Cache penetration
Triggered:
In a certain query data does not exist, due to the write cache is not hit passive, fault-tolerant and is considered finding out if the data is not written to the cache from the storage layer, which will lead to the absence of data per every time a request to the storage layer to query, cache layer meaningless.
When the inflow of a large flow, possibly because of frequent access to the storage layer directly lead to DB down, it will be exploited to form the absence of key applications frequently attack vulnerability.
----------------- Solution:
1. The most often simply to employ bloom filter, all possible data to hash a sufficient hair bigmap in a the absence of certain data will be blocked out the bigmap, in order to avoid pressure on the underlying storage system queries.
2. A more simple way, if a query returned an empty data (whether data is empty, or system failure), empty cache results, set the expiration time of a maximum of five minutes.
Cache avalanche
Triggered
using the same expiration time set cache, cause the cache to be invalidated at a time, all requests steering DB, DB heavy pressure transient avalanche.
Solution
After a cache miss, by locking to control the number of threads or queue database read write cache. For example, a key for allowing only one thread to query the data and write cache, other threads wait.
Simple solution is to spread the cache expiration time, we can add a random value in the original expiration time basis, such as random 1-5 minutes, so that the repetition rate of the expiration time of each cache will be reduced, it is difficult to initiate collective failure events.
---------------- triggered reason
Redis downtime, resulting in the flow DB between the client's request, caused the collapse of DB.
Solution
1. To maintain high availability cache layer server.
- monitoring, cluster, Sentinel. When a cluster which has a server problem, let the sentry kick.
2. Depending on the rear end of the current limiting component is a spacer and degraded.
For example, recommendation service, if the personalized recommendation service is unavailable, you can downgrade to hot data.
3. drill advance.
After the drill caching layer crash, load and back-end applications and the problems that may arise. Make some plans for this set.
------------- cache penetration
引发原因:
缓存穿透是指缓存和数据库中都没有的数据,而用户不断发起请求,如发起为id为“-1”的数据或id为特别大不存在的数据。这时的用户很可能是攻击者,攻击会导致数据库压力过大。
解决方案:
1.接口层增加校验,如用户鉴权校验,id做基础校验,id<=0的直接拦截;
2.从缓存取不到的数据,在数据库中也没有取到,这时也可以将key-value对写为key-null,缓存有效时间可以设置短点,如30秒(设置太长会导致正常情况也没法使用)。这样可以防止攻击用户反复用同一个id暴力攻击
------------- cache breakdown
引发原因:
缓存击穿是指缓存中没有但数据库中有的数据(一般是缓存时间到期),这时由于并发用户特别多,同时读缓存没读到数据,又同时去数据库去取数据,引起数据库压力瞬间增大,造成过大压力
解决方案:
1. Set the hot data never expires.
2. Add mutex, e.g. ----------
Cache avalanche
Triggered By:
Cache avalanche refers to large quantities of data in the cache expiration time, and query huge amounts of data, database causing excessive pressure even down machine. And the cache is different breakdown, breakdown refers to the cache concurrency check the same data, different data cache avalanche expired, are finding out a lot of data in order to check the database.
Solution:
expiration time cached data set randomly, to prevent the same time a lot of data expired phenomenon.
If the cache database is distributed deployment, the hotspot data is evenly distributed and made different cache database.
Set hot data never expires.
