| blob | 53140af0cbc69ddd2066eafb4296580cc03f5d19 |
5 =pod
7 =head1 NAME
9 Thrasher::ConnectionManager - manage the act of connecting to the
10 legacy services
12 =head1 DESCRIPTION
14 Thrasher::ConnectionManager centralizes and separates the management
15 of whether or not we want to connect to a legacy server. Likely this
16 will get more complicated later.
18 Suppose we have a couple hundred users on the gateway when the
19 connection is lost to the legacy service, that is, I<entirely> lost.
20 Later, it comes back. We don't want to hammer the service with
21 repeated connection attempts from each user.
23 We also want to be able to control the rate at which re-connection
24 attempts are made. If someone tries to log on during the period when
25 the connection is down, we don't really want them to add to the
26 failure proceedings.
28 ::ConnectionManager implements the ability to schedule connection
29 attempts, collect information about whether the logins are successful
30 or not, and decide when to attempt to log in again.
32 This module sort of functions as a singleton (sort of), exporting the
33 following function:
35 =over 4
37 =item *
39 C<request_connect>($connection_closure): Request that the given
40 closure be run at some point in the future. This closure B<must>
41 eventually result in a call to C<connection_success> or
42 C<connection_failure>, which may itself arise from a callback
43 or something (like for a connection), which is why we can't
44 just use the return value. The connection manager has no
45 way to enforce this, but the queue will be scheduled improperly
46 if it does not occur.
48 A connection is successful if the user successfully logged on.
49 That is, a password failure is a failure too. This avoids the
50 case where we could hammer a service that was having
51 authentication problems.
53 =back
55 =cut
61 # Setting this to 1 will simply bypass this entire thing.
74 }
76 # So, the design goals:
77 # * If there's no reason to suspect network troubles, connect away.
78 # * If there's a total network disconnect, a bare minimum of
79 # connection attempts should be made, not a straight
80 # (number of logins) * (constant frequency) * time
81 # * It can't take too long to recover from a total network failure.
82 # Even for hundreds of people, it should recover relatively quickly.
83 # * If at all possible, this should adapt to rate limiting. (It may
84 # not be possible if the legacy service simply cuts of your
85 # service, rather than metering it.)
86 #
87 # Approach: We define a "decayable number", which exponentially
88 # decays over time, as seen in
89 # Thrasher::ConnectionManager::Decayable. As successful connections
90 # are made, the count of successful connections is incremented. As
91 # unsuccessful connections are made, the count of unsuccessful
92 # connections is incremented. The ratio of the two is used to
93 # determine connection time, bounded on both ends by a limit
94 # (if it's below a certain number, we simply connect immediately,
95 # if it's above a certain number we assume it needs to be bounded
96 # to something like one attempt every 30 seconds). We also, after
97 # a certain point, start queuing up connection requests. This way, the
98 # system reacts to the current apparent state of the connection
99 # to the legacy service without hammering on the legacy system,
100 # which may be considered hostile.
103 ### TUNABLE PARAMETERS
105 # This is the base decay rate applied to our two counters,
106 # applied directly to the failure and indirectly to the success
107 # counter.
110 # Optimism is how much more likely we are to think that we can
111 # connect again. Values about that cause the system to "remember"
112 # success more strongly than failure.
117 ### Values
122 # $SIMULTANEOUS_CONNECT_BOUND's initial value sets the maximum number
123 # of simultaneous, possibly asynchronous, connection attempts. It will
124 # be decremented each time a connection attempt starts and incremented
125 # when it finishes. Thus, at any given time while the
126 # ConnectionManager is managing it will be the current number of new
127 # connect attempts that could start at that time.
131 # This is incremented once per connection attempt and is used to
132 # limit the total rate of reconnect attempts.
133 # Please, Thrasher, don't hammer 'em.
135 # "After about $SIMULTANEOUS_CONNECT_BOUND connections, $hammering
136 # should be strictly greater than $hammering_limit":
140 # Things queued up because we can't try to connect yet.
145 # This takes the clousure to run and the time to run it. This
146 # allows you to either call out to the event loop, or, in testing,
147 # override this and capture the execution attempts to verify
148 # the time is correct.
155 };
157 # "If I make a request right now, what will the delay and
158 # forcibly_enqueue values be?"
160 # Check that we aren't hammering the remote server.
165 }
173 }
177 }
182 }
187 log("Failure/success ratio: $ratio, ($current_failure / $current_success), capped to 30 second delay");
189 }
192 log("Failure/success ratio: $ratio ($current_failure / $current_success), comes out to $delay for delay");
194 }
196 # This returns true if the connection will be immediate,
197 # otherwise it returns false.
201 # Deal with this when we once again reschedule things.
206 }
214 }
218 # Catch this in the next scheduling run.
223 }
225 # Little to no delay called for, just go for it
226 # (leaning on hammering protection to prevent hammering)
230 }
232 # We're not in a hammering delay and we need to
233 # reschedule to delay beyond a second
240 }
241 }
243 # schedule_connection_executor($timeout_in_seconds)
249 # request_connect() called in between scheduled
250 # execution_runner() calls.
252 }
262 }
266 };
270 }
275 }
279 }
285 }
286 };
290 }
292 # connection_executor() is what is run by the scheduler, which will
293 # propogate itself until it runs out of work.
294 #
295 # Returns the new $timeout_in_seconds until the desired next run, or
296 # false when no next run should be scheduled.
298 # If we're still in a hammering lock, delay another second
301 }
304 # We've finally emptied the queue. Resume normal usage.
306 }
310 # Delay repeat until some connection attempts finish.
312 }
314 # Otherwise, it's time to take one thing off the queue and run it.
318 # And now it's time to schedule the next request
322 }
326 }
328 # Otherwise, reschedule $delay seconds
330 }
339 }
345 };
349 # $closure may or may not have called
350 # connection_{success,failure} before dying. Reset the bound
351 # (instead of incrementing) in case it did.
353 }
354 # Else *rely* on $closure to increment $SIMULTANEOUS_CONNECT_BOUND.
355 # Can't detect here if connection_{success,failure} will be called
356 # later or synchronously.
357 }
359 # connection_failure($local_only)
360 #
361 # Update tracking information to note that a connection succeeded.
367 }
369 # connection_failure($local_only)
370 #
371 # Update tracking information to note that a connection failed. Set
372 # $local_only to indicate that the failure did not involve the remote
373 # service and thus shouldn't influence the load scheduling.
384 }
387 }
388 }
389 }
395 # This implements a "decayable" number. It starts with the value
396 # you give it, and is multiplied by the decay rate raise to the
397 # power of the number of minutes since the last time it was queried.
398 # The fact that this tends to decay to zero is desired.
399 # Example: new Thrasher::ConnectionManager::Decayable(16, .5)
400 # will be 8 in one minute, 4 in the next, 2 in the next, and so on.
401 # The transition is smooth; it will be 11.3137... after 30 seconds.
417 }
433 }
443 }
449 }