In our daily life, we often participate in the second kill, rush purchase and some preferential activities of goods on platforms such as Taobao, tmall, jd.com and pinduoduo. We also use 12306 mobile APP to grab train tickets and high-speed rail tickets on holidays. Sometimes we even help colleagues and friends to vote and brush tickets for their children, Without exception, these scenarios will cause a surge in server traffic, resulting in the inability to display web pages, slow APP response, abnormal function, and even the collapse of the whole website.
How can we ensure the safe operation of various businesses and the system will not collapse under any circumstances when these business flows are changeable? When the system load is too high, we can use three measures to protect the system: current limiting, degradation and fusing, which led to the birth of some flow control middleware. For example, Sentinel.
1, Overview
Sentinel (traffic guard of distributed system) is an open source comprehensive solution for service fault tolerance. Taking traffic as the starting point, it protects the stability of service from multiple dimensions such as traffic control, fuse degradation and system load protection.
Sentinel has undertaken the core scenarios of Alibaba's double 11 traffic promotion in recent 10 years, such as spike (i.e. burst traffic control within the range of system capacity), message peak cutting and valley filling, cluster traffic control, real-time fusing downstream unavailable applications, etc.
Two major components:
- Java client: it can run in all Java runtime environments, and also has good support for Dubbo /Spring Cloud and other frameworks.
- Dashboard: it is developed based on Spring Boot and can be run directly after packaging.
2, Installation
1.Sentinel is a jar package. We need to download and run this jar package
2. Run the jar package with the specified command under the jar package directory
java -Dserver.port=8180 -Dcsp.sentinel.dashboard.server=localhost:8180 -Dproject.name=sentinel-dashboard -jar sentinel-dashboard-1.8.0.jar
3. When accessing port 8180, the account password is sentinel by default. The following page appears to indicate that the access is successful
4. Is it too troublesome to start every time? We add scripts in the IDEA to start quickly
The first line is the java.exe file directory in bin in jdk
The second line is the command specified by the runtime. Just remove the preceding java prefix
The third line is the directory where the jar file is located
After adding, we can quickly start in the IDEA
3, Sentinel current limiting
As the name suggests, current limiting is to limit the flow
Purpose: to prevent malicious request traffic, malicious attacks, or system crashes caused by traffic exceeding the system peak.
1. Import pom file
First, you need to import pom dependencies, which are generally imported on the consumer side
//sentinel dependency <dependency> <groupId>com.alibaba.cloud</groupId> <artifactId>spring-cloud-starter-alibaba-sentinel</artifactId> </dependency> //Health monitoring dependence <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency>
2. Configuration file
spring: cloud: sentinel: transport: port: 8099 #The port for communicating with sentinel console can be arbitrarily specified as an unused port, which can be omitted dashboard: localhost:8180 # Specify the sentinel console address.
3. Run view
Start the service provider and service consumer, visit a url and enter Sentinel control panel to view
The monitoring is successful. Next, we limit the traffic
4. Current limiting
1. Find the corresponding resource name in the cluster link and add a flow control rule
QPS: the number of requests per second
Stand alone threshold: number of requests allowed per second
2. Test more than one access per second
Current throttling succeeded. You can only access it once per second
3. Advanced current limiting - direct mode
Sentinel's default flow control processing method is direct mode
4. Advanced current limiting - correlation mode
When the associated resource reaches the threshold, it limits itself. For example, when the associated resource is set to / ur2, if the qps threshold of the associated resource / url2 exceeds 1, the current / url1 interface will be limited (do you feel very overbearing and the associated resource reaches the threshold, the current of the resource interface is limited). What are the application scenarios of this association pattern? For example, there are two important interfaces in order service, one is to read order information and the other is to write order information. In high concurrency business scenarios, both interfaces will occupy resources. If the access to the read interface is too large, the performance of the write interface will be affected. In business, if we want to write orders, we should give priority to the write order interface. Then you can use the association pattern; Set the write interface on the associated resource, and set the read interface for the resource name; This gives priority to writing. Once there are many write requests, the read requests are limited.
Summary is a sentence, sacrifice yourself and save others
At this time, we open two port services, crazy access to Echo2, and observe whether Echo1 is restricted
You can see that 1 is accessed again after crazy access to 2, and access to 1 is restricted
4. Advanced current limiting - link mode
The link mode only records the traffic at the specified link entrance. That is, when multiple services call the specified resource, if the traffic exceeds the specified threshold, the flow will be limited.
Note: when the flow control mode is the link mode, if sentinel is later than 1.7.2, the Sentinel Web filter will aggregate all URL entries as sentinel by default_ spring_ web_ Context. Therefore, limiting the current of the specified link alone will not take effect. You need to add the following statement in application.yml to turn off URL PATH aggregation.
sentinel: web-context-unify: false
An error occurs when frequently accessing the path under the specified link. If it is not under the specified link, it is OK.
Note:
Current limiting algorithm: counter, token bucket, funnel algorithm, sliding window algorithm
4, Sentinel downgrade
In addition to flow control, fusing and degrading unstable resources in the call link is also one of the important measures to ensure high availability. Due to the complexity of the call relationship, if a resource in the call link is unstable, it will eventually lead to the accumulation of requests.
Sentinel will restrict the call of a resource when it is in an unstable state in the call link (for example, the call timeout or the abnormal proportion increases), so as to make the request fail quickly and avoid affecting other resources and causing cascading errors. When a resource is degraded, calls to the resource will be automatically fused within the next degradation time window
1. Design slow call
@Controller public class Jangji { private AtomicLong aLong=new AtomicLong(1); public void jiangji() throws InterruptedException { long num = aLong.getAndIncrement(); if(num%2==0){ Thread.sleep(200);//Simulate time-consuming operations } } }
The code means to delay 200 milliseconds for 50% of requests. Here, the system design considers that more than 200 milliseconds is a slow call
Inject and call the jiangji method in the Echo1 request
2. Degradation
Here, it indicates that the fusing strategy is a slow call ratio. It indicates that when the number of link requests exceeds 3, if the average response time exceeds 30% of 200 milliseconds, the request will be fusing. The fusing time is 10 seconds, and it will return to normal after 10 seconds.
3. Exception handling
The default is to return the default exception. We can customize the exception
//Custom current limiting exception handling object //If the service is restricted or degraded, the interceptor provided by sentinel will call this method for exception handling @Component public class ServiceBlockExceptionHandler implements BlockExceptionHandler { @Override public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, BlockException e) throws Exception { //1) What is used to output data (write data) to the client? Output stream object //2) How do I get the output stream object? (in the standard Java EE specification, the HttpServletResponse object is used) //3) When outputting data to the client, what should be done in addition to responding to business data? //Set the encoding of the response data httpServletResponse.setCharacterEncoding("utf-8"); //Tell the browser the data type that the server responds to it and what code to display // httpServletResponse.setContentType("text/html;charset=utf-8"); /*There are many kinds of clients, not necessarily browsers, mobile phones, cars, etc...., For compatibility, it is returned with a unified json string*/ httpServletResponse.setContentType("application/json;charset=utf-8"); //Response business data PrintWriter out=httpServletResponse.getWriter(); Map<String,Object> map=new HashMap<>(); map.put("status", 429); if(e instanceof DegradeException){//DegradeException degradation exception // Out. Println ("< H2 > service temporarily unavailable < / H2 >"); map.put("message","The service is temporarily unavailable"); }else{ // Out. Println ("< H2 > access is too frequent, wait a moment and then access < / H2 >"); map.put("message","Visit too often,Wait a moment and visit again"); } //Convert the map object to a json format string String jsonStr= new ObjectMapper().writeValueAsString(map); out.println(jsonStr);//Output json string out.flush();//All character streams should be refreshed } }
5, Sentinel hotspot rules
Hot spots are frequently accessed data --- microblog hot search
Hotspot parameter current limiting will count the hotspot data in the incoming parameters, and limit the current of resource calls containing hotspot parameters according to the configured current limiting threshold and mode. Hotspot parameter current limiting can be regarded as a special flow control, which is only effective for resource calls containing hotspot parameters. Sentinel will use the LRU policy to count the most frequently accessed hotspot parameters recently, and combine the token bucket algorithm for parameter level flow control.
1. Define hot business code
@GetMapping("consumer/findById") @SentinelResource("res") public String doFindById(Integer id,String name){ return "Resource id is"+id+name; }
2. Add the hotspot link to be current limited
The parameter index is the subscript of the method parameter annotated by @ SentinelResource. 0 represents the first parameter and 1 represents the second parameter. The stand-alone threshold and the duration of the statistical window indicate that the current is limited every two seconds after more than one access in this window.
3. Specify parameter current limit for hot spot
Hotspot parameter: in fact, it is a special flow control, and the flow control setting is for the whole request; However, the hotspot parameter can be set to a specific parameter or even the value of the parameter, so that flow control management can be more flexible.
If the first parameter value is 5, the current will be limited when it reaches 100 accesses per second, and for other values, the access will be limited once per second
6, Sentinel authorization rules
In many cases, we need to restrict whether resources can pass according to the caller. At this time, we can use Sentinel's black-and-white list control function. The black-and-white list restricts whether a resource can pass or not according to the request origin of the resource. If a white list is configured, it can pass only when the request source is in the white list; If the blacklist is configured, the request will not pass if the request source is in the blacklist, and the other requests will pass.
1. Based on parameters
Define request parser
//Define a request source resolution object to resolve the specified data in the request based on this object //Then the Sentinel bottom layer will process the return value of this interface method based on the definition of the rule @Component public class DefaultRequestOriginParser implements RequestOriginParser { @Override public String parseOrigin(HttpServletRequest request) { //Get the request parameter data, and the parameter name can be written by yourself //http://ip:port/path?origin=app1 return request.getParameter("origin"); }
New authorization rule
Access with parameters in the blacklist
If you successfully join the blacklist, app1app2 is inaccessible and other accesses are normal. Otherwise, the whitelist is normal and others are inaccessible
2. Based on IP address
Define request parser
@Component public class DefaultRequestOriginParser implements RequestOriginParser { @Override public String parseOrigin(HttpServletRequest request) { //The ip address in the access request is designed based on the black-and-white list String ip=request.getRemoteAddr(); System.out.println(ip); return ip; } }
New authorization rule
Access with parameters in the blacklist
Access from other IP
The test is successful. Specify the IP inaccessible resources in the blacklist
3. Based on request header
Define request parser
@Component public class DefaultRequestOriginParser implements RequestOriginParser { @Override public String parseOrigin(HttpServletRequest request) { String token=request.getHeader("token"); return token; }//The value of the black-and-white list of authorization rules, which comes from the return value of this method }
New authorization rule
Access with parameters in the blacklist
The test is successful, the access with the specified request header fails, and others are normal
summary
- Why limit current? (the system cannot withstand high concurrency, resulting in downtime)
- Sentinel's current limiting rules? (threshold type - QPS & number of threads, current limiting mode - direct, association, link)
- Sentinel's downgrading (fusing) strategy? (slow call, exception ratio, different constant)
- Sentinel system rule design? (understand that the global rule definition is valid for all requests)
- Sentinel authorization rule design? (black and white list)
- What current limiting frameworks do you know? (sentinel)
- What are the commonly used current limiting algorithms? (counting, token bucket - movie ticket, leaky bucket - funnel, sliding window)
- Hotspot data in Sentinel's hotspot rules? (microblog hot search)