how we went from being astronauts to being mission control
play

How we went from being astronauts to being mission control - PowerPoint PPT Presentation

Jan 10, 2023 •230 likes •755 views

How we went from being astronauts to being mission control Managing systems in an age of dynamic complexity Laura Nolan About Laura Nolan Not a real astronaut (sorry) Senior Staff Software Engineer at Slack Dublin Contributor

  1. How we went from being astronauts to being mission control Managing systems in an age of dynamic complexity Laura Nolan

  2. About Laura Nolan ● Not a real astronaut (sorry) Senior Staff Software Engineer at Slack Dublin ● ● Contributor to Site Reliability Engineering (‘the SRE book’), Seeking SRE , InfoQ, and quarterly columnist at USENIX ;login: Campaigner for a ban treaty against Lethal ● Autonomous Weapons: stopkillerrobots.org ● @lauralifts on Twitter

  3. Consider cloud reliability...

  7. Image: ChrisDag@Flickr CC BY 2.0 license

  8. The old ways ● Configuring servers done by hand, or semi-automated ● Humans managing loadbalancer backend pools ● No autoscaling - things already sized for peak ● No job orchestration ● Everything was pretty static

  9. Times have changed.

  10. Automate everything: Job orchestration ● ● Autoscaling number of instances ● Routing, failover and balancing traffic

  12. Other pressures ● Better performance and latency, especially tail latency ● Reduce repetitive toil of managing a large fleet ● React faster to routine hardware failures ● More consistency in production ● Avoid compliance risks related to engineers touching production

  13. The Dynamic Control Plane Architecture Pattern A common architectural pattern in software (and network) operations that arises in order to address global optimisation problems.

  15. Autoscaling group

  16. Kubernetes cluster

  18. Global DNS Loadbalancer

  19. SDN WAN

  20. The Dynamic Control Plane: not just any old automation This pattern tends to arise specifically in systems that control critical parts of production and are doing zonal or global configuration, optimisation and balancing.

  21. Now we are mission control. We don’t run the systems anymore. We build and run the systems that run the systems.

  27. Now we are mission control. It is much harder for us to fully understand our systems in production..

  28. Dynamic control plane incidents. No judgments.

  29. December 24 2012: AWS Elastic LB ● Twas the night before Christmas, and API calls related to managing new or existing LBs started to throw mysterious errors ● Running ELBs seemed to be OK “The team was puzzled as many APIs were succeeding (customers were able ● to create and manage new load balancers but not manage existing load balancers) and others were failing.” See: https://aws.amazon.com/message/680587/

  30. December 24 2012: AWS Elastic LB ● After more than four hours, they noticed that running LBs were OK, unless someone tried to make a config update, or they scaled up or down ● Scaling workflows were disabled once they figured that out “It was when the ELB technical team started digging deeply into these ● degraded load balancers that the team identified the missing ELB state data as the root cause of the service disruption.” See: https://aws.amazon.com/message/680587/

  31. December 24 2012: AWS Elastic LB ● The ultimate fix was a data recovery process to restore the lost data and merge in changes since the data loss occurred. Full recovery from the incident took around 24 hours. ● Post incident action item was to lock down write access to the ELB control plane state. This incident showcases the difficulty of debugging problems in control plane ● software. We trust them to be stewards of critical system state and it can be very painful when that fails. See: https://aws.amazon.com/message/680587/

  32. Operators need mental models of both the system and the automation.

  33. 11 April 2016: GCE ● Google Compute Engine (GCE) lost external network connectivity for 18 minutes. ● An unused IP block is removed from a network configuration and the control system that propagates network configurations begins to process it. ● A race condition triggers a bug which removes all GCE IP blocks. See: https://status.cloud.google.com/incident/compute/16007

  34. 11 April 2016: GCE ● The configuration was sent to a canary system (a second dynamic control system). ● The canary system correctly identified that there was a problem. But the signal that the canary system sent back to the network configuration ● propagation system wasn’t correctly processed. See: https://status.cloud.google.com/incident/compute/16007

  35. 11 April 2016: GCE ● The network configuration is rolled out to other sites in turn. GCE IP blocks are advertised (over BGP) from multiple sites via IP Anycast. ● This means that probes to these IPs continued to work until the last site was withdrawn. ● The rollout process therefore lacked critical signal on the effect of its actions on the health of GCE. This is a classic complex systems failure involving multiple bugs and latent ● problems. See: https://status.cloud.google.com/incident/compute/16007

  36. Challenges: Testing Testing is a real challenge.

  37. June 2, 2019: Google network outage ● Google Cloud projects running services in multiple US regions experienced elevated packet loss as a result of network congestion for a duration of up to 4 hours 25 minutes. ● Google's machines are segregated into multiple logical clusters, each with their own dedicated cluster management software. ● A maintenance event began in a single physical location and was the trigger for the outage. See: https://status.cloud.google.com/incident/cloud-networking/19009

  38. June 2, 2019: Google network outage ● Maintenances are common and automated. ● In the case of this specific kind of maintenance, the software control plane for the network was incorrectly configured to be turned off. The misconfiguration extended to the network control plane in the entire ● region, not just one physical location. See: https://status.cloud.google.com/incident/cloud-networking/19009

  39. June 2, 2019: Google network outage ● Without the control jobs, the network will ‘fail static’, meaning that it’ll continue to use its current configuration and work for a period of time. ● However after several minutes the network capacity was withdrawn. The incident was root-caused relatively quickly. ● ● However, because all instances of the network control plane had been descheduled, data had been lost and needed to be rebuilt. See: https://status.cloud.google.com/incident/cloud-networking/19009

  40. June 2, 2019: Google network outage ● This event required multiple misconfigurations, bugs and permissions problems in order to occur. ● It involved one dynamic control plane (the automation software) operating on at least two others (the network control plane itself and the cluster management control plane). ● Again - very hard to predict these kinds of sequences of events. Like the first AWS incident it illustrates the pain that data loss can cause. ● See: https://status.cloud.google.com/incident/cloud-networking/19009

  41. Challenges: Large Blast Radius Blast radius may be large.

  42. Testing failsafe/fail static behaviour is scary, and easy to neglect.

  43. What can we do?

  44. Use regional or zonal control systems where feasible

  45. Test them at least as carefully as your main production systems

  46. Plan for time needed for operators to stay familiar with the underlying operations.

  47. Put guardrails around your control systems

  48. Sometimes humans are better. Weigh up the use of each dynamic control plane with care

  49. Make your control systems easily observable and overridable by humans

  50. And maybe one day we’ll build a cloud with better uptime than a single machine...

  51. We’re hiring! Slack is used by millions of people every day. We need engineers who want to make that experience as reliable and enjoyable as possible. https://slack.com/careers

  52. Questions? Twitter: @lauralifts

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ORGANIZATION OVERVIEW Founded in 1984 by the Mercury 7 Astronauts Over 430 Astronaut

ORGANIZATION OVERVIEW Founded in 1984 by the Mercury 7 Astronauts Over 430 Astronaut

ORGANIZATION OVERVIEW Founded in 1984 by the Mercury 7 Astronauts Over 430 Astronaut Scholars recognized Provided more than $4.2 million in scholarships Partner with 34 universities across the country Provide STEM (Science,

235 views • 9 slides
Bone Health Monitoring in Astronauts: Recommended Use of Quantitative Computed Tomography [QCT]

Bone Health Monitoring in Astronauts: Recommended Use of Quantitative Computed Tomography [QCT]

https://ntrs.nasa.gov/search.jsp?R=20110008337 2018-08-11T02:18:23+00:00Z Bone Health Monitoring in Astronauts: Recommended Use of Quantitative Computed Tomography [QCT] for Clinical and Operational Decisions J.D. Sibonga and P. Truskowski On

584 views • 26 slides
Stimulus Control PaTTANs Mission and its Role in The mission of the Pennsylvania Training

Stimulus Control PaTTANs Mission and its Role in The mission of the Pennsylvania Training

8/3/17 Stimulus Control PaTTANs Mission and its Role in The mission of the Pennsylvania Training and Technical Assistance Errorless Network (PaTTAN) is to support the efforts and initiatives of the Bureau of Learning Special Education,

488 views • 20 slides
Disturbances In Astronauts With Optical Stimuli Using Virtual Reality Matthew Noyes Software

Disturbances In Astronauts With Optical Stimuli Using Virtual Reality Matthew Noyes Software

Simulating Vestibular Disturbances In Astronauts With Optical Stimuli Using Virtual Reality Matthew Noyes Software Lead/Hybrid Reality Lab National Aeronautics and Space Administration (NASA) Marissa Rosenberg & Frank Delgado Galen

400 views • 39 slides
In-Situ Additive Construction in Space: 3D Printing Habitats for Astronauts Off Earth Mining

In-Situ Additive Construction in Space: 3D Printing Habitats for Astronauts Off Earth Mining

National Aeronautics and Space Administration In-Situ Additive Construction in Space: 3D Printing Habitats for Astronauts Off Earth Mining Forum Day 2, Session 1 University of New South Wales Sydney, Australia September 21, 2017 Robert P.

656 views • 46 slides
Astronauts Related to EVA Suit Design Rick Scheuring, DO, MS, FAsMA, FAAFP Team Lead,

Astronauts Related to EVA Suit Design Rick Scheuring, DO, MS, FAsMA, FAAFP Team Lead,

https://ntrs.nasa.gov/search.jsp?R=20120009404 2018-07-21T02:23:20+00:00Z Shoulder Injuries in US Astronauts Related to EVA Suit Design Rick Scheuring, DO, MS, FAsMA, FAAFP Team Lead, Musculoskeletal/Sports Medicine and Rehabilitation

687 views • 44 slides
our name is our mission Mission Mission BioControl provides technology for biology with focus

our name is our mission Mission Mission BioControl provides technology for biology with focus

our name is our mission Mission Mission BioControl provides technology for biology with focus on hi-tech products for the livestock industry Our products offer the user control, labor saving, cost saving or ease of mind and help to meet the

810 views • 17 slides
19/06/2019 European Centre for Disease Prevention and Control (ECDC) ECDCs mission and vision:

19/06/2019 European Centre for Disease Prevention and Control (ECDC) ECDCs mission and vision:

19/06/2019 European Centre for Disease Prevention and Control (ECDC) ECDCs mission and vision: ECDC's mission is to identify , assess and communicate current and emerging threats to human health posed by infectious diseases . Migration

279 views • 3 slides
Dr. Randy Lovelace and the Astronauts Loretta Hall Author NSS Space Ambassador 3:17 PM

Dr. Randy Lovelace and the Astronauts Loretta Hall Author NSS Space Ambassador 3:17 PM

Dr. Randy Lovelace and the Astronauts Loretta Hall Author NSS Space Ambassador 3:17 PM Courtesy of Loretta Hall 1918 3:17 PM Courtesy of Loretta Hall 1920s 3:17 PM Courtesy of Loretta Hall Oxygen for High-Fliers 3:17 PM Courtesy of

623 views • 24 slides
Program Mission The Mission of DTSCs Public Participation Program is to ensure that the

Program Mission The Mission of DTSCs Public Participation Program is to ensure that the

O ffice of Communications Public Participation Program Prepared for the Independent Review Panel August 10, 2016 Cal/EPA Department of Toxic Substances Control 1 Program Mission The Mission of DTSCs Public Participation Program is to

609 views • 60 slides
our name is our mission Mission BioControl provides technology for biology with focus on hi-tech

our name is our mission Mission BioControl provides technology for biology with focus on hi-tech

our name is our mission Mission BioControl provides technology for biology with focus on hi-tech products for the livestock industry Our products offer the user control, labor saving, cost saving or ease of mind and help to meet the challenges

447 views • 19 slides
Mission Statement Statement Mission BioControl provides technology for biology with focus on

Mission Statement Statement Mission BioControl provides technology for biology with focus on

Mission Statement Statement Mission BioControl provides technology for biology with focus on hi-tech products for the livestock industry Our products offer the user control, labor saving, cost saving or ease of mind and help to meet the

776 views • 16 slides
A Prevention Research Center funded by the Centers for Disease Control and Prevention 2 Mission

A Prevention Research Center funded by the Centers for Disease Control and Prevention 2 Mission

A Prevention Research Center funded by the Centers for Disease Control and Prevention 2 Mission The Center for Adolescent Health (CAH) is committed to helping Baltimores youth to become healthy and productive adults. We collaborate with

210 views • 17 slides
INDEX 01 ABOUT US 02 MISSION 03 OBJECTIVE 04 QUALITY POLICY, SAFETY AND ENVIRONMENTAL PROTECTION 05

INDEX 01 ABOUT US 02 MISSION 03 OBJECTIVE 04 QUALITY POLICY, SAFETY AND ENVIRONMENTAL PROTECTION 05

INDEX 01 ABOUT US 02 MISSION 03 OBJECTIVE 04 QUALITY POLICY, SAFETY AND ENVIRONMENTAL PROTECTION 05 SERVICES ENGINEERING IT SOLUTIONS AUTOMATION AND PROCESS CONTROL SCADA-HMI PREVENTIVE AND CORRECTIVE MAINTENANCE PROCESS CONTROL AND

557 views • 21 slides
Cross-connection Control for Wastewater Treatment Plants Department of Health Mission We work

Cross-connection Control for Wastewater Treatment Plants Department of Health Mission We work

Cross-connection Control for Wastewater Treatment Plants Department of Health Mission We work with others to protect and improve the health of all people in Washington State. 2 Presentation Overview Descriptions Requirements The

917 views • 72 slides
Stimulus Control and its Role in Errorless Learning August 9, 2018 National Autism Conference

Stimulus Control and its Role in Errorless Learning August 9, 2018 National Autism Conference

8/5/18 Stimulus Control and its Role in Errorless Learning August 9, 2018 National Autism Conference David Roth PaTTANs Mission The mission of the Pennsylvania Training and T echnical Assistance Network (PaTTAN) is to support the

755 views • 44 slides
Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG

Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG

Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG Workshop, AIS 2014, Djibou> DNS Resolver Operation How Resolvers Work (1) If we've dealt with this query before recently,

838 views • 46 slides
;43.)2-! ! <=/"! ! =4##-23!93,349!$%!<=/"! !

;43.)2-! ! <=/"! ! =4##-23!93,349!$%!<=/"! !

!"#$%&'()*"#)+',#%*-&.--.)*'/#)")0)+' 1!(,/2' '344+.0%5)*-'%*6'74$*'8--9$- ! "#$%&!'#&!()*+,-.!/01-2! 34-1-256784-293-#&:-! ;43.)2-! ! <=/"! ! =4##-23!93,349!$%!<=/"! !

322 views • 4 slides
Successful Strategies for IPV6 Rollouts Submitted to - Yasir Baig - Prof. Dr.Eduard Heindl

Successful Strategies for IPV6 Rollouts Submitted to - Yasir Baig - Prof. Dr.Eduard Heindl

1 Successful Strategies for IPV6 Rollouts Submitted to - Yasir Baig - Prof. Dr.Eduard Heindl Agenda 2 Time Frame : 20 - 25 minutes. History Why a new IPV6 How IPV6 meets the new requirements on the Internet Security

179 views • 16 slides
Arnold

Arnold

Arnold Nipper DE-CI X Management GmbH arnold.nipper@de-cix.net

408 views • 13 slides
MEMORANDUM OF ASSOCIATION OF ZYLOG SYSTEMS LIMITED I The name of the Company is ZYLOG SYSTEMS

MEMORANDUM OF ASSOCIATION OF ZYLOG SYSTEMS LIMITED I The name of the Company is ZYLOG SYSTEMS

MEMORANDUM OF ASSOCIATION OF ZYLOG SYSTEMS LIMITED I The name of the Company is ZYLOG SYSTEMS LIMITED II The Registered Office of the Company will be situated in the State of Tamil Nadu III The Objects for which the Company is established

804 views • 57 slides
Cache Me If You Can: Effects of DNS Time-to-Live Giovane C. M. Moura 1 , 2 , John Heidemann 3 ,

Cache Me If You Can: Effects of DNS Time-to-Live Giovane C. M. Moura 1 , 2 , John Heidemann 3 ,

Cache Me If You Can: Effects of DNS Time-to-Live Giovane C. M. Moura 1 , 2 , John Heidemann 3 , Wes Hardaker 3 , Ricardo de O. Schmidt 4 RIPE 79 Rotterdam, The Netherlands 2019-10-15 1 SIDN Labs, 2 TU Delft, 3 USC/ISI, 4 UPF Outline

1.05k views • 90 slides
Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Infrastructure Architecture for a Cloud IaaS Provider Software Defined Networking and Network Virtualization Network Monitoring Security Enforcement Inter-Domain Routing for Virtualized Networks Security Monitoring and Enforcement for the

795 views • 42 slides
Company Presentation 01.03.2020 rev6 AT A GLANCE A family owned business. Second generation in

Company Presentation 01.03.2020 rev6 AT A GLANCE A family owned business. Second generation in

Company Presentation 01.03.2020 rev6 AT A GLANCE A family owned business. Second generation in charge. 10 NUMBER OF ENGINEERS Management Mr. Ouzhan Arslan Technical Gn.Man. (Ind. Eng.) Mr. Kaan Arslan 95 Admin.Gn.Man. (BA) NUMBER OF

621 views • 32 slides

More recommend