Anti-Fragility Requires Chaos Engineering

There are lots of buzz around microservices and everybody want do it right now. The main problem is people are not providing the right level of isolation in sense of operation system or containers, database and interface without that microservices are just webservices with REST.

When you go from 10 services to 100 you create more distribution, more distribution is more failure, for sure the network is not reliable even with a cloud provider like amazon web services. You need anti-fragility on the DevOps Era we live, why? because otherwise we just changing the names but doing the same mistakes as before. You will built and operate software automated, not only your deploy pipeline, but them that's enough? No is not at all, why not? Because your software and your infrastructure will fail, and as Vogels from AWS said, all the things fail all the time, you need be able to quickly recover, if you need that, them we need 3 basic things.

1. We need Design For failure

You cant do it later like in enterprise solutions, you need arch and code your software in a way that the failures are compartmentalized  and one failure does not affect others, otherwise you want be able to provide experience degradation. Whats Experience degradation? Lets say you have an Home back site, if your credit card system is not operating that's fine you still and operate your account and do loans and withdraw money but would be wrong if the credit card system is down and the whole bank is down? Well we design and code software like that like a huge monolith and just pray for when the failure happens it does not spread.

2. Once you design, them you need test it

That`s when Chaos Engineering enter the room, you cant make sure your design works if you don't test it, right? So there are N kinds of tests you was not doing before you need todo now. When you do TDD or agile, doing some DoD(Definition of Done) what was the DoD? Coded? PO Accepted? Deployed? That`s not enough anymore it needs to be automated and battle tested you need test failure not only the business side we are use todo with TDD.

3. You get Ops with you

Even if you do that on the Dev side, you need do on the OPS side, because failures will happen, best thing todo is be ready to handle failures and make sure you keep improving things, one great practice you can do is Incident Training, you basically get your Dev and Ops folks and go unplug some boxes so simulate failures them you can see if Ops can fix the problem, you should measure everything, time and steps. This creates a baseline for you them you can repeat this exercise time to time and your goals is to avoid that failure happen or even at least reduce the time ops have to fix the problem. This is a ongoing exercise it need to happen time to time and as much as possible.

Chaos Engineering

It`s about Design and Testing both your infrastructure and your Code. Simian Army is a great cloud-native solution for AWS created by Netflix and can help you to test your infrastructure to see if you recover and you expected, my experience is that even if you are on AWS and using NetflixOSS Stack you will need tweak things and believe me find bugs. Better figure out this early than later.

Design for Anti-Fragility

Its all about decoupling and have the ability to have Partial Failures(One failure does not affect or degrade or affect as few as possible other services) and you my friend who is doing microservices and is not thinking about this, good luck :-) You need embrace as much as possible the Share Nothing model, very strong on the functional programming and NoSQL community. Scalability is about how apps manage state, as less as you share as easy is to make things right. You dont want block as well do everything async, today there is a boom for Rx technologies, you should go that road(keep in mind error handling is painful).

Failure is a natural state, your code needs to address that explicit, there is a difference between errors and failures you need have explicit code to thread failure, the famous Fall Back mechanisms, are simple call back code that run when something fail. This ideas are embraced by Akka, NetflixOss as well.

Network Failures and Random Failures

Microservices are calling each other through the network, so you need test this explicit, there are tools like comcast, iptables, wireshare, proxy you can use to simulate all kinds of TCP chaos like tampering, drop packages, add delay, hang forever, etc... You need test this between your service calls to make sure you have designed right you services. That`s all great but this is induced failures, you are making that by design and expecting your app to recover, another cool thing todo is Random Failures, when you have some level of maturity you can have things running in production everyday and them the code wont be expecting, you also should randomized, to run in different hours with different methods and failure scenarios, Netflix does that with chaos monkey(the one who tear down instances) and for the last 2 years he is not able to create trouble in prod any more.

Distributed computing is hard, failure is hard, but we need start design and testing this from the beginning and be more proactive instead of waiting the incidents in productions to fix this kind of issues, thats a natural step toward evolution.

Cheers,
Diego Pacheco

Popular posts from this blog

Kafka Streams with Java 15

Image
Kafka Streams is a Streaming library similar to Spark and Flink which works with Apache Kafka. Kafka stream can be useful to process historical and near-real-time big data workloads but also for non-realtime analytical computations at scale for the online world as well. Kafka-Streams is elastic, highly scalable, fault-tolerant, and fully integrated with Kafka. You can use Kafka Stream with Java, Scala, Kotlin JVM applications and also have exactly-once processing semantics. Kafka-Streams is being used by the New York Times, Pinterest, Line, Trivago, Zalando, and many other companies. Today I want to share a video of Kafka-Streams running with Kafka 2.6 and Java JDK 15. So Let's get started. 
read more »

Rust and Java Interoperability

Image
Rust does not stop for one second to amaze me. It looks like Rust was designed to talk to every other language so easily. No kidding, it's clear way Web Assembly and rust have lots in common. Java is never an easy lang to interop with. Today I will show how easily we can interop Java & Rust. In order to do so, we will need to use the Java and Rust compilers. For Java, we will not require any other lib than the standard JDK. For Rust, we will need to create a lib project in cargo and we will need to use the crate JNI. I love this feature because java does not allow low-level code on the main language. So if we need to do something low level, efficiently Rust is my first choice, not only for safety reasons but because is really fast.  Let's get started.
read more »

HMAC in Java

Image
In 2018 AWS CTO(Vogels) said : "Security is everyone's job". For the last 2 years, there was so many famous and big data leaks and breaks that made that statement be very true more than ever. Security often could mean worst performance and worst user experience so in order to get it right you really need to think about the designs before jumping into to code and consider performance and user experience has main requirements.  I was thinking about writing about how to do HMAC in Java for a while and recently Redis 6.0.0 come out and to my surprise, there was a refactoring on the password part in order to use HMAC.  Security easily could scare engineers often because it is not something well spread yet but I believe this will change soon. It does not matter if you have to deal with PII Data or not, security is super relevant because everybody is running their workloads at the cloud or with IoT and Edge devices which means more distribution, more code, more points of fail
read more »