Pages

Tuesday, July 24, 2018

Your Microservices are asynchronous! Your approach to testing has to change!

Conceptually, the idea of an application being composed of a number of MicroServices is quite self-evident and therefore, quite appealing. A complex solution, which is broken into a number of self-sufficient modules, each running on its own, each capable of responding to messages, each amenable of upgradation/replacement without letting any other know about: sounds too good to be true! The icing on the cake of course, is that each such service can run on its own containers!

No wonder then, that senior stakeholders of software projects or initiatives, love to insist that the application be modelled as a bunch of MicroServices. The technology team responds favourably, of course, because everyone wants to be seen among the pack, if not ahead of the pack! Jumping in sounds exciting, even though the swimming may not be, but we don’t really care, do we?

The proverbial devil is in the details. In my experience so far, the term Microservice is thrown about without much thought. The benefits of having a Microservice-based solution comes with its own price. It is better to be aware of the aspects from which the price accrues and to fold them in the plan, rather than wishing them under the carpet. One such aspect is the property of inherent asynchronicity of  Microservices and verification (testing) of behaviour of the application as a whole, given this property.

No singleton Microservice

Let’s take one fatuous argument away to save time: Microservices-based applications cannot be monolithic. In all discussions, the word Microservices is used in plural. One accepts that there will indeed be more than one such services. They will interact between themselves as and when required by the application’s use-cases and logic of implementation. Putting the whole application in a big ball and attaching that with a HTTP handling layer, doesn’t constitute a Microservice.

First, the simple synchronous cases
Let’s assume that we are dealing with two Microservices. Let’s call them A and B. A has its upstream callers, who interact solely with A. In order to respond to its callers, A needs to get something done by B. Therefore, A needs to call an API exposed by B and expect something in return. To keep things simple, let’s assume that B offers an HTTP interface. So, A’s call is effectively synchronous.

Case 1: when B is up
Because B is a service, it has to keep running, because it doesn’t know when A may require something from it. At some point in time, A sends a request through an HTTP API, gets response back when B is done with the request. Testing this easy.
Case 2: when B is not up
A assumes that B is up but it is not. So, A will have to deal with an eventual non-availability of  response: some kind of timeout handling is obviously necessary. After all, HTTP is a session-based and single-connection protocol. If B is not available or reachable, TCP layer offers a number of error codes like ECONNREFUSED, ENETUNREACH, EHOSTUNREACH etc. ( Do you recall days of living with tomes by late Richard Stevens? I certainly do 😃). HTTP covers all of them for us, thankfully!
Case 3: B is slow
This is a little tricky! If B is slow to respond, uncertainty creeps in. Should A wait for a little longer for B’s response? If it does, then for how long? Configurable timeout value? That of course, is the most popular way and is most likely to be useful for a large number of cases, but the basic point remains: A is uncertain of receiving a response. We will revisit this a little later.
In all these situations, underlying TCP is helping us. HTTP sets up a single connection. Once the connection is set up (because B could be contacted), A is certain - well, almost certain but let’s not nitpick - that B has received the request. Everything else, including the testing approach, follows this.

Microservices are meant to be asynchronous


Asynchronous means just that: an interaction between two parties is based on the understanding that one of the parties may not be in a position to participate in the interaction, at that moment. It may or may not: this is the key understanding. In essence, this is an implementation of the classical Producer-Consumer problem. It is easy to visualize but may not be that straightforward to adopt when it comes to real-life situations.
The basic premise is this: A wants to tell B something but B may or may not available to sit and listen (it is not unwilling, it is just unavailable). So, A tells an intermediary what it has to tell B. When B is ready, it checks with the intermediary, and is told what A wants to tell it in person, but cannot.

Case 1:
A sends a message to B, but in reality, the message is dropped in the intermediary’s bin. The send() ( or post() ) operation of A, succeeds! A will not know if B ever comes to the intermediary and if it does, when! A can surely implement a Timeout logic, but it is difficult for it to know why B has never responded: is it because
  • the intermediary is sluggish, not really B’s fault
  • intermediary has become unavailable after accepting the message from A
  • B is sluggish (the same as B being slow, refer to #3 of synchronous case)
  • B runs into problems while readying for processing A’s message and throws an exception
  • … and more!
Observe, how the number of test-scenarios has increased (not necessarily associated with application’s functional correctness) simply because one intermediary has been introduced between A and B.

Case 2: A needs to interact with B and C
In this case, A needs to hear from B and C, before deciding what should it do with two responses before forming its own response. Remember A’s upstream callers; they are expecting something from A. This is rather obvious. All the points listed in the previous case, are now doubled and may be more. For example, the intermediary and B have been very quick and co-operative but C has been sluggish!

Case 3: A interacts with B and C, and C needs to tell D about this interaction
This is somewhat orthogonal to the caller->A->(B and C) flow. A’s callers are not interested about what information is shared with D but the application’s overall behaviour necessitates it.
Microservice D - mentioned in the arrangement above - poses an additional problem, when it comes to verification of application’s behaviour.
  • What if A successfully responds to its upstream callers - thereby giving an impression that everything is fine - and yet, C fails to inform D? Should we still assert that the application is behaving as expected?
  • How do we confirm if D has indeed received the correct piece of information from C? Please note that the flow allows C to tell D, but doesn’t mandate D to acknowledge to C. Therefore, inquiring with C will not give us the answer. We need a mechanism to inquire of D, if it has heard from C at all.


The effect of being asynchronous on testing

If you have been following me along, you must have agreed with me that the interactions between Microservices give rise to an increasing number of test-scenarios.
The important point is that entirely by itself, a Microservice is rather easy to test. It is supposed to be self-sufficient: it has its own data structures, components, databases and storage. We can possibly mock much of these and prove that its behaviour is in line with what is expected. Such a Microservice responds to messages from other Microservices. Even though, this brings in additional test-scaffolding (and associated complexity and effort), the situation is manageable. After all, there is a predictability here: send the Microservice a message and check how it reacts.

However, how do we deal with the asynchronous aspect of the interaction while testing: the cases where a message may or may not reach the Microservice and even if it does, then we don't know, by when? If there is a delay, is that acceptable? That is not all. As I have elucidated about (C telling D), the re is a sizeable jump in the cases, when two Microservices interact to complete a particular Use-case.

For example, if the number of messages from A to C is more than 50 in a minute, then D must be notified but D doesn’t need to acknowledge. If D is unavailable now, C will never know. If D is available after 2 minutes, C will never know either.
Think about the cases that we need to handle!

Summary

Microservices bring in a host of benefits for sure, but require us to be ready to pay for it as well. While deciding to go the Microservices way, It is very easy to overlook the complexities that we need to handle, only to be reminded of the price at a later stage of the projects, accompanied by unavoidable pain. It is obvious that we must plan for this. Usual ways of testing are going to be insufficient. Protocols must be well-thought. Designs should be ground up. Exposed functionality must take into account, operational demands and constraints. Tolerance for failure must be arrived at, following objective analysis of the overall behaviour of the application.

I have not touched upon the distributed nature of Microservice based applications. No, networks are not reliable! I have not touched the whole subject of pre-deployment and post-deployment testing. No, Dockers and Kubes don’t take away the basic fact that interaction between two temporally decoupled processes is fraught with uncertainty. These are topics of a follow-up blog, perhaps.


An usual synchronous testing approach doesn’t work with a bunch of Microservices meant to behave asynchronously. It is important that we bear this in mind.

(This blog is also posted here: I work as a Principal at Swanspeed Consulting)

1 comment:

  1. Wonderful illustration of many possible issues that can arise - very interesting and an eye opener.

    Next post should be about testing strategies to address these.....

    ReplyDelete