• Stars
    star
    3,216
  • Rank 13,961 (Top 0.3 %)
  • Language
    Java
  • License
    Apache License 2.0
  • Created almost 7 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Overview

Java Library that implements and integrates concepts from TCP congestion control to auto-detect concurrency limits for services in order to achieve optimal throughput with optimal latency.

Background

When thinking of service availability operators traditionally think in terms of RPS (requests per second). Stress tests are normally performed to determine the RPS at which point the service tips over. RPS limits are then set somewhere below this tipping point (say 75% of this value) and enforced via a token bucket. However, in large distributed systems that auto-scale this value quickly goes out of date and the service falls over by becoming non-responsive as it is unable to gracefully shed excess load. Instead of thinking in terms of RPS, we should be thinking in terms of concurrent request where we apply queuing theory to determine the number of concurrent requests a service can handle before a queue starts to build up, latencies increase and the service eventually exhausts a hard limit such as CPU, memory, disk or network. This relationship is covered very nicely with Little's Law where Limit = Average RPS * Average Latency.

Concurrency limits are very easy to enforce but difficult to determine as they would require operators to fully understand the hardware services run on and coordinate how they scale. Instead we'd prefer to measure or estimate the concurrency limits at each point in the network. As systems scale and hit limits each node will adjust and enforce its local view of the limit. To estimate the limit we borrow from common TCP congestion control algorithms by equating a system's concurrency limit to a TCP congestion window.

Before applying the algorithm we need to set some ground rules.

  • We accept that every system has an inherent concurrency limit that is determined by a hard resources, such as number of CPU cores.
  • We accept that this limit can change as a system auto-scales.
  • For large and complex distributed systems it's impossible to know all the hard resources.
  • We can use latency measurements to determine when queuing happens.
  • We can use timeouts and rejected requests to aggressively back off.

Limit algorithms

Vegas

Delay based algorithm where the bottleneck queue is estimated as

L * (1 - minRTT/sampleRtt)

At the end of each sampling window the limit is increased by 1 if the queue is less than alpha (typically a value between 2-3) or decreased by 1 if the queue is greater than beta (typically a value between 4-6 requests)

Gradient2

This algorithm attempts to address bias and drift when using minimum latency measurements. To do this the algorithm tracks uses the measure of divergence between two exponential averages over a long and short time time window. Using averages the algorithm can smooth out the impact of outliers for bursty traffic. Divergence duration is used as a proxy to identify a queueing trend at which point the algorithm aggresively reduces the limit.

Enforcement Strategies

Simple

In the simplest use case we don't want to differentiate between requests and so enforce a single gauge of the number of inflight requests. Requests are rejected immediately once the gauge value equals the limit.

Percentage

For more complex systems it's desirable to provide certain quality of service guarantees while still making efficient use of resources. Here we guarantee specific types of requests get a certain percentage of the concurrency limit. For example, a system that takes both live and batch traffic may want to give live traffic 100% of the limit during heavy load and is OK with starving batch traffic. Or, a system may want to guarantee that 50% of the limit is given to write traffic so writes are never starved.

Integrations

GRPC

A concurrency limiter may be installed either on the server or client. The choice of limiter depends on your use case. For the most part it is recommended to use a dynamic delay based limiter such as the VegasLimit on the server and either a pure loss based (AIMDLimit) or combined loss and delay based limiter on the client.

Server limiter

The purpose of the server limiter is to protect the server from either increased client traffic (batch apps or retry storms) or latency spikes from a dependent service. With the limiter installed the server can ensure that latencies remain low by rejecting excess traffic with Status.UNAVAILABLE errors.

In this example a GRPC server is configured with a single adaptive limiter that is shared among batch and live traffic with live traffic guaranteed 90% of throughput and 10% guaranteed to batch. For simplicity we just expect the client to send a "group" header identifying it as 'live' or 'batch'. Ideally this should be done using TLS certificates and a server side lookup of identity to grouping. Any requests not identified as either live or batch may only use excess capacity.

// Create and configure a server builder
ServerBuilder builder = ...;

builder.addService(ServerInterceptor.intercept(service,
    ConcurrencyLimitServerInterceptor.newBuilder(
        new GrpcServerLimiterBuilder()
            .partitionByHeader(GROUP_HEADER)
            .partition("live", 0.9)
            .partition("batch", 0.1)
            .limit(WindowedLimit.newBuilder()
                    .build(Gradient2Limit.newBuilder()
                            .build()))
            .build();

    ));

Client limiter

There are two main use cases for client side limiters. A client side limiter can protect the client service from its dependent services by failing fast and serving a degraded experience to its client instead of having its latency go up and its resources eventually exhausted. For batch applications that call other services a client side limiter acts as a backpressure mechanism ensuring that the batch application does not put unnecessary load on dependent services.

In this example a GRPC client will use a blocking version of the VegasLimit to block the caller when the limit has been reached.

// Create and configure a channel builder
ChannelBuilder builder = ...;

// Add the concurrency limit interceptor
builder.intercept(
    new ConcurrencyLimitClientInterceptor(
        new GrpcClientLimiterBuilder()
            .blockOnLimit(true)
            .build()
        )
    );

Servlet Filter

The purpose of the servlet filter limiter is to protect the servlet from either increased client traffic (batch apps or retry storms) or latency spikes from a dependent service. With the limiter installed the server can ensure that latencies remain low by rejecting excess traffic with HTTP 429 Too Many Requests errors.

In this example a servlet is configured with a single adaptive limiter that is shared among batch and live traffic with live traffic guaranteed 90% of throughput and 10% guaranteed to batch. The limiter is given a lookup function that translates the request's Principal to one of the two groups (live vs batch).

Map<String, String> principalToGroup = ...;
Filter filter = new ConcurrencyLimitServletFilter(new ServletLimiterBuilder()
    .partitionByUserPrincipal(principal -> principalToGroup.get(principal.getName())
    .partition("live", 0.9)
    .partition("batch", 0.1))
    .build());

Executor

The BlockingAdaptiveExecutor adapts the size of an internal thread pool to match the concurrency limit based on measured latencies of Runnable commands and will block when the limit has been reached.

public void drainQueue(Queue<Runnable> tasks) {
    Executor executor = new BlockingAdaptiveExecutor(
        SimpleLimiter.newBuilder()
            .build());
    
    while (true) {
        executor.execute(tasks.take());
    }
}

More Repositories

1

Hystrix

Hystrix is a latency and fault tolerance library designed to isolate points of access to remote systems, services and 3rd party libraries, stop cascading failure and enable resilience in complex distributed systems where failure is inevitable.
Java
23,594
star
2

chaosmonkey

Chaos Monkey is a resiliency tool that helps applications tolerate random instance failures.
Go
14,410
star
3

zuul

Zuul is a gateway service that provides dynamic routing, monitoring, resiliency, security, and more.
Java
12,993
star
4

conductor

Conductor is a microservices orchestration engine.
Java
12,842
star
5

eureka

AWS Service registry for resilient mid-tier load balancing and failover.
Java
11,991
star
6

falcor

A JavaScript library for efficient data fetching
JavaScript
10,338
star
7

pollyjs

Record, Replay, and Stub HTTP Interactions.
JavaScript
10,184
star
8

metaflow

πŸš€ Build and manage real-life ML, AI, and data science projects with ease!
Python
8,012
star
9

SimianArmy

Tools for keeping your cloud operating in top form. Chaos Monkey is a resiliency tool that helps applications tolerate random instance failures.
Java
7,955
star
10

fast_jsonapi

No Longer Maintained - A lightning fast JSON:API serializer for Ruby Objects.
Ruby
5,078
star
11

vmaf

Perceptual video quality assessment based on multi-method fusion.
Python
4,563
star
12

dispatch

All of the ad-hoc things you're doing to manage incidents today, done for you, and much more!
Python
4,548
star
13

ribbon

Ribbon is a Inter Process Communication (remote procedure calls) library with built in software load balancers. The primary usage model involves REST calls with various serialization scheme support.
Java
4,468
star
14

security_monkey

Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
Python
4,347
star
15

dynomite

A generic dynamo implementation for different k-v storage engines
C
4,104
star
16

vizceral

WebGL visualization for displaying animated traffic graphs
JavaScript
4,047
star
17

vector

Vector is an on-host performance monitoring framework which exposes hand picked high resolution metrics to every engineer’s browser.
JavaScript
3,588
star
18

atlas

In-memory dimensional time series database.
Scala
3,331
star
19

consoleme

A Central Control Plane for AWS Permissions and Access
Python
3,114
star
20

dgs-framework

GraphQL for Java with Spring Boot made easy.
Kotlin
3,044
star
21

flamescope

FlameScope is a visualization tool for exploring different time ranges as Flame Graphs.
Python
2,979
star
22

bless

Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function
Python
2,722
star
23

archaius

Library for configuration management API
Java
2,435
star
24

asgard

[Asgard is deprecated at Netflix. We use Spinnaker ( www.spinnaker.io ).] Web interface for application deployments and cloud management in Amazon Web Services (AWS). Binary download: http://github.com/Netflix/asgard/releases
Groovy
2,235
star
25

curator

ZooKeeper client wrapper and rich ZooKeeper framework
Java
2,138
star
26

EVCache

A distributed in-memory data store for the cloud
Java
2,001
star
27

titus

1,995
star
28

lemur

Repository for the Lemur Certificate Manager
Python
1,651
star
29

bpftop

bpftop provides a dynamic real-time view of running eBPF programs. It displays the average runtime, events per second, and estimated total CPU % for each program.
Rust
1,647
star
30

genie

Distributed Big Data Orchestration Service
Java
1,635
star
31

metacat

Java
1,555
star
32

netflix.github.com

HTML
1,419
star
33

servo

Netflix Application Monitoring Library
Java
1,408
star
34

mantis

A platform that makes it easy for developers to build realtime, cost-effective, operations-focused applications
Java
1,406
star
35

vectorflow

D
1,287
star
36

hubcommander

A Slack bot for GitHub organization management -- and other things too
Python
1,262
star
37

rend

A memcached proxy that manages data chunking and L1 / L2 caches
Go
1,174
star
38

hollow

Hollow is a java library and toolset for disseminating in-memory datasets from a single producer to many consumers for high performance read-only access.
Java
1,148
star
39

repokid

AWS Least Privilege for Distributed, High-Velocity Deployment
Python
1,104
star
40

astyanax

Cassandra Java Client
Java
1,034
star
41

Priam

Co-Process for backup/recovery, Token Management, and Centralized Configuration management for Cassandra.
Java
1,024
star
42

aminator

A tool for creating EBS AMIs. This tool currently works for CentOS/RedHat Linux images and is intended to run on an EC2 instance.
Python
938
star
43

Turbine

SSE Stream Aggregator
Java
831
star
44

governator

Governator is a library of extensions and utilities that enhance Google Guice to provide: classpath scanning and automatic binding, lifecycle management, configuration to field mapping, field validation and parallelized object warmup.
Java
821
star
45

Fido

C#
816
star
46

suro

Netflix's distributed Data Pipeline
Java
783
star
47

spectator

Client library for collecting metrics.
Java
743
star
48

security-bulletins

Security Bulletins that relate to Netflix Open Source
734
star
49

Fenzo

Extensible Scheduler for Mesos Frameworks
Java
703
star
50

msl

Message Security Layer
C++
687
star
51

unleash

Professionally publish your JavaScript modules in one keystroke
JavaScript
590
star
52

denominator

Portably control DNS clouds using java or bash
Java
573
star
53

blitz4j

Logging framework for fast asynchronous logging
Java
559
star
54

edda

AWS API Read Cache
Scala
554
star
55

PigPen

Map-Reduce for Clojure
Clojure
551
star
56

netflix-graph

Compact in-memory representation of directed graph data
Java
548
star
57

go-env

a golang library to manage environment variables
Go
542
star
58

karyon

The nucleus or the base container for Applications and Services built using the NetflixOSS ecosystem
Java
495
star
59

Prana

A sidecar for your NetflixOSS based services.
Java
492
star
60

iceberg

Iceberg is a table format for large, slow-moving tabular data
Java
465
star
61

Lipstick

Pig Visualization framework
JavaScript
464
star
62

Surus

Java
453
star
63

aws-autoscaling

Tools and Documentation about using Auto Scaling
Shell
429
star
64

go-expect

an expect-like golang library to automate control of terminal or console based programs.
Go
422
star
65

nf-data-explorer

The Data Explorer gives you fast, safe access to data stored in Cassandra, Dynomite, and Redis.
TypeScript
420
star
66

Workflowable

Ruby
370
star
67

osstracker

Github organization OSS metrics collector and metrics dashboard
Scala
365
star
68

vizceral-example

Example Vizceral app
JavaScript
363
star
69

ndbench

Netflix Data Store Benchmark
HTML
360
star
70

Raigad

Co-Process for backup/recovery, Auto Deployments and Centralized Configuration management for ElasticSearch
Java
346
star
71

recipes-rss

RSS Reader Recipes that uses several of the Netflix OSS components
Java
339
star
72

aegisthus

A Bulk Data Pipeline out of Cassandra
Java
323
star
73

weep

The ConsoleMe CLI utility
Go
322
star
74

metaflow-ui

🎨 UI for monitoring your Metaflow executions!
TypeScript
318
star
75

titus-control-plane

Titus is the Netflix Container Management Platform that manages containers and provides integrations to the infrastructure ecosystem.
Java
316
star
76

dyno-queues

Dyno Queues is a recipe that provides task queues utilizing Dynomite.
Java
264
star
77

image_compression_comparison

Image Compression Comparison Framework
Python
258
star
78

falcor-express-demo

Demonstration Falcor end point for a Netflix-style Application using express
HTML
246
star
79

gradle-template

Java
244
star
80

ember-nf-graph

Composable graphing component library for EmberJS.
JavaScript
241
star
81

falcor-router-demo

A demonstration of how to build a Router for a Netflix-like application
JavaScript
236
star
82

titus-executor

Titus Executor is the container runtime/executor implementation for Titus
Go
233
star
83

photon

Photon is a Java implementation of the Interoperable Master Format (IMF) standard. IMF is a SMPTE standard whose core constraints are defined in the specification st2067-2:2013
Java
233
star
84

dial-reference

C
228
star
85

s3mper

s3mper - Consistent Listing for S3
Java
218
star
86

ReactiveLab

Experiments and prototypes with reactive application design.
Java
208
star
87

inviso

JavaScript
205
star
88

NfWebCrypto

Web Cryptography API Polyfill
C++
205
star
89

staash

A language-agnostic as well as storage-agnostic web interface for storing data into persistent storage systems, the metadata layer abstracts a lot of storage details and the pattern automation APIs take care of automating common data access patterns.
Java
204
star
90

zeno

Netflix's In-Memory Data Propagation Framework
Java
200
star
91

brutal

A multi-network asynchronous chat bot framework using twisted
Python
200
star
92

vizceral-react

JavaScript
199
star
93

dispatch-docker

Shell
193
star
94

metaflow-service

πŸš€ Metadata tracking and UI service for Metaflow!
Python
187
star
95

pytheas

Web Resources and UI Framework
JavaScript
187
star
96

dyno

Java client for Dynomite
Java
184
star
97

hal-9001

Hal-9001 is a Go library that offers a number of facilities for creating a bot and its plugins.
Go
178
star
98

Nicobar

Java
171
star
99

lemur-docker

Docker files for the Lemur certificate orchestration tool
Python
170
star
100

yetch

Yet-another-fetch polyfill library. Supports AbortController/AbortSignal
JavaScript
168
star