架构设计之「服务限流」

二、服务限流应该怎么做？
对系统服务进行限流，一般有如下几个模式：

1. 熔断：
   这个模式是需要系统在设计之初，就要把熔断措施考虑进去。当系统出现问题时，如果短时间内无法修复，系统要自动做出判断，开启熔断开关，拒绝流量访问，避免大流量对后端的过载请求。系统也应该能够动态监测后端程序的修复情况，当程序已恢复稳定时，可以关闭熔断开关，恢复正常服务。
2. 服务降级：
   将系统的所有功能服务进行一个分级，当系统出现问题，需要紧急限流时，可将不是那么重要的功能进行降级处理，停止服务，这样可以释放出更多的资源供给核心功能的去用。
   例如在电商平台中，如果突发流量激增，可临时将商品评论、积分等非核心功能进行降级，停止这些服务，释放出机器和CPU等资源来保障用户正常下单，而这些降级的功能服务可以等整个系统恢复正常后，再来启动，进行补单/补偿处理。
   除了功能降级以外，还可以采用不直接操作数据库，而全部读缓存、写缓存的方式作为临时降级方案。
3. 延迟处理：
   这个模式需要在系统的前端设置一个流量缓冲池，将所有的请求全部缓冲进这个池子，不立即处理。然后后端真正的业务处理程序从这个池子中取出请求依次处理，常见的可以用队列模式来实现。这就相当于用异步的方式去减少了后端的处理压力，但是当流量较大时，后端的处理能力有限，缓冲池里的请求可能处理不及时，会有一定程度延迟。
4. 特权处理：
   这个模式需要将用户进行分类，通过预设的分类，让系统优先处理需要高保障的用户群体，其它用户群的请求就会延迟处理或者直接不处理。

那在实际项目中，对访问流量的限制，可采用如下几种技术方法：

Streams, messages, and frames

https://developers.google.com/web/fundamentals/performance/http2

The introduction of the new binary framing mechanism changes how the data is exchanged between the client and server. To describe this process, let’s familiarize ourselves with the HTTP/2 terminology:

• Stream: A bidirectional flow of bytes within an established connection, which may carry one or more messages.
• Message: A complete sequence of frames that map to a logical request or response message.
• Frame: The smallest unit of communication in HTTP/2, each containing a frame header, which at a minimum identifies the stream to which the frame belongs.

The relation of these terms can be summarized as follows:

curl http2

https://http2-explained.haxx.se/en/part11

11.1. HTTP 1.x look-alike

Internally, curl will convert incoming http2 headers to HTTP 1.x style headers and provide them to the user, so that they will appear very similar to existing HTTP. This allows for an easier transition for whatever is using curl and HTTP today. Similarly curl will convert outgoing headers in the same style. Give them to curl in HTTP 1.x style and it will convert them on the fly when talking to http2 servers. This also allows users to not have to bother or care very much with which particular HTTP version that is actually used on the wire.

https://pi3g.com/2019/01/17/envoy-as-http-2-front-proxy-enabling-http-2-for-envoy-aka-h2/

envoy as http 2 front proxy – enabling http 2 for envoy (aka h2)

By Maximilian Batz | 2019-01-17

Out of the box envoy is not configured to set up connections with clients connecting to it with the new HTTP/2.

HTTP/2 is optimized for the modern web, with binary headers, etc. – higher speed.

Since envoy is capable of speaking HTTP/2 to clients, it is a no-brainer to set it up.

Header case

https://datatracker.ietf.org/doc/html/rfc7540#section-8.1.2

8.1.2. HTTP Header Fields

HTTP header fields carry information as a series of key-value pairs.
For a listing of registered HTTP headers, see the “Message Header
Field” registry maintained at <https://www.iana.org/assignments/
message-headers>.

Just as in HTTP/1.x, header field names are strings of ASCII characters that are compared in a case-insensitive fashion. However, header field names MUST be converted to lowercase prior to their encoding in HTTP/2. A request or response containing uppercase header field names MUST be treated as malformed (Section 8.1.2.6](https://datatracker.ietf.org/doc/html/rfc7540#section-8.1.2.6)).

Negotiation

HTTP 1.1 plain text Upgrade header

https://http2-explained.haxx.se/en/part5#5.1.-http2-for-existing-uri-schemes

As mentioned already, the existing URI schemes cannot be modified, so http2 must use the existing ones. Since they are used for HTTP 1.x today, we obviously need a way to upgrade the protocol to http2, or otherwise ask the server to use http2 instead of older protocols.

HTTP 1.1 has a defined way to do this, namely the Upgrade: header, which allows the server to send back a response using the new protocol when getting such a request over the old protocol, at the cost of an additional round-trip.

Ubuntu 包溯源

文件来自什么样包 - finding the package a file belongs

1
2

labile@worknode1:/etc/apt/sources.list.d$ dpkg -S /usr/bin/crictl
cri-tools: /usr/bin/crictl

包来自什么源 - How do I find out which repository a package comes from

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

apt-cache policy cri-tools

cri-tools:
  Installed: 1.19.0-00
  Candidate: 1.19.0-00
  Version table:
 *** 1.19.0-00 500
        500 https://apt.kubernetes.io kubernetes-xenial/main amd64 Packages
        100 /var/lib/dpkg/status
     1.13.0-01 500
        500 https://apt.kubernetes.io kubernetes-xenial/main amd64 Packages

Ref

https://shipilev.net/jvm/anatomy-quarks/2-transparent-huge-pages/
https://kstefanj.github.io/2021/05/19/large-pages-and-java.html

https://kubernetes.io/docs/tasks/manage-hugepages/scheduling-hugepages/

Ref

https://thesaitech.wordpress.com/2018/12/28/do-huge-pages-really-lead-to-huge-performance-gains/

https://www.xtivia.com/blog/fixing-jmeter-socket-errors/

Cycles per instruction (CPI) :

As we know, all the requests are served by CPU in the form of instruction sets. A single request can translated in to 100’s of instruction sets. Cycles spent per instruction is an important parameter which helps understand where CPU is spending its clock cycles. This metrics can also be expressed in the inverse form, i.e, Instructions per Cycle (IPC).

It is important to note that CPI value signifies the efficiency of instruction processing , but not of the instructions themselves.