# Systems Design Fundamentals

## Client - Server Model

The paradigm by which modern systems are designed, which consists of clients requesting data or service from servers and servers providing data or service to clients.

### Client
A machine or process that requests data or service from a server. 

### Server
A machine or process that provides data or service for a client, usually by listening for incoming network calls.

> Note that a single machine or piece of software can be both a client and a server at the same time. For instance, a single machine could act as a server for end users and as a client for a database.

### IP Address

An address given to each machine connected to the public internet. IPv4 addresses consist of four numbers separated by dots: **a.b.c.d** where all four numbers are between 0 and 255. Special values include:

* **127.0.0.1**: Your own local machine, also referred to as **localhost**.
* **192.168.x.y**: Your private network. For instance, your machine and all machines on your private wifi network will usually have the **192.168** prefix.

### Port

In order for multiple programs to listen for new network connections on the same machine without colliding, they pick a port to listen on. A port is an integer between 0 and 65,535 ($2^{16}$ ports total).

Typically, ports **0-1023** are reserved for **system ports** (also called **well-known ports**) and shouldn't be used by user-level processes. Higher-numbered ports are available for general use by applications and are known as **ephemeral ports**. Certain ports have pre-defined uses, below are some examples:
* 22: Secure Shell
* 53: DNS lookup
* 80: HTTP
* 443: HTTPS


### DNS

Short for **Domain Name System**, it describes the entities and protocols involved in the translation from domain names to IP Addresses. Typically, machines make a DNS query to a well known entity which is responsible for returning the IP address (or multiple ones) of the requested domain name in the response.

## Network Protocols

### IP

Stands for **Internet Protocol**. This network protocol outlines how almost all machine-to-machine communications should happen in the world. Other protocols like **TCP**, **UDP** and **HTTP** are built on top of IP.

### TCP

Network protocol built on top of the Internet Protocol (IP). Allows for ordered, reliable data delivery between machines over the public internet by creating a connection.

The **Transmission Control Protocol** (**TCP**) is usually implemented in the kernel, which exposes **sockets** to applications that they can use to stream data through an open connection.

### HTTP

The **HyperText Transfer Protocol** is a very common network protocol implemented on top of TCP. Clients make HTTP requests, and servers respond with a response. Following are a sequence of events in a **request-response** mechanism:
* The client opens a connection and requests data from the server.
* The server calculates the response.
* The server sends the response back to the client on the opened request.

<img src='imgs/http.png' alt='http' width=500 height=500>

Requests typically have the following schema:

>* **host**: string (example: algoexpert.io)
>* **port**: integer (example: 80 or 443)
>* **method**: string (example: GET, PUT, POST, DELETE, OPTIONS or PATCH)
>* **headers**: pair list (example: "Content-Type" => "application/json")
>* **body**: opaque sequence of bytes

Responses typically have the following schema:
>* **status code**: integer (example: 200, 401)
>* **headers**: pair list (example: "Content-Length" -> 1238)
>* **body**: opaque sequence of bytes

### IP Packet

Sometimes more broadly referred to as just a (network) **packet**, an IP packet is effectively the smallest unit used to describe data being sent over IP, aside from bytes. An IP packet consists of:

* an **IP header**, which contains the source and destination IP addresses as well as other information related to the network
* a **payload**, which is just the data being sent over the network

### Socket
A socket is one endpoint of a two-way communication link between two programs running on the network. A socket is bound to a port number so that the **TCP layer** can identify the application that data is destined to be sent to. An endpoint is a 

A socket is a combination of an **IP address** and a **port number** and is used to identify both a machine and a service within the machine.

## Storage

### Databases

Databases are programs that either use disk or memory to do 2 core things: **record** data and **query** data. In general, they are: themselves servers that are long lived and interact with the rest of our application through network calls, with protocols on top of TCP or even HTTP.

Some databases only keep records in memory, and the users of such databases are aware of the fact that those records may be lost forever if the machine or process dies.

For the most part though, databases need persistence of those records, and thus cannot use memory. This means that we have to write our data to disk. Anything written to disk will remain through power loss or network partitions, so that's what is used to keep permanent records.

Since machines die often in a large scale system, special disk partitions or volumes are used by the database processes, and those volumes can get recovered even if the machine were to go down permanently.

### Disk

Usually refers to either **HDD** (**hard-disk drive**) or **SSD** (**solid-state drive**). Data written to disk will persist through power failures and general machine crashes. Disk is also referred to as **non-volatile storage**.

SSD is far faster than HDD but also far more expensive from a financial point of view. Because of that, HDD will typically be used for data that's rarely accessed or updated, but that's stored for a long time, and SSD will be used for data that's frequently accessed and updated.

### Memory

Short for **Random Access Memory** (**RAM**). Data stored in memory will be lost when the process that has written that data dies.

### Persistent Storage

Usually refers to disk, but in general it is any form of storage that persists if the process in charge of managing it dies.

## Databases

### Relational Database
A type of **structured database** in which data is stored following a **tabular** format; often supports powerful querying using SQL.

Each **row** contains all the information about one entity and each **column** contains all the separate data points. Some of the most popular relational databases are MySQL, Oracle, MS SQL Server, SQLite, Postgres, and MariaDB.

In relational databases, each record conforms to a **fixed schema**, meaning the columns must be decided and chosen before data entry and each row must have data for each column. The schema can be altered later, but it involves modifying the whole database and going offline.

In most common situations, SQL databases are **vertically scalable**, i.e., by increasing the horsepower (higher Memory, CPU, etc.) of the hardware, which can get very expensive. It is possible to scale a relational database across multiple servers, but this is a challenging and time-consuming process.

### Non-Relational Database
In contrast with relational database (SQL databases), a type of database that is free of imposed, tabular-like structure. Non-relational databases are often referred to as **NoSQL databases**.

In NoSQL, schemas are **dynamic**. Columns can be added on the fly and each `row` (or equivalent) doesn’t have to contain data for each `column`.

NoSQL databases are **horizontally scalable**, meaning we can add more servers easily in our NoSQL database infrastructure to handle a lot of traffic. Any cheap commodity hardware or cloud instances can host NoSQL databases, thus making it a lot more cost-effective than vertical scaling. A lot of NoSQL technologies also distribute data across servers automatically.

### SQL
**Structured Query Language**. Relational databases can be used using a derivative of SQL such as PostgreSQL in the case of Postgres.

### SQL Database

Any database that supports SQL. This term is often used synonymously with **Relational Database**, though in practice, not every relational database supports SQL.

### NoSQL Database

Any database that is not SQL-compatible is called **NoSQL**.

### ACID Transaction
A type of database transaction that has four important properties:

* **Atomicity**: The operations that constitute the transaction will either all succeed or all fail. There is no in-between state.
* **Consistency**: The transaction cannot bring the database to an invalid state. After the transaction is committed or rolled back, the rules for each record will still apply, and all future transactions will see the effect of the transaction. Also named **Strong Consistency**.
* **Isolation**: The execution of multiple transactions concurrently will have the same effect as if they had been executed sequentially.
* **Durability**: Any committed transaction is written to non-volatile storage. It will not be undone by a crash, power loss, or network partition.

The vast majority of relational databases are **ACID compliant**. So, when it comes to data reliability and safe guarantee of performing transactions, SQL databases are still the better bet.

Most of the NoSQL solutions sacrifice ACID compliance for performance and scalability.

### Database Index

A special auxiliary **data structure** that allows our database to perform certain queries much faster. Indexes can typically only exist to reference structured data, like data stored in relational databases. In practice, we create an index on one or multiple columns in our database to greatly speed up read queries that we run very often, with the downside of slightly longer writes to our database, since writes have to also take place in the relevant index.

An **index** is a data structure that can be perceived as a table of contents that points us to the location where actual data lives. So when we create an index on a column of a table, we store that column and a pointer to the whole row in the index. Let’s assume a table containing a list of books, the following diagram shows how an index on the `Title` column looks like:

<img src='imgs/index.png' alt='index' width=500 height=500>

Just like a traditional relational data store, we can also apply this concept to larger datasets. The trick with indexes is that we must carefully consider how users will access the data. In the case of data sets that are many terabytes in size, but have very **small payloads** (e.g., 1 KB), indexes are a necessity for optimizing data access. Finding a small payload in such a large dataset can be a real challenge, since we can’t possibly iterate over that much data in any reasonable time. Furthermore, it is very likely that such a large data set is spread over several physical devices—this means we need some way to find the correct physical location of the desired data. Indexes are the best way to do this.

#### Indexes decrease write performance
An index can dramatically speed up data retrieval but may itself be large due to the additional keys, which slow down data insertion & update.

When adding rows or making updates to existing rows for a table with an active index, we not only have to write the data but also have to update the index. This will decrease the write performance. This performance degradation applies to all insert, update, and delete operations for the table. For this reason, adding unnecessary indexes on tables should be avoided and indexes that are no longer used should be removed. To reiterate, adding indexes is about improving the performance of search queries. If the goal of the database is to provide a data store that is often written to and rarely read from, in that case, decreasing the performance of the more common operation, which is writing, is probably not worth the increase in performance we get from reading.

### Strong Consistency

Strong Consistency usually refers to the consistency of ACID transactions, as opposed to Eventual Consistency.

### Eventual Consistency

A consistency model which is unlike Strong Consistency. In this model, reads might return a view of the system that is stale. An eventually consistent datastore will give guarantees that the state of the database will eventually reflect writes within a time period (could be 10 seconds, or minutes).

### Postgres

A relational database that uses a dialect of SQL called PostgreSQL. Provides ACID transactions.

### Database Lock

In a relational database that provides ACID transactions, updating rows inside a table will cause a **lock** to be held on that table or on the rows we are updating. If a second transaction tries to update the same rows, it will block before the update until the first transaction releases that lock. This is one of the core mechanisms behind the **Atomicity** of ACID transactions.

### Database Selection
Here are a few reasons to choose a **SQL database**:

* We need to ensure **ACID compliance**. ACID compliance reduces anomalies and protects the integrity of our database by prescribing exactly how transactions interact with the database. Generally, NoSQL databases sacrifice ACID compliance for scalability and processing speed, but for many e-commerce and financial applications, an ACID-compliant database remains the preferred option.
* Our data is **structured** and **unchanging**. If our business is not experiencing massive growth that would require more servers and if we’re only working with data that is **consistent**, then there may be no reason to use a system designed to support a variety of data types and high traffic volume.

Reasons to use **NoSQL database** are:
* When all the other components of our application are fast and seamless, NoSQL databases prevent data from being the bottleneck. Big data is contributing to a large success for NoSQL databases, mainly because it handles data differently than the traditional relational databases. A few popular examples of NoSQL databases are MongoDB, CouchDB, Cassandra, and HBase.
* Storing large volumes of data that often have little to no structure. A NoSQL database sets no limits on the types of data we can store together and allows us to add new types as the need changes. With document-based databases, we can store data in one place without having to define what `types` of data those are in advance.
* Making the most of cloud computing and storage. Cloud-based storage is an excellent cost-saving solution but requires data to be easily spread across multiple servers to scale up. Using commodity (affordable, smaller) hardware on-site or in the cloud saves you the hassle of additional software and NoSQL databases like Cassandra are designed to be scaled across multiple data centers out of the box, without a lot of headaches.
* Rapid development. NoSQL is extremely useful for rapid development as it doesn’t need to be prepped ahead of time. If we’re working on quick iterations of our system which require making frequent updates to the data structure without a lot of downtime between versions, a relational database will slow us down.

## Stateful and Stateless

### Stateful

A server or process is called **stateful** when it derives its functionality from storing and retrieving things from disk. Databases are primary case studies for stateful servers. Because of this persistence requirement, it's much more difficult to run and manage stateful servers compared to **Stateless** servers because they can't be stopped and restarted on any physical machine.

### Stateless

A server is usually called **stateless** if it does not require state to be persisted to disk in order to run successfully. Although many server process typically hold some state in memory including caching layers for instance, this typically means that we can run the server process the same way on any machine, and move it around whenever we want. This contrasts with **Stateful** processes.

## Latency And Throughput

### Latency

The time it takes for a certain operation to complete in a system. Most often this measure is a time duration, like milliseconds or seconds. You should know these orders of magnitude:

* **Reading 1 MB from RAM**: 250 μs (0.25 ms)
* **Reading 1 MB from SSD**: 1,000 μs (1 ms)
* **Transfer 1 MB over Network**: 10,000 ps (10 ms)
* **Reading 1MB from HDD**: 20,000 μs (20 ms)
* **Inter-Continental Round Trip**: 150,000 μs (150 ms)

### Throughput

The number of operations that a system can handle properly per time unit. For instance the throughput of a server can often be measured in requests per second (RPS or QPS).

## Availability

### Process

A program that is currently running on a machine. We should always assume that any process may get terminated at any time in a sufficiently large system.

### Node/ Instance/ Host

These three terms refer to the same thing most of the time: a **virtual or physical machine** on which the developer runs processes. Sometimes the word server also refers to this same concept.

### Availability

The odds of a particular server or service being up and running at any point in time, usually measured in percentages. A server that has 99% availability will be operational 999% of the time (this would be described as having two nines of availability).

### High Availability

Used to describe systems that have particularly high levels of availability, typically 5 nines or more: sometimes abbreviated **HA**.

### Nines

Typically refers to percentages of **uptime**. For example, 5 nines of availability means an uptime of 99.999% of the time. Below are the downtimes expected per year depending on those 9s

>* **99% (two 9s)**: 87.7 hours
>* **99.9% (three 9s)**: 8.8 hours
>* **99.99%**: 52.6 minutes
>* **99.999%**: 5.3 minutes

### Redundancy

The process of replicating parts of a system in an effort to make it more reliable.

### SLA

Short for **service-level agreement**, an SLA is a collection of guarantees given to a customer by a service provider. SLAs typically make guarantees on a system's availability, amongst other things. SLAS are made up of one or multiple SLOs.

### SLO

Short for **service-level objective**, an SLO is a guarantee given to a customer by a service provider. SLOs typically make guarantees on a system's availability, amongst other things. SLOs constitute an SLA.

### Availability Zone

Sometimes referred to as an **AZ**, an availability zone designates a group of machines that share one or more central system components (e.g., power source, network connectivity, machine-cooling system). Availability zones are typically located far away from each other such that no natural disaster can realistically bring down two of them at once. This ensures that if we have redundant storage, for instance, with data stored in two availability zones, losing one AZ still leaves us with an operational system that abides by any **SLA** that it might have.

### Percentiles

Most often used when describing a **latency distribution**. If our **X**th percentile is 100 milliseconds, it means that **X**% of the requests have latencies of 100ms or less. Sometimes, SLAs describe their guarantees using these percentiles.

## Caching

### Cache

A piece of hardware or software that stores data, typically meant to retrieve that data faster than otherwise. Caches take advantage of the locality of reference principle: recently requested data is likely to be requested again. They are used in almost every computing layer: hardware, operating systems, web browsers, web applications, and more. A cache is like **short-term memory**: it has a limited amount of space, but is typically faster than the original data source and contains the most recently accessed items. Caches can exist at all levels in architecture, but are often found at the level nearest to the front end, where they are implemented to return data quickly without taxing downstream levels.

Caches are often used to store responses to network requests as well as results of computationally-long operations.

Note that data in a cache can become **stale** if the main source of truth for that data (ie, the main database behind the cache) gets updated and the cache doesn't.


### Cache Hit

When requested data is found in a cache.

### Cache Miss

When requested data could have been found in a cache but isn't. This is typically used to refer to a negative consequence of a system failure or of a poor design choice. For example:

If a server goes down, our load balancer will have to forward requests to a new server, which will result in cache misses.


### Cache Invalidation
While caching is fantastic, it requires some maintenance to keep the cache coherent with the source of truth (e.g., database). If the data is modified in the database, it should be invalidated in the cache; if not, this can cause inconsistent application behavior.

Solving this problem is known as cache invalidation; there are three main schemes that are used:

**Write-through cache**: Under this scheme, data is written into the cache and the corresponding database simultaneously. The cached data allows for fast retrieval and, since the same data gets written in the permanent storage, we will have complete data consistency between the cache and the storage. Also, this scheme ensures that nothing will get lost in case of a crash, power failure, or other system disruptions.

Although, write-through minimizes the risk of data loss, since every write operation must be done twice before returning success to the client, this scheme has the disadvantage of higher latency for write operations.

**Write-around cache**: This technique is similar to write-through cache, but data is written directly to permanent storage, bypassing the cache. This can reduce the cache being flooded with write operations that will not subsequently be re-read, but has the disadvantage that a read request for recently written data will create a “cache miss” and must be read from slower back-end storage and experience higher latency.

**Write-back cache**: Under this scheme, data is written to cache alone, and completion is immediately confirmed to the client. The write to the permanent storage is done after specified intervals or under certain conditions. This results in low-latency and high-throughput for write-intensive applications; however, this speed comes with the risk of data loss in case of a crash or other adverse event because the only copy of the written data is in the cache.


### Cache Eviction Policy

The policy by which values get evicted or removed from a cache. Popular cache eviction policies include **LRU** (**least-recently used**), **FIFO** (**first in first out**), and **LFU** (**least-frequently used**). Following are some of the most common cache eviction policies:

* **First In First Out (FIFO)**: The cache evicts the first block accessed first without any regard to how often or how many times it was accessed before.
* **Last In First Out (LIFO)**: The cache evicts the block accessed most recently first without any regard to how often or how many times it was accessed before.
* **Least Recently Used (LRU)**: Discards the least recently used items first.
* **Most Recently Used (MRU)**: Discards, in contrast to LRU, the most recently used items first.
* **Least Frequently Used (LFU)**: Counts how often an item is needed. Those that are used least often are discarded first.
* **Random Replacement (RR)**: Randomly selects a candidate item and discards it to make space when necessary.

### Content Delivery Network

A **CDN** is a third-party service that acts like a cache for our servers. Sometimes, web applications can be slow for users in a particular region if our servers are located only in another region. A CDN has servers all around the world, meaning that the latency to a CDN's servers will almost always be far better than the latency to our servers. A CDN's servers are often referred to as **PoPs** (**Points of Presence**). Two of the most popular CDNs are **Cloudflare** and **Google Cloud CDN**.

## Hashing

### Hashing Function

A function that takes in a specific data type (such as a string or an identifier) and outputs a number. Different inputs may have the same output, but a good hashing function attempts to minimize those **hashing collisions** (which is equivalent to maximizing uniformity).

### Consistent Hashing
A type of hashing that minimizes the number of keys that need to be remapped when a hash table gets resized. It's often used by load balancers to distribute traffic to servers; it minimizes the number of requests that get forwarded to different servers when new servers are added or when existing servers are brought down.

**Distributed Hash Table (DHT)** is one of the fundamental components used in distributed scalable systems. Hash Tables need a key, a value, and a hash function where hash function maps the key to a location where the value is stored.

$$index = hash\_function(key)$$

Suppose we are designing a distributed caching system. Given `n` cache servers, an intuitive hash function would be `key % n`. It is simple and commonly used. But it has two major drawbacks:

- It is NOT horizontally scalable. Whenever a new cache host is added to the system, all existing mappings are broken. It will be a pain point in maintenance if the caching system contains lots of data. Practically, it becomes difficult to schedule a downtime to update all caching mappings.


- It may NOT be load balanced, especially for non-uniformly distributed data. In practice, it can be easily assumed that the data will not be distributed uniformly. For the caching system, it translates into some caches becoming hot and saturated while the others idle and are almost empty.


In such situations, consistent hashing is a good way to improve the caching system.

**Consistent hashing** is a very useful strategy for distributed caching systems and DHTs. It allows us to distribute data across a cluster in such a way that will minimize reorganization when nodes are added or removed. Hence, the caching system will be easier to scale up or scale down.

In Consistent Hashing, when the hash table is resized (e.g. a new cache host is added to the system), only `k/n` keys need to be remapped where `k` is the `total number of keys` and `n` is the `total number of servers`. Recall that in a caching system using the `mod` as the hash function, all keys need to be remapped.

In Consistent Hashing, objects are mapped to the same host if possible. When a host is removed from the system, the objects on that host are shared by other hosts; when a new host is added, it takes its share from a few hosts without touching other’s shares.

#### Working
As a typical hash function, consistent hashing maps a key to an integer. Suppose the output of the hash function is in the range of [0, 256]. Imagine that the integers in the range are placed on a ring such that the values are wrapped around.

1. Given a list of cache servers, hash them to integers in the range.
2. To map a key to a server
 * Hash it to a single integer.
 * Move clockwise on the ring until finding the first cache it encounters, that cache is the one that contains the key. 

<table>
<tr>
<td><img src='imgs/h1.png' alt='h1' width=300 height=400 align='left'></td>
<td><img src='imgs/h2.png' alt='h2' width=300 height=400 align='middle'></td>
<td><img src='imgs/h3.png' alt='h3' width=300 height=400 align='right'></td>
<td><img src='imgs/h4.png' alt='h4' width=300 height=400 align='right'></td>
<td><img src='imgs/h5.png' alt='h5' width=300 height=400 align='right'></td>
</tr></table>


- To add a new server, say D, keys that were originally residing at C will be split. Some of them will be shifted to D, while other keys will not be touched.


- To remove a cache or, if a cache fails, say A, all keys that were originally mapped to A will fall into B, and only those keys need to be moved to B; other keys will not be affected.

For load balancing, the real data is essentially `randomly distributed` and thus may not be uniform. It may make the keys on caches unbalanced. To handle this issue, we add `virtual replicas` for caches. Instead of mapping each cache to a single point on the ring, we map it to multiple points on the ring, i.e. **replicas**. This way, each cache is associated with multiple portions of the ring. 

If the hash function *mixes well*, **as the number of replicas increases, the keys will be more balanced**.

### Rendezvous Hashing

A type of hashing also coined **highest random weight hashing**. Allows for minimal re-distribution of mappings when a server goes down.

### SHA

Short for **Secure Hash Algorithms**, the SHA is a collection of cryptographic hash functions used in the industry. SHA-3 is a popular choice to use in a system.






## Redundancy, Replication And Sharding

### Redundancy
**Redundancy** is the duplication of critical components or functions of a system with the intention of increasing the reliability of the system, usually in the form of a backup or fail-safe, or to improve actual system performance. For example, if there is only one copy of a file stored on a single server, then losing that server means losing the file. Since losing data is seldom a good thing, we can create duplicate or redundant copies of the file to solve this problem.

Redundancy plays a key role in removing the single points of failure in the system and provides backups if needed in a crisis. For example, if we have two instances of a service running in production and one fails, the system can failover to the other one.

<img src='imgs/rr.png' alt='rr' width=300 height=300>


### Replication
Replication means sharing information to ensure consistency between redundant resources, such as software or hardware components, to improve reliability, fault-tolerance, or accessibility.

The act of **duplicating the data** from one database server to others. This is sometimes used to **increase the redundancy** of our system and tolerate regional failures for instance. Other times, we can use replication to move data closer to our clients, thus decreasing the latency of accessing specific data.

Replication is widely used in many database management systems (DBMS), usually with a primary-replica relationship between the original and the copies. The primary server gets all the updates, which then ripple through to the replica servers. Each replica outputs a message stating that it has received the update successfully, thus allowing the sending of subsequent updates.

### Sharding 
Sometimes called **data partitioning**, sharding is the act of splitting a database into two or more pieces called **shards** and is typically done to **increase the throughput** of our database. Popular sharding strategies include:

* Sharding based on a client's region
* Sharding based on the type of data being stored (e.g: user data gets stored in one shard, payments data gets stored in another shard)
* Sharding based on the hash of a column (only for structured data)

## Proxies

A **proxy server** is an intermediate server between the client and the back-end server. Clients connect to proxy servers to make a request for a service like a web page, file, connection, etc. In short, a proxy server is a piece of software or hardware that acts as an intermediary for requests from clients seeking resources from other servers.

Typically, proxies are used to filter requests, log requests, or sometimes transform requests (by adding/removing headers, encrypting/decrypting, or compressing a resource). Another advantage of a proxy server is that its cache can serve a lot of requests. If multiple clients access a particular resource, the proxy server can cache it and serve it to all the clients without going to the remote server.

Proxies can reside on the client’s local server or anywhere between the client and the remote servers. Here are a few famous types of proxy servers:

### Forward Proxy
A server that sits between a client and servers and acts on behalf of the client, typically used to mask the client's identity (IP address). Note that forward proxies are often referred to as just proxies.

### Open Proxy 
An **open proxy** is a proxy server that is accessible by any Internet user. Generally, a proxy server only allows users within a network group (i.e. a closed proxy) to store and forward Internet services such as DNS or web pages to reduce and control the bandwidth used by the group. With an open proxy, however, any user on the Internet is able to use this forwarding service. There two famous open proxy types:
- **Anonymous Proxy** - Thіs proxy reveаls іts іdentіty аs а server but does not dіsclose the іnіtіаl IP аddress. Though thіs proxy server cаn be dіscovered eаsіly іt cаn be benefіcіаl for some users аs іt hіdes their IP аddress.
- **Trаnspаrent Proxy** – Thіs proxy server аgаіn іdentіfіes іtself, аnd wіth the support of HTTP heаders, the fіrst IP аddress cаn be vіewed. The mаіn benefіt of usіng thіs sort of server іs іts аbіlіty to cаche the websіtes.

### Reverse Proxy
A server that sits between clients and servers and acts on behalf of the servers, typically used for logging, load balancing, or caching.

A **reverse proxy** (or **surrogate**) is a proxy server that appears to clients to be an ordinary server. Reverse proxies forward requests to one or more ordinary servers that handle the request. The response from the proxy server is returned as if it came directly from the original server, leaving the client with no knowledge of the original server.retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client, appearing as if they originated from the proxy server itself.

### Nginx

Pronounced "engine X", **Nginx** is a very popular webserver that's often used as a **reverse proxy** and **load balancer**.

## Load Balancers

### Load Balancer

A type of **reverse proxy** that distributes traffic across servers. Load balancers can be found in many parts of a system, from the DNS layer all the way to the database layer.

**Load Balancer (LB)** is another critical component of any distributed system. It helps to spread the traffic across a cluster of servers to improve responsiveness and availability of applications, websites or databases. LB also keeps track of the status of all the resources while distributing requests. If a server is not available to take new requests or is not responding or has elevated error rate, LB will stop sending traffic to such a server.

Typically a load balancer sits between the client and the server accepting incoming network and application traffic and distributing the traffic across multiple backend servers using various algorithms. By balancing application requests across multiple servers, a load balancer reduces individual server load and prevents any one application server from becoming a single point of failure, thus improving overall application availability and responsiveness.

<img src='imgs/lb1.png' alt='lb1' width=600 height=400>

To utilize full scalability and redundancy, we can try to balance the load at each layer of the system. We can add LBs at three places:
- Between the user and the web server
- Between web servers and an internal platform layer, like application servers or cache servers
- Between internal platform layer and database.

<img src='imgs/lb2.png' alt='lb2' width=700 height=400>

### Benefits of Load Balancing
* Users experience faster, uninterrupted service. Users won’t have to wait for a single struggling server to finish its previous tasks. Instead, their requests are immediately passed on to a more readily available resource.


* Service providers experience less downtime and higher throughput. Even a full server failure won’t affect the end user experience as the load balancer will simply route around it to a healthy server.


* Load balancing makes it easier for system administrators to handle incoming requests while decreasing wait time for users.


* Smart load balancers provide benefits like predictive analytics that determine traffic bottlenecks before they happen. As a result, the smart load balancer gives an organization actionable insights. These are key to automation and can help drive business decisions.


* System administrators experience fewer failed or stressed components. Instead of a single device performing a lot of work, load balancing has several devices perform a little bit of work.

### Application server cache
Placing a cache directly on a request layer node enables the local storage of response data. Each time a request is made to the service, the node will quickly return locally cached data if it exists. If it is not in the cache, the requesting node will fetch the data from the disk. The cache on one request layer node could also be located both in memory (which is very fast) and on the node’s local disk (faster than going to network storage).

What happens when we expand this to many nodes? If the request layer is expanded to multiple nodes, it’s still quite possible to have each node host its own cache. However, if our load balancer randomly distributes requests across the nodes, the same request will go to different nodes, thus increasing **cache misses**. Two choices for overcoming this hurdle are **global caches** and **distributed caches**.

## Load Balancing Algorithms

#### How does the load balancer choose the backend server?
Load balancers consider two factors before forwarding a request to a backend server. They will first ensure that the server they choose is actually responding appropriately to requests and then use a pre-configured algorithm to select one from the set of healthy servers. We will discuss these algorithms shortly.

#### Health Checks
Load balancers should only forward traffic to `healthy` backend servers. To monitor the health of a backend server, **health checks** regularly attempt to connect to backend servers to ensure that servers are listening. If a server fails a health check, it is automatically removed from the pool, and traffic will not be forwarded to it until it responds to the health checks again.

### Server-Selection Strategy

How a load balancer chooses servers when distributing traffic amongst multiple servers. Commonly used strategies include **round robin, random selection, performance-based selection** (choosing the server with the best performance metrics, like the fastest response time or the least amount of traffic), and **IP-based routing**.

There is a variety of load balancing methods, which use different algorithms for different needs.

* **Least Connection Method** — This method directs traffic to the server with the fewest active connections. This approach is quite useful when there are a large number of persistent client connections which are unevenly distributed between the servers.


* **Least Response Time Method** — This algorithm directs traffic to the server with the fewest active connections and the lowest average response time.


* **Least Bandwidth Method** - This method selects the server that is currently serving the least amount of traffic measured in megabits per second (Mbps).


* **Round Robin Method** — This method cycles through a list of servers and sends each new request to the next server. When it reaches the end of the list, it starts over at the beginning. It is most useful when the servers are of equal specification and there are not many persistent connections.


* **Weighted Round Robin Method** — The weighted round-robin scheduling is designed to better handle servers with different processing capacities. Each server is assigned a weight (an integer value that indicates the processing capacity). Servers with higher weights receive new connections before those with less weights and servers with higher weights get more connections than those with less weights.


* **IP Hash** — Under this method, a hash of the IP address of the client is calculated to redirect the request to a server.

### Hot Spot
When distributing a workload across a set of servers, that workload might be spread unevenly. This can happen if our **sharding key** or our **hashing function** are suboptimal, or if our workload is naturally skewed: some servers will receive a lot more traffic than others, thus creating a **hot spot**.

### Redundant Load Balancers
The load balancer can be a single point of failure; to overcome this, a second load balancer can be connected to the first to form a cluster. Each LB monitors the health of the other and, since both of them are equally capable of serving traffic and failure detection, in the event the main load balancer fails, the second load balancer takes over.

## Load Balancing and SSL

### SSL
**Secure Sockets Layer (SSL)** is the standard security technology for establishing an encrypted link between a web server and a browser. SSL traffic is often decrypted at the load balancer. When a load balancer decrypts traffic before passing the request on, it is called **SSL termination**. The load balancer saves the web servers from having to expend the extra CPU cycles required for decryption. This improves application performance.

However, SSL termination comes with a security concern. The traffic between the load balancers and the web servers is no longer encrypted. This can expose the application to possible attack. However, the risk is lessened when the load balancer is within the same data center as the web servers.

Another solution is the **SSL pass-through**. The load balancer merely passes an encrypted request to the web server. Then the web server does the decryption. This uses more CPU power on the web server. But organizations that require extra security may find the extra overhead worthwhile.

### Load Balancing and Security
Load Balancing plays an important security role as computing moves evermore to the cloud. The off-loading function of a load balancer defends an organization against **distributed denial-of-service (DDoS) attacks**. It does this by shifting attack traffic from the corporate server to a public cloud provider. DDoS attacks represent a large portion of cybercrime as their number and size continues to rise. Hardware defense, such as a perimeter firewall, can be costly and require significant maintenance. Software load balancers with cloud offload provide efficient and cost-effective protection.

### DNS Load Balancing vs Hardware Load Balancing
**DNS load balancing** is a software-defined approach to load balancing where client requests to a domain within the **Domain Name System (DNS)** are distributed across different server machines. The DNS system sends a different version of the list of IP addresses each time it responds to a new client request using the **round-robin method**, therefore distributing the DNS requests evenly to different servers to handle the overall load. This in turn provides DNS load balancing failover protection through automatic removal of non-responsive servers.

DNS load balancing differs from hardware load balancing in a few instances, although both can be a very effective solution for distributing traffic. One main advantage of DNS level load balancing is the scalability and price. A DNS load balancer distributes traffic to several different IP addresses, whereas the hardware solution uses a single IP address and splits traffic leading to it on multiple servers. As for pricing, hardware load balancers require a large upfront cost whereas DNS load balancers can be scaled as needed.


### Readings
* https://avinetworks.com/what-is-load-balancing/
* https://lethain.com/introduction-to-architecting-systems-for-scale/
* https://en.wikipedia.org/wiki/Load_balancing_(computing)

## Key-Value Stores

Data is stored in an array of **key-value pairs**. The `key` is an attribute name which is linked to a `value`. A **Key-Value Store** is a flexible NoSQL database that's often used for caching and dynamic configuration. Popular options include DynamoDB, Etcd, Redis, and Zookeeper.

### Etcd

Etcd is a strongly consistent and highly available key-value store that's often used to implement leader election in a system.

### Redis

An in-memory key-value store. Does offer some persistent storage options but is typically used as a really fast, best-effort caching solution. Redis is also often used to implement **rate limiting**.

### Zookeeper

Zookeeper is a strongly consistent, highly available key-value store. It's often used to store important configuration or to perform leader election.

## Specialized Storage Paradigms

### Blob Storage

Widely used kind of storage, in small and large scale systems. They don't really count as databases per se, partially because they only allow the user to store and retrieve data based on the name of the **blob**. This is sort of like a key-value store but usually blob stores have different guarantees. They might be slower than KV stores but values can be megabytes large (or sometimes gigabytes large). Usually people use this to store things like **large binaries, database snapshots, or images** and other **static assets** that a website might have.

Blob storage is rather complicated to have on premise, and only giant companies like Google and Amazon have infrastructure that supports it. For example, **GCS** or **S3**. These are blob storage services hosted by Google and Amazon respectively, that cost money depending on how much storage we use and how often we store and retrieve blobs from that storage.

### Time Series Database

A **TSDB** is a special kind of database optimized for storing and analyzing time-indexed data: data points that specifically occur at a given moment in time. Examples of TSDBS are **InfluxDB**, **Prometheus**, and **Graphite**.

### Document Databases
In these databases, data is stored in documents (instead of rows and columns in a table) and these documents are grouped together in collections. Each document can have an entirely different structure. Document databases include the **CouchDB** and **MongoDB**.

### Wide-Column Databases
Instead of ‘tables,’ in columnar databases we have column families, which are containers for rows. Unlike relational databases, we don’t need to know all the columns up front and each row doesn’t have to have the same number of columns. Columnar databases are best suited for analyzing large datasets - big names include **Cassandra** and **HBase**.

### Graph Database

A type of database that stores data following the graph data model. Data entries in a graph database can have explicitly defined **relationships**, much like nodes in a graph can have edges. Data is saved in graph structures with **nodes** (entities), **properties** (information about the entities), and **lines** (connections between the entities). Examples of graph database include **Neo4J** and **InfiniteGraph**.

Graph databases take advantage of their underlying graph structure to perform complex queries on deeply connected data very fast.

Graph databases are thus often preferred to relational databases when dealing with systems where data points naturally form a graph and have multiple levels of relationships. For example, social networks. 

### Cypher
A **graph query language** that was originally developed for the **Neo4j graph database**, but that has since been standardized to be used with other graph databases in an effort to make it the **SQL for graphs.**

Cypher queries are often much simpler than their SQL counterparts. Example Cypher query to find data in Neo4j, a popular graph database:

> MATCH (some_node:SomeLabel)-[:SOME RELATIONSHIP]->(some other_node: SomeLabel (some property: 'value' })

### Spatial Database

A type of database optimized for storing and querying spatial data like locations on a map. Spatial databases rely on spatial indexes like **quadtrees** to quickly perform spatial queries like finding all locations in the vicinity of a region.

### Quadtree

A tree data structure most commonly used to index two-dimensional spatial data. Each node in a quadtree has either zero children nodes and is therefore a leaf node) or exactly four children nodes.

Typically, quadtree nodes contain some form of spatial data-for example, locations on a map with a maximum capacity of some specified number **n**. So long as nodes aren't at capacity, they remain leaf nodes; once they reach capacity, they're given four children nodes, and their data entries are split across the four children nodes.

A quadtree lends itself well to storing spatial data because it can be represented as a **grid** filled with rectangles that are recursively subdivided into four sub-rectangles, where each quadtree node is represented by a **rectangle** and each rectangle represents a **spatial region**. Assuming we're storing locations in the world, we can imagine a quadtree with a maximum node-capacity n as follows:

* The **root node**, which represents the entire world, is the outermost rectangle.
* If the entire world has more than n locations, the outermost rectangle is divided into four quadrants, each representing a region of the world
* So long as a region has more than n locations, its corresponding rectangle is subdivided into four quadrants (the corresponding node in the quadtree is given four **children nodes**).
* Regions that have fewer than n locations are undivided rectangles (**leaf nodes**).
* The parts of the grid that have many subdivided rectangles represent densely populated areas (like cities), while the parts of the grid that have few subdivided rectangles represent sparsely populated areas (like rural areas).

Finding a given location in a perfect quadtree is an extremely fast operation that runs in **$log_{4}(x)$** time (where **x** is the total number of locations), since quadtree nodes have four children nodes.

### Google Cloud Storage

GCS is a blob storage service provided by Google.

### S3
S3 is a blob storage service provided by Amazon through Amazon Web Services (AWS).

### InfluxDB

A popular open-source time series database.

### Prometheus

A popular open-source time series database, typically used for monitoring purposes.

### Neo4j

A popular graph database that consists of nodes, relationships, properties, and labels.

### MongoDB

A NoSQL database with powerful querying through a JavaScript-like language. Consistency guarantees depend on the settings that the database is setup with.

## Distributed Systems

A **distributed system** is a system whose components are located on different networked computers, which communicate and coordinate their actions by passing messages to one another from any system. The components interact with one another in order to achieve a common goal. Key characteristics of a distributed system include Scalability, Reliability, Availability, Efficiency, and Manageability.

<img src='imgs/distributed_system.png' alt='vshs' width=500 height=500>

### Scalability
**Scalability** is the capability of a system, process, or a network to grow and manage increased demand. Any distributed system that can continuously evolve in order to support the growing amount of work is considered to be scalable.

A system may have to scale because of many reasons like increased data volume or increased amount of work, e.g., number of transactions. A scalable system would like to achieve this scaling without performance loss.

Generally, the performance of a system, although designed (or claimed) to be scalable, declines with the system size due to the management or environment cost. For instance, network speed may become slower because machines tend to be far apart from one another. More generally, some tasks may not be distributed, either because of their inherent atomic nature or because of some flaw in the system design. At some point, such tasks would limit the speed-up obtained by distribution. A scalable architecture avoids this situation and attempts to balance the load on all the participating nodes evenly.

### Horizontal vs. Vertical Scaling
**Horizontal scaling** means that we scale by adding more servers into our pool of resources whereas **Vertical scaling** means that we scale by adding more power (CPU, RAM, Storage, etc.) to an existing server.

With horizontal-scaling it is often easier to scale dynamically by adding more machines into the existing pool; Vertical-scaling is usually limited to the capacity of a single server and scaling beyond that capacity often involves downtime and comes with an upper limit.

Good examples of horizontal scaling are **Cassandra** and **MongoDB** as they both provide an easy way to scale horizontally by adding more machines to meet growing needs. Similarly, a good example of vertical scaling is **MySQL** as it allows for an easy way to scale vertically by switching from smaller to bigger machines. However, this process often involves downtime.

<img src='imgs/vshs.png' alt='vshs' width=400 height=400>

### Reliability
**Reliability** is the probability a system will fail in a given period. In simple terms, a distributed system is considered reliable if it keeps delivering its services even when one or several of its software or hardware components fail. Reliability represents one of the main characteristics of any distributed system, since in such systems any failing machine can always be replaced by another healthy one, ensuring the completion of the requested task.

Take the example of a large electronic commerce store (like Amazon), where one of the primary requirement is that any user transaction should never be canceled due to a failure of the machine that is running that transaction. For instance, if a user has added an item to their shopping cart, the system is expected not to lose it. A reliable distributed system achieves this through redundancy of both the software components and data. If the server carrying the user’s shopping cart fails, another server that has the exact replica of the shopping cart should replace it.

Obviously, redundancy has a cost and a reliable system has to pay that to achieve such resilience for services by eliminating every single point of failure.


### Availability
**Availability** is the time a system remains operational to perform its required function in a specific period. It is a simple measure of the percentage of time that a system, service, or a machine remains operational under normal conditions. An aircraft that can be flown for many hours a month without much downtime can be said to have a high availability. Availability takes into account maintainability, repair time, spares availability, and other logistics considerations. If an aircraft is down for maintenance, it is considered not available during that time.

Reliability is availability over time considering the full range of possible real-world conditions that can occur. An aircraft that can make it through any possible weather safely is more reliable than one that has vulnerabilities to possible conditions.

### Reliability Vs. Availability
If a system is reliable, it is available. However, if it is available, it is not necessarily reliable. In other words, high reliability contributes to high availability, but it is possible to achieve a high availability even with an unreliable product by minimizing repair time and ensuring that spares are always available when they are needed. 

Let’s take the example of an online retail store that has 99.99% availability for the first two years after its launch. However, the system was launched without any information security testing. The customers are happy with the system, but they don’t realize that it isn’t very reliable as it is vulnerable to likely risks. In the third year, the system experiences a series of information security incidents that suddenly result in extremely low availability for extended periods of time. This results in reputational and financial damage to the customers.


### Efficiency 
To understand how to measure the **efficiency** of a distributed system, let’s assume we have an operation that runs in a distributed manner and delivers a set of items as result. Two standard measures of its efficiency are the **response time** (or **latency**) that denotes the delay to obtain the first item and the **throughput** (or **bandwidth**) which denotes the number of items delivered in a given time unit (e.g., a second). The two measures correspond to the following unit costs:
- Number of messages globally sent by the nodes of the system regardless of the message size.
- Size of messages representing the volume of data exchanges.

The complexity of operations supported by distributed data structures (e.g., searching for a specific key in a distributed index) can be characterized as a function of one of these cost units. Generally speaking, the analysis of a distributed structure in terms of ‘number of messages’ is over-simplistic. It ignores the impact of many aspects, including the network topology, the network load, and its variation, the possible heterogeneity of the software and hardware components involved in data processing and routing, etc. However, it is quite difficult to develop a precise cost model that would accurately take into account all these performance factors; therefore, we have to live with rough but robust estimates of the system behavior.

### Serviceability or Manageability
Another important consideration while designing a distributed system is how easy it is to operate and maintain. **Serviceability** or **manageability** is the simplicity andpeed with which a system can be repaired or maintained; if the time to fix a failed system increases, then availability wil sl decrease. Things to consider for manageability are the ease of diagnosing and understanding problems when they occur, ease of making updates or modifications, and how simple the system is to operate (i.e., does it routinely operate without failure or exceptions?).

Early detection of faults can decrease or avoid system downtime. For example, some enterprise systems can automatically call a service center (without human intervention) when the system experiences a system fault.

### Virtual Machine

A **VM** is a form of computer inside of a computer. It is a program that we run on a machine that completely emulates a new **kernel** and **operating system**. Very useful when isolating programs from one another while having them share the same physical machine.

### Worker Pool Pattern

Similar to the **Task Queue Pattern**. In this design, a pool of **workers**, usually themselves servers, take tasks off of a single shared queue and process those tasks independently. In order to ensure that every task gets done at least once despite potential partitions between queue and workers, the workers must confirm the status of the task after it is done (usually **success** or **failure**).

## CAP theorem

In **distributed systems**, different types of failures can occur, e.g., servers can crash or fail permanently, disks can go bad resulting in data losses, or network connection can be lost, making a part of the system inaccessible. How can a distributed system model itself to get the maximum benefits out of different resources available?

**CAP theorem** states that it is impossible for a distributed system to simultaneously provide all three of the following desirable properties:

* **Consistency ( C )**: All nodes see the same data at the same time. It is equivalent to having a single up-to-date copy of the data.

* **Availability ( A )**: Every request received by a non-failing node in the system must result in a response. Even when severe network failures occur, every request must terminate.

* **Partition tolerance ( P )**: A partition-tolerant system continues to operate despite partial system failure or arbitrary message loss. Such a system can sustain any network failure that does not result in a failure of the entire network. Data is sufficiently replicated across combinations of nodes and networks to keep the system up through intermittent outages.

According to the CAP theorem, any distributed system needs to pick two out of the three properties. The three options are **CA**, **CP**, and **AP**. However, CA is not really a coherent option, as a system that is not partition-tolerant will be forced to give up either Consistency or Availability in the case of a network partition. Therefore, the theorem can really be stated as: In the presence of a network partition, a distributed system must choose either **Consistency** or **Availability**.

One thing to keep in mind is that some levels of consistency are still achievable with high availability, but strong consistency is much harder.

<img src='imgs/cap.png' alt='cap' width=300 height=500>

We cannot build a general data store that is continually available, sequentially consistent, and tolerant to any partition failures. We can only build a system that has any two of these three properties. Because, to be consistent, all nodes should see the same set of updates in the same order. But if the network loses a partition, updates in one partition might not make it to the other partitions before a client reads from the out-of-date partition after having read from the up-to-date one. The only thing that can be done to cope with this possibility is to stop serving requests from the out-of-date partition, but then the service is no longer 100% available.

## PACELC Theorem

We cannot avoid **partition** in a distributed system, therefore, according to the CAP theorem, a distributed system should choose between consistency or availability. **ACID (Atomicity, Consistency, Isolation, Durability) databases chose consistency** (refuse response if it cannot check with peers), while **BASE (Basically Available, Soft-state, Eventually consistent) databases chose availability** (respond with local data without ensuring it is the latest with its peers). One place where the CAP theorem is silent is what happens when there is no network partition? What choices does a distributed system have when there is no partition?

The **PACELC theorem** states that in a system that replicates data:
* if there is a **partition** `P`, a distributed system can tradeoff between **availability** and **consistency** (i.e., `A` and `C`);
* else `E`, when the system is running normally in the absence of partitions, the system can tradeoff between **latency** `L` and **consistency** `C`.

The first part of the theorem **PAC** is the same as the **CAP theorem**, and the **ELC** is the **extension**. The whole thesis is assuming we maintain high availability by replication. So, when there is a failure, CAP theorem prevails. But if not, we still have to consider the tradeoff between consistency and latency of a replicated system.

Some Examples are:
* **Dynamo** and **Cassandra** are **PA/EL** systems: They choose availability over consistency when a partition occurs; otherwise, they choose lower latency.
* **BigTable** and **HBase** are **PC/EC** systems: They will always choose consistency, giving up availability and lower latency.
* **MongoDB** is **PA/EC**: In case of a network partition, it chooses availability, but otherwise guarantees consistency.

## Data partitioning

**Data partitioning** is a technique to break up a big database (DB) into many smaller parts. It is the process of splitting up a DB/table across multiple machines to improve the manageability, performance, availability, and load balancing of an application. The justification for data partitioning is that, after a certain scale point, it is cheaper and more feasible to scale horizontally by adding more machines than to grow it vertically by adding beefier servers.

### Partitioning Methods
There are many different schemes one could use to decide how to break up an application database into multiple smaller DBs. Below are three of the most popular schemes used by various large scale applications.

**Horizontal partitioning**: In this scheme, we put different rows into different tables. For example, if we are storing different places in a table, we can decide that locations with ZIP codes less than 10000 are stored in one table and places with ZIP codes greater than 10000 are stored in a separate table. This is also called a **range based partitioning** as we are storing different ranges of data in separate tables. Horizontal partitioning is also called as **Data Sharding**.

The key problem with this approach is that if the value whose range is used for partitioning isn’t chosen carefully, then the partitioning scheme will lead to unbalanced servers. In the previous example, splitting location based on their zip codes assumes that places will be evenly distributed across the different zip codes. This assumption is not valid as there will be a lot of places in a thickly populated area like Manhattan as compared to its suburb cities.

**Vertical Partitioning**: In this scheme, we divide our data to store tables related to a specific feature in their own server. For example, if we are building Instagram like application - where we need to store data related to users, photos they upload, and people they follow - we can decide to place user profile information on one DB server, friend lists on another, and photos on a third server.

Vertical partitioning is straightforward to implement and has a low impact on the application. The main problem with this approach is that if our application experiences additional growth, then it may be necessary to further partition a feature specific DB across various servers (e.g. it would not be possible for a single server to handle all the metadata queries for 10 billion photos by 140 million users).

**Directory Based Partitioning**: A loosely coupled approach to work around issues mentioned in the above schemes is to create a lookup service which knows our current partitioning scheme and abstracts it away from the DB access code. So, to find out where a particular data entity resides, we query the directory server that holds the mapping between each tuple key to its DB server. This loosely coupled approach means we can perform tasks like adding servers to the DB pool or changing our partitioning scheme without having an impact on the application.

### Partitioning Criteria
**Key or Hash-based partitioning**: Under this scheme, we apply a hash function to some key attributes of the entity we are storing; that yields the partition number. For example, if we have `100 DB servers` and our `ID` is a numeric value that gets incremented by one each time a new record is inserted. In this example, the hash function could be `ID % 100`, which will give us the server number where we can store/read that record. This approach should ensure a uniform allocation of data among servers. The fundamental problem with this approach is that it effectively fixes the total number of DB servers, since adding new servers means changing the hash function which would require redistribution of data and downtime for the service. A workaround for this problem is to use **Consistent Hashing**.

**List partitioning**: In this scheme, each partition is assigned a list of values, so whenever we want to insert a new record, we will see which partition contains our key and then store it there. For example, we can decide all users living in Iceland, Norway, Sweden, Finland, or Denmark will be stored in a partition for the Nordic countries.

**Round-robin partitioning**: This is a very simple strategy that ensures uniform data distribution. With `n` partitions, the `i` tuple is assigned to partition (`i mod n`).

**Composite partitioning**: Under this scheme, we combine any of the above partitioning schemes to devise a new scheme. For example, first applying a list partitioning scheme and then a hash based partitioning. Consistent hashing could be considered a composite of hash and list partitioning where the hash reduces the key space to a size that can be listed.

### Common Problems of Data Partitioning
On a partitioned database, there are certain extra constraints on the different operations that can be performed. Most of these constraints are due to the fact that operations across multiple tables or multiple rows in the same table will no longer run on the same server. Below are some of the constraints and additional complexities introduced by partitioning:

**Joins and Denormalization**: Performing joins on a database which is running on one server is straightforward, but once a database is partitioned and spread across multiple machines it is often not feasible to perform joins that span database partitions. Such joins will not be performance efficient since data has to be compiled from multiple servers. A common workaround for this problem is to denormalize the database so that queries that previously required joins can be performed from a single table. Of course, the service now has to deal with all the perils of denormalization such as data inconsistency.

**Referential integrity**: Performing a cross-partition query on a partitioned database is not feasible, similarly, trying to enforce data integrity constraints such as foreign keys in a partitioned database can be extremely difficult.

Most of RDBMS do not support foreign keys constraints across databases on different database servers. Which means that applications that require referential integrity on partitioned databases often have to enforce it in application code. Often in such cases, applications have to run regular SQL jobs to clean up dangling references.

**Rebalancing**: There could be many reasons we have to change our partitioning scheme:
* The data distribution is not uniform, e.g., there are a lot of places for a particular ZIP code that cannot fit into one database partition.
* There is a lot of load on a partition, e.g., there are too many requests being handled by the DB partition dedicated to user photos.
In such cases, either we have to create more DB partitions or have to rebalance existing partitions, which means the partitioning scheme changed and all existing data moved to new locations. Doing this without incurring downtime is extremely difficult. Using a scheme like directory based partitioning does make rebalancing a more palatable experience at the cost of increasing the complexity of the system and creating a new single point of failure (i.e. the lookup service/database).

## Consistent Hashing using Virtual Nodes in Distributed systems

A naive approach will use a suitable hash function to map the data key to a number. Then, find the server by applying modulo on this number and the total number of servers. For example:

<img src='imgs/ch1.png' alt='ch1' width=400 height=500>

The scheme described in the above diagram solves the problem of finding a server for storing/retrieving the data. But when we add or remove a server, all our existing mappings will be broken. This is because the total number of servers will be changed, which was used to find the actual server storing the data. So to get things working again, we have to **remap all the keys** and move our data based on the new server count, which will be a **complete mess!**

Distributed systems can use Consistent Hashing to distribute data across nodes. Consistent Hashing maps data to physical nodes and ensures that **only a small set of keys move when servers are added or removed**.

Consistent Hashing stores the data managed by a distributed system in a ring. Each node in the ring is assigned a range of data. Here is an example of the **consistent hash ring**:

<img src='imgs/ch2.png' alt='ch2' width=500 height=500>

With consistent hashing, the ring is divided into smaller, predefined ranges. Each node is assigned one of these ranges. The start of the range is called a **token**. This means that each node will be assigned one token. The range assigned to each node is computed as follows:

* **Range start**:  Token value
* **Range end**:    Next token value - 1

Here are the tokens and data ranges of the four nodes described in the above diagram:

<img src='imgs/ch3.png' alt='ch3' width=300 height=500>

Whenever the system needs to read or write data, the first step it performs is to apply the **MD5 hashing algorithm** to the key. The output of this hashing algorithm determines within which range the data lies and hence, on which node the data will be stored. As we saw above, each node is supposed to store data for a fixed range. Thus, the hash generated from the key tells us the node where the data will be stored.

<img src='imgs/ch4.png' alt='ch4' width=900 height=500>

The Consistent Hashing scheme described above works great when a node is added or removed from the ring, as in these cases, since only the next node is affected. For example, when a node is removed, the next node becomes responsible for all of the keys stored on the outgoing node. However, this scheme can result in **non-uniform data and load distribution**. This problem can be solved with the help of **Virtual nodes**.

### Virtual nodes
Adding and removing nodes in any distributed system is quite common. Existing nodes can die and may need to be decommissioned. Similarly, new nodes may be added to an existing cluster to meet growing demands. To efficiently handle these scenarios, Consistent Hashing makes use of **virtual nodes** (or **Vnodes**).

As we saw above, the basic Consistent Hashing algorithm assigns a single token (or a consecutive hash range) to each physical node. This was a static division of ranges that requires calculating tokens based on a given number of nodes. This scheme made adding or replacing a node an expensive operation, as, in this case, we would like to rebalance and distribute the data to all other nodes, resulting in moving a lot of data. Here are a few potential issues associated with a manual and fixed division of the ranges:
* **Adding or removing nodes**: Adding or removing nodes will result in recomputing the tokens causing a significant administrative overhead for a large cluster.
* **Hotspots**: Since each node is assigned one large range, if the data is not evenly distributed, some nodes can become hotspots.
* **Node rebuilding**: Since each node’s data might be replicated (for fault-tolerance) on a fixed number of other nodes, when we need to rebuild a node, only its replica nodes can provide the data. This puts a lot of pressure on the replica nodes and can lead to service degradation.

To handle these issues, Consistent Hashing introduces a new scheme of distributing the tokens to physical nodes. Instead of assigning a single token to a node, the hash range is divided into multiple smaller ranges, and each physical node is assigned several of these smaller ranges. Each of these subranges is considered a **Vnode**. With Vnodes, instead of a node being responsible for just one token, it is responsible for many tokens (or subranges).

<img src='imgs/vn1.png' alt='vn1' width=600 height=500>

Practically, Vnodes are randomly distributed across the cluster and are generally non-contiguous so that no two neighboring Vnodes are assigned to the same physical node or rack. Additionally, nodes do carry replicas of other nodes for **fault tolerance**. Also, since there can be heterogeneous machines in the clusters, some servers might hold more Vnodes than others. The figure below shows how physical nodes A, B, C, D, & E use Vnodes of the Consistent Hash ring. Each physical node is assigned a set of Vnodes and each Vnode is replicated once.

<img src='imgs/vn2.png' alt='vn2' width=500 height=500>

Vnodes gives the following advantages:
* As Vnodes help spread the load more evenly across the physical nodes on the cluster by dividing the hash ranges into smaller subranges, this **speeds up the rebalancing process** after adding or removing nodes. When a new node is added, it receives many Vnodes from the existing nodes to maintain a balanced cluster. Similarly, when a node needs to be rebuilt, instead of getting data from a fixed number of replicas, many nodes participate in the rebuild process.
* Vnodes make it easier to maintain a cluster containing heterogeneous machines. This means, with Vnodes, we can assign a high number of sub-ranges to a powerful server and a lower number of sub-ranges to a less powerful server.
* In contrast to one big range, since Vnodes help assign smaller ranges to each physical node, this decreases the probability of hotspots.

### Data replication using Consistent Hashing
To ensure highly available and durability, Consistent Hashing replicates each data item on multiple `N` nodes in the system where the value `N` is equivalent to the **replication factor**.

The replication factor is the number of nodes that will receive the copy of the same data. For example, a replication factor of two means there are two copies of each data item, where each copy is stored on a different node.

Each key is assigned to a **coordinator node** (generally the first node that falls in the hash range), which first stores the data locally and then replicates it to `N−1` clockwise **successor nodes** on the ring. This results in each node owning the region on the ring between it and its `Nth` predecessor. In an **eventually consistent system**, this replication is done **asynchronously** (in the background).

In eventually consistent systems, copies of data don’t always have to be identical as long as they are designed to eventually become consistent. **In distributed systems, eventual consistency is used to achieve high availability**.

<img src='imgs/ch5.png' alt='ch5' width=500 height=500>

Consistent Hashing helps with efficiently partitioning and replicating data; therefore, any distributed system that needs to scale up or down or wants to achieve high availability through data replication can utilize Consistent Hashing. A few such examples could be:
* Any system working with a set of storage (or database) servers and needs to scale up or down based on the usage, e.g., the system could need more storage during Christmas because of high traffic.
* Any distributed system that needs dynamic adjustment of its cache usage by adding or removing cache servers based on the traffic load.
* Any system that wants to replicate its data shards to achieve high availability.

**Amazon’s Dynamo** and **Apache Cassandra** use Consistent Hashing to distribute and replicate data across nodes.

## Leader Election

The process by which nodes in a cluster (for instance, servers in a set of servers) elect a so-called **leader** amongst them, responsible for the primary operations of the service that these nodes support. When correctly implemented, **leader election** guarantees that all nodes in the cluster know which one is the leader at any given time and can elect a new leader if the leader dies for whatever reason.

### Consensus Algorithm
A type of complex algorithms used to have multiple entities agree on a single data value, like who the `leader` is amongst a group of machines. Two popular consensus algorithms are **Paxos** and **Raft**.

### Paxos & Raft
Two consensus algorithms that, when implemented correctly, allow for the **synchronization** of certain operations, even in a distributed setting.

## Peer-To-Peer Networks

A collection of machines referred to as **peers** that divide a workload between themselves to presumably complete the workload faster than would otherwise be possible. Peer-to-peer networks are often used in file-distribution systems.

### Gossip Protocol

When a set of machines talk to each other in a uncoordinated manner in a cluster to spread information through a system without requiring a central source of data.

## Polling And Streaming

### Polling

The act of fetching a resource or piece of data regularly at an interval to make sure our data is not too stale.

### Streaming

In networking, it usually refers to the act of continuously getting a feed of information from a server by keeping an open connection between the two machines or processes.

## Configuration

A set of parameters or constants that are critical to a system. Configuration is typically written in **JSON** or **YAML** and can be either **static**, meaning that it's hard-coded in and shipped with our system's application code (like frontend code, for instance), or **dynamic**, meaning that it lives outside of our system's application code.

### JSON

A file format heavily used in APIs and configuration. Stands for **JavaScript Object Notation**. Example:
```json
{
"version": 1.0,
"name": "System Design"
}
```

### YAML

A file format mostly used in configuration. Example:

```yaml
version: 1.0
name: System Design
```

## Rate Limiting

The act of limiting the number of requests sent to or from a system. **Rate limiting** is most often used to limit the number of incoming requests in order to prevent **DoS attacks** and can be enforced at the IP-address level, at the user-account level, or at the region level. Rate limiting can also be implemented in tiers; for instance, a type of network request could be limited to 1 per second, 5 per 10 seconds, and 10 per minute.

### DoS Attack
Short for **denial-of-service attack**, a DoS attack is an attack in which a malicious user tries to bring down or damage a system in order to render it unavailable to users. Much of the time, it consists of flooding it with traffic. Some DoS attacks are easily preventable with rate limiting, while others can be far trickier to defend against.

### DDoS Attack
Short for **distributed denial-of-service attack**, a DDoS attack is a DoS attack in which the traffic flooding the target system comes from many different sources (like thousands of machines), making it much harder to defend against.

## Logging And Monitoring

### Logging

The act of collecting and storing logs--useful information about events in our system. Typically our programs will output log messages to its STDOUT or STDERR pipes, which will automatically get aggregated into a **centralized logging solution**.

### Monitoring

The process of having visibility into a system's key metrics, monitoring is typically implemented by collecting important events in a system and aggregating them in human-readable charts.

### Alerting

The process through which system administrators get notified critical system issues occur. Alerting can be set up by defining specific thresholds on monitoring charts, past which alerts are sent to a communication channel like Slack,

## Publish/Subscribe Pattern

Often shortened as **Pub/Sub**, the Publish/Subscribe pattern is a popular messaging model that consists of publishers and subscribers. **Publishers** publish messages to special **topics** (sometimes called **channels**) without caring about or even knowing who will read those messages, and **subscribers** subscribe to topics and read messages coming through those topics.

Pub/Sub systems often come with very powerful guarantees like at-least-once delivery, persistent storage, ordering of messages, and replayability of messages.

### Idempotent Operation

An operation that has the same ultimate outcome regardless of how many times it's performed. If an operation can be performed multiple times without changing its overall effect, it's idempotent. Operations performed through a Pub/Sub messaging system typically have to be idempotent, since Pub/Sub systems tend to allow the same messages to be consumed multiple times.

For example, increasing an integer value in a database is not an idempotent operation, since repeating this operation will not have the same effect as if it had been performed only once. Conversely, setting a value to `COMPLETE` is an idempotent operation, since repeating this operation will always yield the same result: the value will be `COMPLETE`.

### Apache Kafka

A distributed messaging system created by LinkedIn. Very useful when using the **streaming** paradigm as opposed to **polling**.

### Cloud Pub/Sub

A highly-scalable Pub/Sub messaging service created by Google. Guarantees at-least-once delivery of messages and supports `rewinding` in order to reprocess messages.

## MapReduce

### File System

An abstraction over a storage medium that defines how to manage data. While there exist many different types of file systems, most follow a **hierarchical structure** that consists of directories and files, like the Unix file system's structure.

### MapReduce

A popular framework for processing very large datasets in a distributed setting efficiently, quickly, and in a fault-tolerant manner. A MapReduce job is comprised of 3 main steps:

* the **Map** step, which runs a **map function** on the various chunks of the dataset and transforms these chunks into intermediate **key-value pairs**.
* the **Shuffle** step, which reorganizes the intermediate key-value pairs such that pairs of the same key are routed to the same machine in the final step.
* the **Reduce** step, which runs a **reduce function** on the newly shuffled key-value pairs and transforms them into more meaningful data.

The canonical example of a MapReduce use case is counting the number of occurrences of words in a large text file.

When dealing with a MapReduce library, engineers and/or systems administrators only need to worry about the map and reduce functions, as well as their inputs and outputs. All other concerns, including the parallelization of tasks and the fault-tolerance of the MapReduce job, are abstracted away and taken care of by the MapReduce implementation.

### Distributed File System

A Distributed File System is an abstraction over a (usually large) cluster of machines that allows them to act like one large file system. The two most popular implementations of a DFS are the **Google File System** (**GFS**) and the **Hadoop Distributed File System** (**HDFS**).

Typically, DFSS take care of the classic availability and replication guarantees that can be tricky to obtain in a distributed-system setting. The overarching idea is that files are split into **chunks** of a certain size (4MB ar 64MB, for instance), and those chunks are **sharded** across a large cluster of machines, A **central control plane** is in charge of deciding where each chunk resides, routing reads to the right nodes, and handling communication between machines

Different DFS implementations have slightly different APIs and semantics, but they achieve the same common goal: extremely large scale persistent storage.

### Hadoop

A popular, open-source framework that supports MapReduce jobs and many other kinds of data-processing pipelines. Its central component is **HDFS** (**Hadoop Distributed File System**), on top of which other technologies have been developed.

## Security And HTTPS

### Man-In-The-Middle Attack

An attack in which the attacker intercepts a line of communication that is thought to be private by its two communicating parties. If a malicious actor intercepted and mutated an IP packet on its way from a client to a server, that would be a man-in-the-middle attack.

**MITM attacks** are the primary threat that encryption and HTTPS aim to defend against.

### Symmetric Encryption

A type of encryption that relies on only a **single key** to both encrypt and decrypt data. The key must be known to all parties involved in communication and must therefore typically be shared between the parties at one point or another.

**Symmetric-key algorithms** tend to be faster than their asymmetric counterparts.

The most widely used symmetric-key algorithms are part of the **Advanced Encryption Standard** (**AES**).

### Asymmetric Encryption

Also known as **public-key encryption**, asymmetric encryption relies on **two keys** -a **public key** and a **private key** -to encrypt and decrypt data. The keys are generated using **cryptographic algorithms** and are mathematically connected such that data encrypted with the public key can only be decrypted with the private key.

While the private key must be kept secure to maintain the fidelity of this encryption paradigm, the public key can be openly shared. Asymmetric-key algorithms tend to be slower than their symmetric counterparts:

### AES

Stands for **Advanced Encryption Standard**, **AES** is a widely used encryption standard that has three symmetric-key algorithms (AES-128, AES-192, and AES-256).

Of note, AES is considered to be the `gold standard` in encryption and is even used by the U.S. National Security Agency to encrypt top secret information.

### HTTPS

The **HyperText Transfer Protocol Secure** is an extension of **HTTP** that's used for secure communication online. It requires servers to have **trusted certificates** (usually **SSL certificates**) and uses the **Transport Layer Security** (**TLS**), a security protocol built on top of **TCP**, to encrypt data communicated between a client and a server.

### TLS

The **Transport Layer Security** is a security protocol over which HTTP runs in order to achieve secure communication online. `HTTP over TLS` is also known as **HTTPS**.

### SSL Certificate

A digital certificate granted to a server by a **certificate authority**. Contains the server's public key, to be used as part of the **TLS handshake** process in an **HTTPS** connection.

An SSL certificate effectively confirms that a public key belongs to the server claiming it belongs to them. SSL certificates are a crucial defense against **man-in-the-middle attacks**.

### Certificate Authority

A trusted entity that signs digital certificates- namely, SSL certificates that are relied on in **HTTPS** connections.

### TLS Handshake

The process through which a client and a server communicating over **HTTPS** exchange encryption-related information and establish a secure communication. The typical steps in a TLS handshake are roughly as follows:

* The client sends a **client hello** -a string of random bytes-to the server.

* The server responds with a **server hello** -another string of random bytes-as well as its **SSL certificate**, which contains its **public key**.

* The client verifies that the certificate was issued by a **certificate authority** and sends a **premaster secret** -yet another string of random bytes, this time encrypted with the server's public key-to the server.

* The client and the server use the client hello, the server hello, and the premaster secret to then generate the **same symmetric encryption** session keys, to be used to encrypt and decrypt all data communicated during the remainder of the connection.

## API and SDK

Consider an analogy, SDK represents the entire house: all of the rooms, furniture, telephone lines, and other components. An API represents just the telephone lines that allow communication in and out of the house. A house needs telephone lines to communicate in and out and one house can have multiple telephone lines. A telephone line doesn’t need a house. 

### API
**Application Program Interface** (**API**) is the engine under the hood that allows us to interact with external services using simple commands. API allows us to add specific functionalities to our application. In simple language, API is the messenger that takes requests, tells a system what we want to do, and then returns the response back to us. API’s help software engineers by preventing us from reinventing the wheel.

### SDK
**Software Development Kits** (**SDK**) is a set of tools, guidelines, and programs used to develop applications for a specific program. SDK is basically like a toolbox that calls an API for us. SDK’s can use one or many APIs, libraries, and other utilities. Companies make SDK’s available to developers in order for the developer to integrate with their services much easier. In some situations, it’s critical to use an SDK. For instance, if we want to develop an iOS application, we need the iOS SDK.

<div class="alert alert-info">
In coding language, if an <b>SDK</b> is used for the application, it includes an <b>API</b> but if API is used for communication, it doesn’t include SDK. <b>SDK</b> is a kit that includes instructions that allow developers to create systems and <b>API</b> is purpose build for express use.
</div>

## API Design

### ACL

Short for **Access-Control List**. This term is often used to refer to a permissioning model: which users in a system can perform which operations. For instance, APIs often come with ACLs defining which users can delete, edit, or view certain entities.

### Pagination

When a network request potentially warrants a really large response, the relevant API might be designed to return only a **single page** of that response (i.e., a limited portion of the response), accompanied by an identifier or token for the client to request the next page if desired.

Pagination is often used when designing **List** endpoints. For instance, an endpoint to list videos on the YouTube Trending page could return a huge list of videos. This wouldn't perform very well on mobile devices due to the lower network speeds and simply wouldn't be optimal, since most users will only ever scroll through the first ten or twenty videos. So, the API could be designed to respond with only the first few videos of that list; in this case, we would say that the API response is **paginated**.

### CRUD Operations

Stands for **Create, Read, Update, Delete Operations**. These four operations often serve as the bedrock of a functioning system and therefore find themselves at the core of many APIs.

## Microservice and Monolith Architecture

### Microservice Architecture

When a system is made up of many small web services that can be compiled and deployed independently. This is usually thought of as a counterpart of **monoliths**.

### Monolith Architecture

When a system is primarily made up of a single large web application that is compiled and rolled out as a unit. Typically a counterpart of **microservices**. Companies sometimes try to split up this monolith into microservices once it reaches a very large size in an attempt to increase **developer productivity**.

## Readings

* https://levelup.gitconnected.com/how-to-design-a-system-to-scale-to-your-first-100-million-users-4450a2f9703d
* https://github.com/madd86/awesome-system-design