24
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 01 Nov 2023
24 points (100.0% liked)
Programming
17314 readers
196 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities !webdev@programming.dev
founded 1 year ago
MODERATORS
If it's possible to do, and it causes a user experience issue, especially one as jarring as "stop accepting writes" you should start adding rate limits and validate inputs with rate limits expressed to the user before they hit the error rate.
To me you should already be sanitising input anyway, and this would just be part of that logic. If a user is trying to upload more than x it warns (with link to documentation of the limit). If user has gone past the rate limits, then error.
I'm not a sre or dev, just a sysadmin though. Users expect guard rails. If it's possible, it's permitted.
Probably not feasible in our case. We sell our DB tech based on the sheer IOPS it's capable of. It already alerts the user if the write-cache is full or the replication cache is backing up too.
The problem is, at full tilt, a 9 node cluster can take on over 1GB/s in new data. This is fine if the customer is writing over old records and doesn't require any new space. It's just that it's more common that Mr. customer added a new microservice and didn't think through how much data it requires. Thus causing rapid increase in DB disk space or IOPs that the cluster wasn't sized for.
We do have another product line in the works (we call it DBaaS) and that can autoscale because it's based on clearly defined service levels and cluster specifications. I don't think that product will have this problem.
It's just these super mega special (read: big, important, fortune 100) companies have requirements that mean they need something more hand-crafted. Otherwise we'd have automated the toil by now.
As soon as you go down the path of customization for “special clients” you’ve already lost the battle. Business needs to agree to not sell something like that. I’m not being helpful here, but as soon as you’ve started customizing like that to get massive clients it will never end and it will just slowly suffocate your company.
When I was working in enterprise software, we had 2 ways of handling special customer requirements.
The product manager would engage with the sales engineer to identify if this was part of a feature that other customers of similar size or industry might need.
If so, design the feature for the broadest use cases and put in the development roadmap.
If it’s highly specific to one customer, offer customization work on a contract basis and keep it as a separate code branch and environment.
How are they placing this data? Api? Not possible to align disk tiers to api requests per minute? Api response limited to every 1ms for some clients, 0.1ms rate for others?
You're pretty forthcoming about the problems so I do genuinely hope you get some talking points since this issue affects, app&db design, sales, and maintenance teams minimally. Considering all aspects will give you more chance for the business to realise there's a problem that affects customer experience.
I think from handling tickets, maybe processes to auto respond to rate limited/throttled customers with 'your instance been rate limited as it has reached the {tier limit} as per your performance tier. This limit is until {rate limit block time expiry}. Support tickets related to performance or limits will be limited to P3 until this rate limit expires."
Work with your sales and contracts team to update the sla to exclude rate limited customers from priority sla.
I guess I'm still on the "maybe there's more you can do to get your feet out of the fire for customer self inflicted injury" like correctly classifying customer stuff right. It's bad when one customer can misclassify stuff and harm another customer with an issue by jumping a queue and delaying response to real issues, when it's working as intended.
If a customer was warned and did it anyway, it can't be a top priority issue, which is your argument I guess. Customers who need more, but pay for less and then have a expectation for more than they get. It's really not your fault or problem. But if it's affecting you I guess I'm wondering how to get it to affect you less.