A circuit breaker in Apigee Edge

Is there a way to add a circuit breaker design pattern with our existing Edge policies? The need is to handle the circuit breaker connections when ever there is a back end downtime.

The current code uses the java-script http handler and service callout policies to make the back-end connections.

2 7 5,056
7 REPLIES 7

You could consider implementing a target server and then defining a health check monitor in your service callout policy.

In this example, "httpbin" is the targetserver defined at the environment level. MaxFailures indicates that the Apigee will mark the target server down after 5 failures. In the HTTPMonitor section, you are defining the healthcheck call to be run to validate if the target server is healthy or not. In your case, whenever there is backend sever downtime, after 5 failures the targetserver will be marked down. Service callouts will not attempt to establish connection to the backend and will return error right away. Once your backend is up and health checks start passing, service callouts will pass successfully without manual intervention.

Documentation links: http://docs.apigee.com/api-services/content/load-balancing-across-backend-servers

<ServiceCallout name="SC-GeocodingRequest">
  <!-- Send the message we just made to the target, and save the result -->
  <Request variable="GeocodingRequest"/>
  <Response>GeocodingResponse</Response>
  <HTTPTargetConnection>
    <LoadBalancer>
      <Server name="httpbin1"/>
      <MaxFailures>5</MaxFailures>
    </LoadBalancer>
    <Path>/maps/api/geocode/json</Path>
    <HealthMonitor>
      <IsEnabled>true</IsEnabled>
      <IntervalInSec>5</IntervalInSec>
      <HTTPMonitor>
        <Request>
          <ConnectTimeoutInSec>10</ConnectTimeoutInSec>
          <SocketReadTimeoutInSec>30</SocketReadTimeoutInSec>
          <Port>80</Port>
          <Verb>GET</Verb>
          <Path>/maps/api/geocode/json?address=08008</Path>
        </Request>
        <SuccessResponse>
          <ResponseCode>200</ResponseCode>
        </SuccessResponse>
      </HTTPMonitor>
    </HealthMonitor>
  </HTTPTargetConnection>
</ServiceCallout>

Hi Akash Prabhashankar ,

I need a help on this .I added the below code in my proxy target , but looks like its not working.

As per my understanding in the below code , if I am getting http status code either 500 or 503 or 504 from target more than 2 times, then its count as maxfailures is 2.

If its yes its 2 , then as per the HealthMonitor code , my proxy has to be un-deploy and once the target is up , then proxy should be re-deploy with responseCode 200.

If its NO, then please send me the code snippet for correct implementation .

<HTTPTargetConnection>
  <LoadBalancer>
    <Server name="XXXXXX"/>
    <MaxFailures>2</MaxFailures>
    <ServerUnhealthyResponse>
      <ResponseCode>503</ResponseCode>
      <ResponseCode>504</ResponseCode>
      <ResponseCode>500</ResponseCode>
    </ServerUnhealthyResponse>
  </LoadBalancer>
  <Path>{targetpath}</Path>
  <HealthMonitor>
    <IsEnabled>true</IsEnabled>
    <IntervalInSec>5</IntervalInSec>
    <HTTPMonitor>
      <Request>
        <ConnectTimeoutInSec>10</ConnectTimeoutInSec>
        <SocketReadTimeoutInSec>30</SocketReadTimeoutInSec>
        <Port>80</Port>
        <Verb>GET</Verb>
        <Path>{targetpath}</Path>
      </Request>
      <SuccessResponse>
        <ResponseCode>200</ResponseCode>
        <Header name="ImOK">YourOK</Header>
      </SuccessResponse>
    </HTTPMonitor>
  </HealthMonitor>
</HTTPTargetConnection>

Hi,

Will this same code work for APIGEE opdk also?

not sure if circuit breaker avail for opdk currently

 

Yes, Target Servers and HTTP Health Monitors are supported in OPDK. The ServerUnhealthyResponse feature was first available in OPDK 4.50 and is available in 4.51.

Nobody replied to this more than a year ago. That is probably because you buried this question in a comment on a 3-year old thread. If you want a reply, Don't do that

I don't like replying to stale threads, it's a pet peeve. But in this case I feel I need to do so, to protect future readers from a misleading assertion.

You wrote

If its yes its 2 , then as per the HealthMonitor code , my proxy has to be un-deploy and once the target is up , then proxy should be re-deploy with responseCode 200.

This is not so. This is not how TargetServer HealthMonitors work. At no time does the HealthMonitor undeploy or re-deploy a proxy. The HealthMonitor merely checks (aka "monitors") the health of target endpoints. If the target reports as unhealthy, the HealthMonitor will exclude the target from the load balancing rotation. That's it. There's no undeploy or redeploy.

The only nuance to the HealthMonitor is configuring it so that it determines "healthy" and "unhealthy" according to your specifications. For example you could configure it so that a 500 error from a target causes the HealthMonitor to mark the server Unhealthy. You do this with the ServerUnhealthyResponse element. There are other options. Consult the documentation for full details.

hi Dino,
would like to know more on usecase of circuit breaker in apigee - we are looking for a scenario where we are hitting a single backend server and when there is an issue connecting to backend the circuit will open and automatically does retries and goes into multiple states like open ,half-open and closed - once it finds backend to be healthy -it will now allow traffic to backend.
But looks like in apigee it is acting as a load balancer between multiple servers and act as a failover.

In our case we will always have F5 before any target server -
Need to understand if circuit breaker pattern and configuration can be achieved for a single server here?