> When I think about minimising blast radius, I immediately think of bulkheads
This is an excellent model to have for high-reliability work. There are going to be failures, so the design should provide means of containing the failures.
The paper is also good at recognising the risk of cascade failures in failover systems, where a single excessive load causes a failure - but the process of trying to move the load elsewhere also becomes overloaded.
This is an excellent model to have for high-reliability work. There are going to be failures, so the design should provide means of containing the failures.
The paper is also good at recognising the risk of cascade failures in failover systems, where a single excessive load causes a failure - but the process of trying to move the load elsewhere also becomes overloaded.