Design to fail

Last night I went to an SDForum talk by two eBay architects Randy Shoup and Dan Pritchett on how they built, scaled and run their operation. The talk didn't have anything substantially different from what I've heard before, but was still impressive because they were applying some of the common thinking to their operations which runs over 15000 servers any given time. [ Slides ]
Here are a few interesting phrases I took away from the talk.

  • Scale out not up: Scaling up is not only expensive, it will also become impossible beyond a certain technical limitation. Scaling out, however is cheaper and practical.

  • Design to fail: Every QA team I know, do a whole batch of tests to make sure all components work as they should. Rarely have I seen a team which also does testing to see whether the servers stay up if certain parts of the application fail.

  • If you can't split it, you can't scale it: Ebay realized early on that anything which cannot be split into smaller components can't be scaled. A good example of such operation are the "joins" on multiple tables in a database. Relying on database to do joins across a large set of tables means that you can never partition those tables into different databases. And if you can't split it, you will have t

  • Virtualize components: If they can virtualize it, and create an abstraction layer to take care of these virtual components, then rest of the application need not worry about the actual server names, database names, table names etc. The Operations team can move components around to suite scalability needs.

Comments

Ultimate Scalability 1: What is Scalability « Distributed World said…
[...] There is no silver bullet when it comes to solving problems for distributed system. Scalability is no difference. Royans suggests: If you need scalability urgently, vertical scalability or scaling up is the easiest choice. Unfortunately Vertical scaling, gets more and more expensive as you grow. On the other hand, horizontal scalability, or scaling out, doesn’t require you to buy more and more expensive servers. But it isn’t cheaper either. The application has to deal with problems such as â€Å“Split brain” and â€Å“hardware failureâ€Å“. [...]
1:33 AM
iJohn.org » What is scalability ? said…
[...]   æ¨ÂªÃ¥‘扩展ï¼Å’则不一å®Å¡Ã¨¦Ã§›¸Ã¥½“数量çš„昂è´ÂµÃ¦Å“Ã¥Å ¡Ã¥™¨Ã£€‚Ã¥› Ã¤¸ÂºÃ¥®Æ’Ã¥¯Ã¤»¥Ã©€Å¡Ã¨¿‡Ã¦™®Ã©€Å¡Ã§Å¡„机器å’Å’Ã¥­˜Ã¥‚¨Ã§¡¬Ã¤»¶Ã¤»¥Ã¨¾¾Ã¥Ë†°Ã¨§„模æ•Ë†Ã¥Âº”来解决问题ï¼Å’像早期的Yahoo!ï¼Å’Google都是这样。æ¨ÂªÃ¥‘扩展不ä»…仅是便å®Å“ï¼Å’Ã¥®Æ’是把应用程序æž„Ã¥»ÂºÃ¥Å“¨Ã¥¤Å¡Ã¤¸ÂªÃ¦Å“Ã¥Å ¡Ã¥™¨Ã§»„成çš„一ä¸ÂªÃ¥¤§serverçš„基础ä¸Å Ã¯¼Å’这æ ·Ã¥°±Ã¤¼Å¡Ã©Å¡Ã¤¹‹Ã¦Å“‰Ã¤¸¤Ã¤¸ÂªÃ¥¸¸Ã¨§Ã§Å¡„问题ï¼Å¡ â€Å“Split brainâ€Å“(功能ï¼Å’数据分割) Ã¥’Å’ â€Å“hardware failureâ€Å“(硬件æ•…éšœï¼Å’毕ç«Å¸Ã¦Å“ºå™¨Ã¥¤ÂªÃ¥¤Å¡Ã¤Âº†)。 [...]
5:24 PM
Post a Comment

Popular posts from this blog

Chrome Frame - How to add command line parameters

Image
Chrome frame intentionally does stuff without getting in the way of the user. This sometimes makes things harder to debug. For example how can one debug an issue if chrome frame doesn't even launch ? Apparently there is a flag for that. But you have to know how to enable it. Here are the steps. Make sure chrome frame is installed. We can enable startup flags for dumping debug logs using a policy called AdditionalLaunchParameters If this is just for one desktop, I recommend doing a registry edit (it can be pushed via GPO as well) Add a REG_SZ property " AdditionalLaunchParameters " to " SoftwarePoliciesGoogleChromeAdditionalLaunchParameters " with the value "--enable-logging --v=1" (also documented here  and mentioned here )  [ Attachment 1 ] Next kill the IE browser and make sure chrome is also dead by checking taskmgr Restart IE and go to " gcf:about:version " and confirm that the parameters you added show up next to "Command Line:"
Read more

Creating your first chrome app on a Chromebook

Image
Doing development on Chromebook usually means developing online. There are a lot of sites around for that. But with the APIs getting more mature, its just a matter of time before someone builds a kick-ass IDE which runs natively on Chromebooks without network connectivity. One such tool which I've been exploring for a last few weeks is from Google and called " Chrome Dev Editor " If you have never built and run a chrome app or extension, I'll show you how to do this in 3 easy steps.     Step 1 Launch the app and click on the "+" button to add a new project. Pick a project name and select "JavaScript Chrome App" in the drop down menu.       Step 2 Notice how it automatically adds the minimum code required for it to run. This will be the template you are going to work with. You are almost done, but lets review the files in there to understand why they are there.   manifest.json - This is the most important file. Modify the app name, version number
Read more

Brewers CAP Theorem on distributed systems

Image
Large distributed systems run into a problem which smaller systems don’t usually have to worry about. â€Å“ Brewers CAP Theorem ” [ Ref 1 ] [ Ref 2 ] [ Ref 3 ]  defines this problem in a very simple way. It states, that though its desirable to have Consistency, High-Availability and Partition-tolerance in every system, unfortunately no system can achieve all three at the same time . C onsistent : A fully Consistent system is one where the system can guarantee that once you store a state (lets say â€Å“x=y”) in the system, it will report the same state in every subsequent operation until the state is explicitly changed by something outside the system. [ Example 1 ] A single MySQL database instance is automatically fully consistent since there is only one node keeping the state. [ Example 2 ] If two MySQL servers are involved, and if the system is designed in such a way that all keys starting â€Å“a” to â€Å“m” is kept on server 1, and keys â€Å“n” to â€Å“z” are kept on server
Read more