Sentinel:

Please refer to the Chinese official website: github.com/alibaba/Sen…

Main features:

  • Rich application scenarios: Sentinel has undertaken the core scenarios of Alibaba’s double Eleven traffic drive in the past 10 years, such as SEC killing (i.e. burst traffic control within the range of system capacity), message peaking and valley filling, cluster flow control, real-time fusing of unavailable downstream applications, etc.
  • Complete real-time monitoring: Sentinel also provides real-time monitoring capabilities. From the console, you can see a summary of the performance of a single machine-by-second data, or even a cluster of less than 500 machines, for accessing the application.
  • Extensive Open source ecosystem: Sentinel provides out-of-the-box integration modules with other open source frameworks/libraries, such as Spring Cloud, Dubbo, and gRPC. You can quickly access Sentinel by introducing the appropriate dependencies and simple configuration.
  • Sophisticated SPI extension points: Sentinel provides an easy-to-use, sophisticated SPI extension interface. You can quickly customize the logic by implementing an extension interface. For example, customize rule management and adapt dynamic data sources.

Open source ecology:

Example reference address: github.com/alibaba/Sen…

Working principle:

  • NodeSelectorSlotCollect the paths of resources and store the call paths of these resources in a tree structure for limiting traffic degradation according to the call paths;
  • ClusterBuilderSlotThe statistics of the storage resource and caller information, such as RT, QPS, thread count of the resource, will be used as the basis for multi-dimensional flow limiting and degradation;
  • StatisticSlotIt is used to record and statistics the monitoring information of runtime indicators in different latitudes.
  • FlowSlotIs used for traffic control according to preset traffic limiting rules and slot statistics.
  • AuthoritySlotAccording to the configuration of the blacklist and whitelist and call source information, to do the blacklist and whitelist control;
  • DegradeSlotBy statistics and preset rules, to do the circuit breaker downgrade;
  • SystemSlotThe total inlet flow is controlled by the state of the system, such as load1.

Flow control monitors application traffic indicators, such as QPS or concurrent threads, and controls the traffic when it reaches a specified threshold to avoid being overwhelmed by instantaneous traffic peaks and ensure high availability of applications.

FlowSlot controls traffic based on preset rules and real-time information collected by NodeSelectorSlot, ClusterBuilderSlot, and StatisticSlot.

A FlowException is thrown when Entry nodeA = SphU. Entry (resourceName) is executed. FlowException is a subclass of BlockException. You can capture BlockException from the definition of the processing logic after the flow is restricted.

Multiple traffic limiting rules can be created for a resource. FlowSlot traverses all the limited flow rules of the resource until a rule triggers flow limiting or all the rules are traversed.

A traffic limiting rule mainly consists of the following factors, which can be combined to achieve different traffic limiting effects:

  • resource: Resource name, which is the object of the traffic limiting rule
  • count: Indicates the traffic limiting threshold
  • grade: Traffic limiting threshold type (QPS or number of concurrent threads)
  • limitApp: Call source for flow control, ifdefaultThe source of the call is not distinguished
  • strategy: Invokes the relational traffic limiting policy
  • controlBehavior: Flow control effect (direct rejection, Warm Up, uniform queuing)

Cluster traffic limiting Architecture Diagram:

Gateway flow control design drawing:

Sentinel 1.6.0 introduces the Sentinel API Gateway Adapter Common module, which contains rules for Gateway traffic limiting and entity and management logic for custom apis:

  • GatewayFlowRule: Gateway traffic limiting rule: traffic limiting rules customized for THE SCENARIO of the API Gateway. Traffic limiting rules can be customized for different routes or user-defined API groups. Traffic limiting rules can be customized for parameters, headers, and source IP addresses in requests.
  • ApiDefinition: user-defined API defined groups, which can be regarded as combinations of URL matches. For example, we could define an API calledmy_api, request path mode is/foo/**/baz/**All go tomy_apiThis API is grouped below. When limiting traffic, you can limit traffic for this user-defined API grouping dimension.

The fields of GatewayFlowRule are described as follows:

  • resource: Resource name, which can be the route name in the gateway or user-defined API group name.
  • resourceMode: the rule is a route for the API Gateway (RESOURCE_MODE_ROUTE_ID) or the API grouping defined by users in Sentinel (RESOURCE_MODE_CUSTOM_API_NAME), default is route.
  • grade: Indicates the traffic limiting indicator dimension, which belongs to the traffic limiting rulegradeField.
  • count: Indicates the traffic limiting threshold
  • intervalSec: Indicates the statistical time window, in seconds. The default value is 1 second.
  • controlBehavior: The control effect of traffic shaping is the same as the traffic limiting rulecontrolBehaviorCurrently, the fast failure mode and uniform queuing mode are supported. The default mode is fast failure.
  • burst: The number of additional requests allowed to respond to unexpected requests.
  • maxQueueingTimeoutMs: Indicates the maximum queuing time in uniform queuing mode, in milliseconds. It takes effect only in uniform queuing mode.
  • paramItem: Parameter traffic limiting configuration. If this parameter is not provided, it indicates that traffic limiting is not implemented for parameters, and the gateway rule is converted to a common flow control rule. Otherwise, the hotspot rule is converted. The fields:
    • parseStrategy: policy for extracting parameters from requests, currently supporting extracting source IP (PARAM_PARSE_STRATEGY_CLIENT_IP), the Host (PARAM_PARSE_STRATEGY_HOST), any Header (PARAM_PARSE_STRATEGY_HEADER) and any URL argument (PARAM_PARSE_STRATEGY_URL_PARAM) Four modes.
    • fieldName: If Header or URL mode is selected for the extraction policy, you need to specify the corresponding Header or URL name.
    • pattern: Matching mode of parameter values. Only request attribute values matching this mode will be included in statistics and flow control; If empty, all values of the request attribute are counted. (Supported from version 1.6.2)
    • matchStrategy: Matching policy for parameter values, currently supporting exact matching (PARAM_MATCH_STRATEGY_EXACT), substring matching (PARAM_MATCH_STRATEGY_CONTAINS) and regular matching (PARAM_MATCH_STRATEGY_REGEX). (Supported from version 1.6.2)

Users can GatewayRuleManager. LoadRules manually loading gateway rules (rules), Or through GatewayRuleManager. Register2Property (property) dynamic push registration rules of dynamic source (recommended).

Implementation principle of gateway flow control

When the GatewayFlowRule is loaded through GatewayRuleManager, Sentinel will transform the GatewayFlowRule into ParamFlowRule at the bottom level, regardless of whether flow limiting is carried out for request attributes. Stored in GatewayRuleManager, isolated from normal hotspot parameter rules. During the conversion, Sentinel will set the parameter index (IDX) for the gateway flow control rule according to the configuration of request attributes, and synchronize it to the generated hotspot parameter rule.

When an external request enters the API Gateway, it passes through the Filter implemented by Sentinel, which performs routing /API grouping matching, request attribute resolution, and parameter assembly in turn. Sentinel will parse the request attributes according to the configured gateway flow control rules, and assemble the parameter array according to the parameter index order, and finally pass it into SPHU.Entry (RES, ARGS). The Sentinel API Gateway Adapter Common module adds a GatewayFlowSlot to the Slot Chain for checking Gateway rules. The GatewayFlowSlot extracts generated hotspot parameter rules from the GatewayRuleManager and checks the rules according to the incoming parameters. If a rule is not specific to the request attribute, the default constant is placed at the last position of the parameter, which achieves the effect of ordinary flow control.