Let’s talk about Sentinel Quick Start

[[397765]]

This article is reprinted from the WeChat public account "Operation and Development Story", written by Lao Zheng. Please contact the WeChat public account "Operation and Development Story" to reprint this article.

Introduction to Sentinel

With the popularity of microservices, the stability between services is becoming more and more important. Sentinel takes traffic as the entry point and protects the stability of services from multiple dimensions such as traffic control, circuit breaking and degradation, and system load protection.

Sentinel has the following features:

• Rich application scenarios: Sentinel has taken over the core scenarios of Alibaba's Double 11 promotion traffic in the past 10 years, such as flash sales (that is, burst traffic is controlled within the range that the system capacity can bear), message peak load shifting, cluster traffic control, and real-time circuit breaking of downstream unavailable applications.
• Complete real-time monitoring: Sentinel also provides real-time monitoring. You can see the second-level data of a single machine connected to the application in the console, or even the summary operation status of a cluster of less than 500 machines.
• Extensive open source ecosystem: Sentinel provides out-of-the-box integration modules with other open source frameworks/libraries, such as Spring Cloud, Dubbo, and gRPC. You only need to introduce the corresponding dependencies and perform simple configuration to quickly access Sentinel.
• Complete SPI extension points: Sentinel provides easy-to-use and complete SPI extension interfaces. You can quickly customize the logic by implementing the extension interface, such as customizing rule management, adapting to dynamic data sources, etc.

Key features of Sentinel:

Sentinel's open source ecosystem:

Sentinel is divided into two parts:

The core library (Java client) does not depend on any framework/library and can run in all Java runtime environments. It also has good support for frameworks such as Dubbo/Spring Cloud.

The Dashboard is developed based on Spring Boot and can be run directly after packaging without the need for additional application containers such as Tomcat.

Comparison between Sentinel, Hystrix and resilience4j

Sentinel noun

resource

Resource is a key concept in Sentinel. It can be anything in a Java application, for example, a service provided by the application, or a service provided by another application called by the application, or even a piece of code. In the following documents, we will use resource to describe a code block.

As long as the code is defined through the Sentinel API, it is a resource and can be protected by Sentinel. In most cases, you can use method signatures, URLs, or even service names as resource names to identify resources.

rule

The rules set around the real-time status of resources can include flow control rules, circuit breaker and degradation rules, and system protection rules. All rules can be adjusted dynamically in real time.

Flow Control

What is flow control

Traffic control is a common concept in network transmission, which is used to adjust the sending data of network packets. However, from the perspective of system stability, there are also many considerations in the speed of processing requests. Requests arriving at any time are often random and uncontrollable, and the processing capacity of the system is limited. We need to control the traffic according to the processing capacity of the system. Sentinel, as a dispatcher, can adjust random requests into a suitable shape as needed, as shown in the following figure:

Flow Control Design Concept

There are several angles for flow control:

• Resource call relationships, such as resource call links and relationships between resources;
• Operational indicators, such as QPS, thread pool, system load, etc.;
• Control effects, such as direct current limiting, cold start, queuing, etc.

Sentinel is designed to allow you to freely choose the angle of control and flexibly combine them to achieve the desired effect.

Circuit Breaker

What is circuit breaker downgrade

In addition to flow control, one of Sentinel's missions is to promptly fuse unstable factors in the call link. Due to the complexity of the call relationship, if a resource in the call link becomes unstable, it may cause requests to pile up, leading to cascading errors.

The principles of Sentinel and Hystrix are consistent: when a resource in the call chain is detected to be unstable, such as a long request response time or a high exception ratio, the call to this resource is restricted to make the request fail quickly to avoid affecting other resources and causing cascading failures.

Circuit Breaker Design Concept

In terms of restriction methods, Sentinel and Hystrix take completely different approaches.

Hystrix isolates dependencies (corresponding to resources in Sentinel's concept) through thread pool isolation. The advantage of this is that resources are most thoroughly isolated from each other. The disadvantage is that in addition to increasing the cost of thread switching (too many thread pools lead to too many threads), it is also necessary to allocate thread pool sizes for each resource in advance.

Sentinel takes two approaches to this problem:

• Limit by number of concurrent threads

Unlike resource pool isolation, Sentinel reduces the impact of unstable resources on other resources by limiting the number of concurrent threads of resources. This not only eliminates the loss of thread switching, but also does not require you to pre-allocate the size of the thread pool. When a resource becomes unstable, such as a longer response time, the direct impact on the resource is that the number of threads will gradually accumulate. When the number of threads accumulates to a certain number on a specific resource, new requests for the resource will be rejected. The accumulated threads will continue to receive requests only after completing their tasks.

• Degrading resources by response time

In addition to controlling the number of concurrent threads, Sentinel can also quickly downgrade unstable resources by response time. When the response time of a dependent resource is too long, all access to the resource will be directly denied until the specified time window has passed.

System adaptive protection

Sentinel also provides adaptive protection capabilities at the system level. Preventing avalanches is an important part of system protection. When the system load is high, if requests continue to come in, the system may crash and become unresponsive. In a cluster environment, network load balancing will forward the traffic that should have been carried by this machine to other machines. If other machines are also in an edge state at this time, the increased traffic will cause this machine to crash as well, and eventually make the entire cluster unavailable.

To address this situation, Sentinel provides a corresponding protection mechanism to achieve a balance between the system's ingress traffic and the system's load, ensuring that the system can process the most requests within its capabilities.

Sentinel Principle

The main working mechanism of Sentinel is as follows:

• Provides adaptation or explicit APIs for mainstream frameworks to define resources that need to be protected, and provides facilities for real-time statistics and call link analysis of resources.
• According to the preset rules, combined with the real-time statistical information of resources, the traffic is controlled. At the same time, Sentinel provides an open interface to facilitate you to define and change the rules.
• Sentinel provides a real-time monitoring system, allowing you to quickly understand the current system status.

Sentinel Usage

General use

If the application uses a pom project, add the following code to the pom.xml file:

 <dependency>
  <groupId>com.alibaba.csp</groupId>
  <artifactId>sentinel-core</artifactId>
 <version>1.8.1</version>
 </dependency>

Next, we can surround the code that needs to control the flow with Sentinel API SphU.entry("HelloWorld") and entry.exit(). In the following example, we use System.out.println("hello world"); as a resource and surround it with API (embedded point). The reference code is as follows:

 while ( true ) {
 Entry entry = null ;
 try {
    entry = SphU.entry( "HelloWorld" );
 /* Your business logic - start */
    System. out .println( "hello world" );
    TimeUnit.MILLISECONDS.sleep(10);
 /* Your business logic - end */
  } catch (BlockException e1) {
 /*Flow control logic processing - start*/
    System. out .println( "block!" );
 /*Flow control logic processing - end*/
  } catch (InterruptedException e) {
 e.printStackTrace();
 finally
 if (entry != null ) {
 entry.exit();
 }
 }
 }

Next, use rules to specify the number of requests that are allowed to pass through the resource. For example, the following code defines that the resource HelloWorld can only pass a maximum of 20 requests per second.

 // Rule configuration
 private static void initFlowRules() {
  List<FlowRule> rules = new ArrayList<>();
  FlowRule rule = new FlowRule();
 rule .setResource( "HelloWorld" );
 rule .setGrade(RuleConstant.FLOW_GRADE_QPS);
 // Set limit QPS to 20.
 rule .setCount(20);
 rules. add ( rule );
  FlowRuleManager.loadRules(rules);
 }

After the demo is running, we can see the following output in the log ~/logs/csp/${appName}-metrics.log.xxx:

 | --timestamp-|------date time----|-resource-|p |block|s |e|rt  
 1619954886000|2021-05-02 19:28:06|HelloWorld|20|1|20|0|12|0|0|0
 1619954887000|2021-05-02 19:28:07|HelloWorld|20|3197|20|0|11|0|0|0
 1619954888000|2021-05-02 19:28:08|HelloWorld|20|2857|20|0|11|0|0|0

Where p represents the requests that passed, block represents the requests that were blocked, s represents the number of requests that were successfully executed, e represents the user-defined exceptions, and rt represents the average response time.

As you can see, this program outputs "hello world" 20 times per second, which is the same as the threshold set in the rule.

Annotation method

Sentinel provides @SentinelResource annotation for defining resources, and provides AspectJ extensions for automatically defining resources, handling BlockException, etc. When using Sentinel Annotation AspectJ Extension, you need to introduce the following dependencies:

 <dependency>
    <groupId>com.alibaba.csp</groupId>
    <artifactId>sentinel-annotation-aspectj</artifactId>
 <version>xyz</version>
 </dependency>

Example

 // The corresponding `handleException` function needs to be located in the `ExceptionUtil` class and must be public   static functions.
 // The corresponding return value also needs to be the same as the current method
 @SentinelResource(value = "createOrder" ,
                  blockHandler = "blockHandler" ,
                  blockHandlerClass = {ExceptionUtils.class})
 @GetMapping( "/createOrder" )
 public OrderDto createOrder(OrderDto dto) {
 return new OrderDto();
 }
 // ExceptionUtils
 public class ExceptionUtils {
 public   static OrderDto blockHandler(OrderDto dto, BlockException ex) {
 ex.printStackTrace();
 return   null ;
 }
 }

@SentinelResource Annotation

Note: Annotation-based embedding does not support private methods.

@SentinelResource is used to define resources and provide optional exception handling and fallback configuration items. The @SentinelResource annotation contains the following attributes:

• value: resource name, required (cannot be empty)
• entryType: entry type, optional (default is EntryType.OUT)
• blockHandler / blockHandlerClass: blockHandler corresponds to the name of the function that handles BlockException, optional. The blockHandler function must be public, the return type must match the original method, the parameter type must match the original method and an additional parameter of type BlockException must be added at the end. The blockHandler function must be in the same class as the original method by default. If you want to use a function of another class, you can specify blockHandlerClass as the Class object of the corresponding class. Note that the corresponding function must be a static function, otherwise it cannot be parsed.
• fallback / fallbackClass: fallback function name, optional, used to provide fallback processing logic when an exception is thrown. The fallback function can handle all types of exceptions (except the exception types excluded in exceptionsToIgnore). Fallback function signature and location requirements:
  • The return value type must be consistent with the return value type of the original function;
  • The method parameter list needs to be consistent with the original function, or an additional parameter of type Throwable can be added to receive the corresponding exception.
  • By default, the fallback function must be in the same class as the original method. If you want to use a function of another class, you can specify fallbackClass as the Class object of the corresponding class. Note that the corresponding function must be a static function, otherwise it cannot be parsed.
• defaultFallback (since 1.6.0): The default fallback function name, optional, usually used for general fallback logic (i.e. can be used for many services or methods). The default fallback function can handle all types of exceptions (except the exception types excluded in exceptionsToIgnore). If both fallback and defaultFallback are configured, only fallback will take effect. defaultFallback function signature requirements:
  • The return value type must be consistent with the return value type of the original function;
  • The method parameter list needs to be empty, or it can have an additional parameter of type Throwable to receive the corresponding exception.
  • By default, the defaultFallback function needs to be in the same class as the original method. If you want to use a function of another class, you can specify fallbackClass as the Class object of the corresponding class. Note that the corresponding function must be a static function, otherwise it cannot be parsed.
• exceptionsToIgnore (since 1.6.0): used to specify which exceptions are excluded. They will not be counted in the exception statistics, nor will they enter the fallback logic. Instead, they will be thrown as is.

Starting from version 1.8.0, defaultFallback supports configuration at the class level.

Note: In versions prior to 1.6.0, the fallback function only handles degrade exceptions (DegradeException) and cannot handle business exceptions.

In particular, if both blockHandler and fallback are configured, when a BlockException is thrown due to current limiting and downgrade, only the blockHandler processing logic will be entered. If blockHandler, fallback and defaultFallback are not configured, BlockException will be thrown directly when current limiting and downgrade (if the method itself does not define throws BlockException, it will be wrapped by JVM with a layer of UndeclaredThrowableException).

Sentinel Console

Download console program address:

 https://github.com/alibaba/Sentinel/releases/tag/1.8.1

Startup Command

 java -Dserver.port=8089
 -Dcsp.sentinel.dashboard.server=127.0.0.1:8089
 -Dproject.name= sentinel -dashboard
 -jar sentinel-dashboard-1.8.1.jar

Login account, the default login account and password are: sentinel

After logging into the console, we can configure our services through the menu on the right

refer to

https://github.com/alibaba/Sentinel/wiki/Introduction

https://github.com/NETFLIX/Hystrix/wiki/How-it-Works#benefits-of-thread-pools