anomaly detection fault tolerance anticipation
play

Anomaly Detection Fault Tolerance Anticipation Patterns John - PowerPoint PPT Presentation

Feb 25, 2024 •34 likes •994 views

Anomaly Detection Fault Tolerance Anticipation Patterns John Allspaw SVP, Tech Ops Qcon London 2012 Wednesday, March 7, 12 Four Cornerstones Erik Hollnagel (Anticipation) (Response) Knowing Knowing Knowing Knowing What What What

  1. Anomaly Detection Fault Tolerance Anticipation Patterns John Allspaw SVP, Tech Ops Qcon London 2012 Wednesday, March 7, 12

  2. Four Cornerstones Erik Hollnagel (Anticipation) (Response) Knowing Knowing Knowing Knowing What What What What To Expect To Do To Look For Has Happened (Monitoring) (Learning) Wednesday, March 7, 12

  3. Four Cornerstones Erik Hollnagel (Anticipation) (Response) Knowing Knowing Knowing Knowing What What What What To Expect To Do To Look For Has Happened (Monitoring) (Learning) Wednesday, March 7, 12

  4. Four Cornerstones Erik Hollnagel (Anticipation) (Response) Knowing Knowing Knowing Knowing What What What What To Expect To Do To Look For Has Happened (Monitoring) (Learning) Wednesday, March 7, 12

  5. Anomaly Detection Wednesday, March 7, 12

  6. Anomaly Detection • Getting at the state of health • Evaluating the state of health • Components AND systems Wednesday, March 7, 12

  7. Supervisory Example: Active health check check_http Component Monitor (webserver) exit 0 200 OK Wednesday, March 7, 12

  8. Supervisory check_http Pros: Component Monitor Easy to implement (webserver) Easy to understand exit 0 200 OK Well-known pattern Cons: Messaging can fail Scalability is limited Wednesday, March 7, 12

  9. Supervisor Sensitivity 1 sec timeout 1 retry 3 sec interval 1s 1s X X 3s 3 3 3 3 3 3 3 (7.9 sec exposure) Up to ~2.9s for the previous interval Wednesday, March 7, 12

  10. Supervisor Sensitivity Request latency (max = 0.9s) Schedule check_http Latency Component Monitor (max = N) (webserver) exit 0 200 OK Response latency (max = 0.9s) Wednesday, March 7, 12

  11. Supervisor Sensitivity How many seconds of errors can you tolerate serving? Wednesday, March 7, 12

  12. Supervisory Example: Interval Passive health check Component Monitor (webserver) DISK consumption exit 0 within bounds Wednesday, March 7, 12

  13. Supervisory Example: Interval Passive health check Pros: Efficient Component Monitor (webserver) Scalability is different exit 0 DISK Fewer moving parts consumption within bounds Less exposure Can submit to multiple places Cons: Nonideal for network-based services Different tuning (windowed expectation) Wednesday, March 7, 12

  14. Supervisory Example: Passive health check ✓ { ✓ Interval ✓ ? E M ? Component I ✓ T ✓ Wednesday, March 7, 12

  15. Supervisory Example: Passive health check ✓ ✓ ✓ { ? Interval Interval Schedule ? Component ✓ Latency E M ✓ I T Exposure = (Schedule + Interval )*UnknownConsecutiveIntervals+1 Wednesday, March 7, 12

  16. Frequency and Transience Probability Probability Of False Of Positives Nondetection Short intervals Long intervals Low # of retries High # of retries Short timeouts Long timeouts Wednesday, March 7, 12

  17. In-Line Example: Passive application event logging monitor application Wednesday, March 7, 12

  18. Supervisory Example: Passive application event logging monitor application Pros: On-demand publish Cons: Onus is on the app Can’t be 100% sure it’s working Wednesday, March 7, 12

  19. Supervisory Example: Passive application event logging monitor application Positive events (sales, registrations, etc.) Negative events (errors, exceptions, etc.) Lack or presence of data mean different things, so history is paramount. Wednesday, March 7, 12

  20. Context Wednesday, March 7, 12

  21. Evaluation what is ‘abnormal’ ? Wednesday, March 7, 12

  22. 10 9 Response Time 8 7 6 5 4 3 2 1 0 0 1 2 3 4 5 6 7 8 9 10 Time Wednesday, March 7, 12

  23. Static Thresholds 10 9 Critical Response Time 8 7 Warning 6 5 4 3 2 1 0 0 1 2 3 4 5 6 7 8 9 10 Time Wednesday, March 7, 12

  24. Static Thresholds 10 9 Critical Response Time 8 7 Warning 6 5 4 3 2 1 0 0 1 2 3 4 5 6 7 8 9 10 Time Wednesday, March 7, 12

  25. Static Thresholds 10 9 Critical Response Time 8 7 Warning 6 5 4 3 2 1 0 0 1 2 3 4 5 6 7 8 9 10 Time Wednesday, March 7, 12

  26. Static Thresholds 10 9 Critical Response Time 8 7 Warning 6 5 4 3 2 1 0 0 1 2 3 4 5 6 7 8 9 10 Time Wednesday, March 7, 12

  27. Static Thresholds Wednesday, March 7, 12

  28. Static Thresholds Wednesday, March 7, 12

  29. Context Normal? Wednesday, March 7, 12

  30. Context 24 hours Wednesday, March 7, 12

  31. Context 7 days Wednesday, March 7, 12

  32. Context Normal But Noisy Wednesday, March 7, 12

  33. Context Smoothing? Wednesday, March 7, 12

  34. Context Holt-Winters Exponential Smoothing Recent points influencing a forecast, exponentially decreasing influence backwards in time. en.wikipedia.org/wiki/Exponential_smoothing Wednesday, March 7, 12

  35. Context Aberrant Behavior Detection in Time Series for Network Monitoring http://static.usenix.org/events/lisa00/ full_papers/brutlag/brutlag_html/ Wednesday, March 7, 12

  36. Dynamic Thresholds Wednesday, March 7, 12

  37. Dynamic Thresholds Upper bound Raw data Lower bound Wednesday, March 7, 12

  38. Dynamic Thresholds Hrm.... Wednesday, March 7, 12

  39. Dynamic Thresholds Hrm.... Wednesday, March 7, 12

  40. Dynamic Thresholds Holt-Winters Aberration Ah! Wednesday, March 7, 12

  41. Dynamic Thresholds Graphite metrics collection w/Holt-Winters abberations http://graphite.wikidot.com/ Nagios check for Graphite data https://github.com/etsy/nagios_tools/blob/master/check_graphite_data Wednesday, March 7, 12

  42. Four Cornerstones Erik Hollnagel (Anticipation) (Response) Knowing Knowing Knowing Knowing What What What What To Expect To Do To Look For Has Happened (Monitoring) (Learning) Wednesday, March 7, 12

  43. FAULT TOLERANCE Wednesday, March 7, 12

  44. Detection of fault X Triggers corrective action Y Clean up, report back (RECOVERY OR MASKING) Wednesday, March 7, 12

  45. Variation Tolerance Wednesday, March 7, 12

  46. Adaptive Systems Expected Variation Wednesday, March 7, 12

  47. Adaptive Systems Expected Variation Wednesday, March 7, 12

  48. Adaptive Systems Expected Variation Wednesday, March 7, 12

  49. New Disturbances Compensation is Arise Exhausted Disturbance Expected Variation Control compensation decompensation Woods, 2011 Wednesday, March 7, 12

  50. New Disturbances Compensation is Arise Exhausted Disturbance Expected Variation Control compensation decompensation Wednesday, March 7, 12

  51. New Disturbances Compensation is Arise Exhausted Variation Disturbance Expected Fault Variation Control compensation decompensation Wednesday, March 7, 12

  52. Variations != Faults Wednesday, March 7, 12

  53. Dead Corrupt Late Wrong Wednesday, March 7, 12

  54. Fault Tolerance Redundancy Spatial (server, network, process) Temporal (checkpoint, “rollback”) Informational (data in N locations) Wednesday, March 7, 12

  55. Fault Tolerance Redundancy Spatial (server, network, process) Temporal (checkpoint, “rollback”) Informational (data in N locations) Wednesday, March 7, 12

  56. Spatial Redundancy 2 2 Wednesday, March 7, 12

  57. Spatial Redundancy Active/Active Wednesday, March 7, 12

  58. Spatial Redundancy Active/Passive Wednesday, March 7, 12

  59. Spatial Redundancy Roaming Spare Dedicated Spare Wednesday, March 7, 12

  60. In-Line Fault Tolerance PHP App (thrift client) Thrift Search (Lucene/Solr) • Connect timeout • Send timeout • Receive timeout Wednesday, March 7, 12

  61. In-Line Fault App Tolerance X Search (Lucene/Solr) 1. App attempts connection, can’t 2. Caches APC user object with 60s “TTL” key=server:port 3. Moves to next server in rotation, skipping any found in APC Wednesday, March 7, 12

  62. In-Line Fault Tolerance http://thrift.apache.org/ /lib/php/src/TSocketPool.php Wednesday, March 7, 12

  63. In-Line Fault Tolerance Pros: Distributed checking and perspective Handles transient failures Auto-recovery Cons: Onus is on the app for implementation Wednesday, March 7, 12

  64. Fault Tolerance Nagios Event Handlers Attempt to recover from specific conditions Chain together recovery actions http://nagios.sourceforge.net/docs/3_0/ eventhandlers.html Wednesday, March 7, 12

  65. If (fault X) then HUP process; re-check If (OK) then notify+exit ELSE Hard restart process; re-check If (OK) then notify+exit ELSE Remove from production; notify+exit Wednesday, March 7, 12

  66. How many seconds of errors can you tolerate serving? Wednesday, March 7, 12

  67. Fail Closed When fault is found, and can’t be recovered or masked, operations cease to protect the rest of the system from damage. Wednesday, March 7, 12

  68. Depth and Dependencies Load Balancers Monitor Health check App DB Wednesday, March 7, 12

  69. Depth and Dependencies WARNING: Load Balancers Monitor Health check Don’t be too App crazy DB Wednesday, March 7, 12

  70. Fail Closed Aggregate Cluster Checking X X X X If (clusterfail > 25%) then notify+exit ELSE OK Wednesday, March 7, 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault tolerant programming are: Fault Detection - Knowing that a fault exists Fault Recovery - having atomic instructions that can be rolled back in

361 views • 18 slides
Roadmap for Section 10.1 The Notion of Fault-Tolerance Fault-Tolerance Support in NTFS Volume

Roadmap for Section 10.1 The Notion of Fault-Tolerance Fault-Tolerance Support in NTFS Volume

Unit OS10: Fault Tolerance Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 10.1 The Notion of Fault-Tolerance Fault-Tolerance Support in NTFS Volume Management - Striped

394 views • 25 slides
Fault Tolerance in Message Passing Fault Tolerance in Message Passing and in Action and in

Fault Tolerance in Message Passing Fault Tolerance in Message Passing and in Action and in

Fault Tolerance in Message Passing Fault Tolerance in Message Passing and in Action and in Action Jack Dongarra, Innovative Computing Laboratory University of Tennessee and Computer Science and Mathematics Division Oak Ridge National

422 views • 14 slides
General Principles of Fault- Tolerance Daniel Gottesman Perimeter Institute Whats Left For

General Principles of Fault- Tolerance Daniel Gottesman Perimeter Institute Whats Left For

General Principles of Fault- Tolerance Daniel Gottesman Perimeter Institute Whats Left For Fault-Tolerance? Reduce the overhead (in space and in time) needed for fault-tolerance Better fault-tolerance in 1D? Better magic state

556 views • 22 slides
Fault Detection and Mitigation in WLAN RSS Nearest Neighbor Fingerprint-based Positioning

Fault Detection and Mitigation in WLAN RSS Nearest Neighbor Fingerprint-based Positioning

Introduction - Motivation - Fault Model - Measurement Setup Fault Detection and Mitigation in WLAN RSS Nearest Neighbor Fingerprint-based Positioning Algorithm - Fault Detection - Fault Tolerance Hybrid Positioning Algorithm Christos

708 views • 41 slides
Rigorous fault-tolerance thresholds Ben Reichardt UC Berkeley N gate circuit 0/1 N gate

Rigorous fault-tolerance thresholds Ben Reichardt UC Berkeley N gate circuit 0/1 N gate

Rigorous fault-tolerance thresholds Ben Reichardt UC Berkeley N gate circuit 0/1 N gate circuit Need error 1/N 1/0 Quantum fault-tolerance problem Classical fault-tolerance: Von Neumann (1956) 0/1 Fault-tolerant, larger C High

846 views • 63 slides
CH NG 8: FAULT TOLERANCE TS. Tr n H i Anh Content 2 1. Introduction to fault

CH NG 8: FAULT TOLERANCE TS. Tr n H i Anh Content 2 1. Introduction to fault

1 Tr n H i Anh Distributed System CH NG 8: FAULT TOLERANCE TS. Tr n H i Anh Content 2 1. Introduction to fault tolerance 2. Process resilience 3. Reliable client-Server Communication 4. Reliable Group Communication 5.

966 views • 50 slides
Distributed Systems 5. Fault Tolerant Systems Fault-Tolerance - 1 Lszl Bszrmnyi

Distributed Systems 5. Fault Tolerant Systems Fault-Tolerance - 1 Lszl Bszrmnyi

Distributed Systems 5. Fault Tolerant Systems Fault-Tolerance - 1 Lszl Bszrmnyi Distributed Systems Fault tolerance A system or a component fails due to a fault Fault tolerance means that the system continues to provide its

428 views • 40 slides
Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier) in a dataset is an instance that is abnormal or unlikely based on the rest of the dataset If the instances in the dataset are labeled as

760 views • 19 slides
CSci 5105 Introduction to Distributed Systems Fault Tolerance Last Time Replication and

CSci 5105 Introduction to Distributed Systems Fault Tolerance Last Time Replication and

CSci 5105 Introduction to Distributed Systems Fault Tolerance Last Time Replication and Consistency Today Fault tolerance Chapter 8 TVS Fault Tolerance Basics Availability short time horizon e.g down 1 msec every hour

292 views • 27 slides
Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats

Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats

Challenging Malicious Inputs with Fault Tolerance Techniques Bruno Luiz Agenda Threats Fault Tolerance Fault Injection for Fault Tolerance Assessment Basic and classic techniques Decision Mechanisms Implementation

962 views • 61 slides
What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining the term anomaly Anomaly: a data point or collection of data points that do not follow the

870 views • 21 slides
Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative Anomaly Detection Motivation Developing an anomaly detection system Anomaly detection vs. supervised learning Choosing what features

514 views • 34 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

984 views • 72 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

905 views • 74 slides
Distributed Systems (ICE 601) Fault Tolerance Dongman Lee ICU Class Overview Introduction

Distributed Systems (ICE 601) Fault Tolerance Dongman Lee ICU Class Overview Introduction

Distributed Systems (ICE 601) Fault Tolerance Dongman Lee ICU Class Overview Introduction Failure Model Fault Tolerance Models state machine primary-backup Distributed Systems - Fault Tolerance Introduction

146 views • 12 slides
Stochastic gradient descent on Riemannian manifolds Silvre Bonnabel 1 Centre de Robotique -

Stochastic gradient descent on Riemannian manifolds Silvre Bonnabel 1 Centre de Robotique -

Stochastic gradient descent on Riemannian manifolds Silvre Bonnabel 1 Centre de Robotique - Mathmatiques et systmes Ecole des Mines de Paris" 2 Journes du GDR ISIS Paris, 20 novembre 2014 1 silvere.bonnabel@mines-paristech 2

628 views • 50 slides
1 University of Saskatchewan, Canada 2 University of Tartu, Estonia

1 University of Saskatchewan, Canada 2 University of Tartu, Estonia

Dmytro Dyachuk 1 , and Michele Mazzucco 2 1 University of Saskatchewan, Canada 2 University of Tartu, Estonia Introduction (1) Clients have performance expectations

333 views • 17 slides
Adaptive mesh redistribution on the sphere for global atmospheric modelling Phil Browne &

Adaptive mesh redistribution on the sphere for global atmospheric modelling Phil Browne &

Adaptive mesh redistribution on the sphere for global atmospheric modelling Phil Browne & Hilary Weller (Reading), Colin Cotter & Jemma Shipton (Imperial), Chris Budd & Andrew McRae (Bath) Phil Browne Adaptive algorithms for

227 views • 21 slides
This document must be cited according to its fjnal version which is published in a conference as:

This document must be cited according to its fjnal version which is published in a conference as:

This document must be cited according to its fjnal version which is published in a conference as: C. Afri, L. Bako, V. Andrieu, P. Dufour, "Adaptive identifjcation of continuous time MIMO state-space models", 54rd IEEE Conference on

1.01k views • 61 slides
0 The first problem is of course speed: light transport is generally slow, transport in volumes

0 The first problem is of course speed: light transport is generally slow, transport in volumes

In this concluding part of the course, I will discuss some open problems in volumetric light transport. 0 The first problem is of course speed: light transport is generally slow, transport in volumes even slower. Especially in large

617 views • 7 slides
On Adaptive Strategies and Convex Optimization Algorithms Joon Kwon joint work with Panayotis

On Adaptive Strategies and Convex Optimization Algorithms Joon Kwon joint work with Panayotis

On Adaptive Strategies and Convex Optimization Algorithms Joon Kwon joint work with Panayotis Mertikopoulos Institut de Math ematiques de Jussieu Universit e Pierre-et-Marie-Curie Paris, France Workshop on Algorithms and Dynamics for

632 views • 20 slides
Quality-adaptive Prefetching for Interactive Branched Video using HTTP-based Adaptive Streaming

Quality-adaptive Prefetching for Interactive Branched Video using HTTP-based Adaptive Streaming

Quality-adaptive Prefetching for Interactive Branched Video using HTTP-based Adaptive Streaming Vengatanathan Krishnamoorthi 1 , Niklas Carlsson 1 , Derek Eager 2 , Anirban Mahanti 3 , Nahid Shahmehri 1 1 Linkping university, Sweden 2 University

2.03k views • 192 slides
3 Language Models 1: n -gram Language Models While the final goal of a statistical machine

3 Language Models 1: n -gram Language Models While the final goal of a statistical machine

3 Language Models 1: n -gram Language Models While the final goal of a statistical machine translation system is to create a model of the target sentence E given the source sentence F , P ( E | F ), in this chapter we will take a step back, and

106 views • 8 slides

More recommend