Billy Yuen, profile picture
Uploaded byBilly Yuen
595 views

Velocity 2016 - Operational Excellence with Hystrix

The document discusses operational excellence with Hystrix, a library for handling failures in distributed systems. It provides an overview of Hystrix and how Intuit's QuickBooks Online (QBO) team used it to address challenges from microservices and dependencies. The summary discusses how Hystrix implements automatic fail fast and fallback capabilities, and how the QBO team applied Hystrix, implemented monitoring, and used the data for troubleshooting.

Embed presentation

Downloaded 19 times
Operational Excellence with Hystrix Lesson Learned from QuickBooks Online (QBO) Billy Yuen Principal Engineer, Intuit
Intuit Mission: To improve our customers’ financial lives so profoundly… they can’t imagine going back to the old way CONSUMERS SMALL BUSINESSES ACCOUNTING PROFESSIONALS
A Premiere Innovative Growth Company Employees 8,000+ Customers 45M Global Offices US, UK, India, Canada, Australia Revenue 4.2B Founded 1983 Public 1993 INTU
What is resiliency?
Resiliency: Act tough to your enemy even if you are hurting NORMAL CUSTOMER
And fix the problem quickly before your customers notice!
Why is resiliency hard to achieve? § Micro-services allow teams to move and innovate faster. § But failure now will also be distributed! § New Architecture == New Set of Problems
Even Google has faced this issue! § On May 3, 2013 “From 6:26 PM to 7:58 PM PT, requests to most Google APIs resulted in 500 error response messages.” § “The combination of the bug and configuration error quickly caused all of the serving threads to be consumed. Traffic was permanently queued waiting for a serving thread to become available.” § http://googledevelopers.blogspot.com/2013/05/google-api-infrastructure-outage_3.html
Challenges we face § Cascade failures from dependent systems. § Very few instrumentation and monitoring for the dependent services. § Decomposition from Monolith to micro-services. - Design consideration for auto recovery from latency and dependency failure. - Testing for latency and dependency failure. § Impossible to achieve 99.9% uptime - If there are N dependencies and each has 99.9% uptime, best uptime would be 99.9% ^ N (99.9% ^ 10 = 99%). - If dependency is down for X minutes, our recovery time will be X + Y minutes (detection and server restart).
How does Hystrix help? § Also known as “Circuit Breaker” - Automatic Fail Fast - Automatic Fail Over (fallback) - Protocol Agnostics § Created by an engineer to make his life better during production support! § Defend against your dependencies (Trust but verify)! § Battle tested with billions of request per days. § Metrics Generation
Hystrix at work (fail fast) Health Check
Overcome Organization Challenge – feature, feature, feature… § Growing Pain and Opportunity – QBO experienced big growth and uptime became a bigger issue. - Dependency network issue making QBO unresponsive. - Cascade failure from Disk Failure in one component causing QBO clusters unresponsive. § Action over Plan – Implemented Hystrix and monitoring in Payment API to demonstrate the vision.
Our Journey to implement Hystrix § Apply Hystrix to legacy code § Prevent Drift Detection § Failure Testing § Real time monitoring § Production troubleshooting with historical data § Production support process
Apply Hystrix to existing applications § Challenges - We don’t know all the network calls. Many calls are also buried in client libraries. - New Relics can provide the URL for the remote service, but not the stack trace. § Solution - Hystrix Network Audit Agent - Java Agent to detect any “naked” network call. - Work for both socket and NIO calls. - https://github.com/Netflix/Hystrix/tree/master/hystrix-contrib/hystrix-network-auditor-agent
Learning from applying Hystrix Agent in QBO § Remove Network calls to system that are no longer use. - Analogous to “Reduce Attack surface” in security. - Remove unnecessary network calls to “Reduce Dependency Vulnerability”. § Remove Heart Beat to dependent systems. § Remove Custom fallback logic.
Prevent Drift detection § Integrated Hystrix audit agent with regression build. § Report all unprotected calls in self-service dashboard.
Failure testing § Mindset changes - Developer - Coding for resiliency - Quality - Testing for dependency failure § Failure testing tools - Hystrix’s ForceCircuitOpen property - Unit Test and Integration with Wiremock - Http only - Custom Proxy (Man in the middle) - Any protocol
Real time monitoring - architecture § Instance - publish Hystrix Metrics stream (provided by Hystrix). § Turbine – aggregate all streams in one cluster.
Real time monitoring - dashboard § Hystrix Dashboard - Rolling window of last ten seconds of dependency health § https://github.com/Netflix/Hystrix/tree/master/hystrix-dashboard
Real time monitoring - metrics § Circuit Breaker Status § Success, Failure and Timeout Count § Response time § Fallback status § Thread pool status § https://github.com/Netflix/Hystrix/wiki/Metrics-and-Monitoring
Production troubleshooting with historical data § Netflix Atlas - https://github.com/Netflix/atlas/wiki/Overview § Intuit – export the Hystrix Metrics to Splunk - Pinpoint production issue root cause. - Measurement for actual latency (Network + Service). - Troubleshoot random “blip”. What is “blip”?
Splunk Hystrix Dashboard § Aggregate data by any timeframe § Drill down to specific Hystrix command for detail.
Production support process § Configure Alerts around critical Hystrix Commands in Splunk § Integrate Alerts with PagerDuty. § Use Hystrix Dashboard to review real time system health. § Use Splunk to debug production issues Alert Page Review Debug
Other Considerations § Is the call necessary? § Can you create fallback for read? § Client does not need to know it is from fallback (except fragment caching) § Can you handle offline write? § Idempotence for write (or verify before calling again) § Limit blast radius with thread pool or semaphore. § Adjust the Hystrix default parameter to your use case. § Fallback needs to be fast and highly available. § Timeout vs Failure § Not applicable to stream or batch.
Thread pool vs Semaphore § Thread pool - Guaranteed timeout by using thread interrupt. - More memory required. - Support Concurrent programming (Future is non-blocking). § Semaphore - No timeout guarantee (your code will assume the timeout responsibility). - Set Hystrix Timeout to be greater than your timeout to avoid false timeout. - Should throw HystrixTimeoutException if client code throws timeout exception. - Scale better for large pool. § HystrixObservableCommand (NIO) can scale even better in some cases. § https://github.com/billyy/Hystrix-Tutorial
E2E experience including UI § Focus on critical workflows! § QBO - Provide degraded experience if not available. - Payroll is down. - Invoice without attachment service. - Allow Login if subscription service is temporary not available. § Payments Service - Limit dependency calls to only applicable use case. - Cache read-only data with last known good value.
Best Practices § Don’t implement fallback if you don’t have a fallback. § Don’t call another Hystrix Command from catch. § Good and Bad use of fallback. § Throw Hystrix TimeoutException if your code is doing timeout. § Update your catch block once you have implemented Hystrix. § Avoid the use of thread local. § Retry only if necessary.
Don’t implement fallback if you don’t have a fallback
Don’t call another Hystrix Command from catch
Good use of fallback
Bad use of fallback
Throw Hystrix TimeoutException if your code is doing timeout § Hystrix will report all exceptions as failure. § Timeout will indicate a potential issue with dependency instead of coding issue. § Need to configure Hystrix timeout > your timeout.
Update your catch block once you have implemented Hystrix
Retry only if necessary § Hystrix does NOT support retry. § Retry code inside Hystrix Command will skew your metrics. § Bad things can happen - Good chance that the immediate retry could also timeout. - Overload the dependency. - Exceed your SLA. § If you have to retry, implement the retry outside of Hystrix.
Minimize the use of thread local § Not explicit to the caller. § TLS needs to be copied to the Hystrix worker thread and reset afterward (Prone for error). § Implement callable wrapper if TLS is required. § https://github.com/Netflix/Hystrix/issues/92
Important differences in Hystrix version § 1.2.x - Initial public release. § 1.3.x - Add support for RxJava. - Semaphore based execution cannot be interrupted but would throw exception if SLA is exceeded (even if the call is successful!). § 1.4.x - Rewritten based on RxJava. - Semaphore based execution can be interrupted by a separate background thread. - HystrixTimeoutException is public (1.4.18+). § 1.5.x – Re-architecture of the Metrics to support metric streaming (non-aggregate).
Different ways to implement Hystrix § Client library - Hystrix jar - http://www.slideshare.net/MattJacobs11/using-hystrix-to-build-resilient-distributed-systems- 58836753 § Existing application – Javanica - https://github.com/Netflix/Hystrix/tree/master/hystrix-contrib/hystrix-javanica § New application - Spring Cloud - http://cloud.spring.io/spring-cloud-netflix/spring-cloud-netflix.html
Thanks! billy_yuen@intuit.com

More Related Content

PDF
Hands on: Hystrix
byChristina Rasimus
 
PDF
Circuit breakers - Using Spring-Boot + Hystrix + Dashboard + Retry
byBruno Henrique Rother
 
PDF
Us 17-krug-hacking-severless-runtimes
byRavishankar Somasundaram
 
PDF
Lessons learned from writing over 300,000 lines of infrastructure code
byYevgeniy Brikman
 
PDF
ruxc0n 2012
bymimeframe
 
PDF
Resilience with Hystrix
byUwe Friedrichsen
 
PPTX
Javaone 2016 - Operational Excellence with Hystrix
byBilly Yuen
 
PDF
Hystrix 介绍
bydennis zhuang
 
Hands on: Hystrix
byChristina Rasimus
 
Circuit breakers - Using Spring-Boot + Hystrix + Dashboard + Retry
byBruno Henrique Rother
 
Us 17-krug-hacking-severless-runtimes
byRavishankar Somasundaram
 
Lessons learned from writing over 300,000 lines of infrastructure code
byYevgeniy Brikman
 
ruxc0n 2012
bymimeframe
 
Resilience with Hystrix
byUwe Friedrichsen
 
Javaone 2016 - Operational Excellence with Hystrix
byBilly Yuen
 
Hystrix 介绍
bydennis zhuang
 

What's hot

PPTX
Reactive Extensions .NET
byGeorge Taskos
 
PDF
Securing Cassandra The Right Way
byDataStax Academy
 
PDF
Introduction to tempest
byopenstackindia
 
PDF
Cassandra and security
byBen Bromhead
 
PDF
Dynamic Database Credentials: Security Contingency Planning
bySean Chittenden
 
PDF
Hardening cassandra for compliance or paranoia
byzznate
 
PDF
Security Checkpoints in Agile SDLC
byRahul Raghavan
 
PDF
Compliance as Code with terraform-compliance
byEmre Erkunt
 
PDF
Voxxed Vienna 2015 Fault tolerant microservices
byChristopher Batey
 
PDF
WWCode Dallas - Kubernetes: Learning from Zero to Production
byRosemary Wang
 
PDF
Stampede con 2014 cassandra in the real world
byzznate
 
PDF
Production Readiness Strategies in an Automated World
bySean Chittenden
 
PDF
All Things Open 2017: How to Treat a Network as a Container
byRosemary Wang
 
PDF
Hardening cassandra q2_2016
byzznate
 
PPT
Securing Network Access with Open Source solutions
byNick Owen
 
ODP
Trac Project And Process Management For Developers And Sys Admins Presentation
byguest3fc4fa
 
PDF
DevOpsDays - DevOps: Security 干我何事?
bysmalltown
 
PDF
Using Document Databases with TYPO3 Flow
byKarsten Dambekalns
 
PDF
DAST в CI/CD, Ольга Свиридова
byMail.ru Group
 
PPTX
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
byAll Things Open
 
Reactive Extensions .NET
byGeorge Taskos
 
Securing Cassandra The Right Way
byDataStax Academy
 
Introduction to tempest
byopenstackindia
 
Cassandra and security
byBen Bromhead
 
Dynamic Database Credentials: Security Contingency Planning
bySean Chittenden
 
Hardening cassandra for compliance or paranoia
byzznate
 
Security Checkpoints in Agile SDLC
byRahul Raghavan
 
Compliance as Code with terraform-compliance
byEmre Erkunt
 
Voxxed Vienna 2015 Fault tolerant microservices
byChristopher Batey
 
WWCode Dallas - Kubernetes: Learning from Zero to Production
byRosemary Wang
 
Stampede con 2014 cassandra in the real world
byzznate
 
Production Readiness Strategies in an Automated World
bySean Chittenden
 
All Things Open 2017: How to Treat a Network as a Container
byRosemary Wang
 
Hardening cassandra q2_2016
byzznate
 
Securing Network Access with Open Source solutions
byNick Owen
 
Trac Project And Process Management For Developers And Sys Admins Presentation
byguest3fc4fa
 
DevOpsDays - DevOps: Security 干我何事?
bysmalltown
 
Using Document Databases with TYPO3 Flow
byKarsten Dambekalns
 
DAST в CI/CD, Ольга Свиридова
byMail.ru Group
 
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
byAll Things Open
 

Similar to Velocity 2016 - Operational Excellence with Hystrix

PDF
Resilient service to-service calls in a post-Hystrix world
byRares Musina
 
PDF
Production-ready Software
byUwe Friedrichsen
 
PPTX
GOTO Berlin - Battle of the Circuit Breakers: Resilience4J vs Istio
byNicolas Fränkel
 
PPTX
Resilience engineering
bySumanth Chinthagunta
 
PPTX
OSAD - Battle of the Circuit Breakers
byNicolas Fränkel
 
PPTX
Introduction To Hystrix
byKnoldus Inc.
 
PPTX
Application Resilience Patterns
byKiran Sama
 
PPTX
GHC16_BuildingResiliencyInMulti-tierSystems
byShreya Mukhopadhyay
 
PPTX
Microservice monitoring
byMarek Koniew
 
PPTX
How we sleep well at night using Hystrix at Finn.no
byHenning Spjelkavik
 
PPTX
Using Hystrix to Build Resilient Distributed Systems
byMatt Jacobs
 
PPTX
JFuture - Battle of the circuit breakers
byNicolas Fränkel
 
PPTX
Kubernetes Online Meetup - Battle of the Circuit Breakers
byNicolas Fränkel
 
PPTX
Prepare for failure (fail fast, isolate, shed load)
byRob Hruska
 
PDF
Fault tolerant microservices - LJC Skills Matter 4thNov2014
byChristopher Batey
 
PDF
Resilient Applications with Circuit Breakers
byJosué Neis
 
PDF
Why resilience - A primer at varying flight altitudes
byUwe Friedrichsen
 
PPTX
Application resiliency using netflix hystrix
bySenthilkumar Gopal
 
PDF
Resilience mit Hystrix
byJava Usergroup Berlin-Brandenburg
 
PDF
Circuit breaker
bybricemciver
 
Resilient service to-service calls in a post-Hystrix world
byRares Musina
 
Production-ready Software
byUwe Friedrichsen
 
GOTO Berlin - Battle of the Circuit Breakers: Resilience4J vs Istio
byNicolas Fränkel
 
Resilience engineering
bySumanth Chinthagunta
 
OSAD - Battle of the Circuit Breakers
byNicolas Fränkel
 
Introduction To Hystrix
byKnoldus Inc.
 
Application Resilience Patterns
byKiran Sama
 
GHC16_BuildingResiliencyInMulti-tierSystems
byShreya Mukhopadhyay
 
Microservice monitoring
byMarek Koniew
 
How we sleep well at night using Hystrix at Finn.no
byHenning Spjelkavik
 
Using Hystrix to Build Resilient Distributed Systems
byMatt Jacobs
 
JFuture - Battle of the circuit breakers
byNicolas Fränkel
 
Kubernetes Online Meetup - Battle of the Circuit Breakers
byNicolas Fränkel
 
Prepare for failure (fail fast, isolate, shed load)
byRob Hruska
 
Fault tolerant microservices - LJC Skills Matter 4thNov2014
byChristopher Batey
 
Resilient Applications with Circuit Breakers
byJosué Neis
 
Why resilience - A primer at varying flight altitudes
byUwe Friedrichsen
 
Application resiliency using netflix hystrix
bySenthilkumar Gopal
 
Resilience mit Hystrix
byJava Usergroup Berlin-Brandenburg
 
Circuit breaker
bybricemciver
 

Recently uploaded

PPTX
Optimizing Operations: Key Elements of a Successful Plant Maintenance Plan — ...
byMaintWiz Technologies Private Limited
 
PPTX
Takt Time vs Cycle Time vs Lead Time.pptx
byE Concepts
 
PPTX
Optimizing Plant Maintenance — Key Elements of a Successful Maintenance Plan ...
byMaintWiz Technologies Private Limited
 
PPTX
Cloud vs On-Premises CMMS — Which Maintenance Platform Is Better for Your Plant?
byMaintWiz Technologies Private Limited
 
PPTX
Track & Monitor Preventive Maintenance — Best Practices with MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
PDF
Presentation-on-Energy-Transition-in-Bangladesh-Employment-and-Skills.pdf
bysyedSajib8
 
PPTX
How to Implement Kaizen in Your Organization for Continuous Improvement Success
byMaintWiz Technologies Private Limited
 
PPTX
UnrealGameplayAbilitySystemPresentation.pptx
byBenHowenstein
 
PPTX
Assessment 4 SRS Presentation - Final (2).pptx
byayush445302
 
PPT
Software Engineering Unit-1 presentation for students
bykumari157687
 
PPTX
Power point presentation on introduction of software engineering
bys6050748
 
PDF
IPEC Presentation - Partial discharge Pro .pdf
bywaely1983
 
PDF
Handheld_Laser_Welding_Presentation 2.pdf
bysinezioveluz
 
PDF
Hybrid Anomaly Detection Mechanism for IOT Networks
byIJCNCJournal
 
PPT
63490613-Boiler-Tube-Leakage-analysis-symptoms-causes.ppt
byallahdittashafi
 
PPTX
Natural Gas fundamentals and GRU for associated gas trap.pptx
byengineerhassan
 
PDF
Advanced Intrusion Detection and Classification using Transfer Learning with ...
byIJCNCJournal
 
PPTX
22304_BCO_CO3_LO4_PPT MSBTE Building construction.pptx
byPrasadBahekar4
 
PDF
Narrows Planning Collective Transportation Capstone.pdf
bycj2392
 
PDF
AI-Driven CTI for Business: Emerging Threats, Attack Strategies, and Defensiv...
byAIRCC Publishing Corporation
 
Optimizing Operations: Key Elements of a Successful Plant Maintenance Plan — ...
byMaintWiz Technologies Private Limited
 
Takt Time vs Cycle Time vs Lead Time.pptx
byE Concepts
 
Optimizing Plant Maintenance — Key Elements of a Successful Maintenance Plan ...
byMaintWiz Technologies Private Limited
 
Cloud vs On-Premises CMMS — Which Maintenance Platform Is Better for Your Plant?
byMaintWiz Technologies Private Limited
 
Track & Monitor Preventive Maintenance — Best Practices with MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
Presentation-on-Energy-Transition-in-Bangladesh-Employment-and-Skills.pdf
bysyedSajib8
 
How to Implement Kaizen in Your Organization for Continuous Improvement Success
byMaintWiz Technologies Private Limited
 
UnrealGameplayAbilitySystemPresentation.pptx
byBenHowenstein
 
Assessment 4 SRS Presentation - Final (2).pptx
byayush445302
 
Software Engineering Unit-1 presentation for students
bykumari157687
 
Power point presentation on introduction of software engineering
bys6050748
 
IPEC Presentation - Partial discharge Pro .pdf
bywaely1983
 
Handheld_Laser_Welding_Presentation 2.pdf
bysinezioveluz
 
Hybrid Anomaly Detection Mechanism for IOT Networks
byIJCNCJournal
 
63490613-Boiler-Tube-Leakage-analysis-symptoms-causes.ppt
byallahdittashafi
 
Natural Gas fundamentals and GRU for associated gas trap.pptx
byengineerhassan
 
Advanced Intrusion Detection and Classification using Transfer Learning with ...
byIJCNCJournal
 
22304_BCO_CO3_LO4_PPT MSBTE Building construction.pptx
byPrasadBahekar4
 
Narrows Planning Collective Transportation Capstone.pdf
bycj2392
 
AI-Driven CTI for Business: Emerging Threats, Attack Strategies, and Defensiv...
byAIRCC Publishing Corporation
 

Velocity 2016 - Operational Excellence with Hystrix

  • 1.
    Operational Excellence with Hystrix LessonLearned from QuickBooks Online (QBO) Billy Yuen Principal Engineer, Intuit
  • 2.
    Intuit Mission: To improveour customers’ financial lives so profoundly… they can’t imagine going back to the old way CONSUMERS SMALL BUSINESSES ACCOUNTING PROFESSIONALS
  • 3.
    A Premiere InnovativeGrowth Company Employees 8,000+ Customers 45M Global Offices US, UK, India, Canada, Australia Revenue 4.2B Founded 1983 Public 1993 INTU
  • 4.
  • 5.
    Resiliency: Act toughto your enemy even if you are hurting NORMAL CUSTOMER
  • 6.
    And fix theproblem quickly before your customers notice!
  • 7.
    Why is resiliencyhard to achieve? § Micro-services allow teams to move and innovate faster. § But failure now will also be distributed! § New Architecture == New Set of Problems
  • 8.
    Even Google hasfaced this issue! § On May 3, 2013 “From 6:26 PM to 7:58 PM PT, requests to most Google APIs resulted in 500 error response messages.” § “The combination of the bug and configuration error quickly caused all of the serving threads to be consumed. Traffic was permanently queued waiting for a serving thread to become available.” § http://googledevelopers.blogspot.com/2013/05/google-api-infrastructure-outage_3.html
  • 9.
    Challenges we face §Cascade failures from dependent systems. § Very few instrumentation and monitoring for the dependent services. § Decomposition from Monolith to micro-services. - Design consideration for auto recovery from latency and dependency failure. - Testing for latency and dependency failure. § Impossible to achieve 99.9% uptime - If there are N dependencies and each has 99.9% uptime, best uptime would be 99.9% ^ N (99.9% ^ 10 = 99%). - If dependency is down for X minutes, our recovery time will be X + Y minutes (detection and server restart).
  • 10.
    How does Hystrixhelp? § Also known as “Circuit Breaker” - Automatic Fail Fast - Automatic Fail Over (fallback) - Protocol Agnostics § Created by an engineer to make his life better during production support! § Defend against your dependencies (Trust but verify)! § Battle tested with billions of request per days. § Metrics Generation
  • 11.
    Hystrix at work(fail fast) Health Check
  • 12.
    Overcome Organization Challenge– feature, feature, feature… § Growing Pain and Opportunity – QBO experienced big growth and uptime became a bigger issue. - Dependency network issue making QBO unresponsive. - Cascade failure from Disk Failure in one component causing QBO clusters unresponsive. § Action over Plan – Implemented Hystrix and monitoring in Payment API to demonstrate the vision.
  • 13.
    Our Journey toimplement Hystrix § Apply Hystrix to legacy code § Prevent Drift Detection § Failure Testing § Real time monitoring § Production troubleshooting with historical data § Production support process
  • 14.
    Apply Hystrix toexisting applications § Challenges - We don’t know all the network calls. Many calls are also buried in client libraries. - New Relics can provide the URL for the remote service, but not the stack trace. § Solution - Hystrix Network Audit Agent - Java Agent to detect any “naked” network call. - Work for both socket and NIO calls. - https://github.com/Netflix/Hystrix/tree/master/hystrix-contrib/hystrix-network-auditor-agent
  • 15.
    Learning from applyingHystrix Agent in QBO § Remove Network calls to system that are no longer use. - Analogous to “Reduce Attack surface” in security. - Remove unnecessary network calls to “Reduce Dependency Vulnerability”. § Remove Heart Beat to dependent systems. § Remove Custom fallback logic.
  • 16.
    Prevent Drift detection §Integrated Hystrix audit agent with regression build. § Report all unprotected calls in self-service dashboard.
  • 17.
    Failure testing § Mindsetchanges - Developer - Coding for resiliency - Quality - Testing for dependency failure § Failure testing tools - Hystrix’s ForceCircuitOpen property - Unit Test and Integration with Wiremock - Http only - Custom Proxy (Man in the middle) - Any protocol
  • 18.
    Real time monitoring- architecture § Instance - publish Hystrix Metrics stream (provided by Hystrix). § Turbine – aggregate all streams in one cluster.
  • 19.
    Real time monitoring- dashboard § Hystrix Dashboard - Rolling window of last ten seconds of dependency health § https://github.com/Netflix/Hystrix/tree/master/hystrix-dashboard
  • 20.
    Real time monitoring- metrics § Circuit Breaker Status § Success, Failure and Timeout Count § Response time § Fallback status § Thread pool status § https://github.com/Netflix/Hystrix/wiki/Metrics-and-Monitoring
  • 21.
    Production troubleshooting withhistorical data § Netflix Atlas - https://github.com/Netflix/atlas/wiki/Overview § Intuit – export the Hystrix Metrics to Splunk - Pinpoint production issue root cause. - Measurement for actual latency (Network + Service). - Troubleshoot random “blip”. What is “blip”?
  • 22.
    Splunk Hystrix Dashboard §Aggregate data by any timeframe § Drill down to specific Hystrix command for detail.
  • 23.
    Production support process §Configure Alerts around critical Hystrix Commands in Splunk § Integrate Alerts with PagerDuty. § Use Hystrix Dashboard to review real time system health. § Use Splunk to debug production issues Alert Page Review Debug
  • 24.
    Other Considerations § Isthe call necessary? § Can you create fallback for read? § Client does not need to know it is from fallback (except fragment caching) § Can you handle offline write? § Idempotence for write (or verify before calling again) § Limit blast radius with thread pool or semaphore. § Adjust the Hystrix default parameter to your use case. § Fallback needs to be fast and highly available. § Timeout vs Failure § Not applicable to stream or batch.
  • 25.
    Thread pool vsSemaphore § Thread pool - Guaranteed timeout by using thread interrupt. - More memory required. - Support Concurrent programming (Future is non-blocking). § Semaphore - No timeout guarantee (your code will assume the timeout responsibility). - Set Hystrix Timeout to be greater than your timeout to avoid false timeout. - Should throw HystrixTimeoutException if client code throws timeout exception. - Scale better for large pool. § HystrixObservableCommand (NIO) can scale even better in some cases. § https://github.com/billyy/Hystrix-Tutorial
  • 26.
    E2E experience includingUI § Focus on critical workflows! § QBO - Provide degraded experience if not available. - Payroll is down. - Invoice without attachment service. - Allow Login if subscription service is temporary not available. § Payments Service - Limit dependency calls to only applicable use case. - Cache read-only data with last known good value.
  • 27.
    Best Practices § Don’timplement fallback if you don’t have a fallback. § Don’t call another Hystrix Command from catch. § Good and Bad use of fallback. § Throw Hystrix TimeoutException if your code is doing timeout. § Update your catch block once you have implemented Hystrix. § Avoid the use of thread local. § Retry only if necessary.
  • 28.
    Don’t implement fallbackif you don’t have a fallback
  • 29.
    Don’t call anotherHystrix Command from catch
  • 30.
    Good use offallback
  • 31.
    Bad use offallback
  • 32.
    Throw Hystrix TimeoutExceptionif your code is doing timeout § Hystrix will report all exceptions as failure. § Timeout will indicate a potential issue with dependency instead of coding issue. § Need to configure Hystrix timeout > your timeout.
  • 33.
    Update your catchblock once you have implemented Hystrix
  • 34.
    Retry only ifnecessary § Hystrix does NOT support retry. § Retry code inside Hystrix Command will skew your metrics. § Bad things can happen - Good chance that the immediate retry could also timeout. - Overload the dependency. - Exceed your SLA. § If you have to retry, implement the retry outside of Hystrix.
  • 35.
    Minimize the useof thread local § Not explicit to the caller. § TLS needs to be copied to the Hystrix worker thread and reset afterward (Prone for error). § Implement callable wrapper if TLS is required. § https://github.com/Netflix/Hystrix/issues/92
  • 36.
    Important differences inHystrix version § 1.2.x - Initial public release. § 1.3.x - Add support for RxJava. - Semaphore based execution cannot be interrupted but would throw exception if SLA is exceeded (even if the call is successful!). § 1.4.x - Rewritten based on RxJava. - Semaphore based execution can be interrupted by a separate background thread. - HystrixTimeoutException is public (1.4.18+). § 1.5.x – Re-architecture of the Metrics to support metric streaming (non-aggregate).
  • 37.
    Different ways toimplement Hystrix § Client library - Hystrix jar - http://www.slideshare.net/MattJacobs11/using-hystrix-to-build-resilient-distributed-systems- 58836753 § Existing application – Javanica - https://github.com/Netflix/Hystrix/tree/master/hystrix-contrib/hystrix-javanica § New application - Spring Cloud - http://cloud.spring.io/spring-cloud-netflix/spring-cloud-netflix.html
  • 38.