Yuklamani muvozanatlash

1) Arxitekturada nima uchun va qayerda

• foydalanish imkoniyati (bitta nuqta bo’lmagan holda), latentlik (p95 pastga), masshtab (gorizontal), xavfsizlik (TLS/WAF), relizlarning boshqarilishi (canary/blue-green).

• Edge/Global: Anycast, GSLB/GeoDNS, CDN/Edge-LB, DDoS.
• L4 (TCP/UDP): NLB, maglev, terminatsiyasiz proksi.
• L7 (HTTP/2, gRPC, WebSocket, QUIC): yo’l/sarlavha/tamg’a, kesh/siqish/retray.
• Data-tier: DB-прокси (PgBouncer/ProxySQL), Redis Cluster/Consistent Hash, Kafka partitioning.

2) Balanslash modellari va algoritmlari

Round-Robin (RR): oddiy bir tekis.
Least Connections (LC): uzoq konnektlar uchun yaxshi (WS, gRPC).
Least Request/Power-of-Two (P2C): ikkita tasodifiy qiyoslash - yaxshi muvozanat tezligi/sifati.
Weighted RR/LC: canary/« issiq »noodlar uchun og’irliklar.
Consistent Hashing (CH): jadvalsiz sessiya yopishqoqligi (cart, Redis).
Maglev/Flow-hash: flappingga chidamli tezkor L3/L4 distributsiyasi.
Latency-aware: p50/p95.
EWMA: kechikishlar tarixini hisobga oladi.

Tavsiya: L7 uchun andoza P2C (least-request); stateful/kesh uchun - consistent hash; для WS/gRPC — least-connections.

3) Apstrimlarning salomatligi: tekshirish va «ko’chirish»

Health-checks: TCP, HTTP 200/匹配 тела, gRPC status; oraliqlar/taymautlar/xato chegarasi.
Outlier Ejection: «shovqinli» instansiyalarni avto- istisno qilish (consecutive-5xx, success-rate-ejection).
Slow-start & warmup: yangi instansiyalarni yumshoq kiritish (asta-sekin vazn o’sishi).

Connection draining: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

4) Sessiyalar va yopishqoqlik (stickiness)

Cookie-stickiness (L7): `Set-Cookie: lb=<id>; SameSite; Secure`.
’hash (userId’ sessionId’cartId)’kaliti boʻyicha CH.
IP-hash - faqat yopiq tarmoqlarda (NAT buzadi).
TTL yopishqoqlik + nod eviksiyasida fallback.
Muhimi: yopishqoqlik ehtiyojini kamaytiring → holatni suddan tashqarida saqlang (Redis/DB/JWT).

5) Global balanslash (GTM/GSLB)

Anycast + health-probe: bitta IP, eng yaqin PoP trafigi; avtomatik feylover.
GeoDNS/Latency-DNS: geo/kechikish boʻyicha javob.
Mintaqaviy klastyerlar: «rezidentlar ma’lumotlari» mintaqada qoladi (GDPR); replikatsiyali mintaqalararo failover.
Siyosat: geo-bloklar, hisob/token bo’yicha «stikeregion».

6) Bayonnomalar va o’ziga xos xususiyatlar

HTTP/2: multipleks, ustuvorliklar; Bizga yangi rejimga malakali connection-pool kerak.
gRPC: uzoq umr ko’radigan oqimlar → least-connections, agressiv health-checks.
WebSocket/SSE: yopishqoqlik, katta idle-taymautlar, TCP keep-alive.
QUIC/HTTP/3: tez boshlash, yo’qotishga chidamlilik; MTU/path-MTUni kuzatib boring.
TLS-termination/mTLS: edge/L7-LB terminlash; ichkariga - mTLS/identity (SPIFFE).

7) Qayta yuklashdan himoya qilish (overload control)

Rate-limit: per-IP, per-key, per-route; burst+sustain.
Adaptive Concurrency (Envoy): bir vaqtning oʻzida soʻrovlarning dinamik chegarasi.
Queue/Surge-buffer: halol rad etish bilan cheklangan navbat oʻlchami 503.
Hedging/Parallel racing: sekin so’rovlarni takrorlash (faqat idempotent).
Timeout budget: alohida connect/read/write.
Backpressure:’503 + Retry-After’, jitter bilan mijozlarning eksponensial retralari.
Slow-loris himoyasi: oʻqish/yozish vaqtlari, minimal tezlik.

8) Relizlar va trafik-menejment

Canary (weighted): 1–5–10–25–50–100% с guardrails (p95, 5xx, timeouts).
Blue-Green: tezkor svitch, orqaga qaytish - DNS/LB.
Shadow/Mirror: javobga ta’sir qilmaydigan so’rovlar nusxasi; PII niqoblash.
Header/Claim-routing: `X-Canary: 1` или `JWT. claims. region/role`.

9) Avtoskeyling va drenaj

HPA/ASG по CPU+RPS+p95+queue-depth.
PreStop hook: tugashini kutish.
Warm pool/instance reuse: sovuqni qisqartirish.
Capacity planning: maqsadli’utilization 60-70%’da p95 me’yorda.

10) Kuzatuv va SLO

LB metrikasi: RPS, p50/p95/p99, 4xx/5xx, open-connections, queue-len, ejections, retries, hit-ratio kesh.
Treysing:’traceparent/x-request-id’orqali LB → servislar → DB.
Loglar: strukturali, PII/PAN niqoblari, apstrimli korelatsiya.
Yo’nalish bo’yicha SLO: masalan,’latency p95 ≤ 300 ms’,’availability ≥ 99. 9%`, `5xx ≤ 0. 5%`.
Alertlar: og’ishlar bo’yicha (burn-rate SLO, ejection ko’tarilishi, o’sish 5xx/timeout).

11) Ma’lumotlar va keshlarni balanslash

• Read/Write split (ProxySQL/pgpool) + read-replicas; sticky-txn.
• Failover: RPO = 0 uchun sinxron nusxa (qimmatroq).

• Redis Cluster + hash-slot; sessiyalar uchun - CH; taymautlar/Retryable errors.

• Partitioning va consumer-groups orqali balans; HTTP-LB bilan adashtirmaslik.
• Object Storage (S3/MinIO): multi-region failover через GSLB/replication.

12) K8s va bulutli LB

Service (ClusterIP/NodePort/LoadBalancer) - asosiy L4.
Ingress/Gateway API - L7-marshrutlash, kanar vazni, TLS.
AWS: NLB (L4, yuqori ruxsatnoma), ALB (L7, WAF, sticky, header-routing).
GCP: Global LB (L7/HTTP(S) с Anycast), TCP/UDP proxy LB.
Azure: Front Door (global), Application Gateway (L7), Load Balancer (L4).

13) Konfiguratsiya namunalari

13. 1 NGINX (L7, least_conn, sticky, canary)

nginx upstream api_pool {
least_conn;
server api-1:8080 max_fails=3 fail_timeout=10s;
server api-2:8080 max_fails=3 fail_timeout=10s;
sticky cookie lb_id expires=30m path=/ secure httponly;
}

map $http_x_canary $dst {
default api_pool;
1    canary_pool;
}

upstream canary_pool {
least_conn;
server api-canary:8080 weight=1;
}

server {
listen 443 ssl http2;
location /api/ {
proxy_read_timeout 5s;
proxy_connect_timeout 1s;
proxy_set_header X-Request-Id $request_id;
proxy_pass http://$dst;
}
}

13. 2 HAProxy (P2C, health, slowstart, stick-table)

haproxy backend api balance leastconn option httpchk GET /health default-server inter 3s fall 3 rise 2 slowstart 10s server s1 10. 0. 0. 11:8080 check server s2 10. 0. 0. 12:8080 check stick-table type ip size 100k expire 30m http-request track-sc0 src rate limit per IP http-request deny deny_status 429 if { sc_http_req_rate(0) gt 50 }

13. 3 Envoy (P2C, outlier, retries, adaptive concurrency)

yaml load_assignment: {... }
lb_policy: LEAST_REQUEST least_request_lb_config: { choice_count: 2 }
outlier_detection:
consecutive_5xx: 5 interval: 5s base_ejection_time: 30s typed_extension_protocol_options:
envoy. extensions. filters. http. adaptive_concurrency. v3. AdaptiveConcurrency:
gradient_controller_config:
sample_aggregate_percentile: PERCENTILE_50 retry_policy:
retry_on: "5xx,reset,connect-failure"
num_retries: 2 per_try_timeout: 1s

13. 4 Kubernetes (Gateway API, weighted canary)

yaml apiVersion: gateway. networking. k8s. io/v1 kind: HTTPRoute spec:
rules:
- matches: [{ path: { type: PathPrefix, value: /api }}]
backendRefs:
- name: api-v1 weight: 90 port: 8080
- name: api-v2-canary weight: 10 port: 8080

14) Chek-varaqlar

LB/marshrutni chiqarishdan oldin

• Algoritm trafikning turi uchun tanlangan (P2C/LC/CH).
• Health-checks va ejection chegaralari sozlangan.
• Slow-start, warmup, connection-drain kiritilgan.
• TLS/mTLS, HSTS, xavfsiz shifrlar; HTTP/2/3 zarurat bo’lganda.
• Faqat kerak bo’lganda Sticky/CH; TTL и fallback.
• Rate-limit/burst, timeouts, retry-budget, adaptive concurrency.
• Logi/treyslar:’trace-id’tashlanadi; PII niqoblash.
• SLO/alertlar p95/5xx/eleksiya/queue-len.
• Kanar vazni + orqaga qaytish rejasi; shadow katta oʻzgarishlarda.

To’lov/komplayens-yo’nalishlar uchun

• POST idempotentligi (Idempotency-Key).
• PSP orasidagi failover; tekshirish usuli.
• Xato kodlari normallashtirilgan; ETA/mijoz uchun sabablar.

DB/kesh uchun

• RW-split/replikalar; taymautlar, tarmoq retry-lari.
• CH/slot-hash Redis uchun; «issiq kalitlardan» himoya qilish.
• Kechikishlar va replication-lag monitoringi.

15) Sifat metrikasi (minimal)

Latency p50/p95/p99 yo’nalishlar/usullar bo’yicha.
Error rate 4xx/5xx, timeout/overflow.
Open/active connections, queue depth, retry count.
Outlier ejections va sabablari.
Sticky hit-ratio / cache hit-ratio.
GSLB: mintaqaviy taqsimot, fayllar, PoP foydalanish imkoniyati.

16) Anti-patternlar

Bitta monolit LB zaxirasiz.
Sticky-sessiyalar «hamma narsaga», holatni olib tashlash o’rniga.
Global cheksiz navbatlar (muammoni yashiradi, p99 ni o’stiradi).
Jitter/budjetsiz retraylar - so’rovlar «bo’roni».
Ishonchli proksilar roʻyxatisiz’X-Forwarded-For’ishonchi.
Deplolarda drain yoʻqligi → WS/gRPC uzilishlari.
Avtoskeylda long-lived konnektlarini hisobga olmaslik.

17) iGaming-spetsifikasi

Piki va turnirlar: ma’lumotnoma/listinglarda micro-cache (1-5 s), avto-skeyl navbat bilan.
Hayot o’yinlari/oqimlari: Uzoq konnektlar uchun LC, eng yaqin PoP ustuvorligi.
To’lovlar: geo/valyuta/summa/provayder bo’yicha yo’naltirish; qat’iy taymautlar va idempotentlik.
Mas’uliyatli o’yin va komplayens: chegara/blokirovka so’rovlarini buzilganda ham o’tkazib yuborish (siyosat bo’yicha fail-open/close).

18) Joriy etish jarayoni (4 ta sprint)

1. Trafik xaritasi: protokollar, p95/p99 yuklamalari, kritik yo’nalishlar.
2. LB konfiguratsiyasi: algoritmlar, health/outlier, TLS, limitlar/taymautlar, observability.
3. GSLB/Edge: Anycast/GeoDNS, PoP-xelscheklar, mintaqaviy maʼlumotlar siyosati.
4. Reliz-strategiya: canary/shadow, SLO-alertlar, avtoskeyl + drain, hodisadan keyingi tahlil.

Yakuniy shpargalka

Algoritmni trafikning turi (P2C/LC/CH) va davomiyligi uchun tanlang.
Sog’lom bo’ling: health-checks + outlier + slow-start + drain.
Eng yuqori yuklamani boshqaring: rate-limit, adaptive concurrency, muvaffaqiyatsiz navbatlar.
Global foydalanish uchun GSLB/Anycast dasturidan foydalaning.
Kuzatuv va SLO - majburiy; relizlar - qaytarish rejasi bilan canary/shadow orqali.
Mumkin bo’lganda, LB dan instantsiyalardagi sessiyalarni va yopishqoqlikni olib tashlang.