亿级流量系统高可用架构设计实践

亿级流量系统高可用架构设计实践

一、场景痛点：高可用架构的工程挑战

当系统日活用户达到千万级、峰值 QPS 超过十万时，高可用架构设计就从"加分项"变成了"必备项"。一个微小的故障在海量流量下可能被放大成灾难性的服务中断：数据库连接池耗尽、缓存雪崩导致数据库被打死、单点故障引发全链路崩溃……

高可用架构设计的核心挑战在于：在有限成本下，如何在系统的各个层面构建冗余和容错能力，使得任何单点故障都不会导致整体服务不可用。

本文将从基础设施层、缓存层、数据层、服务层等多个维度，深入探讨亿级流量系统的高可用架构设计，包括多活部署、读写分离、熔断降级、限流兜底等核心策略。

二、底层机制与原理深度剖析

2.1 高可用架构分层模型

flowchart TD subgraph 用户层 A[CDN] B[DNS 负载均衡] end subgraph 接入层 C[API Gateway] D[负载均衡器] end subgraph 服务层 E[微服务集群] F[消息队列] end subgraph 数据层 G[主从数据库] H[分布式缓存] I[时序数据库] end subgraph 基础设施层 J[多活数据中心] K[自动扩缩容] end A --> B B --> C C --> D D --> E E --> F E --> G E --> H style J fill:#b8d4ff style H fill:#FFE4B5 style G fill:#ff6b6b

2.2 多活架构设计

flowchart LR subgraph 用户请求 A[用户] --> B[就近接入] end subgraph 可用区 A (上海)] C[API Cluster A] D[Cache A] E[DB Master A] end subgraph 可用区 B (北京)] F[API Cluster B] G[Cache B] H[DB Master B] end B --> C B --> F C <-->|数据同步| F D <-->|缓存同步| G E <-->|主从复制| H

多活架构的关键技术点：

1. 流量调度：基于 DNS/AnyCast 实现就近接入
2. 数据同步：跨数据中心的数据复制
3. 一致性保证：CAP 理论下的权衡
4. 故障切换：自动化的故障检测和流量切换

三、生产级代码实现与最佳实践

3.1 限流算法实现

// ==================== 限流算法实现 ==================== package com.highavailable.ratelimit; import java.util.concurrent.atomic.AtomicLong; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.atomic.AtomicInteger; /** * 滑动窗口限流器 * 相比固定窗口，解决边界突变问题 */ public class SlidingWindowRateLimiter { // 时间窗口大小（毫秒） private final long windowSizeMs; // 窗口内允许的最大请求数 private final int maxRequests; // 滑动窗口数量 private final int windowCount; public SlidingWindowRateLimiter(int maxRequestsPerSecond) { this.windowSizeMs = 1000; this.maxRequests = maxRequestsPerSecond; this.windowCount = 10; // 10个滑动窗口 } /** * 令牌桶算法 * 优点：允许一定程度的突发流量 */ static class TokenBucketRateLimiter { private final long capacity; private final double refillRate; // 每秒补充令牌数 private volatile long tokens; private volatile long lastRefillTime; private final Object lock = new Object(); public TokenBucketRateLimiter(long capacity, double refillRate) { this.capacity = capacity; this.refillRate = refillRate; this.tokens = capacity; this.lastRefillTime = System.currentTimeMillis(); } public boolean tryAcquire() { return tryAcquire(1); } public boolean tryAcquire(int permits) { synchronized (lock) { long now = System.currentTimeMillis(); long elapsed = now - lastRefillTime; // 补充令牌 long tokensToAdd = (long) (elapsed * refillRate / 1000); tokens = Math.min(capacity, tokens + tokensToAdd); lastRefillTime = now; if (tokens >= permits) { tokens -= permits; return true; } return false; } } } /** * 漏桶算法 * 优点：输出速率恒定，平滑请求 */ static class LeakyBucketRateLimiter { private final long capacity; private final long leakRate; // 每秒漏出数量 private volatile long water; private volatile long lastLeakTime; private final Object lock = new Object(); public LeakyBucketRateLimiter(long capacity, long leakRate) { this.capacity = capacity; this.leakRate = leakRate; this.water = 0; this.lastLeakTime = System.currentTimeMillis(); } public synchronized boolean tryAcquire() { long now = System.currentTimeMillis(); // 漏水 long elapsed = now - lastLeakTime; long leaked = (elapsed * leakRate) / 1000; water = Math.max(0, water - leaked); lastLeakTime = now; // 注水 if (water + 1 <= capacity) { water++; return true; } return false; } } } /** * 分布式限流 - Redis 实现 */ @Component public class RedisRateLimiter { private final StringRedisTemplate redisTemplate; private final RedissonClient redisson; public RedisRateLimiter(StringRedisTemplate redisTemplate, RedissonClient redisson) { this.redisTemplate = redisTemplate; this.redisson = redisson; } /** * 基于 Redis Lua 脚本的滑动窗口限流 * 保证原子性 */ public boolean isAllowed(String key, int limit, int windowSeconds) { String luaScript = """ local key = KEYS[1] local limit = tonumber(ARGV[1]) local window = tonumber(ARGV[2]) local now = tonumber(ARGV[3]) local windowStart = now - window -- 删除窗口外的记录 redis.call('ZREMRANGEBYSCORE', key, 0, windowStart) -- 统计当前窗口请求数 local current = redis.call('ZCARD', key) if current < limit then -- 添加当前请求 redis.call('ZADD', key, now, now .. ':' .. math.random()) redis.call('EXPIRE', key, window) return 1 else return 0 end """; Long result = redisTemplate.execute( new DefaultRedisScript<>(luaScript, Long.class), List.of(key), String.valueOf(limit), String.valueOf(windowSeconds * 1000), String.valueOf(System.currentTimeMillis()) ); return result != null && result == 1; } /** * 令牌桶算法 - Redis 实现 */ public boolean tryAcquireToken(String key, long capacity, double refillRate) { RRateLimiter limiter = redisson.getRateLimiter(key); // 异步预热 limiter.trySetRate(RateType.OVERALL, capacity, 1, RateIntervalUnit.SECONDS); return limiter.tryAcquire(); } }

3.2 熔断降级实现

// ==================== 熔断降级框架 ==================== package com.highavailable.circuitbreaker; /** * 状态机实现的熔断器 */ public class CircuitBreaker { private volatile State state = State.CLOSED; private AtomicInteger failureCount = new AtomicInteger(0); private AtomicInteger successCount = new AtomicInteger(0); private volatile long lastFailureTime = 0; private final int failureThreshold; private final int successThreshold; private final long timeout; private final long halfOpenMaxCalls; public enum State { CLOSED, // 正常，允许请求通过 OPEN, // 熔断，拒绝所有请求 HALF_OPEN // 半开，允许部分请求通过 } public CircuitBreaker(int failureThreshold, int successThreshold, long timeoutSeconds, int halfOpenMaxCalls) { this.failureThreshold = failureThreshold; this.successThreshold = successThreshold; this.timeout = timeoutSeconds * 1000; this.halfOpenMaxCalls = halfOpenMaxCalls; } public synchronized boolean allowRequest() { switch (state) { case CLOSED: return true; case OPEN: // 检查是否超时 if (System.currentTimeMillis() - lastFailureTime > timeout) { state = State.HALF_OPEN; return true; } return false; case HALF_OPEN: return true; default: return false; } } public synchronized void recordSuccess() { if (state == State.HALF_OPEN) { successCount.incrementAndGet(); if (successCount.get() >= successThreshold) { // 恢复 state = State.CLOSED; failureCount.set(0); successCount.set(0); } } else if (state == State.CLOSED) { failureCount.set(0); } } public synchronized void recordFailure() { lastFailureTime = System.currentTimeMillis(); if (state == State.HALF_OPEN) { // 直接熔断 state = State.OPEN; successCount.set(0); } else if (state == State.CLOSED) { if (failureCount.incrementAndGet() >= failureThreshold) { state = State.OPEN; } } } public State getState() { return state; } } /** * 降级策略管理器 */ @Component public class DegradeManager { private final Map<String, DegradeRule> rules = new ConcurrentHashMap<>(); public void registerRule(DegradeRule rule) { rules.put(rule.getResource(), rule); } public Object execute(String resource, Callable<Object> target, Supplier<Object> fallback) { DegradeRule rule = rules.get(resource); if (rule == null) { // 无降级规则，直接执行 try { return target.call(); } catch (Exception e) { throw e; } } // 检查是否应该降级 if (shouldDegrade(rule)) { // 返回降级结果 Object fallbackResult = fallback.get(); logDegrade(resource, rule); return fallbackResult; } // 执行业务逻辑 try { return target.call(); } catch (Exception e) { // 记录异常 recordException(rule, e); // 抛出异常或返回降级结果 throw e; } } private boolean shouldDegrade(DegradeRule rule) { // 基于规则的降级判断 // 可以结合实时指标 return rule.isDegraded(); } } @Data class DegradeRule { private String resource; private int maxResponseTime; // ms private int errorRateThreshold; // % private int degradeType; // 1: 异常, 2: 慢调用, 3: 全部 private AtomicInteger totalCount = new AtomicInteger(0); private AtomicInteger errorCount = new AtomicInteger(0); private AtomicLong totalResponseTime = new AtomicLong(0); public boolean isDegraded() { // 简化实现 if (degradeType == 1) { return errorCount.get() * 100 / Math.max(totalCount.get(), 1) > errorRateThreshold; } return false; } }

3.3 缓存策略实现

// ==================== 多级缓存实现 ==================== @Component public class MultiLevelCache { // L1: 本地缓存（Caffeine） private final Cache<String, Object> localCache; // L2: 分布式缓存（Redis） private final StringRedisTemplate redisTemplate; // 缓存配置 private final long localExpireSeconds = 30; private final long redisExpireSeconds = 300; public MultiLevelCache() { this.localCache = Caffeine.newBuilder() .maximumSize(10000) .expireAfterWrite(localExpireSeconds, TimeUnit.SECONDS) .recordStats() .build(); } public <T> T get(String key, Class<T> type) { // L1 查询 T value = localCache.getIfPresent(key); if (value != null) { return value; } // L2 查询 String redisKey = "cache:" + key; String json = redisTemplate.opsForValue().get(redisKey); if (json != null) { value = JSON.parseObject(json, type); // 回填 L1 if (value != null) { localCache.put(key, value); } return value; } return null; } public void put(String key, Object value) { // 写入 L2 String redisKey = "cache:" + key; String json = JSON.toJSONString(value); redisTemplate.opsForValue().set(redisKey, json, redisExpireSeconds, TimeUnit.SECONDS); // 写入 L1 localCache.put(key, value); } /** * 缓存击穿保护：分布式锁 + 单次查询 */ public <T> T getWithLock(String key, Class<T> type, Supplier<T> loader) { T value = get(key, type); if (value != null) { return value; } // 获取分布式锁 String lockKey = "lock:cache:" + key; Boolean acquired = redisTemplate.opsForValue() .setIfAbsent(lockKey, "1", 10, TimeUnit.SECONDS); if (Boolean.TRUE.equals(acquired)) { try { // Double Check value = get(key, type); if (value == null) { value = loader.get(); if (value != null) { put(key, value); } } } finally { redisTemplate.delete(lockKey); } } else { // 等待其他线程加载 try { Thread.sleep(100); } catch (InterruptedException e) { Thread.currentThread().interrupt(); } return get(key, type); } return value; } /** * 缓存雪崩保护：随机过期时间 */ public void putWithJitter(String key, Object value) { int jitter = ThreadLocalRandom.current().nextInt(60); long expireSeconds = redisExpireSeconds + jitter; String redisKey = "cache:" + key; String json = JSON.toJSONString(value); redisTemplate.opsForValue().set(redisKey, json, expireSeconds, TimeUnit.SECONDS); localCache.put(key, value); } }

四、边界分析与架构权衡

4.1 高可用架构成本分析

4.2 容灾设计要点

五、总结

亿级流量高可用架构是系统工程，需要在多个层面构建防护能力：

1. 冗余设计：关键组件多副本部署，消除单点故障
2. 流量控制：限流、熔断、降级多层次保护
3. 数据安全：多级缓存、主从切换、数据备份
4. 自动运维：故障自动检测、自动切换、自动恢复
5. 容量规划：基于压测的容量评估和扩容机制

高可用不是目的，是手段。最终目标是让系统稳定运行，为用户提供持续可靠的服务。