Successfully reported this slideshow.

Troubleshooting Kafka's socket server: from incident to resolution

26

Share

Nov. 19, 2015
26 likes 6,455 views
Upcoming SlideShare
Apache Kafka Best Practices
Apache Kafka Best Practices
Loading in …3
×
1 of 68
1 of 68

Troubleshooting Kafka's socket server: from incident to resolution

Nov. 19, 2015
26 likes 6,455 views

26

Share

Download to read offline

Data & Analytics

LinkedIn’s Kafka deployment is nearing 1300 brokers that move close to 1.3 trillion messages a day. While operating Kafka smoothly even at this scale is testament to both Kafka’s scalability and the operational expertise of LinkedIn SREs we occasionally run into some very interesting bugs at this scale. In this talk I will dive into a production issue that we recently encountered as an example of how even a subtle bug can suddenly manifest at scale and cause a near meltdown of the cluster. We will go over how we detected and responded to the situation, investigated it after the fact and summarize some lessons learned and best-practices from this incident.

LinkedIn’s Kafka deployment is nearing 1300 brokers that move close to 1.3 trillion messages a day. While operating Kafka smoothly even at this scale is testament to both Kafka’s scalability and the operational expertise of LinkedIn SREs we occasionally run into some very interesting bugs at this scale. In this talk I will dive into a production issue that we recently encountered as an example of how even a subtle bug can suddenly manifest at scale and cause a near meltdown of the cluster. We will go over how we detected and responded to the situation, investigated it after the fact and summarize some lessons learned and best-practices from this incident.

Data & Analytics

Recommended

More Related Content

Slideshows for you

Kafka At Scale in the Cloud
confluent
The Good, The Bad, and The Avro (Graham Stirling, Saxo Bank and David Navalho...
confluent
Introduction to Apache Kafka
Jeff Holoman
Kafka at scale facebook israel
Gwen (Chen) Shapira
Apache Kafka - Martin Podval
Martin Podval
Reliability Guarantees for Apache Kafka
confluent
Architecture of a Kafka camus infrastructure
mattlieber
... No it's Apache Kafka!
makker_nl
Apache Kafka – (Pattern and) Anti-Pattern
confluent
Kafka Reliability - When it absolutely, positively has to be there
Gwen (Chen) Shapira
Exactly-once Semantics in Apache Kafka
confluent
Apache Bookkeeper and Apache Zookeeper for Apache Pulsar
Enrico Olivelli
Building Stream Infrastructure across Multiple Data Centers with Apache Kafka
Guozhang Wang
Kafka Needs no Keeper( Jason Gustafson & Colin McCabe, Confluent) Kafka Summi...
confluent
kafka for db as postgres
PivotalOpenSourceHub
Streaming in Practice - Putting Apache Kafka in Production
confluent
Kafka 101
Clement Demonchy
Multi-Cluster and Failover for Apache Kafka - Kafka Summit SF 17
Gwen (Chen) Shapira
When it Absolutely, Positively, Has to be There: Reliability Guarantees in Ka...
confluent

Similar to Troubleshooting Kafka's socket server: from incident to resolution

High Scalability Toronto: Meetup #2
ScribbleLive
Metrics Are Not Enough: Monitoring Apache Kafka and Streaming Applications
confluent
How the OOM Killer Deleted My Namespace
Laurent Bernaille
SFBigAnalytics_20190724: Monitor kafka like a Pro
Chester Chen
Netflix Keystone Pipeline at Big Data Bootcamp, Santa Clara, Nov 2015
Monal Daxini
Starting Your DevOps Journey – Practical Tips for Ops
Dynatrace
Capital One Delivers Risk Insights in Real Time with Stream Processing
confluent
Monitoring Apache Kafka
confluent
Kafka Multi-Tenancy - 160 Billion Daily Messages on One Shared Cluster at LINE
kawamuray
Oracle Fuson Middleware Diagnostics, Performance and Troubleshoot
Michel Schildmeijer
Tales from the WebLogic Frontline
SteveMillidge
Netflix Data Pipeline With Kafka
Allen (Xiaozhong) Wang
Tachyon_meetup_5-28-2015-IBM
Shaoshan Liu
Multitenancy: Kafka clusters for everyone at LINE
kawamuray
Netflix Data Pipeline With Kafka
Steven Wu
Strata+Hadoop 2017 San Jose: Lessons from a year of supporting Apache Kafka
confluent
OOW09 Ebs Tuning Final
jucaab
Fast Big Data Analytics with Spark on Tachyon
Alluxio, Inc.
Vmwareperformancetroubleshooting 100224104321-phpapp02
Suresh Kumar
NoCOUG_201411_Patel_Managing_a_Large_OLTP_Database
Paresh Patel

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 30 day trial from Scribd

See all
Probability, Markov Chains, Queues, and Simulation: The Mathematical Basis of Performance Modeling William J. Stewart
(2/5)
Free
Numerical Methods for Stochastic Computations: A Spectral Method Approach Dongbin Xiu
(5/5)
Free
Business Analysis Debra Paul
(4.5/5)
Free
Learn to Write DAX: A practical guide to learning Power Pivot for Excel and Power BI Matt Allington
(4/5)
Free
Python Data Science Essentials - Second Edition Luca Massaron
(4/5)
Free
Power Pivot and Power BI: The Excel User's Guide to DAX, Power Query, Power BI & Power Pivot in Excel 2010-2016 Rob Collie
(4.5/5)
Free
Supercharge Excel: When you learn to Write DAX for Power Pivot Matt Allington
(0/5)
Free
Guerrilla Data Analysis Using Microsoft Excel: 2nd Edition Covering Excel 2010/2013 Oz du Soleil
(3/5)
Free
Python Machine Learning Sebastian Raschka
(4/5)
Free
Outnumbered: From Facebook and Google to Fake News and Filter-bubbles – The Algorithms That Control Our Lives David Sumpter
(5/5)
Free
Data Model Patterns: A Metadata Map David C. Hay
(3/5)
Free
Computational Economics David A. Kendrick
(0/5)
Free
Data Visualization: a successful design process Andy Kirk
(4/5)
Free
Agent-Based and Individual-Based Modeling: A Practical Introduction, Second Edition Steven F. Railsback
(4/5)
Free
Dynamic Models in Biology Stephen P. Ellner
(3/5)
Free
Getting to Know Web GIS Pinde Fu
(4/5)
Free

Related Audiobooks

Free with a 30 day trial from Scribd

See all
Advances in Financial Machine Learning Marcos López de Prado
(5/5)
Free
Data Visualization Guide: Clear Introduction to Data Mining, Analysis, and Visualization Alex Campbell
(0/5)
Free
Machine Learning in Python: Hands on Machine Learning with Python Tools, Concepts and Techniques Bob Mather
(4.5/5)
Free
Data Mining and Analytics: Ultimate Guide to the Basics of Data Mining, Analytics and Metrics Alex Campbell
(0/5)
Free
Data Science for Beginners: Comprehensive Guide to Most Important Basics in Data Science Alex Campbell
(0/5)
Free
Data Visualization: Clear Introduction to Data Visualization with Python. Proper Guide for Data Scientist. Alex Campbell
(0/5)
Free
Python Guide: Clear Introduction to Python Programming and Machine Learning Alex Campbell
(0/5)
Free

Troubleshooting Kafka's socket server: from incident to resolution

  1. 1. Troubleshooting Kafka’s socket server from incident to resolution Joel Koshy LinkedIn
  2. 2. The incident Occurred a few days after upgrading to pick up quotas and SSL Multi-port KAFKA-1809 KAFKA-1928 SSL KAFKA-1690 x25 x38 October 13 Various quota patches June 3April 5 August 18
  3. 3. The incident Broker (which happened to be controller) failed in our queuing Kafka cluster
  4. 4. The incident ● Alerts fire; NOC engages SYSOPS/Kafka-SRE ● Kafka-SRE restarts the broker ● Broker failure does not generally cause prolonged application impact ○ but in this incident…
  5. 5. The incident Multiple applications begin to report “issues”: socket timeouts to Kafka cluster Posts search was one such impacted application
  6. 6. The incident Two brokers report high request and response queue sizes
  7. 7. The incident Two brokers report high request queue size and request latencies
  8. 8. The incident ● Other observations ○ High CPU load on those brokers ○ Throughput degrades to ~ half the normal throughput ○ Tons of broken pipe exceptions in server logs ○ Application owners report socket timeouts in their logs
  9. 9. Remediation Shifted site traffic to another data center “Kafka outage ⇒ member impact Multi-colo is critical!
  10. 10. Remediation ● Controller moves did not help ● Firewall the affected brokers ● The above helped, but cluster fell over again after dropping the rules ● Suspect misbehaving clients on broker failure ○ … but x25 never exhibited this issue sudo iptables -A INPUT -p tcp --dport <broker-port> -s <other-broker> -j ACCEPT sudo iptables -A INPUT -p tcp --dport <broker-port> -j DROP
  11. 11. “Good dashboards/alerts Skilled operators Clear communication Audit/log all operations CRM principles apply to operations
  12. 12. Remediation Friday night ⇒ roll-back to x25 and debug later … but SREs had to babysit the rollback x38 x38 x38 x38 Rolling downgrade
  13. 13. Remediation Friday night ⇒ roll-back to x25 and debug later … but SREs had to babysit the rollback x38 x38 x38 x38 Rolling downgrade Move leaders
  14. 14. Remediation Friday night ⇒ roll-back to x25 and debug later … but SREs had to babysit the rollback x38 x38 x38 x38 Rolling downgrade Firewall
  15. 15. Remediation Friday night ⇒ roll-back to x25 and debug later … but SREs had to babysit the rollback x38 x38 x38 Rolling downgrade Firewall x25
  16. 16. Remediation Friday night ⇒ roll-back to x25 and debug later … but SREs had to babysit the rollback x38 x38 x38 Rolling downgrade x25 Move leaders
  17. 17. … oh and BTW be careful when saving a lot of public-access/server logs: ● Can cause GC [Times: user=0.39 sys=0.01, real=8.01 secs] ● Use ionice or rsync --bwlimit low low high
  18. 18. The investigation
  19. 19. ● Test cluster ○ Tried killing controller ○ Multiple rolling bounces ○ Could not reproduce ● Upgraded the queuing cluster to x38 again ○ Could not reproduce ● So nothing… Attempts at reproducing the issue
  20. 20. Understanding queue backups…
  21. 21. API layer Life-cycle of a Kafka request Network layer Acceptor Processor Processor Processor Processor Response queue Response queue Response queue Response queue Request queue API handler API handler API handler Clientconnections Purgatory Quota manager
  22. 22. API layer Life-cycle of a Kafka request Network layer Acceptor Processor Processor Processor Processor Response queue Response queue Response queue Response queue Request queue API handler API handler API handler Clientconnections Purgatory Quota manager New connections
  23. 23. API layer Life-cycle of a Kafka request Network layer Acceptor Processor Processor Processor Processor Response queue Response queue Response queue Response queue Request queue API handler API handler API handler Clientconnections Purgatory New connections Read request Quota manager and then turn off read interest from that connection (for ordering)
  24. 24. API layer Life-cycle of a Kafka request Network layer Acceptor Processor Processor Processor Processor Response queue Response queue Response queue Response queue Request queue API handler API handler API handler Clientconnections Purgatory New connections Read request Quota manager Await handling Total time = queue-time
  25. 25. API layer Life-cycle of a Kafka request Network layer Acceptor Processor Processor Processor Processor Response queue Response queue Response queue Response queue Request queue API handler API handler API handler Clientconnections Purgatory New connections Read request Quota manager Await handling Total time = queue-time Handle request + local-time
  26. 26. API layer Life-cycle of a Kafka request Network layer Acceptor Processor Processor Processor Processor Response queue Response queue Response queue Response queue Request queue API handler API handler API handler Clientconnections Purgatory New connections Read request Quota manager Await handling Total time = queue-time Handle request + local-time + remote-time long-poll requests
  27. 27. API layer Life-cycle of a Kafka request Network layer Acceptor Processor Processor Processor Processor Response queue Response queue Response queue Response queue Request queue API handler API handler API handler Clientconnections Purgatory New connections Read request Quota manager Await handling Total time = queue-time Handle request + local-time + remote-time long-poll requests Hold if quota violated + quota-time
  28. 28. API layer Life-cycle of a Kafka request Network layer Acceptor Processor Processor Processor Processor Response queue Response queue Response queue Response queue Request queue API handler API handler API handler Clientconnections Purgatory New connections Read request Quota manager Await handling Total time = queue-time Handle request + local-time + remote-time long-poll requests Hold if quota violated + quota-time Await processor + response-queue-time
  29. 29. API layer Life-cycle of a Kafka request Network layer Acceptor Processor Processor Processor Processor Response queue Response queue Response queue Response queue Request queue API handler API handler API handler Clientconnections Purgatory New connections Read request Quota manager Await handling Total time = queue-time Handle request + local-time + remote-time long-poll requests Hold if quota violated + quota-time Await processor + response-queue-time Write response + response-send-time
  30. 30. API layer Life-cycle of a Kafka request Network layer Acceptor Processor Processor Processor Processor Response queue Response queue Response queue Response queue Request queue API handler API handler API handler Clientconnections Purgatory New connections Read request Quota manager Await handling Total time = queue-time Handle request + local-time + remote-time long-poll requests Hold if quota violated + quota-time Await processor + response-queue-time Write response + response-send-time Turn read interest back on from that connection
  31. 31. Investigating high request times ● Total time is useful for monitoring ● but high total time is not necessarily bad
  32. 32. Investigating high request times ● Total time is useful for monitoring ● but high total time is not necessarily bad Low
  33. 33. Investigating high request times ● Total time is useful for monitoring ● but high total time is not necessarily bad Low High but “normal” (purgatory)
  34. 34. Investigating high request times ● First look for high local time ○ then high response send time ■ then high remote (purgatory) time → generally non-issue (but caveats described later) ● High request queue/response queue times are effects, not causes
  35. 35. High local times during incident (e.g., fetch)
  36. 36. How are fetch requests handled? ● Get physical offsets to be read from local log during response ● If fetch from follower (i.e., replica fetch): ○ If follower was out of ISR and just caught-up then expand ISR (ZooKeeper write) ○ Maybe satisfy eligible delayed produce requests (with acks -1) ● Else (i.e., consumer fetch): ○ Record/update byte-rate of this client ○ Throttle the request on quota violation
  37. 37. Could these cause high local times? ● Get physical offsets to be read from local log during response ● If fetch from follower (i.e., replica fetch): ○ If follower was out of ISR and just caught-up then expand ISR (ZooKeeper write) ○ Satisfy eligible delayed produce requests (with acks -1) ● Else (i.e., consumer fetch): ○ Record/update byte-rate of this client ○ Throttle the request on quota violation Not using acks -1 Should be fast Maybe Should be fast Delayed outside API thread
  38. 38. ISR churn?
  39. 39. ● Low ZooKeeper write latencies ● Churn in this incident: effect of some other root cause ● Long request queues can cause churn ○ ⇒ follower fetches timeout ■ ⇒ fall out of ISR (ISR shrink happens asynchronously in separate thread) ○ Outstanding fetch catches up and ISR expands ISR churn? … unlikely
  40. 40. High local times during incident (e.g., fetch) Besides, fetch-consumer (not just follower) has high local time
  41. 41. Could these cause high local times? ● Get physical offsets to be read from local log during response ● If fetch from follower (i.e., replica fetch): ○ If follower was out of ISR and just caught-up then expand ISR (ZooKeeper write) ○ Satisfy eligible delayed produce requests (with acks -1) ● Else (i.e., consumer fetch): ○ Record/update byte-rate of this client ○ Throttle the request on quota violation Not using acks -1 Should be fast Should be fast Delayed outside API thread Test this…
  42. 42. Maintains byte-rate metrics on a per-client-id basis 2015/10/10 03:20:08.393 [] [] [] [logger] Completed request:Name: FetchRequest; Version: 0; CorrelationId: 0; ClientId: 2c27cc8b_ccb7_42ae_98b6_51ea4b4dccf2; ReplicaId: -1; MaxWait: 0 ms; MinBytes: 0 bytes from connection <clientIP>:<brokerPort>-<localAddr>;totalTime:6589, requestQueueTime:6589,localTime:0,remoteTime:0,responseQueueTime:0,sendTime:0, securityProtocol:PLAINTEXT,principal:ANONYMOUS Quota metrics ??!
  43. 43. Quota metrics - a quick benchmark for (clientId ← 0 until N) { timer.time { quotaMetrics.recordAndMaybeThrottle(sensorId, 0, DefaultCallBack) } }
  44. 44. Quota metrics - a quick benchmark
  45. 45. Quota metrics - a quick benchmark Fixed in KAFKA-2664
  46. 46. meanwhile in our queuing cluster… due to climbing client-id counts
  47. 47. Rolling bounce of cluster forced the issue to recur on brokers that had high client- id metric counts ○ Used jmxterm to check per-client-id metric counts before experiment ○ Hooked up profiler to verify during incident ■ Generally avoid profiling/heapdumps in production due to interference ○ Did not see in earlier rolling bounce due to only a few client-id metrics at the time
  48. 48. MACRO ● Observe week-over-week trends ● Formulate theories ● Test theory (micro-experiments) ● Deploy fix and validate MICRO (live debugging) ● Instrumentation ● Attach profilers ● Take heapdumps ● Trace-level logs, tcpdump, etc. Troubleshooting: macro vs micro
  49. 49. MACRO ● Observe week-over-week trends ● Formulate theories ● Test theory (micro-experiments) ● Deploy fix and validate MICRO (live debugging) ● Instrumentation ● Attach profilers ● Take heapdumps ● Trace-level logs, tcpdump, etc. Troubleshooting: macro vs micro Generally more effective Sometimes warranted, but invasive and tedious
  50. 50. How to fix high local times ● Optimize the request’s handling. For e.g.,: ○ cached topic metadata as opposed to ZooKeeper reads (see KAFKA-901) ○ and KAFKA-1356 ● Make it asynchronous ○ E.g., we will do this for StopReplica in KAFKA-1911 ● Put it in a purgatory (usually if response depends on some condition); but be aware of the caveats: ○ Higher memory pressure if request purgatory size grows ○ Expired requests are handled in purgatory expiration thread (which is good) ○ but satisfied requests are handled in API thread of satisfying request ⇒ if a request satisfies several delayed requests then local time can increase for the satisfying request
  51. 51. as for rogue clients… 2015/10/10 03:20:08.393 [] [] [] [logger] Completed request:Name: FetchRequest; Version: 0; CorrelationId: 0; ClientId: 2c27cc8b_ccb7_42ae_98b6_51ea4b4dccf2; ReplicaId: -1; MaxWait: 0 ms; MinBytes: 0 bytes from connection <clientIP>:<brokerPort>-<localAddr>;totalTime:6589, requestQueueTime:6589,localTime:0,remoteTime:0,responseQueueTime:0,sendTime:0, securityProtocol:PLAINTEXT,principal:ANONYMOUS “Get apps to use wrapper libraries that implement good client behavior, shield from API changes and so on…
  52. 52. not done yet! this lesson needs repeating...
  53. 53. After deploying the metrics fix to some clusters…
  54. 54. After deploying the metrics fix to some clusters… Deployment Persistent URP
  55. 55. After deploying the metrics fix to some clusters… Applications also begin to report higher than usual consumer lag
  56. 56. Root cause: zero-copy broke for plaintext Upgraded cluster Rolled back With fix (KAFKA-2517)
  57. 57. The lesson...
  58. 58. ● Request queue size ● Response queue sizes ● Request latencies: ○ Total time ○ Local time ○ Response send time ○ Remote time ● Request handler pool idle ratio Monitor these closely!
  59. 59. Continuous validation on trunk
  60. 60. Any other high latency requests? Image courtesy of ©Nevit Dilmen
  61. 61. Local times ConsumerMetadata OffsetFetch ControlledShutdown Offsets (by time) Fetch Produce LeaderAndIsr StopReplica (for delete=true) TopicMetadata UpdateMetadata OffsetCommit These are (typically 1:N) broker-to-broker requests
  62. 62. API layerNetwork layer Broker-to-broker request latencies - less critical Processor Response queue API handler Purgatory Acceptor Read bit off so ties up at most one API handler Request queue
  63. 63. API layerNetwork layer Broker-to-broker request latencies - less critical Processor Response queue API handler Purgatory Acceptor Request queueBut if requesting broker times out and retries…
  64. 64. API layerNetwork layer Broker-to-broker request latencies - less critical Processor Response queue API handler Purgatory Acceptor Request queueBut if requesting broker times out and retries… Processor Response queue API handler
  65. 65. API layerNetwork layer Broker-to-broker request latencies - less critical Processor Response queue API handler Purgatory Acceptor Request queue Processor Response queue API handler Configure socket timeouts >> MAX(latency)
  66. 66. ● Broker to controller ○ ControlledShutdown (KAFKA-1342) ● Controller to broker ○ StopReplica[delete = true] should be asynchronous (KAFKA-1911) ○ LeaderAndIsr: batch request - maybe worth optimizing or putting in a purgatory? Haven’t looked closely yet… Broker-to-broker request latency improvements
  67. 67. The end

×