chenBright commented on code in PR #3229:
URL: https://github.com/apache/brpc/pull/3229#discussion_r2868550921
##########
src/brpc/backup_request_policy.h:
##########
@@ -38,6 +38,24 @@ class BackupRequestPolicy {
virtual void OnRPCEnd(const Controller* controller) = 0;
};
+// Create a BackupRequestPolicy that limits the ratio of backup requests
+// to total requests within a sliding time window. When the ratio reaches
+// or exceeds max_backup_ratio, DoBackup() returns false.
+// NOTE: Backup decisions are counted immediately at DoBackup() time for
+// fast feedback. Total RPCs are counted on completion (OnRPCEnd). During
+// latency spikes the ratio may temporarily lag until RPCs complete.
+// Returns NULL on invalid parameters or allocation failure.
+// backup_request_ms: >= 0
+// max_backup_ratio: (0, 1]
+// window_size_seconds: [1, 3600]
+// update_interval_seconds: >= 1
+// The caller owns the returned pointer.
+BackupRequestPolicy* CreateRateLimitedBackupPolicy(
Review Comment:
Using RateLimitedBackupPolicyOptions instead of multiple parameters provides
better scalability.
```c++
struct RateLimitedBackupPolicyOptions {
int32_t backup_request_ms;
double max_backup_ratio;
int window_size_seconds;
int update_interval_seconds;
};
```
##########
src/brpc/backup_request_policy.cpp:
##########
@@ -0,0 +1,205 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#include "brpc/backup_request_policy.h"
+
+#include <new> // std::nothrow
+#include <gflags/gflags.h>
+#include "butil/logging.h"
+#include "brpc/reloadable_flags.h"
+#include "bvar/reducer.h"
+#include "bvar/window.h"
+#include "butil/atomicops.h"
+#include "butil/time.h"
+
+namespace brpc {
+
+DEFINE_double(backup_request_max_ratio, -1,
+ "Maximum ratio of backup requests to total requests. "
+ "Value in (0, 1] enables rate limiting. Values <= 0 disable it "
+ "(-1 is default). Can be overridden per-channel via "
+ "ChannelOptions.backup_request_max_ratio. "
+ "Note: takes effect at Channel::Init() time; changing this flag "
+ "at runtime does not affect already-created channels.");
+
+static bool validate_backup_request_max_ratio(const char*, double v) {
+ if (v <= 0) return true; // non-positive means disabled
+ if (v <= 1.0) return true;
+ LOG(ERROR) << "Invalid backup_request_max_ratio=" << v
+ << ", must be <= 0 (disabled) or in (0, 1]";
+ return false;
+}
+BRPC_VALIDATE_GFLAG(backup_request_max_ratio,
+ validate_backup_request_max_ratio);
+
+DEFINE_int32(backup_request_ratio_window_size_s, 10,
+ "Window size in seconds for computing the backup request ratio. "
+ "Must be in [1, 3600].");
+
+static bool validate_backup_request_ratio_window_size_s(
+ const char*, int32_t v) {
+ if (v >= 1 && v <= 3600) return true;
+ LOG(ERROR) << "Invalid backup_request_ratio_window_size_s=" << v
+ << ", must be in [1, 3600]";
+ return false;
+}
+BRPC_VALIDATE_GFLAG(backup_request_ratio_window_size_s,
+ validate_backup_request_ratio_window_size_s);
+
+DEFINE_int32(backup_request_ratio_update_interval_s, 5,
+ "Interval in seconds between ratio cache updates. Must be >= 1.");
+
+static bool validate_backup_request_ratio_update_interval_s(
+ const char*, int32_t v) {
+ if (v >= 1) return true;
+ LOG(ERROR) << "Invalid backup_request_ratio_update_interval_s=" << v
+ << ", must be >= 1";
+ return false;
+}
+BRPC_VALIDATE_GFLAG(backup_request_ratio_update_interval_s,
+ validate_backup_request_ratio_update_interval_s);
+
+// Standalone statistics module for tracking backup/total request ratio
+// within a sliding time window. Each instance schedules two bvar::Window
+// sampler tasks; keep this in mind for high channel-count deployments.
+class BackupRateLimiter {
+public:
+ BackupRateLimiter(double max_backup_ratio,
+ int window_size_seconds,
+ int update_interval_seconds)
+ : _max_backup_ratio(max_backup_ratio)
+ , _update_interval_us(update_interval_seconds * 1000000LL)
+ , _total_count()
+ , _backup_count()
+ , _total_window(&_total_count, window_size_seconds)
+ , _backup_window(&_backup_count, window_size_seconds)
+ , _cached_ratio(0.0)
+ , _last_update_us(0) {
+ }
+
+ // All atomic operations use relaxed ordering intentionally.
+ // This is best-effort rate limiting: a slightly stale ratio is
+ // acceptable for approximate throttling.
+ bool ShouldAllow() const {
+ const int64_t now_us = butil::cpuwide_time_us();
+ int64_t last_us = _last_update_us.load(butil::memory_order_relaxed);
+ double ratio = _cached_ratio.load(butil::memory_order_relaxed);
+
+ if (now_us - last_us >= _update_interval_us) {
+ if (_last_update_us.compare_exchange_strong(
+ last_us, now_us, butil::memory_order_relaxed)) {
+ int64_t total = _total_window.get_value();
+ int64_t backup = _backup_window.get_value();
+ ratio = (total > 0) ? static_cast<double>(backup) / total :
0.0;
+ _cached_ratio.store(ratio, butil::memory_order_relaxed);
+ }
+ }
+
+ // max_backup_ratio >= 1.0 means no limit (ratio cannot exceed 1.0).
+ bool allow = _max_backup_ratio >= 1.0 || ratio < _max_backup_ratio;
+ if (allow) {
+ // Count backup decisions immediately for faster feedback
+ // during latency spikes (before RPCs complete).
+ _backup_count << 1;
+ }
+ return allow;
+ }
+
+ void OnRPCEnd(const Controller* /*controller*/) {
+ // Count all completed RPCs. Backup decisions are counted
+ // in ShouldAllow() at decision time for faster feedback.
+ _total_count << 1;
+ }
+
+private:
+ double _max_backup_ratio;
+ int64_t _update_interval_us;
+
+ bvar::Adder<int64_t> _total_count;
+ mutable bvar::Adder<int64_t> _backup_count;
+ bvar::Window<bvar::Adder<int64_t>> _total_window;
+ bvar::Window<bvar::Adder<int64_t>> _backup_window;
+
+ mutable butil::atomic<double> _cached_ratio;
+ mutable butil::atomic<int64_t> _last_update_us;
+};
+
+// Internal BackupRequestPolicy that composes a BackupRateLimiter
+// for ratio-based suppression.
+class RateLimitedBackupPolicy : public BackupRequestPolicy {
+public:
+ RateLimitedBackupPolicy(int32_t backup_request_ms,
+ double max_backup_ratio,
+ int window_size_seconds,
+ int update_interval_seconds)
+ : _backup_request_ms(backup_request_ms)
+ , _rate_limiter(max_backup_ratio, window_size_seconds,
+ update_interval_seconds) {
+ }
+
+ int32_t GetBackupRequestMs(const Controller* /*controller*/) const
override {
+ return _backup_request_ms;
+ }
+
+ bool DoBackup(const Controller* /*controller*/) const override {
+ return _rate_limiter.ShouldAllow();
+ }
+
+ void OnRPCEnd(const Controller* controller) override {
+ _rate_limiter.OnRPCEnd(controller);
+ }
+
+private:
+ int32_t _backup_request_ms;
+ BackupRateLimiter _rate_limiter;
+};
+
+BackupRequestPolicy* CreateRateLimitedBackupPolicy(
+ int32_t backup_request_ms,
+ double max_backup_ratio,
+ int window_size_seconds,
+ int update_interval_seconds) {
+ if (backup_request_ms < 0) {
+ LOG(ERROR) << "Invalid backup_request_ms=" << backup_request_ms
+ << ", must be >= 0";
+ return NULL;
+ }
+ if (max_backup_ratio <= 0 || max_backup_ratio > 1.0) {
+ LOG(ERROR) << "Invalid max_backup_ratio=" << max_backup_ratio
+ << ", must be in (0, 1]";
+ return NULL;
+ }
+ if (window_size_seconds < 1 || window_size_seconds > 3600) {
+ LOG(ERROR) << "Invalid window_size_seconds=" << window_size_seconds
+ << ", must be in [1, 3600]";
+ return NULL;
+ }
+ if (update_interval_seconds < 1) {
+ LOG(ERROR) << "Invalid update_interval_seconds="
+ << update_interval_seconds << ", must be >= 1";
+ return NULL;
+ }
+ RateLimitedBackupPolicy* policy = new (std::nothrow)
RateLimitedBackupPolicy(
Review Comment:
I don't think we need to use std::nothrow. If `new` fails, the process can
simply throw an exception and exit.
##########
docs/cn/backup_request.md:
##########
@@ -39,6 +39,88 @@ my_func_latency << tm.u_elapsed(); // u代表微秒,还有s_elapsed(),
m_elap
// 好了,在/vars中会显示my_func_qps, my_func_latency, my_func_latency_cdf等很多计数器。
```
+## Backup Request 限流
+
+在高QPS或下游延迟抖动时,backup
request本身可能成为过载的来源——每个超时请求都会触发一个额外请求打到后端。为解决这个问题,brpc支持在滑动时间窗口内限制backup请求与总请求的比例。
+
+### 使用 backup_request_max_ratio(推荐)
+
+在初始化Channel时,将 `ChannelOptions.backup_request_max_ratio` 设为 `(0, 1]`
范围内的值。当观测到的backup比例达到或超过该阈值时,后续backup请求将被抑制,直到比例降回阈值以下。
+
+```c++
+brpc::ChannelOptions options;
+options.backup_request_ms = 10; // 10ms后发送backup
+options.backup_request_max_ratio = 0.3; // backup比例达到30%时开始抑制
Review Comment:
I don't think we need to provide options.backup_request_max_ratio. Users can
simply use CreateRateLimitedBackupPolicy.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
