Directory of series articles
Chapter 1 Application of Java Thread Pool Technology
Chapter 2 Application of CountDownLatch and Semaphone
Chapter 3 Introduction to Spring Cloud
Chapter 4 Spring Cloud Netflix-Eureka
Chapter 5 Spring Cloud Netflix Ribbon
Chapter 6 OpenFeign of Spring Cloud
Chapter 7 GateWay of Spring Cloud
Chapter 8 Hystrix of Spring Cloud Netflix
Chapter 9 Code management gitlab use
Chapter 10 Nacos discovery of SpringCloud Alibaba
Chapter 11 Nacos Config of SpringCloud Alibaba
Chapter 12 Spring Cloud Alibaba Sentinel
Article directory
- Table of Contents of Series Articles
-
- @[TOC](Article Directory)
- Preface
- 1 Introduction
-
- 1.1. Basic concepts
- 2. Sentinel console
- 3. Sentinel development process
-
- 3.1. Drp-app-api consumer project introduces dependencies
-
- 3.1.1, yml new configuration (same level as nacos)
- 3.2. Define resources
- 3.3. Define rules
-
- 3.3.1. Flow control
- 3.3.2. Flow control mode
- 3.3.3. Flow control effect
- 3.3.4. Circuit breaker downgrade
- 3.3.5. Configure rules through Nacos
- 4. Integration of Sentinel and Gateway
- 4.1. Add dependencies
- 4.2. Detailed configuration
- @[TOC](Article Directory)
- 1.1. Basic concepts
- 3.1. Drp-app-api consumer project introduces dependencies
-
- 3.1.1, yml new configuration (same level as nacos)
- 3.2. Define resources
- 3.3. Define rules
-
- 3.3.1. Flow control
- 3.3.2. Flow control mode
- 3.3.3. Flow control effect
- 3.3.4. Circuit breaker downgrade
- 3.3.5. Configure rules through Nacos
Foreword
Sentinel is an open source project developed by Alibaba’s middleware team. It is a lightweight and highly available traffic control component for distributed microservice architecture.
Sentinel mainly uses traffic as the entry point to help users protect the stability of services from multiple dimensions such as flow control, circuit breaker degradation, and system load protection.
1. Introduction
Sentinel mainly consists of the following two parts:
- Sentinel core library: Sentinel’s core library does not depend on any framework or library and can run in the runtime environment of Java 8 and above. It also provides good support for microservice frameworks such as Spring Cloud and Dubbo.
- Sentinel Console (Dashboard): A lightweight open source console provided by Sentinel, which provides users with functions such as machine self-discovery, cluster point link self-discovery, monitoring, and rule configuration.
1.1. Basic concepts
Sentinel has two basic concepts: resources and rules.
| Basic concepts | Description |
|---|---|
| Resources | Resources are the key concept of Sentinel. It can be anything in a Java application, such as a service provided by the application or a method in a service, or even a piece of code.
We can define a resource through the API provided by Sentinel so that it can be protected by Sentinel. Normally, we can use method names, URLs or even service names as resource names to describe a resource. |
| Rules | Rules set around resources. Sentinel supports a variety of rules such as flow control, circuit breaker degradation, system protection, source access control, and hotspot parameters, all of which can be dynamically adjusted in real time. |
2. Sentinel console
Download: https://github.com/alibaba/Sentinel/releases
Place it in the sentinel directory of the D: drive and start it
java -jar sentinel-dashboard-1.8.5.jar
After startup, visit the address: http://localhost:8080/
Username and password: sentinel/sentinel
3. Sentinel development process
Introduce sentinel dependency -> define resources -> define rules -> verify rules
3.1. drp-app-api consumer project introduces dependencies
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-sentinel</artifactId>
<version>2021.0.4.0</version>
</dependency>
<dependency>
<groupId>com.alibaba.csp</groupId>
<artifactId>sentinel-datasource-nacos</artifactId>
<version>1.8.5</version>
</dependency>
3.1.1, yml new configuration (same level as nacos)
sentinel:
transport:
#Configure Sentinel dashboard address
dashboard: localhost:8080
#The default port is 8719. If it is occupied, it will automatically scan from 8719 + 1 until an unoccupied port is found.
port: 8719
3.2. Define resources
- Adapt to mainstream frameworks and automatically define resources
- Define resources using annotations (recommended)
@SentinelResource(value=”user-userInfoList”)
@SentinelResource(value = "tiger-test",blockHandler = "userInfoListBlockHandler")
public List<UserInfo> userInfoList(){<!-- -->
return this.userService.userInfoList();
}
public List<UserInfo> userInfoListBlockHandler(BlockException blockException){<!-- -->
log.info("#######################################userInfoListBlockHandler");
return null;
}
3.3. Define rules
3.3.1, flow control
| Property | Description | Default value |
|---|---|---|
| Resource name | The target of the flow control rule. | – |
| Threshold | The threshold for flow control. | – |
| Threshold type | Flow control threshold Type, including QPS or number of concurrent threads. | QPS |
| For source | Flow control for Call source. | default, indicating that the source of the call is not distinguished |
| Flow control mode | Call relationship current limiting strategy, including direct, link and association. | Direct |
| Flow control effect | Flow control effect (Direct rejection, Warm Up, uniform queuing), current limiting based on calling relationship is not supported. | Reject directly |
3.3.2, flow control mode
- Direct: counts requests for current resources, and directly limits current resources when the threshold is triggered. This is also the default mode.
- Association: Statistics on another resource related to the current resource. When the threshold is triggered, the current resource is limited.
Usage scenarios:
a. Two competing resources
b. One has a higher priority and the other has a lower priority.
- Link: Counts requests to access this resource from the specified link. When the threshold is triggered, the specified link will be flow-limited.
For example, there are two request links: - /test1 –> /common
- /test2 –> /common
Note: Sentinel will integrate the Controller method into the context by default, causing the link mode flow control to fail. You need to modify the application.yml and add the configuration:
spring:
cloud:
sentinel:
web-context-unify: false # Turn off context integration
3.3.3. Flow control effect
Fail fast: After reaching the threshold, new requests will be rejected immediately and a FlowException will be thrown. This is the default processing method.
warm up: warm-up mode, requests that exceed the threshold are also rejected and exceptions are thrown. But this mode threshold changes dynamically, gradually increasing from a smaller value to the maximum threshold.
Queuing and waiting: Queue all requests for execution in order. The interval between two requests cannot be less than the specified time.
When the request exceeds the QPS threshold, fail quickly and warm up
New requests will be rejected and an exception will be thrown. Queuing and waiting is to put all requests into a queue and then execute them in sequence according to the time interval allowed by the threshold. Subsequent requests must wait for the previous execution to complete. If the expected waiting time of the request exceeds the maximum duration, it will be rejected.
For example: QPS = 5, which means that a request in the queue is processed every 200ms; timeout =
2000, which means that requests that are expected to wait more than 2000ms will be rejected and an exception will be thrown.
Open a command line window and execute the following command to view real-time statistics of resources.
curl http://localhost:8719/cnode?id=userInfolist
idx id thread pass blocked success total aRt 1m-pass 1m-block 1m-all exceptio 2 userInfoList 0 0.0 0.0 0.0 0.0 0.0 10 16 26 0.0
The column names of real-time statistical information are explained as follows:
- thread: represents the current number of concurrent processes processing the resource;
- pass: represents requests arriving within one second;
- blocked: represents the number of requests flow controlled within one second;
- success: Represents requests successfully processed within one second;
- total: represents the total number of requests arriving within one second and blocked requests;
- RT: represents the average response time of the resource within one second;
- 1m-pass: It is a request that comes within one minute;
- 1m-block: It is the requests blocked within one minute;
- 1m-all: It is the sum of incoming requests and blocked requests within one minute;
- exception: It is the total number of exceptions in the business itself within one second.
3.3.4, circuit breaker downgrade
Sentinel’s circuit breaker mechanism will temporarily cut off calls to a resource in the call link when an unstable state occurs (such as a call timeout or an abnormal increase in the ratio) to prevent local instability from causing an avalanche of the entire system.
Sentinel provides 3 circuit breaker strategies
| Circuit breaker strategy | Description |
|---|---|
| Slow call ratio (SLOW_REQUEST_RATIO) | |
| Exception ratio (ERROR_RATIO) | When the number of requests within the unit statistical time period (statIntervalMs) is greater than the set minimum number of requests and the proportion of exceptions is greater than the threshold, the requests will be automatically circuit breaker in the next circuit breaker period.
After the blowing time, the fuse will enter the detection recovery state (HALF-OPEN state). If the next request is successfully completed (no error), the fusing will end, otherwise it will be blown again. The threshold range for anomaly ratios is [0.0, 1.0], representing 0% – 100%. |
| Exception number (ERROR_COUNT) | It will be automatically processed when the number of exceptions in the unit statistical time period exceeds the threshold. fuse.
After the blowing time, the fuse will enter the detection recovery state (HALF-OPEN state). If the next request is successfully completed (no error), the fusing will end, otherwise it will be blown again. |
| Status | Description | Trigger condition |
|---|---|---|
| Closed state (CLOSED) | When in the closed state, requests can call resources normally. | When any of the following conditions are met, the Sentinel fuse enters the blown closed state:
|
| Fuse open state (OPEN) | When the fuse is in the open state, the fuse will Within a certain period of time (the prescribed circuit breaker duration), all calls to the resource will be temporarily cut off, and the corresponding downgrade logic will be called to make the request fail quickly to avoid system crash. | When any of the following conditions are met, the Sentinel fuse enters the blown open state:
|
| Detection recovery state (HALF-OPEN) | When in the detection recovery state, Sentinel The circuit breaker will allow a request to call the resource. If the next request is completed successfully (without error), the fusing will end and the fuse will enter the CLOSED state; otherwise, it will be blown again and the fuse will enter the OPEN state. | After the fuse is turned on for a period of time (degradation window time or fuse duration, unit is s), the Sentinel fuse will automatically enter the detection recovery state. |
Sentinel circuit breaker attribute
| Property | Description | Default value | Use scope |
|---|---|---|---|
| Resource name | Rule Object of action. | – | All circuit breaker strategies |
| Circuit breaker strategies | Sentinel supports 3 circuit breaker strategies: slow call ratio, exception ratio, and exception number strategy. | Slow call ratio | All circuit breaker strategies |
| Max RT | The maximum response time of the request. If the response time of the request is greater than this value, it is counted as a slow call. | – | Slow call ratio |
| Break duration | The duration of the fuse open state. After this time, the fuse will switch to the detection recovery state (HALF-OPEN), the unit is s. | – | All circuit breaker strategies |
| Minimum number of requests | The minimum number of requests triggered by the circuit breaker. When the number of requests is less than this value, the circuit breaker will not be circuit breaker even if the exception ratio exceeds the threshold (introduced in 1.7.0). | 5 | All circuit breaker strategies |
| Statistical duration | The length of time (in ms) required for circuit breaker triggering, such as 60*1000 representing minutes (introduced in 1.8.0). | 1000 ms | All circuit breaker strategies |
| Proportional threshold | It is divided into slow call proportion threshold and abnormal proportion threshold, that is, the percentage of slow calls or abnormal calls in all requests, and the value range is [0.0,1.0]. | – | Slow call ratio, abnormal ratio |
| Number of exceptions | The number of exceptions that occurred in requests or calls. | – | Exception number |
3.3.5. Configure rules through Nacos
[
{<!-- -->
"resource": "tiger-test",
"limitApp": "default",
"grade": 1,
"count": 5,
"strategy": 0,
"controlBehavior": 0,
"clusterMode": false
}
]
limitApp: source application;
- Flow control rules
- circuit breaker rules
(Note: There is no RT parameter)
[
{<!-- -->
"resource": "user-userInfoList",
"grade": 0,
"limitApp": "default",
"count":2000,
"slowRatioThreshold": 0.6,
"timeWindow": 60,
"minRequestAmount": 5,
"statIntervalMs":8000,
"clusterMode": false
}
]
Project configuration reads the current limiting rules of nacos (same level as sentinel)
datasource:
ds:
nacos:
server-addr: localhost:8848
data-id: user-sentinel
group-id: DEFAULT_GROUP
rule-type: flow
/**
* flow.
*/
FLOW("flow", FlowRule.class),
/**
* degrade.
*/
DEGRADE("degrade", DegradeRule.class),
/**
* param flow.
*/
PARAM_FLOW("param-flow", ParamFlowRule.class),
/**
* system.
*/
SYSTEM("system", SystemRule.class),
/**
* authority.
*/
AUTHORITY("authority", AuthorityRule.class),
Configure multiple nacos configuration files
datasource:
ds1:
nacos:
server-addr: localhost:8848
data-id: user-sentinel-flow
group-id: DEFAULT_GROUP
rule-type: flow
ds2:
nacos:
server-addr: localhost:8848
data-id: user-sentinel-degrade
group-id: DEFAULT_GROUP
rule-type: degrade
4. Integration of Sentinel and Gateway
4.1. Add dependencies
<!--gateway integrates sentinel-->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-alibaba-sentinel-gateway</artifactId>
<version>2021.0.4.0</version>
</dependency>
<dependency>
<groupId>com.alibaba.csp</groupId>
<artifactId>sentinel-datasource-nacos</artifactId>
<version>1.8.5</version>
</dependency>
<dependency>
<groupId>com.alibaba.csp</groupId>
<artifactId>sentinel-spring-cloud-gateway-adapter</artifactId>
<version>1.8.6</version>
</dependency>
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-sentinel</artifactId>
<version>2021.0.4.0</version>
</dependency>
sentinel:
transport:
# Configure Sentinel dashboard address
dashboard: localhost:8080
# The default port is 8719. If you enter an occupied port, it will automatically start from 8719 + 1 until an unoccupied port is found.
port: 8719
4.2, detailed configuration
Next, we will give a detailed introduction to the flow control configuration items of the gateway link in the sentinel console. The following figure shows that they are all attached to the gateway api.
API type
We can perform flow control based on a certain route, or we can perform flow control based on API grouping, that is, requesting access addresses for flow control.
First create an API group
Select API group
Then implement the corresponding flow control rules.
For request attributes
There are five parameter attributes: client ip, remote request address, request header, request url parameters, and cookie
This is actually the matching rule for routing in the corresponding gateway.
Three matching modes are provided: exact, substring, and regular
The substring matching mode is: if we specify 127, it will automatically add % at the end for fuzzy matching – 127%
Client IP
test
Remote Host
Because we do not have a remote domain name, we will not test it here.
Header
Use postman request for testing. If the request header does not have this value, the flow will not be limited.
URL parameters
test
interval
The meaning of this interval is that in the past, an exception would be thrown when requesting three times in one second, but now it will throw an exception only when requesting three times within two seconds, which means that the interval has changed from the previous one second.
Burst size
Burst size is equivalent to a tolerance number. In the past, an exception would be thrown if the request was made three times per second. Now it will be tolerated once, that is, an exception will be thrown if the request is more than three times per second.
The core attributes of gateway flow control rule GatewayFlowRule are as follows:
① resourceMode: Whether the rule is for the route of API Gateway (RESOURCE_MODE_ROUTE_ID) or the API group defined by the user in Sentinel (RESOURCE_MODE_CUSTOM_API_NAME). The default is route.
② resource: resource name, which can be the route name in the gateway or the user-defined API group name.
③ grade: current limiting indicator dimension, the same as the grade field of the current limiting rule
④ count: current limiting threshold
⑤ intervalSec: statistical time window, the unit is seconds, the default is 1 second
⑥ controlBehavior: The control effect of traffic shaping. Currently, it supports two modes: fast failure and uniform queuing. The default is fast failure.
⑦ burst: The number of additional requests allowed when dealing with burst requests.
⑧ maxQueueingTimeoutMs: The maximum queuing time in uniform speed queuing mode, in milliseconds. It only takes effect in uniform speed queuing mode.
⑨ paramItem: Parameter current limit configuration. If not provided, it means that the parameters will not be limited and the gateway rule will be converted into a normal flow control rule; otherwise, it will be converted into a hotspot rule. Among the fields:
parseStrategy: A strategy for extracting parameters from requests. Currently, it supports four modes of extracting source IP (PARAM_PARSE_STRATEGY_CLIENT_IP), Host (PARAM_PARSE_STRATEGY_HOST), arbitrary Header (PARAM_PARSE_STRATEGY_HEADER) and arbitrary URL parameters (PARAM_PARSE_STRATEGY_URL_PARAM).
fieldName: If the extraction strategy selects Header mode or URL parameter mode, you need to specify the corresponding header name or URL parameter name.
pattern: The matching pattern of the parameter value. Only the request attribute values matching this pattern will be included in statistics and flow control; if it is empty, all values of the request attribute will be counted.
matchStrategy: Parameter value matching strategy, currently supports exact matching (PARAM_MATCH_STRATEGY_EXACT), substring matching (PARAM_MATCH_STRATEGY_CONTAINS) and regular matching (PARAM_MATCH_STRATEGY_REGEX).
Downgrade rules
(resource, grade, count, slowRatioThreshold, timeWindow, minRequestAmount, statIntervalMs)
Custom exception return result:
sentinel:
scg:
fallback:
mode: response
response-status: 200
response-body: '{"code":"500","message": "The system is busy, please try again later"}'
Code:
/**
* Circuit breaker, downgrade callback
*/
@Configuration
public class SentinelGatewayConfig {<!-- -->
/**
* You can write downgrade logic here
*/
public SentinelGatewayConfig() {<!-- -->
GatewayCallbackManager.setBlockHandler(new BlockRequestHandler() {<!-- -->
// If the gateway limits the request, this callback will be called Mono Flux
@Override
public Mono<ServerResponse> handleRequest(ServerWebExchange serverWebExchange, Throwable throwable) {<!-- -->
ResponseDTO<Object> objectResponseDTO = new ResponseDTO<>();
objectResponseDTO.setCode(500);
objectResponseDTO.setMessage("System exception, please try again later");
String errJson = JSON.toJSONString(objectResponseDTO);
Mono<ServerResponse> body = ServerResponse.ok().body(Mono.just(errJson), String.class);
return body;
}
});
}
}
Persistence of routing, current limiting, and downgrade rules to nacos configuration center
spring:
application:
name: drp-gateway-service
profiles:
#Development environment dev, test environment test, production environment prod
active:dev
jackson:
time-zone: GMT + 8
cloud:
loadbalancer:
ribbon:
enabled: false
nacos:
discovery:
server-addr: localhost:8848 #Nacos server address
#routing configuration
config:
server-addr: localhost:8848
name: gateway-router
namespace: public
group: DEFAULT_GROUP
#file-extension: json #Specify the configuration of yaml format
refresh-enabled: true #Support refresh
#Current limiting fuse configuration
sentinel:
transport:
# Configure Sentinel dashboard address
dashboard: localhost:8080
# The default port is 8719. If you enter an occupied port, it will automatically start from 8719 + 1 until an unoccupied port is found.
port: 8719
datasource:
ds:
nacos:
server-addr: localhost:8848
data-id: user-sentinel
group-id: DEFAULT_GROUP
rule-type: flow