why do internet services fail and what can be done about
play

Why do Internet services fail, and what can be done about it? David - PowerPoint PPT Presentation

Jan 24, 2024 •473 likes •713 views

Why do Internet services fail, and what can be done about it? David Oppenheimer davidopp@cs.berkeley.edu ROC Group, UC Berkeley ROC Retreat, June 2002 Slide 1 Motivation Little understanding of real problems in maintaining 24x7 Internet

  1. Why do Internet services fail, and what can be done about it? David Oppenheimer davidopp@cs.berkeley.edu ROC Group, UC Berkeley ROC Retreat, June 2002 Slide 1

  2. Motivation • Little understanding of real problems in maintaining 24x7 Internet services • Identify the common failure causes of real- world Internet services – these are often closely-guarded corporate secrets • Identify techniques that would mitigate observed failures • Determine fault model for availability and recoverability benchmarks Slide 2

  3. Sites examined 1. Online service/portal – ~500 machines, 2 facilities – ~100 million hits/day – all service software custom-written (SPARC/Solaris) 2. Global content hosting service – ~500 machines, 4 colo facilities + customer sites – all service software custom-written (x86/Linux) 3. Read-mostly Internet site – thousands of machines, 4 facilities – ~100 million hits/day – all service software custom-written (x86) Slide 3

  4. Outline • Motivation • Terminology and methodology of the study • Analysis of root causes of faults and failures • Analysis of techniques for mitigating failure • Potential future work Slide 4

  5. Terminology and Methodology (I) • Examined 2 operations problem tracking databases, 1 failure post-mortem report log • Two kinds of failures – Component failure (“fault”) » hardware drive failure, software bug, network switch failure, operator configuration error, … » may be masked, but if not, becomes a... – Service failure (“failure”) » prevents an end-user from accessing the service or a part of the service; or » significantly degrades a user-visible aspect of perf. » inferred from problem report, not measured externally – Every service failure is due to a component failure Slide 5

  6. Terminology and Methodology (II) # of # of period covered component resulting in problem Service failures service failures reports Online 85 18 4 months Content 99 20 1 month ReadMostly N/A 21 6 months (note that the services are not directly comparable) • Problems are categorized by “root cause” – first component that failed in the chain of events leading up to the observed failure • Two axes for categorizing root cause – location : front-end, back-end, network, unknown – type : node h/w, node s/w, net h/w, net s/w, operator, environment, overload, unknown Slide 6

  7. Component failure service failure Component failure to system failure: Content 45 41 component failure 40 system failure 35 # of incidents 27 30 25 18 20 15 9 10 5 4 3 5 0 0 node operator node hardware node software net unknown Component failure to system failure: Online 32 35 30 component failure # of incodents 25 system failure 20 15 10 10 10 6 6 4 4 4 3 3 5 1 1 0 0 0 node software net operator net hardware net software node operator node hardware net unknown Slide 7

  8. Service failure (“failure”) causes front-end back-end net unknown 72% 28% Online 55% 20% 20% 5% Content 0% 10% 81% 9% ReadMostly Front-end machines are a significant cause of failure node net node net node net node net op op hw hw sw sw unk unk 33% 6% 17% 22% 6% Online 45% 5% 25% 15% Content 5% 14% 10% 5% 19% 33% ReadMostly Operator error is largest cause of failure for two services, network problems for one service Slide 8

  9. Service failure average TTR (hours) front-end back-end net average TTR in hrs 9.7 10.2 0.75 (*) Online 2.5 14 1.2 (*) Content 0.17 (*) 1.2 ReadMostly average node op net node net node net net TTR in hrs op hw hw sw sw unk Online 15 1.7 (*) 0.5 (*) 3.7 (4) Content 1.2 0.23 1.2 (*) ReadMostly 0.17 (*) 0.13 6.0 (*) 1.0 0.11 (*) denotes only 1-2 failures in this category Front-end TTR < Back-end TTR Network problems have smallest TTR Slide 9

  10. Component failure (“fault”) causes front-end back-end net 76% 5% 19% Online 34% 34% 30% Content Component failures arise primarily in the front-end node net node net node net node net env op op hw hw sw sw unk unk 12% 5% 38% 5% 12% 4% 4% 5% 0% Online 18% 1% 4% 1% 41% 1% 1% 27% 1% Content Operator errors are less common than hardware/ software component failures, but are less frequently masked Slide 10

  11. Techniques for mitigating failure (I) • How techniques could have helped • Techniques we studied 1. testing (pre-test or online-test) 2. redundancy 3. fault injection and load testing (pre- or online) 4. configuration checking 5. isolation 6. restart 7. better exposing and diagnosing problems Slide 11

  12. Techniques for mitigating failure (II) technique # of problems mitigated (/19) online testing 11 redundancy 8 online fault/load injection 3 configuration checking 3 isolation 2 pre-deployment fault/load injection 2 restart 1 pre-deployment correctness testing 1 better exposing/monitoring errors (TTD) 8 better exposing/monitoring errors (TTR) 8 Slide 12

  13. Comments on studying failure data • Problem tracking DB may skew results – operator can cover up errors before manifests as a (new) failure • Multiple-choice fields of problem reports much less useful than operator narrative – form categories were not filled out correctly – form categories were not specific enough – form categories didn’t allow multiple causes • No measure of customer impact • How would you build an anonymized meta-database? Slide 13

  14. Future work (I) • Continuing analysis of failure data – New site? (e-commerce, storage system vendor, …) – More problems from Content and Online? » say something more statistically meaningful about • MTTR • value of approaches to mitigating problems • cascading failures, problem scopes » different time period from Content (longitudinal study) – Additional metrics? » taking into account customer impact (customer- minutes, fraction of service affected, …) – Nature of original fault, how fixed? – Standardized, anonymized failure database? Slide 14

  15. Future work (II) • Recovery benchmarks (akin to dependability b/m’s) – use failure data to determine fault model for fault injection – recovery benchmark goals » evaluate existing recovery mechanisms • common-case overhead, recovery performance, correctness, … » match user needs/policies to available recovery mechanisms » design systems with efficient, tunable recovery properties • systems can be built/configured to have different recoverability characteristics (RAID levels, check- pointing frequency, degree of error checking, etc. ) – procedure 1. choose application (storage system, three-tier application, globally distributed/p2p app, etc.) 2. choose workload (user requests + operator preventative maintenance and service upgrade) 3. choose representative faultload based on failure data 4. choose QoS metrics (latency, throughput, fraction of service available, # users affected, data consistency, data loss, degree of remaining redundancy, …) Slide 15

  16. Future Work (III) • Recovery benchmarks, cont. – issues » language for describing faults and their frequencies • hw, sw, net including WAN, operator • allows automated stochastic fault injection » quantitative models for describing data protection/recovery mechanisms • how faults affect QoS – isolated & correlated faults • like to allow prediction of recovery behavior of single component and systems of components » synthesizing overall recoverability metric(s) » defining workload for systems with complicated interfaces ( e.g., whole “services”) Slide 16

  17. Conclusion • Failure causes – operator error #1 contributor to service failures – operator error most difficult type of failure to mask; generally due to configuration errors – front-end software can be a significant cause of user-visible failures – back-end failures, while infrequent, take longer to repair than do front-end failures • Mitigating failures – online correctness testing would have helped a lot, but hard to implement – better exposing, monitoring for failures would have helped a lot, but must be built in from ground up – for configuration problems, match system architecture to actual configuration – redundancy, isolation, incremental rollout, restart, offline testing, operator+developer interaction are all important (and often already used) Slide 17

  18. Backup Slides Slide 18

  19. Techniques for mitigating failure (III) technique implementation potential performance cost reliability cost impact online correctness medium to high low to medium low to testing medium redundancy low low very low online fault/load high high medium to injection high config checking medium zero zero isolation medium low medium pre-deployment high zero zero fault/load injection restart low low low pre-deployment medium to high zero zero testing better exposing/ medium low low monitoring failures (false alarms) Slide 19

  20. Geographic distribution 1. Online service/portal 2. Global storage service 3. High-traffic Internet site Slide 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 [Saito] Key Points Key Points How Do Computers Fail? How Do Computers Fail?

1 [Saito] Key Points Key Points How Do Computers Fail? How Do Computers Fail?

Using Clusters for Scalable Services Using Clusters for Scalable Services Clusters are a common vehicle for improving scalability and availability at a single service site in the network. Are network services the Killer App for clusters?

359 views • 5 slides
Just for fun: too smart to fail Just for fun: too smart to fail Francesco P. Lovergine

Just for fun: too smart to fail Just for fun: too smart to fail Francesco P. Lovergine

Just for fun: too smart to fail Just for fun: too smart to fail Francesco P. Lovergine &lt;frankie@fsfe.org&gt; Free Software Foundation Europe Fellowship Group Bari http://creativecommons.org/licenses/by-nc-nd/3.0/legalcode 2 7 O t t o

355 views • 17 slides
BUDGETING &amp; SAVING Schell Stubbs, MBA, LLM 21 th March, 2019 Budgeting If you fail

BUDGETING &amp; SAVING Schell Stubbs, MBA, LLM 21 th March, 2019 Budgeting If you fail

FINANCIAL SERVICES LITERACY PROGRAM BUDGETING &amp; SAVING Schell Stubbs, MBA, LLM 21 th March, 2019 Budgeting If you fail to plan, you are planning to fail. Benjamin Franklin www.cfasociety.org/bahamas Why is Budgeting

339 views • 17 slides
Future Internet of Services Future Internet of Services 3 Perspective From a TAS 3 Perspective

Future Internet of Services Future Internet of Services 3 Perspective From a TAS 3 Perspective

Future Internet of Services Future Internet of Services 3 Perspective From a TAS 3 Perspective From a TAS Danny De Cock TAS 3 Project Coordinator Slides available from http://godot.be/slides Email: Danny.DeCock@esat.kuleuven.be Future

252 views • 12 slides
Preparing to Fail Changing the way we think about cyber threats Oil Rig Pic Flaming Oil Rig

Preparing to Fail Changing the way we think about cyber threats Oil Rig Pic Flaming Oil Rig

Preparing to Fail Changing the way we think about cyber threats Oil Rig Pic Flaming Oil Rig picture The asymmetric nature of the Internet The current state of cyber underground Our current approach UNCLASSIFIED 7 Software Integrity Denial

388 views • 18 slides
Too big to fail or Too non-traditional to fail? The determinants of banks systemic

Too big to fail or Too non-traditional to fail? The determinants of banks systemic

Too big to fail or Too non-traditional to fail? The determinants of banks systemic importance Kyle Moore 1 Chen Zhou 2 , 1 1 Erasmus University Rotterdam 2 De Nederlandsche Bank Aug 9, 2013 Moore and Zhou TBTF or TNTTF? Why we

196 views • 17 slides
FOR AS/A2 Fail to prepare Prepare to fail We can learn anything! Walt Disney was afraid of

FOR AS/A2 Fail to prepare Prepare to fail We can learn anything! Walt Disney was afraid of

PREPARING FOR AS/A2 Fail to prepare Prepare to fail We can learn anything! Walt Disney was afraid of mice Turtles breathe through their bottoms Venus is the only planet that rotates clockwise You burn more calories sleeping

724 views • 26 slides
Etisalat DNS Internet Core Services By Mohamed Albanna Manager/ Internet Core Services Outline

Etisalat DNS Internet Core Services By Mohamed Albanna Manager/ Internet Core Services Outline

Etisalat DNS Internet Core Services By Mohamed Albanna Manager/ Internet Core Services Outline 1. Introduction 2. DNS setup (1996 - 2015) 3. Challenges 4. DNS Modernization Plan (2015 2017) 5. Performance Indicators 6. Future Plan 1

313 views • 17 slides
CPD Why gutters fail and the options to repair, replace and refurbish: A specifiers guide

CPD Why gutters fail and the options to repair, replace and refurbish: A specifiers guide

CPD Why gutters fail and the options to repair, replace and refurbish: A specifiers guide Josh Hamer Technical Services Manager Agenda Introduction Why gutters fail Decision to repair, replace or refurbish System comparisons

813 views • 58 slides
Directory Services and Interoperability A short chronicle of FAIL! :-) Simo Sorce Samba Team /

Directory Services and Interoperability A short chronicle of FAIL! :-) Simo Sorce Samba Team /

Directory Services and Interoperability A short chronicle of FAIL! :-) Simo Sorce Samba Team / Red Hat, Inc. Directory Services Centralize: management of users management of machines control of security settings configuration management

280 views • 16 slides
Calls-to-Action that Fail: The most common causes for why CTAs fail (and how you can achieve

Calls-to-Action that Fail: The most common causes for why CTAs fail (and how you can achieve

Calls-to-Action that Fail: The most common causes for why CTAs fail (and how you can achieve quick wins with small changes) Experiment: Background Experiment ID : TP1785 Record Location : MECLABS Research Library Research Partner : [Protected]

1.19k views • 99 slides
Delivering Internet-of-Things (IoT) Services in MobilityFirst Future Internet Architecture Jun

Delivering Internet-of-Things (IoT) Services in MobilityFirst Future Internet Architecture Jun

Delivering Internet-of-Things (IoT) Services in MobilityFirst Future Internet Architecture Jun Li, Y. Shvartzshnaider, J. Francisco, R. Martin, K. Nagaraja and D. Raychaudhuri WINLAB, Rutgers University October 24-26 th , 2012 October 24-26,

451 views • 21 slides
&gt;&gt;&gt;CLICK HERE&lt;&lt;&lt; Ppt presentation internet services Caerphilly glynn academy

&gt;&gt;&gt;CLICK HERE&lt;&lt;&lt; Ppt presentation internet services Caerphilly glynn academy

Ppt Presentation Internet Services &gt;&gt;&gt;CLICK HERE&lt;&lt;&lt; Ppt presentation internet services Caerphilly glynn academy urban dictionary looking for someone to do my literature review on accounting cheap do dissertation for money. Ppt

242 views • 5 slides
mndag 13 maj 13 OVERVIEW Fail-recovery Precedence (1,N) Logged register Byzantine (1,N)

mndag 13 maj 13 OVERVIEW Fail-recovery Precedence (1,N) Logged register Byzantine (1,N)

FAIL-RECOVERY &amp; BYZANTINE REGISTERS mndag 13 maj 13 OVERVIEW Fail-recovery Precedence (1,N) Logged register Byzantine (1,N) Safe (1,N) Regular x2 (1,N) Atomic mndag 13 maj 13 FAIL-RECOVERY Process can fail before completion. o

554 views • 23 slides
GEO-REPLICATION GEO-REPLICATION 150 ms SYNC DC2 DC2 DC1 DC1 20 ms 20 ms 3 4 Valter

GEO-REPLICATION GEO-REPLICATION 150 ms SYNC DC2 DC2 DC1 DC1 20 ms 20 ms 3 4 Valter

INTERNET SERVICES NOWADAYS Services operate on a global scale. PUTTING CONSISTENCY BACK An unprecedented number of people are using INTO EVENTUAL CONSISTENCY internet services. Valter Balegas, Srgio Duarte, Carla Ferreira, Rodrigo

310 views • 11 slides
Offer high-speed Internet access services for a fraction of the cost of other solutions.

Offer high-speed Internet access services for a fraction of the cost of other solutions.

Offer high-speed Internet access services for a fraction of the cost of other solutions. Offer managed network access services to their customers. Make it easy for their user or guest to use Internet services. Eliminate the need for

401 views • 13 slides
Keeping Movies Running Amid Thunderstorms Fault-tolerant Systems @ Netflix Sid Anand (@r39132)

Keeping Movies Running Amid Thunderstorms Fault-tolerant Systems @ Netflix Sid Anand (@r39132)

Keeping Movies Running Amid Thunderstorms Fault-tolerant Systems @ Netflix Sid Anand (@r39132) QCon SF 2011 1 Thursday, November 17, 2011 Backgrounder Netflix Then and Now 2 Thursday, November 17, 2011 Netflix Then and Now Netflix prior

766 views • 72 slides
Haryadi S. Gunawi, Pallavi Joshi, Peter Alvaro, ! Joseph M. Hellerstein, and Koushik Sen ! ! Thanh

Haryadi S. Gunawi, Pallavi Joshi, Peter Alvaro, ! Joseph M. Hellerstein, and Koushik Sen ! ! Thanh

Haryadi S. Gunawi, Pallavi Joshi, Peter Alvaro, ! Joseph M. Hellerstein, and Koushik Sen ! ! Thanh Do, Andrea C. Arpaci-Dusseau, ! and Remzi H. Arpaci-Dusseau ! ! Dhruba Borthakur ! 1 ! Cloud ! &quot; Thousands of commodity machines ! &quot;

503 views • 39 slides
Ken Birman i Cornell University. CS5410 Fall 2008. Background for today Consider a system like

Ken Birman i Cornell University. CS5410 Fall 2008. Background for today Consider a system like

Ken Birman i Cornell University. CS5410 Fall 2008. Background for today Consider a system like Astrolabe. Node p announces: Ive computed the aggregates for the set of leaf nodes to which I belong hi h I b l It turns out that under

677 views • 42 slides
Diabetes: the key things to understand Naveed Sattar Professor of Metabolic Medicine Duality of

Diabetes: the key things to understand Naveed Sattar Professor of Metabolic Medicine Duality of

Diabetes: the key things to understand Naveed Sattar Professor of Metabolic Medicine Duality of Interest Declaration Consultant or speaker for: Eli Lilly, Boehringer Ingelheim, Janssen, AstraZeneca, Novo Nordisk, Sanofi Grants: Boehringer

1.08k views • 19 slides
Distributed Systems CS425/ECE428 01/29/2020 Logistics Slide policy: Lecture slides v1

Distributed Systems CS425/ECE428 01/29/2020 Logistics Slide policy: Lecture slides v1

Distributed Systems CS425/ECE428 01/29/2020 Logistics Slide policy: Lecture slides v1 By noon the day of the lecture. Lecture slides v2 By 6pm on the day of the lecture. MP0: Please sign up for groups if you have not

770 views • 50 slides
Multipath Transport, Resource Pooling, and implications for Routing Mark Handley , UCL and XORP,

Multipath Transport, Resource Pooling, and implications for Routing Mark Handley , UCL and XORP,

Multipath Transport, Resource Pooling, and implications for Routing Mark Handley , UCL and XORP, Inc Also: Damon Wischik , UCL Marcelo Bagnulo Braun , UC3M The members of Trilogy project: www.trilogy-project.org A few things that will stress

277 views • 25 slides
Think outside the rack 2015-04-21 WRSC john wilkes / johnwilkes@google.com, Parthasarathy

Think outside the rack 2015-04-21 WRSC john wilkes / johnwilkes@google.com, Parthasarathy

Think outside the rack 2015-04-21 WRSC john wilkes / johnwilkes@google.com, Parthasarathy Ranganathan, Steven Hand Google Inc . Datacenter loads are not SPEC benchmarks Single query across multiple racks of multiple servers: graph of one query

360 views • 16 slides
Facing Up to Faults Facing Up to Faults Facing Up to Faults (v.2.0.1) (v.2.0.1) (v.2.0.1)

Facing Up to Faults Facing Up to Faults Facing Up to Faults (v.2.0.1) (v.2.0.1) (v.2.0.1)

Facing Up to Faults Facing Up to Faults Facing Up to Faults (v.2.0.1) (v.2.0.1) (v.2.0.1) Brian Randell Brian Randell Brian Randell WADS-3, May 2004 1 The Menu The Menu The Menu On Dependability Concepts On Fault Assumptions

600 views • 20 slides

More recommend