value should be the same as the current method
@SentinelResource(value = "createOrder", blockHandler = "blockHandler", blockHandlerClass = {ExceptionUtils.class})
@GetMapping("/createOrder")
public OrderDto createOrder(OrderDto dto) {
  return new OrderDto();
}

// ExceptionUtils
public class ExceptionUtils {

  public static OrderDto blockHandler(OrderDto dto, BlockException ex) {
    ex.printStackTrace();
		return null; }}Copy the code

@ SentinelResource annotations

Note: Annotated methods do not support private methods.

@sentinelResource defines resources and provides optional exception handling and fallback configuration items. The @sentinelResource annotation contains the following properties:

• Value: Resource name, required item (cannot be empty)

• EntryType: Indicates the entry type. The default value is entryType.out.

• BlockHandler/blockHandlerClass: Specifies the name of the function that handles blockExceptions corresponding to blockHandler. This parameter is optional. The access scope of the blockHandler function needs to be public, the return type needs to match the original method, the parameter type needs to match the original method, and the last parameter needs to be an extra parameter of type BlockException. The blockHandler function needs to be in the same class as the original method by default. If you want to use a function of another Class, you can specify blockHandlerClass as a Class object of that Class. Note that the corresponding function must be static, otherwise it cannot be resolved.

• Fallback/fallbackClass: Name of the fallback function, optional, that provides fallback processing logic when an exception is thrown. The fallback function handles all types of exceptions except those excluded from exceptionsToIgnore. Fallback function signature and location requirements:

  • The return type must be the same as the return type of the original function;

  • The method argument list needs to be the same as the original function, or an additional Throwable argument can be used to receive the corresponding exception.

  • By default, the fallback function needs to be in the same class as the original method. If you want to use a function of another Class, you can specify fallbackClass as a Class object of the corresponding Class. Note that the corresponding function must be static, otherwise it cannot be resolved.

• DefaultFallback (since 1.6.0) : the defaultFallback function name, which is optional and is usually used for generic fallback logic (that is, it can be used for many services or methods). The default fallback function handles all types of exceptions except those excluded from exceptionsToIgnore. If both FallBack and defaultFallback are configured, only FallBack takes effect. DefaultFallback function signature requirements:

  • The return type must be the same as the return type of the original function;

  • The method argument list needs to be empty, or an additional Throwable parameter can be used to receive the corresponding exception.

  • The defaultFallback function needs to be in the same class as the original method by default. If you want to use a function of another Class, you can specify fallbackClass as a Class object of the corresponding Class. Note that the corresponding function must be static, otherwise it cannot be resolved.

• ExceptionsToIgnore (since 1.6.0) : This is used to specify which exceptions are excluded, are not counted in the exception statistics, and do not enter fallback logic, but are thrown as is. Since version 1.8.0, defaultFallback supports configuration at the class level.

Note: The fallback function before 1.6.0 only handles DegradeException, not service exception.

In particular, if both blockHandler and Fallback are configured, only blockHandler processing logic will be entered when BlockException is thrown due to stream limiting degradation. If blockHandler, FallBack, and defaultFallback are not configured, BlockException thrown directly when they are current limiting the drop (if the method itself undefined throws BlockException packing layer would be JVM UndeclaredThrowableException).

Sentinel console

1. Download console program address:

https://github.com/alibaba/Sentinel/releases/tag/1.8.1
Copy the code

2. Start the command

Java - Dserver. Port = 8089 - Dcsp. Sentinel. Dashboard. Server = 127.0.0.1:8089 - Dproject. Name = sentinel - dashboard - jar Sentinel dashboard -, version 1.8.1. JarCopy the code

3. Login account: The default login account and password are sentinel
4. After logging in to the console, we can configure our services through the right menu

reference

Github.com/alibaba/Sen…