Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Per Partition Circuit Breaker #40302

Draft
wants to merge 81 commits into
base: main
Choose a base branch
from
Draft

Per Partition Circuit Breaker #40302

wants to merge 81 commits into from

Conversation

tvaron3
Copy link
Member

@tvaron3 tvaron3 commented Mar 31, 2025
edited
Loading

Problem

There are certain issues that hard to diagnose from the client side if these are transient or if they are terminal availability issues. These could be network issues, partition upgrades, partition migrations, etc. For these issues, the sdk would retry the requests on another region, but would never mark the region as unavailable unless the failures were seen in the sdk health check.

Goal

Per partition circuit breaker is meant to lower the granularity down of a failover to the partition level for 408, 5xx status codes and connection issues. The sdk should also now not only failover the requests but mark the partition as unavailable. This should prevent future requests for a time period from trying on the affected partition.

Solution

Scope

Per partition circuit breaker is applicable for

  • any consistency level
  • document operations
  • single write region accounts with multiple read regions
  • multiple write region accounts

New State

Partitions will now have 4 health states tracked by a new class ParitionHealthTracker. The failure rate and consecutive failures will be tracked for partition. These will be tracked for one minute and then reset for a partition. Once the partition reaches a threshold it will be marked as unavailable. Requests will not be routed to partitions marked as unhealthy or unhealthy tentative for a region. The unavailable regions will be appended to the excluded locations from the user.

stateDiagram
   state "Healthy" as Healthy
   state "Unhealthy" as Unhealthy
   state "Healthy Tentative" as HealthyTentative
   state "Unhealthy Tentative" as UnhealthyTentative
   Start --> Healthy
   Healthy --> UnhealthyTentative : Failure breaking threshold
   HealthyTentative --> Healthy : Success
   HealthyTentative --> Unhealthy : Failure
   UnhealthyTentative --> HealthyTentative: After 60s (configurable)
   Unhealthy --> HealthyTentative : After 120s (configurable)
Loading

Service request errors will be more aggressive in marking a partition as unavailable for a region. For service request errors, the request did not reach the service. Previous sdk behavior would retry three times in region and then mark the region as unavailable. Now the sdk will do three in region retries and mark the partition as unavailable for the region. Service request errors will still be used for failure tracking as well.

New Environment Variables

"AZURE_COSMOS_ENABLE_CIRCUIT_BREAKER": Default will be false.
"AZURE_COSMOS_CONSECUTIVE_ERROR_COUNT_TOLERATED_FOR_READ": Default will be 10 errors.
"AZURE_COSMOS_CONSECUTIVE_ERROR_COUNT_TOLERATED_FOR_WRITE": Default will be 5 errors.
"AZURE_COSMOS_FAILURE_PERCENTAGE_TOLERATED": Default would be 90 percent.
"AZURE_COSMOS_STALE_PARTITION_UNAVAILABILITY_CHECK_IN_SECONDS" = Defaul will 120 seconds.

Other Implementations

Azure/azure-sdk-for-java#39265
Azure/azure-cosmos-dotnet-v3#5023

Still to be done

  • live testing with multi write region account
  • fault injection testing
  • sync version
  • perf testing

Relevant Issue

#39687

tvaron3 and others added 28 commits February 5, 2025 19:03
@tvaron3
change default read timeout
ff20cf9
@tvaron3
fix tests
40e43c4
@tvaron3
Merge branch 'main' of https://github.com/Azure/azure-sdk-for-python
faf6c27 
…into tvaron3/readtimeout
@tvaron3
Add read timeout tests for database account calls
aefe30b
@tvaron3
fix timeout retry policy
9a234f8
@kushagraThapar
Fixed the timeout logic
8859c9f
@kushagraThapar
Merge pull request #2 from tvaron3/tvaron3/readTimeout
8b166fc 
Fixed the timeout logic
@kushagraThapar
Fixed the timeout retry policy
ac78da9
@kushagraThapar
Merge pull request #3 from tvaron3/readtimeout
e8bc02e 
Fixed the timeout retry policy
@tvaron3
Mock tests for timeout and failover retry policy
09aac90
@FabianMeiswinkel
Merge branch 'tvaron3/readtimeout' of https://github.com/tvaron3/azur…
48a20fa 
…e-sdk-for-python into users/fabianm/tests
@FabianMeiswinkel
Create test_dummy.py
f22e7d2
@FabianMeiswinkel
Update test_dummy.py
dd8a466
@FabianMeiswinkel
Update test_dummy.py
8ac11c5
@FabianMeiswinkel
Update test_dummy.py
b53e2e9
@FabianMeiswinkel
Iterating on fault injection tooling
973ec44
@FabianMeiswinkel
Merge branch 'main' of https://github.com/Azure/azure-sdk-for-python
f25af53 
…into users/fabianm/tests
@FabianMeiswinkel
Refactoring to have FaultInjectionTransport in its own file
5d72848
@FabianMeiswinkel
Update test_dummy.py
8c9aa4b
@FabianMeiswinkel
Reafctoring FaultInjectionTransport
7260e9d
@FabianMeiswinkel
Merge branch 'main' of https://github.com/Azure/azure-sdk-for-python
bf3e60b 
…into users/fabianm/tests
@FabianMeiswinkel
Iterating on tests
0705aeb
@FabianMeiswinkel
Prettifying tests
baf7aea
@FabianMeiswinkel
small refactoring
e90b722
@FabianMeiswinkel
Adding MM topology on Emulator
cb58896
@FabianMeiswinkel
Adding cross region retry tests
46ec31c
@allenkim0129
Add Excluded Locations Feature
f03f51f
@tvaron3
initial ppcb changes
cf42098
tvaron3 and others added 30 commits April 3, 2025 11:12
@tvaron3
fix test
93c2d7d
@tvaron3
fix tests
345f390
@tvaron3
fix async in test
fe74aa0
@kushagraThapar
Added multi-region tests
5bb9f1f
@allenkim0129
Fix _AddParitionKey to pass options to sub methods
996217a
@allenkim0129
Added initial live tests
41fc917
@allenkim0129
Updated live-platform-matrix for multi-region tests
07b8f39
@tvaron3
initial sync version of fault injection
1b09739
@tvaron3
Merge branch 'users/fabianm/tests' of https://github.com/tvaron3/azur…
0f0a991 
…e-sdk-for-python into users/fabianm/tests
@tvaron3
add all sync tests
2fb3dc9
@tvaron3
add new error and fix logs
7b81482
@tvaron3
fix test
f355e30
@tvaron3
Merge branch 'users/fabianm/tests' of https://github.com/FabianMeiswi…
3056787 
…nkel/azure-sdk-for-python into tvaron3/ppcb
@allenkim0129
Add cosmosQuery mark to TestQuery
8495c51
@allenkim0129
Correct spelling
b29980c
@allenkim0129
Fixed live platform matrix syntax
5e79172
@allenkim0129
Changed Multi-regions
fd40cd7
@tvaron3
first ppcb test
85e1206
@tvaron3
merge with main
96124fe
@tvaron3
fix test
34e3d82
@tvaron3
refactor due to pk range wrapper needing io call and pylint
ce14666
@tvaron3
Merge branch 'main' of https://github.com/Azure/azure-sdk-for-python
7b939e8 
…into tvaron3/ppcb
@tvaron3
Merge branch 'user/allekim/feature/addExcludedLocations' of https://g…
b33cfb6 
…ithub.com/allenkim0129/azure-sdk-for-python into tvaron3/ppcb
@tvaron3
add test for failure_rate threshold
e98ab57
@tvaron3
fix pylint and cspell
36407c6
@tvaron3
fix pylint
1baf872
@tvaron3
fix and add tests
739e090
@tvaron3
add collection rid to batch
d5c380a
@tvaron3
add partition key range id to partition key range to cache
e7f7265
@tvaron3
address failures
38f8033
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@annatisch annatisch Awaiting requested review from annatisch annatisch will be requested when the pull request is marked ready for review annatisch is a code owner

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Cosmos
Projects
CosmosDB Python Eco-System
Status: No status
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@tvaron3 @azure-sdk @kushagraThapar @FabianMeiswinkel @allenkim0129