# 架构演化进程
<table>
    <tr>
        <td>
            <img src='../images/javaee/web架构1.png'>
        </td>
        <td>
            <img src='../images/javaee/web架构2.png'>
        </td>
        <td>
            <img src='../images/javaee/web架构3.png'>
        </td>
        <td>
            <img src='../images/javaee/web架构4.png'>
        </td>
        <td>
            <img src='../images/javaee/web架构5.png'>
        </td>
    </tr>
    <tr>
        <td>
            <img src='../images/javaee/web架构6.png'>
        </td>
        <td>
            <img src='../images/javaee/web架构7.png'>
        </td>
        <td>
            <img src='../images/javaee/web架构8.png'>
        </td>
        <td>
            <img src='../images/javaee/web架构9.png'>
        </td>
        <td>
            <img src='../images/javaee/web架构10.png'>
        </td>
    </tr>
</table>

****

# 分布式系统
### 参考Papers 实现分布式系统，而不是应用现成的实现
* https://raft.github.io/raft.pdf
* The Chubby lock service for looselycoupled distributed systems.
* The Google file system. 
* ZooKeeper: wait-free coordination for internet-scale systems.
* The part-time parliament.
* Paxos made simple.
* In search of an understandable consensus algorithm. 
* The Hadoop distributed file system.

### CAP定理
* Consistency: Every read receives the most recent write or an error
* Availability: Every request receives a (non-error) response – without the guarantee that it contains the most recent write
* Partition tolerance: The system continues to operate despite an arbitrary number of messages being dropped (or delayed) by the network between nodes
* No distributed system is safe from network failures, thus network partitioning generally has to be tolerated. In the presence of a partition, one is then left with two options: consistency or availability. When choosing consistency over availability, the system will return an error or a time-out if particular information cannot be guaranteed to be up to date due to network partitioning. When choosing availability over consistency, the system will always process the query and try to return the most recent available version of the information, even if it cannot guarantee it is up to date due to network partitioning.

#### Redis: AP
* Consistency (write safety):
    * Redis Cluster uses asynchronous replication between nodes, and last failover wins implicit merge function. This means that the last elected master dataset eventually replaces all the other replicas. 
    * The following are examples of scenarios that lead to loss of acknowledged writes received in the majority partitions during failures:
        *  A write may reach a master, but while the master may be able to reply to the client, the write may not be propagated to slaves via the asynchronous replication used between master and slave nodes. If the master dies without the write reaching the slaves, the write is lost forever if the master is unreachable for a long enough period that one of its slaves is promoted. This is usually hard to observe in the case of a total, sudden failure of a master node since masters try to reply to clients (with the acknowledge of the write) and slaves (propagating the write) at about the same time. However it is a real world failure mode.
        * Another theoretically possible failure mode where writes are lost is the following: A master is unreachable because of a partition. It gets failed over by one of its slaves. After some time it may be reachable again. A client with an out-of-date routing table may write to the old master before it is converted into a slave (of the new master) by the cluster.
            * Specifically, for a master to be failed over it must be unreachable by the majority of masters for at least NODE_TIMEOUT, so if the partition is fixed before that time, no writes are lost. When the partition lasts for more than NODE_TIMEOUT, all the writes performed in the minority side up to that point may be lost. However the minority side of a Redis Cluster will start refusing writes as soon as NODE_TIMEOUT time has elapsed without contact with the majority, so there is a maximum window after which the minority becomes no longer available.
* Availability:
    * Redis Cluster is not available in the minority side of the partition. In the majority side of the partition assuming that there are at least the majority of masters and a slave for every unreachable master, the cluster becomes available again after NODE_TIMEOUT time plus a few more seconds required for a slave to get elected and failover its master. This means that Redis Cluster is designed to survive failures of a few nodes in the cluster, but it is not a suitable solution for applications that require availability in the event of large net splits.
    
#### Zookeeper: CP
* Consistency (write safety)
    * A client will see the same view of the service regardless of the server that it connects to.
    * Every ZooKeeper server services clients. Clients connect to exactly one server to submit requests. Read requests are serviced from the local replica of each server database. Requests that change the state of the service, write requests, are processed by an agreement protocol.
        * As part of the agreement protocol all write requests from clients are forwarded to a single server, called the leader. The rest of the ZooKeeper servers, called followers, receive message proposals from the leader and agree upon message delivery. 
        * Each time a znode's data changes, the version number increases. For instance, whenever a client retrieves data, it also receives the version of the data. And when a client performs an update or a delete, it must supply the version of the data of the znode it is changing. If the version it supplies doesn't match the actual version of the data, the update will fail.
* Availability
    * As long as a majority of the servers are available, the ZooKeeper service will be available.
    
#### Kafka: CP
* <b>Availability and Durability Guarantees</b>
    * Disable unclean leader election - if all replicas become unavailable, then the partition will remain unavailable until the most recent leader becomes available again. This effectively prefers unavailability over the risk of message loss.
    * Specify a minimum ISR size - the partition will only accept writes if the size of the ISR is above a certain minimum, in order to prevent the loss of messages that were written to just a single replica, which subsequently becomes unavailable. This setting only takes effect if the producer uses acks=all and guarantees that the message will be acknowledged by at least this many in-sync replicas. This setting offers a trade-off between consistency and availability. A higher setting for minimum ISR size guarantees better consistency since the message is guaranteed to be written to more replicas which reduces the probability that it will be lost. However, it reduces availability since the partition will be unavailable for writes if the number of in-sync replicas drops below the minimum threshold.
* Each partition has one server which acts as the "leader" and zero or more servers which act as "followers". The leader handles all read and write requests for the partition while the followers passively replicate the leader. If the leader fails, one of the followers will automatically become the new leader. Each server acts as a leader for some of its partitions and a follower for others so load is well balanced within the cluster.


****

### BASE定理
* Basically Available, Soft state, Eventual consistency

****

### 一致性共识算法

#### Raft
* <b>Leader election</b>
    * Leader, Follower, or Candidate: In normal operation there is exactly one leader and all of the other servers are followers. Followers are passive: they issue no requests on their own but simply respond to requests from leaders and candidates. The leader handles all client requests (if a client contacts a follower, the follower redirects it to the leader). The third state, candidate, is used to elect a new leader
    * When servers start up, they begin as followers. A server remains in follower state as long as it receives valid RPCs from a leader or candidate. Leaders send periodic heartbeats (AppendEntries RPCs that carry no log entries) to all followers in order to maintain their authority. If a follower receives no communication over a period of time called the <b>election timeout</b>, then it assumes there is no viable leader and begins an election to choose a new leader.
    * To begin an election, a follower increments its current term and transitions to candidate state. It then votes for itself and issues RequestVote RPCs in parallel to each of the other servers in the cluster. A candidate continues in this state until one of three things happens: <b>(a) it wins the election, (b) another server establishes itself as leader, or (c) a period of time goes by with no winner.</b> 
        * A candidate wins an election if it receives votes from a majority of the servers in the full cluster for the same term. Each server will vote for at most one candidate in a given term, on a first-come-first-served basis. The majority rule ensures that at most one candidate can win the election for a particular term. Once a candidate wins an election, it becomes leader. It then sends heartbeat messages to all of the other servers to establish its authority and prevent new elections.
        * While waiting for votes, a candidate may receive an AppendEntries RPC from another server claiming to be leader. If the leader’s term is at least as large as the candidate’s current term, then the candidate recognizes the leader as legitimate and returns to follower state. If the term in the RPC is smaller than the candidate’s current term, then the candidate rejects the RPC and continues in candidate state.
        * The third possible outcome is that a candidate neither wins nor loses the election: if many followers become candidates at the same time, votes could be split so that no candidate obtains a majority. When this happens, each candidate will time out and start a new election by incrementing its term and initiating another round of RequestVote RPCs. However, without extra measures split votes could repeat indefinitely.
            * Raft uses randomized election timeouts to ensure that split votes are rare and that they are resolved quickly. To prevent split votes in the first place, election timeouts are chosen randomly from a fixed interval (e.g., 150–300ms). This spreads out the servers so that in most cases only a single server will time out; it wins the election and sends heartbeats before any other servers time out. The same mechanism is used to handle split votes. Each candidate restarts its randomized election timeout at the start of an election, and it waits for that timeout to elapse before starting the next election; this reduces the likelihood of another split vote in the new election.
    * <b>Election restriction</b>:
        * Raft uses the voting process to prevent a candidate from winning an election unless its log contains all committed entries. A candidate must contact a majority of the cluster in order to be elected, which means that every committed entry must be present in at least one of those servers. If the candidate’s log is at least as up-to-date as any other log in that majority, then it will hold all the committed entries. The RequestVote RPC implements this restriction: the RPC includes information about the candidate’s log, and the voter denies its vote if its own log is more up-to-date than that of the candidate.
            * Raft determines which of two logs is more up-to-date by comparing the index and term of the last entries in the logs. If the logs have last entries with different terms, then the log with the later term is more up-to-date. If the logs end with the same term, then whichever log is longer is more up-to-date.
* <b>Log replication</b>
    * Each client request contains a command to be executed by the replicated state machines. The leader appends the command to its log as a new entry, then issues AppendEntries RPCs in parallel to each of the other servers to replicate the entry. When the entry has been safely replicated, the leader applies the entry to its state machine and returns the result of that execution to the client. If followers crash or run slowly, or if network packets are lost, the leader retries AppendEntries RPCs indefinitely (even after it has responded to the client) until all followers eventually store all log entries.
    * A log entry is committed once the leader that created the entry has replicated it on a majority of the servers. This also commits all preceding entries in the leader’s log, including entries created by previous leaders. The leader keeps track of the highest index it knows to be committed, and it includes that index in future AppendEntries RPCs (including heartbeats) so that the other servers eventually find out. Once a follower learns that a log entry is committed, it applies the entry to its local state machine (in log order).
    * To bring a follower’s log into consistency with its own, the leader must find the latest log entry where the two logs agree, delete any entries in the follower’s log after that point, and send the follower all of the leader’s entries after that point. All of these actions happen in response to the consistency check performed by AppendEntries RPCs. The leader maintains a nextIndex for each follower, which is the index of the next log entry the leader will send to that follower. When a leader first comes to power, it initializes all nextIndex values to the index just after the last one in its log. If a follower’s log is inconsistent with the leader’s, the AppendEntries consistency check will fail in the next AppendEntries RPC. After a rejection, the leader decrements nextIndex and retries the AppendEntries RPC. Eventually nextIndex will reach a point where the leader and follower logs match. When this happens, AppendEntries will succeed, which removes any conflicting entries in the follower’s log and appends entries from the leader’s log. Once AppendEntries succeeds, the follower’s log is consistent with the leader’s, and it will remain that way for the rest of the term.
        * Raft never commits log entries from previous terms by counting replicas. <b>Only log entries from the leader’s current term are committed by counting replicas;</b> once an entry from the current term has been committed in this way, then all prior entries are committed indirectly because of the Log Matching Property. 
        * Raft incurs this extra complexity in the commitment rules because log entries retain their original term numbers when a leader replicates entries from previous terms.
        *  In addition, new leaders in Raft send fewer log entries from previous terms than in other algorithms.

****

### 选主过程

#### Redis:
* Fault Tolerance: https://redis.io/topics/cluster-spec#fault-tolerance
    * Redis Cluster failure detection is used to recognize when a master or slave node is no longer reachable by the majority of nodes and then respond by promoting a slave to the role of master. When slave promotion is not possible the cluster is put in an error state to stop receiving queries from clients.
    * Failure detection
        * PFAIL flag:
            * A node flags another node with the PFAIL flag when the node is not reachable for more than NODE_TIMEOUT time. Both master and slave nodes can flag another node as PFAIL, regardless of its type.
            * In order to add reliability during normal operations, nodes will try to reconnect with other nodes in the cluster as soon as half of the NODE_TIMEOUT has elapsed without a reply to a ping. This mechanism ensures that connections are kept alive so broken connections usually won't result in false failure reports between nodes.
        * FAIL flag:
            * A PFAIL condition is escalated to a FAIL condition when the following set of conditions are met:
                * Some node, that we'll call A, has another node B flagged as PFAIL.
                * Node A collected, via gossip sections, information about the state of B from the point of view of the majority of masters in the cluster.
                * The majority of masters signaled the PFAIL or FAIL condition within NODE_TIMEOUT * FAIL_REPORT_VALIDITY_MULT time. (The validity factor is set to 2 in the current implementation, so this is just two times the NODE_TIMEOUT time).
            * If all the above conditions are true, Node A will:
                * Mark the node as FAIL.
                * Send a FAIL message to all the reachable nodes.
        * <b>The FAIL flag is only used as a trigger to run the safe part of the algorithm for the slave promotion.</b>
* Slave promotion: https://redis.io/topics/cluster-spec#configuration-handling-propagation-and-failovers
    * Cluster current epoch: Redis Cluster uses a concept similar to the Raft algorithm "term". In Redis Cluster the term is called epoch instead, and it is used in order to give incremental versioning to events. When multiple nodes provide conflicting information, it becomes possible for another node to understand which state is the most up to date.
        * At node creation every Redis Cluster node, both slaves and master nodes, set the currentEpoch to 0.
            * Every time a packet is received from another node, if the epoch of the sender (part of the cluster bus messages header) is greater than the local node epoch, the currentEpoch is updated to the sender epoch.
        * The configEpoch is set to zero in masters when a new node is created.
            * A new configEpoch is created during slave election. Slaves trying to replace failing masters increment their epoch and try to get authorization from a majority of masters. When a slave is authorized, a new unique configEpoch is created and the slave turns into a master using the new configEpoch.
    * Slave election and promotion:
        * <i>Slave rank: https://redis.io/topics/cluster-spec#slave-rank</i>
        * A slave starts an election when the following conditions are met:
            * The slave's master is in FAIL state.
            * The master was serving a non-zero number of slots.
            * The slave replication link was disconnected from the master for no longer than a given amount of time, in order to ensure the promoted slave's data is reasonably fresh. This time is user configurable.
        * In order to be elected, the first step for a slave is to increment its currentEpoch counter, and request votes from master instances.
        * Votes are requested by the slave by broadcasting a FAILOVER_AUTH_REQUEST packet to every master node of the cluster. Then it waits for a maximum time of two times the NODE_TIMEOUT for replies to arrive.
        * Once a master has voted for a given slave, replying positively with a FAILOVER_AUTH_ACK, it can no longer vote for another slave of the same master for a period of NODE_TIMEOUT * 2.
        * A slave discards any AUTH_ACK replies with an epoch that is less than the currentEpoch at the time the vote request was sent. This ensures it doesn't count votes intended for a previous election.
        * Once the slave receives ACKs from the majority of masters, it wins the election, it obtains a new unique and incremental configEpoch which is higher than that of any other existing master. 
        * Otherwise if the majority is not reached within the period of two times NODE_TIMEOUT. the election is aborted and a new one will be tried again after NODE_TIMEOUT * 4. 
        
#### Kafka:
* <b>The leader election algorithms</b>
    * `Majority vote for both the commit decision and the leader election:` let's say we have 2f+1 replicas. If f+1 replicas must receive a message prior to a commit being declared by the leader, and if we elect a new leader by electing the follower with the most complete log from at least f+1 replicas, then, with no more than f failures, the leader is guaranteed to have all committed messages. This is because among any f+1 replicas, there must be at least one replica that contains all committed messages. That replica's log will be the most complete and therefore will be selected as the new leader. Hence, if the leader waits for more followers to acknowledge a message before declaring it committed then there will be more potentially electable leaders.
        * There are a rich variety of algorithms in this family including `ZooKeeper's Zab, Raft, and Viewstamped Replication`. The most similar academic publication we are aware of to Kafka's actual implementation is `PacificA from Microsoft`.
        * This majority vote approach has a very nice property: the latency is dependent on only the fastest servers. That is, if the replication factor is three, the latency is determined by the faster slave not the slower one.
        * The downside of majority vote is that it doesn't take many failures to leave you with no electable leaders. To tolerate one failure requires three copies of the data, and to tolerate two failures requires five copies of the data. In our experience having only enough redundancy to tolerate a single failure is not enough for a practical system, but doing every write five times, with 5x the disk space requirements and 1/5th the throughput, is not very practical for large volume data problems. This is likely why quorum algorithms more commonly appear for shared cluster configuration such as ZooKeeper but are less common for primary data storage. 
    * `The ISR approach`: Kafka dynamically maintains a set of in-sync replicas (ISR) that are caught-up to the leader. Only members of this set are eligible for election as leader. A write to a Kafka partition is not considered committed until all in-sync replicas have received the write. This ISR set is persisted to ZooKeeper whenever it changes. Because of this, any replica in the ISR is eligible to be elected leader. With this ISR model and f+1 replicas, a Kafka topic can tolerate f failures without losing committed messages.
* <i>Unclean leader election: What if they all die</i>
    * Default solution: wait for a replica in the ISR to come back to life and choose this replica as the leader (hopefully it still has all its data).
    * `unclean.leader.election.enable` configutaion: choose the first replica (not necessarily in the ISR) that comes back to life as the leader.
* <b>Replica Management</b>
    * Electing one of the brokers as the "controller". This controller detects failures at the broker level and is responsible for changing the leader of all affected partitions in a failed broker. The result is that we are able to batch together many of the required leadership change notifications which makes the election process far cheaper and faster for a large number of partitions. If the controller fails, one of the surviving brokers will become the new controller.
    
****

### 分布式事务
#### Seata: https://github.com/alibaba/fescar/wiki/Home_Chinese
* <b>AT Mode</b>:
    * 2PC:
        * 一阶段 prepare 行为：在本地事务中，一并提交业务数据更新和相应回滚日志记录。
        * 二阶段 commit 行为：马上成功结束，自动 异步批量清理回滚日志。
        * 二阶段 rollback 行为：通过回滚日志，自动 生成补偿操作，完成数据回滚。
    * 写隔离: https://github.com/seata/seata/wiki/AT-Mode#%E5%86%99%E9%9A%94%E7%A6%BB
        * 一阶段本地事务提交前，需要确保先拿到全局锁
        * 拿不到全局锁，不能提交本地事务
        * 拿全局锁的尝试被限制在一定范围内，超出范围将放弃，并回滚本地事务，释放本地锁
    * 读隔离: https://github.com/seata/seata/wiki/AT-Mode#%E8%AF%BB%E9%9A%94%E7%A6%BB
        * 在数据库本地事务隔离级别 读已提交（Read Committed） 或以上的基础上，Fescar（AT 模式）的默认全局隔离级别是 读未提交（Read Uncommitted）
    * 工作机制: https://github.com/seata/seata/wiki/AT-Mode#%E5%B7%A5%E4%BD%9C%E6%9C%BA%E5%88%B6
* <b>MT Mode</b>: https://github.com/seata/seata/wiki/MT-Mode

****

### 分布式锁算法: 
* Redis Redlock: https://redis.io/topics/distlock <b>（有锁超时时间的设定，分布式锁第四步）</b>
    * Single instance way of algorithm:
        * `SET resource_name my_random_value NX PX 30000`: The command will set the key only if it does not already exist (NX option), with an expire of 30000 milliseconds (PX option). The key is set to a value “myrandomvalue”. This value must be unique across all clients and all lock requests.
        * Basically the random value is used in order to release the lock in a safe way, with a script that tells Redis: remove the key only if it exists and the value stored at the key is exactly the one I expect to be.
        ```java
        if redis.call("get",KEYS[1]) == ARGV[1] then
            return redis.call("del",KEYS[1])
        else
            return 0
        end
        ```
    * Distributed version of the algorithm:
        * In the distributed version of the algorithm we assume we have N Redis masters. Those nodes are totally independent, so we don’t use replication or any other implicit coordination system.
        * We already described how to acquire and release the lock safely in a single instance. We take for granted that the algorithm will use this method to acquire and release the lock in a single instance. 
            * It gets the current time in milliseconds.
            * It tries to acquire the lock in all the N instances sequentially, using the same key name and random value in all the instances. During step 2, when setting the lock in each instance, the client uses a timeout which is small compared to the total lock auto-release time in order to acquire it. For example if the auto-release time is 10 seconds, the timeout could be in the ~ 5-50 milliseconds range. This prevents the client from remaining blocked for a long time trying to talk with a Redis node which is down: if an instance is not available, we should try to talk with the next instance ASAP.
            * The client computes how much time elapsed in order to acquire the lock, by subtracting from the current time the timestamp obtained in step 1. If and only if the client was able to acquire the lock in the majority of the instances (at least 3), and the total time elapsed to acquire the lock is less than lock validity time, the lock is considered to be acquired.
            * If the lock was acquired, its validity time is considered to be the initial validity time minus the time elapsed, as computed in step 3. 
            * If the client failed to acquire the lock for some reason (either it was not able to lock N/2+1 instances or the validity time is negative), it will try to unlock all the instances (even the instances it believed it was not able to lock).
    * Performance, crash-recovery and fsync: https://redis.io/topics/distlock#performance-crash-recovery-and-fsync
        * the client should try to send the SET commands to the N instances at the same time using multiplexing.
        * To avoid violating when instance crash without setting persistence, make an instance unavailable for at least a bit more than the max TTL we use, which is, the time needed for all the keys about the locks that existed when the instance crashed, to become invalid and be automatically released. 
* ZooKeeper Locks: https://zookeeper.apache.org/doc/r3.5.4-beta/recipes.html#sc_recipes_Locks<b>（没有显示的锁超时时间）</b>
    * Call create() with a pathname of "_locknode_/guid-lock-" and the sequence and ephemeral flags set. The guid is needed in case the create() result is missed.
    * Call getChildren() on the lock node without setting the watch flag
    * If the pathname created in step 1 has the lowest sequence number suffix, the client has the lock and the client exits the protocol.
    * The client calls exists() with the watch flag set on the path in the lock directory with the next lowest sequence number.
    * if exists() returns false, go to step 2. Otherwise, wait for a notification for the pathname from the previous step before going to step 2.

****

# SOA vs Microservice
* 两种架构都是分布式系统架构，都存在分布式领域的通用问题，基本问题都能被CAP定理和BASE定理解释

### SOA
* A Service Oriented Architecture is a software architecture pattern, which application components provide services to other components via a <b>communications protocol</b> over a network. These distinct services carry out some small functions, such as <i>validating payment, creating a user account, or providing social log-in</i>.
* Service-oriented Architecture is less about how to modularize an application, and more about how to compose an application by <b>integration of distributed</b>, separately-maintained and deployed software components. 
* There are 2 main roles in SOA, a service provider, and a service consumer. A software agent may play both roles. The Consumer Layer is the point where users (human, other components of the app or third parties) interact with the SOA and the Provider Layer consists of all the services within the SOA.

****

### Microservices
* Microservices are the next step in the evolution of Service-Oriented Architectures. Basically, this architecture type is a particular way of developing software, web or mobile applications as suites of independent services. These services are created to serve only one specific business function, such as <i>User Management, User Roles, E-commerce Cart, Search Engine, Social Media Logins etc</i>. Furthermore, they are completely independent of each other, meaning they can be written in <b>different programming languages and use different databases</b>. Centralized services management is almost non-existent and the microservices use <b>lightweight HTTP, REST or Thrift APIs for communicating between themselves</b>.

****

### What’s The Difference
* Structure: <img src="../images/javaee/difference_between_soa_ms.png" width="500px">
* Development:
    * SOA: 与ESB所选的技术栈紧耦合，需要基于ESB提供商提供的消息协议编程，也就是说需要使用或者实现ESB提供商的客户端，以支撑消息通信；同时为了保证消息通信过程的可靠性，推荐所有服务之间尽量使用同一数据源，减少分布式事务对系统的影响；一般来说是基于XML为载体传输消息
    * Microservices: 团队可以自由选择任何技术栈实现新的服务，只需要保证服务的对外接口规范一致；同时每个服务可以使用自己独立的数据存储技术处理数据，但同时带来了很严重的分布式事务问题；一般来说是基于JSON为载体传输消息
    * 
    <table>
        <tr>
            <td><img src="../images/javaee/soa.png"></td>
            <td><img src="../images/javaee/ms.png"></td>
        </tr>
    </table>
* Development: 
    * SOA: 多个服务依赖之间的团队需要协作沟通，共同部署；同时对面向容器，云平台部署不友好
    * Microservices: 团队完全独立部署，无需与任何其他团队沟通；同时对面向容器，云平台部署友好
* Communication:
     * SOA: 通过ESB完成服务之间的通信，容易造成单点问题；同时一旦下游服务出现延迟或者异常，整个服务系统都会受影响
     * Microservices: 服务之间的通信是独立的，去中心化；同时一个服务的异常不会影响整个系统服务，注意如果没有熔断机制，被依赖的服务还是会受影响的
* Interoperability
    * SOA: 支持多种协议，ESB提供商上层支持的协议都可以，因为在底层都会将各种协议转换成ESB自己的消息协议
    * Microservices: 名义上支持多种协议，但是为了解耦，所以通常使用HTTP协议
* Relations: <img src="../images/javaee/relation_soa_ms.png" width="300px">
* Framework:
    * SOA: Kafka, RocketMQ, ActiveMQ
    * Microservices: Spring cloud, Dubbo, Netflix, Istio
* Summary:
    * SOA: 适用大型企业应用，大型企业级别的架构，因为一旦建立，整个集团都会依赖该架构做集成和开发
    * Microservices: 适用小型mobile或web，且边界划分明确的应用

****

# Service Mesh
* <b>WHAT IS A SERVICE MESH</b>
    * <b>The service mesh is a critical component of the cloud native stack</b>. 
    * A service mesh is a dedicated infrastructure layer for <b>handling service-to-service communication</b>. It’s responsible for the reliable delivery of requests through the complex topology of services that comprise a modern, cloud native application. In practice, the service mesh is typically implemented as an array of <b>lightweight network proxies</b> that are <b>deployed alongside application code</b>, without the application needing to be aware. 
    * The concept of the service mesh as a separate layer is tied to the rise of the cloud native application. In the cloud native model, a single application might consist of hundreds of services; each service might have thousands of instances; and each of those instances might be in a constantly-changing state as they are dynamically scheduled by an orchestrator like Kubernetes. 
    * As the TCP stack abstracts the mechanics of reliably delivering bytes between network endpoints, the service mesh abstracts the mechanics of reliably delivering requests between services. The service mesh doesn’t care about the actual payload or how it’s encoded. The application has a high-level goal (“send something from A to B”), and the job of the service mesh is to accomplish this goal while handling any failures along the way.
    * <b>The service mesh is ultimately not an introduction of new functionality, but rather a shift in where functionality is located</b>
* <b>WHAT DOES A SERVICE MESH ACTUALLY DO</b>
    * Linkerd applies dynamic routing rules to determine which service the requester intended. All of these routing rules are dynamically configurable, and can be applied both globally and for arbitrary slices of traffic.
    * Having found the correct destination, Linkerd retrieves the corresponding pool of instances from the relevant service discovery endpoint, of which there may be several. If this information diverges from what Linkerd has observed in practice, Linkerd makes a decision about which source of information to trust.
    * Linkerd chooses the instance most likely to return a fast response based on a variety of factors, including its observed latency for recent requests.
    * Linkerd attempts to send the request to the instance, recording the latency and response type of the result.
    * If the instance is down, unresponsive, or fails to process the request, Linkerd retries the request on another instance (but only if it knows the request is idempotent).
    * If an instance is consistently returning errors, Linkerd evicts it from the load balancing pool, to be periodically retried later (for example, an instance may be undergoing a transient failure).
    * If the deadline for the request has elapsed, Linkerd proactively fails the request rather than adding load with further retries.
    * Linkerd captures every aspect of the above behavior in the form of metrics and distributed tracing, which are emitted to a centralized metrics system.