Sentinel is a high-performance open source Ali limiting framework. Here the use and implementation of Sentinel will be introduced.
Here we introduce the basic concepts involved in the Sentinel, including the use or implemented. Mainly when I read the documentation and source code frequently come into contact with the object.
Resource
Resources is a basic concept throughout the Sentinel. Can be a piece of code, a http request, a micro-service, all in all, he was the need to ensure Sentinel entity. In most cases, we can use the method signature, URL or service name as the name of the resource. It is reflected in the Sentinel: ResourceWrapper, he has two sub-categories:
StringResourceWrapper use string to identify a resource
MethodResouceWrapper use a function signatures to identify a resource
Node
Node is the basic data unit for storing statistical data, the Node itself is only an interface having a plurality of implement:
StatisticNode only direct implementation class to achieve the basic method of traffic statistics, in the StatisticSlot
ClusterNode inherited from StatisticNode, a global resource for statistics
DefaultNode inherited from StatisticNode, implemented in the appropriate context for a particular resource, it holds a reference to the ClusterNode. It also holds the list of child nodes, when in the same context call different resource SphU.entry many times will create a child node
EntranceNode inherited from the root DefaultNode, on behalf of a call, a Context will correspond to a EntranceNode
Context
Context is used to save the metadata of the current call is stored in a ThreadLocal, it contains several information:
EntranceNode entire call tree of the root node, that is, the entrance
Entry point of the current call
Node statistics related to the current call point
Origin commonly used to identify the caller, this will be very helpful in that we need to split control strategy according to the caller time zone
Whenever we call SphU.entry () or SphO.entry () to obtain permission to access resources when they are needed for the current thread in a context, if we do not explicitly call ContextUtil.enter (), is used by default Default context. If we call SphU.entry several times in a context () to get more resources, a call tree will be created out
NullContext
The maximum number of sessions exceeds the system's ability to create returns NullContext, do not follow the conversation filter check, direct let go.
Entry
Every SphU.entry () call returns a Entry, Entry to keep all the information about the current resource call:
Creating this resource called time createTime
Resources currentNode SphU.entry incoming requests in the current context of statistics Node
originNode SphU.entry incoming request resources for specific statistics caller origin node
Entry for the implementation class CtEntry, wherein it in addition to the above information, additional information is also stored:
parent chain on a call tree entry
child call tree in the chain the next entry
The current call chain to work the chain of responsibility limiting the use of resources, including various Slot
context of the current calling context point belongs
EntryType
EntryType say that the type of traffic, there are two types of this request: IN and OUT.
IN: it refers to flow into the inlet of our system, such as http request or request other rpc like.
OUT: it refers to our system to call other third-party service outlet flow.
Import, export flow is valid only when the system is configured rules.
Type IN is set to the level of traffic statistics for the entire system, to prevent the system being defeated for a way of self-protection.
Type set to OUT on the one hand to protect third-party systems, such as our system relies on an interface generated order number, and this interface is a core service, if our services are non-core applications, then he needs to be limiting protection; another aspects can also protect your system, assuming that our service is the core application, and always rely on third-party applications timeout, then it may be downgraded by setting the rt service dependent, so they would not allow third-party service to our system collapse.
Slot
Entry time to create, but also create a series of functions slot (slot chain), these slots have different responsibilities, such as:
NodeSelectorSlot responsible path to collect resources, and these resources call path, stored in a tree structure, according to calls for limiting the path to demote;
ClusterBuilderSlot the statistical information for the caller information and storage resources, such as the RT resources, QPS, thread count, etc. This information will be used as a multi-dimensional limit, according to the downgrade;
LogSlot for printing logs
StatisticSlot is used to record statistical indicators at different latitudes runtime monitoring information;
SystemSlot by the state of the system, e.g. load1 the like to control the total flow of inlet;
AuthoritySlot according to the configuration of black and white lists and call information sources, do black and white list control;
FlowSlot is used according to the preset rules and the state of the front limiting slot statistics, to control the flow rate;
DegradeSlot the statistical information and a preset rule, do the fuse downgrade;
Slot only binding on CtEntry
ProcessorSlotChain
Function groove processing chain, enters a slot entry can add their own operation, after post-fire operation will next slot entry, exit empathy
Note on, sharing the same resources to achieve a ProcessorSlotChain, across Context
Laimitapp
limitApp field flow control rule for flow control according to the invoking source. Value of this field There are three options, corresponding to different scenarios:
default: said they did not distinguish between the caller requests from any caller will limit the current statistics. If the sum call this resource name exceeds the threshold defined by this rule is triggered limiting.
{Some_origin_name}: representation for a particular caller, only a request from the caller will flow control. For example NodeA configure a rule for the caller caller1, then if and only if a request for NodeA from caller1 will trigger the flow of control.
other: indicates traffic flow control for the rest of the caller in addition to {some_origin_name}. For example, resource NodeA equipped with a current-limiting rules for the caller caller1, and at the same time to configure a caller to other rules, then any from non caller1 call to NodeA, can not exceed the threshold value other rule definition.
A resource name may be configured with a number of rules, the rules of order into effect: {some_origin_name}> other> default
Introduced over the above basic concept, the basic usage Sentinel given below:
List<FlowRule> rules = new ArrayList<FlowRule>();
FlowRule rule1 = new FlowRule();
rule1.setResource(KEY);
// set limit qps to 20
rule1.setCount(20);
rule1.setGrade(RuleConstant.FLOW_GRADE_QPS);
rule1.setLimitApp("default");
rules.add(rule1);
Entry entry = null;
try {
entry = SphU.entry(KEY);
// token acquired, means pass,do biz logic
} catch (BlockException e1) {
//block,handle block logic
} catch (Exception e2) {
// biz exception,handle biz exception logic
} finally {
if (entry != null) {
entry.exit();
}
}
As for the sentinel of the basic usage:
First set up the rules before entering a protected resource needs, try to obtain token, if successfully acquired token, you can implement the relevant logic, or throw an exception processing, and finally release token obtained.
Personal Public Number: ah camel