SLIDE 1
Building and running applications at scale in Zalando
Online fashion store Checkout case
By Pamela Canchanya
About Zalando
Building and running applications at scale in Zalando Online - - PowerPoint PPT Presentation
Building and running applications at scale in Zalando Online - - PowerPoint PPT Presentation
Building and running applications at scale in Zalando Online fashion store Checkout case By Pamela Canchanya About Zalando About Zalando > 250 visits ~ 5.4 billion EUR per million month revenue 2018 > 300.000 > 26 product
SLIDE 2
SLIDE 3
SLIDE 4
~ 5.4billion EUR
revenue 2018
> 250 million
visits per month
> 15.500
employees in Europe
> 70%
- f visits via
mobile devices
> 26
million
active customers
> 300.000
product choices
~ 2.000
brands
17
countries
About Zalando
SLIDE 5
Black Friday at a glance
SLIDE 6
Zalando Tech
SLIDE 7
From monolith to microservice architecture
> 1000 microservices
Reorganization
SLIDE 8
Platform > 1100
developers
> 200
development teams
Tech organization
SLIDE 9
End to end responsibility
SLIDE 10
Checkout “Allow customers to buy seamlessly and conveniently”
Goal
SLIDE 11
Checkout landscape
Java Scala Node JS
REST & messaging
Cassandra
data storage
ETCD
configurations
AWS
&
Kubernetes
infrastructure
React
client side
Docker
container Many more programming languages Communication
SLIDE 12
Checkout architecture
Cassandra
Checkout service
Dependencies
Backend for frontend Frontend fragments
Dependencies Tailor Skipper Dependencies
SLIDE 13
Checkout is a critical component in the shopping journey
- Direct impact in business revenue
- Direct impact in customer experience
SLIDE 14
Checkout challenges in a microservice ecosystem
- Increase points of failures
- Multiple dependencies evolving independently
SLIDE 15
Lessons learnt building Checkout with
- Reliability patterns
- Scalability
- Monitoring
SLIDE 16
Building microservices with reliability patterns
SLIDE 17
Checkout confirmation page
Delivery Destination Payments Service Cart Delivery Service
SLIDE 18
Checkout confirmation page
Delivery Service
SLIDE 19
Unwanted error
SLIDE 20
Doing retries
for (var i = 1; i < numRetries; i++) { try { return getDeliveryOptionsForCheckout(cart) } catch(error) { if (i >= numRetries) { throw error; } } }
SLIDE 21
Retry for transient errors like a network error
- r service overload
SLIDE 22
Retries for some errors
try { getDeliveryOptionsForCheckout(cart) match { case Success() => // return result case TransientFailure => // retry operation case Error => // throw error } } catch { println("Delivery options exception") }
SLIDE 23
Retries with exponential backoff
Exponential Backoff time Attempt 1 Attempt 2 Attempt 3 Exponential Backoff time
100 ms 100 ms 100 ms
SLIDE 24
Exhaustion of retries and failures become permanent
SLIDE 25
Prevent execution of
- perations that are
likely to fail
SLIDE 26
Circuit breaker pattern
Circuit breaker pattern - Martin Fowler blog post
SLIDE 27
Open circuit, operations fails immediately
Target
error rate > threshold 50% getDeliveryOptionsForCheckout = failure
SLIDE 28
Fallback as alternative of failure
Unwanted failure: no Checkout Fallback: Only Standard delivery service with a default delivery promise
SLIDE 29
Putting all together
Do retries of operations with exponential backoff Wrap operations with a circuit breaker Handle failures with fallbacks when possible Otherwise make sure to handle the exceptions
circuitCommand( getDeloveryOptionsForCheckout(cart) .retry(2) ) .onSuccess(//do something with result) .onError(getDeloveryOptionsForCheckoutFallback)
SLIDE 30
Scaling microservices
SLIDE 31
Traffic pattern
SLIDE 32
Traffic pattern
SLIDE 33
Microservice infrastructure
Load balancer Instance Instance Instance Container
Incoming requests Distributed by instance
Use Zalando base image Node env JVM env
SLIDE 34
Scaling horizontally
Load balancer Instance Instance Instance Container
SLIDE 35
Scaling horizontally
Load balancer Instance Instance Instance Container Instance
SLIDE 36
Scaling vertically
Load balancer Instance Instance Instance Container
SLIDE 37
Scaling vertically
Load balancer Instance Instance Instance Container
SLIDE 38
Scaling consequences
Cassandra
> service connections > saturation and risk of unhealthy database
SLIDE 39
Microservices cannot be scalable if downstream microservices cannot scale
SLIDE 40
Low traffic rollouts
1 2 3 4
Service v2 Traffic 0% Service v1 Traffic 100%
1 2 3 4
SLIDE 41
High traffic rollouts
1 2 3 4 1 2 4 5 3 6
Service v2 Traffic 0% Service v1 Traffic 100%
SLIDE 42
Rollout with not enough capacity
SLIDE 43
Rollouts should consider allocate same capacity like version with 100% traffic
SLIDE 44
Monitor microservices
SLIDE 45
Hardware Communication Application platform Microservice Four layer model of microservice ecosystem
Monitoring microservice ecosystem
SLIDE 46
Hardware Communication Application platform Microservice For layer model of microservice ecosystem
Infrastructure metrics
Monitoring microservice ecosystem
SLIDE 47
Hardware Communication Application platform Microservice For layer model of microservice ecosystem
Microservice metrics
Monitoring microservice ecosystem
SLIDE 48
First example
SLIDE 49
Hardware metrics
SLIDE 50
Communication metrics
SLIDE 51
Rate and responses of API endpoints
SLIDE 52
Dependencies metrics
SLIDE 53
Language specific metrics
SLIDE 54
Second Example
SLIDE 55
Infrastructure metrics
SLIDE 56
Node JS metrics
SLIDE 57
Frontend microservice metrics
SLIDE 58
Anti pattern: Dashboard usage for outage detection
SLIDE 59
“Something is broken, and somebody needs to fix it right now! Or, something might break soon, so somebody should look soon.”
Practical Alerting - Monitoring distributed systems Google SRE Book
Alerting
SLIDE 60
Unhealthy instances 1 of 5
Alert
No more memory, JVM is misconfigured
SLIDE 61
Service checkout is returning 4XXs responses above threshold 25%
Alert
Recent change broke contract of API for unconsidered business rule
SLIDE 62
No orders in last 5 minutes
Alert
Downstream dependency is experimenting connectivity issues
SLIDE 63
Checkout database disk utilization is 80%
Alert
Saturation of data storage by an increase in traffic
SLIDE 64
Alerts notify about symptoms
SLIDE 65
Alerts should be actionable
SLIDE 66
Incident response
Figure Five stages of incident response. Microservices ready to production
SLIDE 67
Example of postmortem
Summary of incident
No orders in last 5 minutes 13.05.2019 between 16:00 and 16:45
Impact of customers
2K customers could not complete checkout
Impact of business
50K euros loss of order that could be completed
Analysis of root cause
Why there was no orders?
Action items ...
SLIDE 68
Every incident should have postmortem
SLIDE 69
SLIDE 70
Preparing for Black Friday
- Business forecast
- Load testing of real customer journey
- Capacity planning
SLIDE 71
Checklist for every microservice involved in Black Friday
- Is the architecture and dependencies reviewed?
- Are the possible point of failures identified and mitigated?
- Are reliability patterns implemented?
- Are the configurations adjustable without need of deployment?
- Do we have scaling strategy?
- Is monitoring in place?
- Are all alerts actionable?
- Is our team prepared for 24x7 incident management?
SLIDE 72
Situation room
SLIDE 73
Black Friday pattern of requests
> 4,200
- rders/m
SLIDE 74
My summary of learnings
- Think outside the happy path and
mitigate failures with reliability patterns
- Services are scalable proportionally
with their dependencies
- Monitor the microservice ecosystem
SLIDE 75
Resources
- Service reliability engineering
- Production ready micro services
- Monitoring and alerting Tool used by Zalando
- Taylor
- Skipper
- Load testing in Zalando
- Kubernertes in Zalando
SLIDE 76
Obrigada Thank you Danke
Contact
Pamela Canchanya pam.cdm@posteo.net @pamcdm
SLIDE 77
Building and running applications at scale in Zalando
Online fashion store Checkout case
By Pamela Canchanya