Ýüküň deňagramlylygy

1) Arhitekturada näme üçin we nirede

• elýeterlilik (ýekeje şowsuzlyk nokady bolmazdan), gizlinlik (p95 aşak), masştab (gorizontal), howpsuzlyk (TLS/WAF), goýberilişleriň dolandyrylyşy (canary/blue-green).

• Edge/Global: Anycast, GSLB/GeoDNS, CDN/Edge-LB, DDoS.
• L4 (TCP/UDP): NLB, maglew, terminasiýasyz proxy.
• L7 (HTTP/2, gRPC, WebSocket, QUIC): ýol/sözbaşylar/bellikler, keş/gysyş/retrailer boýunça marşrut.
• Data-tier: DB-прокси (PgBouncer/ProxySQL), Redis Cluster/Consistent Hash, Kafka partitioning.

2) Deňagramlylygyň modelleri we algoritmleri

Round-Robin (RR): ýönekeý birmeňzeş.
Least Connections (LC): uzyn konnektler üçin gowy (WS, gRPC).
Least Request/Power-of-Two (P2C): iki tötänleýin deňeşdirmek - gowy deňagramlylyk tizligi/hili.
Weighted RR/LC: canary/" gyzgyn "nodlar üçin agramlar.
Consistent Hashing (CH): tablisasyz sessiýanyň ýelmeşmegi (cart, Redis).
Maglev/Flow-hash: Fappinge çydamly çalt L3/L4-distributsiýa.
Latency-aware: p50/p95.
EWMA: gijikdirmeleriň taryhyny göz öňünde tutýar.

Maslahat: L7-de P2C (least-request); stateful/keş üçin - consistent hash; для WS/gRPC — least-connections.

3) Apstrimleriň saglygy: barlaglar we "göçürmek"

Health-checks: TCP, HTTP 200/匹配 тела, gRPC status; aralyk/wagt/ýalňyşlyk bosagasy.
Outlier Ejection: "şowhunly" ýagdaýlaryň awtomatiki aýrylmagy (consecutive-5xx, success-rate-ejection).
Slow-start & warmup: täze ýagdaýlaryň ýumşak girizilmegi (agramyň kem-kemden ýokarlanmagy).
Connection draining: ýapylanda/deploýda - işjeň konnektleri döwülmezden "doldurmak".

4) Sessiýalar we ýelmeşmek (stickiness)

Cookie-stickiness (L7): `Set-Cookie: lb=<id>; SameSite; Secure`.
CH açary: 'hash (userId' sessionId 'cartId)'.
IP-hash - diňe ýapyk ulgamlarda (NAT döwýär).
TTL ýelmeşmek + nod ewiksiýasynda fallback.
Möhüm: ýelmeşmegiň zerurlygyny azaltyň → ýagdaýy ýagdaýdan daşarda saklaň (Redis/DB/JWT).

5) Global deňagramlylyk (GTM/GSLB)

Anycast + health-probe: bir IP, iň ýakyn PoP-e trafik; awtomatiki feýlower.
GeoDNS/Latency-DNS: geo/gijikdirme boýunça jogap.
Sebit klasterleri: "rezidentleriň maglumatlary" sebitde galýar (GDPR); replikasiýa bilen sebitara failover.
Syýasatçylar: geo-bloklar, hasap/token boýunça "stikeregion".

6) Teswirnamalar we aýratynlyklar

HTTP/2: multiplex, ileri tutulýan ugurlar; akym üçin başarnykly connection-pool gerek.
gRPC: uzak möhletli akymlar → least-connections, agressiw saglyk barlaglary.
WebSocket/SSE: konnektiň ýelmeşmegi, uly idle-wagt, TCP keep-alive.
QUIC/HTTP/3: çalt başlamak, ýitgä çydamlylyk; MTU/path-MTU-ny yzarlaň.
TLS-termination/mTLS: edge/L7-LB terminirlemek; içerde - mTLS/identity (SPIFFE).

7) Artykmaç ýükden goramak (overload control)

Rate-limit: per-IP, per-key, per-route; burst+sustain.
Adaptive Concurrency (Envoy): Bir wagtyň özünde soraglaryň dinamiki çägi.
Queue/Surge-buffer: dogruçyl ýüz öwürmek bilen çäkli nobat ululygy 503.
Hedging/Parallel racing: haýal haýyşlary köpeltmek (diňe idempotent).
Timeout budget: aýry connect/read/write.
Backpressure: '503 + Retry-After', jitter bilen müşderi eksponensial retralary.
Slow-loris goragy: okamak/ýazmak wagty, iň pes tizlik.

8) Neşirler we traffik-dolandyryş

Canary (weighted): 1–5–10–25–50–100% с guardrails (p95, 5xx, timeouts).
Blue-Green: derrew switch, yza gaýdyp - DNS/LB.
Shadow/Mirror: jogaplara täsir etmezden haýyşlaryň göçürmesi; PII-ni gizlemek.
Header/Claim-routing: `X-Canary: 1` или `JWT. claims. region/role`.

9) Awtoskeyling we drenaj

HPA/ASG по CPU+RPS+p95+queue-depth.
PreStop hook: konnektleriň tamamlanmagyna garaşyň.
Warm pool/instance reuse: sowuk başlangyçlary azaltmak.
Capacity planning: maksatlaýyn 'utilization 60-70%' p95 kadada.

10) Synlamak we SLO

LB metrikleri: RPS, p50/p95/p99, 4xx/5xx, open-connections, queue-len, ejections, retries, hit-ratio kesh.
Söwda: 'traceparent/x-request-id' arkaly LB → hyzmatlar → DB.
Loglar: gurluş, PII/PAN maskalary, apstrim bilen korelýasiýa.
Ugur boýunça SLO: mysal üçin 'latency p95 ≤ 300 ms', 'availability ≥ 99. 9%`, `5xx ≤ 0. 5%`.
Alertler: gyşarmalar boýunça (burn-rate SLO, ejection, 5xx/timeout).

11) Maglumatlaryň we nagt pullaryň deňagramlylygy

• Read/Write split (ProxySQL/pgpool) + read-replicas; sticky-txn.
• Failover: RPO = 0 üçin sinhron göçürme (has gymmat).

• Redis Cluster + hash-slot; sessiýalar üçin - CH; wagtlar/Retryable errors.

• Partitioning we consumer-groups arkaly balans; HTTP-LB bilen garyşdyrmaň.
• Object Storage (S3/MinIO): multi-region failover через GSLB/replication.

12) K8s we bulut LB

Service (ClusterIP/NodePort/LoadBalancer) - esasy L4.
Ingress/Gateway API - L7-marşrut, kanar agramy, TLS.
AWS: NLB (L4, ýokary geçiriş), ALB (L7, WAF, sticky, header-routing).
GCP: Global LB (L7/HTTP(S) с Anycast), TCP/UDP proxy LB.
Azure: Front Door (global), Application Gateway (L7), Load Balancer (L4).

13) Konfigurasiýa mysallary

13. 1 NGINX (L7, least_conn, sticky, canary)

nginx upstream api_pool {
least_conn;
server api-1:8080 max_fails=3 fail_timeout=10s;
server api-2:8080 max_fails=3 fail_timeout=10s;
sticky cookie lb_id expires=30m path=/ secure httponly;
}

map $http_x_canary $dst {
default api_pool;
1    canary_pool;
}

upstream canary_pool {
least_conn;
server api-canary:8080 weight=1;
}

server {
listen 443 ssl http2;
location /api/ {
proxy_read_timeout 5s;
proxy_connect_timeout 1s;
proxy_set_header X-Request-Id $request_id;
proxy_pass http://$dst;
}
}

13. 2 HAProxy (P2C, health, slowstart, stick-table)

haproxy backend api balance leastconn option httpchk GET /health default-server inter 3s fall 3 rise 2 slowstart 10s server s1 10. 0. 0. 11:8080 check server s2 10. 0. 0. 12:8080 check stick-table type ip size 100k expire 30m http-request track-sc0 src rate limit per IP http-request deny deny_status 429 if { sc_http_req_rate(0) gt 50 }

13. 3 Envoy (P2C, outlier, retries, adaptive concurrency)

yaml load_assignment: {... }
lb_policy: LEAST_REQUEST least_request_lb_config: { choice_count: 2 }
outlier_detection:
consecutive_5xx: 5 interval: 5s base_ejection_time: 30s typed_extension_protocol_options:
envoy. extensions. filters. http. adaptive_concurrency. v3. AdaptiveConcurrency:
gradient_controller_config:
sample_aggregate_percentile: PERCENTILE_50 retry_policy:
retry_on: "5xx,reset,connect-failure"
num_retries: 2 per_try_timeout: 1s

13. 4 Kubernetes (Gateway API, weighted canary)

yaml apiVersion: gateway. networking. k8s. io/v1 kind: HTTPRoute spec:
rules:
- matches: [{ path: { type: PathPrefix, value: /api }}]
backendRefs:
- name: api-v1 weight: 90 port: 8080
- name: api-v2-canary weight: 10 port: 8080

14) Çek-listler

LB/marşruty çykarmazdan öň

• Algoritm traffigiň görnüşi üçin (P2C/LC/CH) saýlandy.
• Health-checks we ejection bosagalary sazlandy.
• Slow-start, warmup, connection-drain goşuldy.
• TLS/mTLS, HSTS, ygtybarly şifrler; HTTP/2/3 zerur bolanda.
• Diňe talap edilse Sticky/CH; TTL и fallback.
• Rate-limit/burst, timeouts, retry-budget, adaptive concurrency.
• Giriş/söwda: 'trace-id' zyňylýar; PII-ni gizlemek.
• SLO/alerts p95/5xx/elektsiýa/queue-len.
• Kanar agramy + yza gaýdyp geliş meýilnamasy; Uly üýtgeşmeler bilen.

Töleg/komplayens-marşrutlar üçin

• Idempotentlik POST (Idempotency-Key).
• PSP arasynda faýlower; same-method barlagy.
• Ýalňyşlyk kodlary kadalaşdy; ETA/müşderä sebäpler.

DB/nagt pul üçin

• RW-split/replikalar; wagt, tor retry.
• Redis üçin CH/slot-hash; "gyzgyn açarlardan" goramak.
• Gijikdirmelere gözegçilik etmek we replication-lag.

15) Hil ölçegleri (iň az)

Latency p50/p95/p99 marşrutlar/usullar boýunça.
Error rate 4xx/5xx, timeout/overflow.
Open/active connections, queue depth, retry count.
Outlier ejections we sebäpleri.
Sticky hit-ratio / cache hit-ratio.
GSLB: sebitleýin paýlanyş, feýlowerler, PoP elýeterliligi.

16) Anti-patternler

Ätiýaçsyz bir monolit LB.
Sticky-sessiýalary "hemme zada", ýagdaýy çykarmagyň ýerine.
Global tükeniksiz nobatlar (meseläni gizleýär, p99 ösdürýär).
Jittersiz/býudjetsiz retraýalar - haýyşlaryň "tupany".
Ygtybarly proksileriň sanawy bolmazdan 'X-Forwarded-For' ynamy.
Deplolarda drain ýoklugy → WS/gRPC döwükleri.
Awtoskeýlde long-lived konnektleriniň hasaba alynmazlygy.

17) iGaming-aýratynlygy

Piki we ýaryşlar: kataloglarda/listinglerde micro-cache (1-5 s), awto-skeýl nobat boýunça.
Durmuş oýunlary/akymlary: LC uzyn konnektler üçin, iň ýakyn PoP-leriň ileri tutulýan ugry.
Tölegler: geo/walýuta/mukdar/üpjün ediji boýunça marşrutlaşdyrmak; berk taýmautlar we idempotentlik.
Jogapkär oýun we gabat gelmek: çäklendirmeleriň/blokirlemeleriň soraglaryny bozulan ýagdaýynda hem sypdyrmak ileri tutulýar (syýasat boýunça fil-open/close).

18) Giriş prosesi (4 sprint)

1. Traffik kartasy: teswirnamalar, p95/p99 ýükler, möhüm ugurlar.
2. LB konfigurasiýasy: algoritmler, health/outlier, TLS, çäkler/wagtlar, observability.
3. GSLB/Edge: Anycast/GeoDNS, PoP-helsçekler, sebitleýin maglumat syýasatlary.
4. Goýberiş strategiýasy: canary/shadow, SLO-alertler, awtoskeýl + drain, wakadan soňky derňew.

Jemleýji şpargalka

Algoritmi traffigiň görnüşi (P2C/LC/CH) we konnektiň dowamlylygy üçin saýlaň.
Akymlary "sagdyn" saklaň: saglyk-barlaglary + outlier + slow-start + drain.
Iň ýokary ýüküni dolandyryň: rate-limit, adaptive concurrency, şowsuz nobatlar.
Global elýeterlilik we sebitlere laýyklyk üçin GSLB/Anycast ulanyň.
Synlamak we SLO - hökmany; neşirler - yzyna gaýtarmak meýilnamasy bilen canary/shadow arkaly.
Mümkin bolan ýerlerde - LB-den sessiýany we ýelmeşmegi aýyryň.