GraphQL- Apollo Federation

So far we have talked about the basics of GraphQL and how a simple client-server architecture will work. But when we talk about enterprise-level, we often deal with multiple backend services fulfilling different purposes. A federated GraphQL helps us implement GraphQL in a manner that queries can be executed on multiple backend services. Apollo federation is a set of tools to help us compose multiple GraphQL schemas declaratively into a single data graph.

image source- https://www.apollographql.com/docs/federation/

The image above how Apollo helps club data from different services to be served from a single gateway.

Before getting into details of Federation, let’s take a look at libraries provided by Apollo

  • @apollo/federation provides primitives that your implementing services use to make their individual GraphQL schemas composable.
  • @apollo/gateway enables you to set up an instance of Apollo Server as a gateway that distributes incoming GraphQL operations across one or more implementing services.

And of course, you need Apollo Server for gateway and each of the implementing services we have.

Let us understand some core concepts here

Entities

“In Apollo Federation, an entity is an object type that you define canonically in one implementing service and can then reference and extend in other implementing services. Entities are the core building block of a federated graph.”

Any object can be declared as an entity by adding @key, which defines the primary key for the entity.

type Product @key(fields: "upc") {  upc: String!
  name: String!
  price: Int
}

An entity defined in a service can then be referenced in another service.

type Review {
  product: Product
}

# This is a "stub" of the Product entity (see below)
extend type Product @key(fields: "upc") {
  upc: String! @external
}
  • Note that the “extend” keyword highlights that the entity is implemented somewhere else.
  • The @key directive indicates that Product uses the upc field as its primary key
  • The upc field must be included in the stub because it is part of the specified @key. It also must be annotated with the @external

Resolving

Now the review service needs to have a resolver for product.

{
  Review: {
    product(review) {
      return { __typename: "Product", upc: review.upc };
    }
  }
}

Resolver in review returns representation of product entity. A representation requires only an explicit __typename definition and values for the entity’s primary key fields.

Product service need to define a reference resolver

{
  Product: {
    __resolveReference(reference) {
      return fetchProductByUPC(reference.upc);
    }
  }
}

Extending

While referencing the entity from other services, this service can add fields to the entity. The original service need not be aware of added fields.

extend type Product @key(fields: "upc") {
  upc: String! @external
  reviews: [Review]
}

Whenever a service extends an entity with a new field, it is also responsible for resolving the field.

{
  Product: {
    reviews(product) {
      return fetchReviewsForProduct(product.upc);
    }
  }
}

Further readings: https://www.apollographql.com/docs/federation/

Disclaimer: This post was originally posted by me in the cloud community – https://cloudyforsure.com/graphql/graphql-apollo-federation/

Decision Making Under Certainty

There can be cases where we have all the needed data is available, and we need to make decisions such that a given objective is achieved in the best possible manner while satisfying conditions imposed.

To understand the concept let’s take the problem of optimizing resource utilization and maximizing profit, where we have all the details on how much resources are being used by the products. Say in a factory, we are building 2 products, Product A and B. The Factory has 4 units. Product A generates 30000 in profit and manufacturing needs 1 hr in unit 1, 2 hr in unit 2, and 2 hr in unit 3. For product-B, it generates 50000 in profit and its manufacturing needs 2 hr in unit 1, 2 hr in unit 2, and 3 hrs in unit 4. As given constraints, we know that unit 1 can operate 4000 hrs, unit 2 can operate 6000 hrs, unit 3 can operate 5000 hrs and unit 4 can operate 4500 hrs in a month.

To solve this problem, we are going to use the Simplex Linear Programming method. This is available off the shelf in Microsoft Excel, so we will set up the data in an excel sheet.

Simplex LP

Let’s try to understand the data here before moving ahead. We have added data for Product A and B, Profit data for per unit, units manufactures is just a placeholder for now, and then we have given the number of hours spent in each unit by both the products.

Column E2 has total profit, i.e. number of units for product A * per unit profit product A + number of units for product B * per unit profit product B or =SUMPRODUCT(B2:C2, B3:C3)

Column E5 to E8 is also dynamically calculated. For example, E5 has Time spent by product A in unit 1 * units manufactured Product A + Time spent by product B in unit 1 * units manufactured Product B or B5 * B3+ C5 *C3. Similarly, E6,7 and 8 are calculated.

Once we have an excel setup, the next steps are easy. Go to Data -> Solver -> Object (choose column E2 where we calculate total profit) -> For “To”, let the default max be selected as we want to maximize profit -> For Changing variable cells choose B3 and C3 where we have units manufactured for A and B -> Add constraints by selecting Hours available cell reference i.e. from E5 to E8 is <= G5 to G8 (constraints can be added one by one or in one go when the comparison is same i.e. in this case <=) -> Choose Solving method as Simplex LP.

When you click on solve, you will get an optimal solution

The solution says that we should produce 2000 units of product A and 1000 units of product B with a maximized profit of 110000000.

Now there can be situations like due to some operational issue we lost 100 hrs in unit 1 or there is a way we can borrow 100 hours for unit 2 from another factory, what is the impact on our profit. Or say due to change in market dynamics product A can give a profit of 40K instead of 30 K. An valuable tool to look at all the related data is sensitivity analysis. When we clicked solve button on Solver, we are given an option to generate a sensitivity analysis report.

The generated report looks like

sensitivity analysis

The upper 2 rows here talk about 2 products. So coming back to our question, that if instead of 30K, we get a profit of 40K from product A, shall that change my product mix. The report says that there is no impact on product mix for increase by 20 K or decreases by 5K, or in other words, product A profit can range from 25K to 50K and current product mix remains valid. Similarly for Product B, the profit range is 30K to 60K. Any change beyond this will need us to recalculate the analysis.

Coming to Constraint data, shadow price indicates that each hour in the current unit has this much impact. For example, if we can increase unit one capacity by one hour, from 4000 to 4001, we can increase our profit by 20K, so getting extra 100 hours will result in 2000K, and reduction by 100 hours will have the same negative impact on profit. The range of increase and decrease of 500 each says that the calculation is valid till this range, so if we say unit one can get more than 500 hours, we will need to recalculate the values as the current calculation will no more hold good.

Hypothesis Testing for Decision Making

In the last post. when I talked about Sampling and Estimation, we discussed P-Value in regression analysis and how this should be less than our error threshold α (alpha). We will understand what is this α value and how we get this while understanding the hypothesis testing.

Hypothesis testing is all about coming up with a hypothesis and figure out if should reject or not. The two components we have here are

  • Null Hypothesis or H0
  • Alternate Hypothesis or H1

Conditiions

  1. Together the two hypotheses should cover all possible outcomes
  2. The two hypotheses should be mutually exclusive.

α is the tolerance level or level of accepting the error. so we can say

P-Value or Probability of current outcome <= α [Reject H0]
P-Value or Probability of current outcome > α [Do not Reject H0]

Reject H0Do not Reject H0
H0 is TrueType 1 ErrorOK
H0 is FalseOKType 2 Error
Hypothesis testing

α is Probability of Type 1 Error.

Let’s take an example, the judiciary system says “innocent till proven guilty”. So consider this as the null hypothesis

H0 Person is innocent (we need to reject this to prove the person is guilty)
H1 Person is guilty

Type 1 Error: Person is innocent but is treated guilty (we target to minimize this)
Type 2 Error: Person is guilty but is treated innocent

Sampling and Estimation

An important tool for decision-making is sampling and estimation. For any promotional campaign, new product launch strategy, marketing ad campaign, etc. companies need to understand their customer behavior. Sampling and estimation is a strong tool to analyze the customer’s data, for example, say a supermarket company wants to understand how profitable is an online customer vs an offline customer. Rather than going through data for all the customers a random sample is taken and analyzed.

Sample Data snapshot

Data Analysis: Let’s say we are able to calculate following data

Sample Size: 14998
Profit for Sample: 1665295
Average: 111.03
Standard Deviation: 275.30

Similarly we can find data for Online vs Offline Customers

Online Customers

Sample Size: 3830
Profit for Sample: 448509
Average: 117.13
Standard Deviation: 283.91

Offline Customers

Sample Size: 11168
Profit for Sample: 1216786
Average: 108.94
Standard Deviation: 272.27

Point Estimates vs Interval Estimates

The above estimate that we have done is a form of a point estimate as we are trying to find an average point and use it as an estimator for the population. For example, we have an average profit estimate for online customers is 117.13. But it is highly unlikely that an online customer’s profit is actually 117.13. So we try to find a range or interval in which the profit is likely to fall. An important aspect of such an analysis is how confident are we with our range. Normally such an analysis is done for confidence levels at 90%, 95% (mostly used), and 99%.

90% Confident Interval (CI) = (sample mean – 1.645* SD/√sample size, sample
mean + 1.645* SD/√sample size)

95% Confident Interval = (sample mean – 1.96* SD/√sample size, sample
mean + 1.96* SD/√sample size)

99% Confident Interval = (sample mean – 2.576* SD/√sample size, sample
mean + 2.576* SD/√sample size)

Let’s solve for online customers CI level 95%

117.13 – 1.96*275.30/√3830 , 117.13 + 1.96*275.30/√3830

108.41, 125.84

Simple Regression Analysis

An important tool for analysis is simple regression, where we try to predict a dependent variable based on the value of the independent variable. The equation would look like

y = mx + c

You might recognize this equation as an equation for a line in the 2D plane. So basically we try to plot all the points on the 2D plane and try to figure out a pattern.

y is the dependent variable
x is the independent variable
m is slope
c is intercept

To solve this, Microsoft Excel provide us off the shelf tool for Regression.

Go to Data-> Data Analysis -> Select Regression -> For Y range choose Profit Column -> For X Range choose Online/ Offline Column -> Select Labels checkbox as we have selected header row as well -> Let confidence level default and press OK

Output of Simple regression is

Important values to note here is coefficients, which we can substitute in our equation

y = mx + c
c= 108.94
m = 8.19

x can be online or offline in our case we have values 0 or 1

so for online (x=1) customers, equation resolves to

Profit for online customers = 8.19 * 1 + 108.94 = 117.13

Profit for offline customers = 8.19 * 0 + 108.94 = 108.94

This is ins sync with our earlier calculations.

An important value to note here is P-value. A higher P-value indicates the probability of error in the current analysis. We define a threshold α (alpha), and we keep the p-value below this threshold. I will discuss hypothesis threshold α later, but for now, we can say that a value of 11 is a very high probability of error. So this indicates can we actually associate profit with online or offline parameters. Or are there other parameters that are playing a role?

To understand this, let’s introduce another factor “age” in calculations and solve using multiple regression.

Multiple Regression Analysis

Let’s say we introduce the age data to our excel, and the data is not absolute age but say range id (when you fill a form it gives you ranges 10-18, 19-24, and so on).

Sample Data

We will repeat the steps to calculate regression, just that this time we will select both online and age column for value of x

Multiple Regression

Once calculates, we will see values like

Multiple Regression

As we can see the P-value this time is very low, we can trust our analysis. We have multiple independent variables, so our equation will be like

y = m1x1 + m2x2 + c

or Profit = 27.181 * online + 25.85 * age + 17.080

We can substitute values and find the Profit, for example, we want to find profit for young people (age group 1)

Profit Online = 27.181 * 1 + 25.85 * 1 + 17.080 =70.03

Profit Offline = 27.181 * 0 + 25.85 * 1 + 17.080 =42.85

We can calculate profit for other age groups as well. We can conclude that both age and mode (online/offline) are playing a role in profit.

Decision Trees for Decision Making

We have talked about the basics of decision making and sensitivity analysis. Next, we will look into the usefulness of decision trees in process of decision making.

We will go back to our previous example where we are analyzing between 2 product prototypes, and have probabilities and outcomes available. We will represent the data in form of a decision tree and solve the problem.

Before getting into the problem, we need to understand the basic constituents of a decision tree.

Circular nodes: shows various outcomes, for making the decision we calculate the best option based on values of available outcomes and probability

Square Nodes: These are decision nodes, which shows various options available and we need to choose the best

While drawing the decision tree, we go from left to right, but when solving the tree, we go from right to left, calculating one layer at a time. Let’s go back to our example and see the decision tree in action.

Decision Tree

We start by creating a tree, mentioning all the options available and their outcomes in case the option is chosen. Then we start solving from right to left and update values for circular – outcome nodes (values in red). We move one step backward and at the decision node, the best option is chosen.

Sensitivity Analysis in Decision Making

A few days back I wrote about the basics of decision making. Next, we will look into Sensitivity analysis.

Sensitivity Analysis examines how our decision might change with different input data.

We will start with our previous example, where a company is trying to launch a product and they have the following options right now.

ALTERNATIVESUCCESS OUTCOMEFAILURE OUTCOME
Go with prototype 1200,000-180,000
Go with prototype 2100,000-20,000
Do nothing00
Decision/ Payoff Table

Let us say

P = Probability of a favourable market i.e. Success

(1-P) = Probability of unfavourable market i.e. failure

Sensitivity Analysis

EMV Prototype 1 = 200000P – 180000(1-P)
= 380000P – 180000

EMV Prototype 2 = 100000P – 20000(1-P)
= 120000P – 20000

EMV Do nothing = 0P – 0(1-P) = 0

sensitivity analysis

Point 1

EMV Do nothing = EMV Prototype 2
0 = 120000P – 20000
P = 20000/120000
P = 0.167

Point 2

EMV Prototype 2 = EMV Prototype 1
120000P – 20000 = 380000P – 180000
P = 160000/260000
P = 0.615

So based on sensitivity analysis we can conclude based on probability of success or favorable market P, that

Do nothing if P < 0.167
Go for prototype 1 if P>=0.167 and P<0.615
Go for Prototype 2 if P>= 0.615

WebSockets

A normal flow between client and server over HTTP connection is made of Requests and Responses.

HTTP communication

The client sends a response to the server and then the server sends back the response. Now there can be use cases where the server would have to send data to the client, for example, a chat application or a stock market tracker. In such scenarios, where the server needs to send data to the client at will, WebSocket communication protocol can solve the problem.

WebSocket provides full-duplex communication channels over a single TCP connection. Both HTTP and Websocket protocols are located at layer 7 in the OSI model and depend on TCP at layer 4.

Websocket Connections string looks like ws://some.example.com or for secured wss://some.example.com

To achieve the communication, the WebSocket handshake uses the HTTP Upgrade header to change from the HTTP protocol to the WebSocket protocol.

WebSocket handshake

  • The client sends a request for “upgrade”  as GET 1.1 upgrade
  • The server responds with 101- Switching protocols 

Once the connection is established, the communication is duplex, and both client and server and sent messages over the established connection.

Challenges with Websockets

  • Proxy is difficult at Layer 7. It will mean 2 levels of WebSocket connectivity, client to proxy and then proxy to backend.
  • Layer 7 load balancing is difficult due to the stateful nature of communication.
  • Scaling is tough due to its stateful nature. Moving the connection from one installed backend to another would mean resetting the connection.

Disclaimer: This post was originally posted by me in the cloud community –https://cloudyforsure.com/networking/websockets/

HTTP 1 vs 2 vs 3

For years, the Internet is powered by HTTP protocol helping millions of websites and applications deliver content. Let’s take a look at the journey of the HTTP protocol, its past, present, and future.

HTTP 1

The current version of the HTTP 1 protocol is actually HTTP 1.1. But let’s start with HTTP 1, which was a simple request-response protocol.

HTTP 1 flow

HTTP 1.1

As we can see in HTTP 1 implementation, one major problem was that connection needed to be established after each request. To solve this problem HTTP 1.1 came up with a keep-alive concept which helped to send multiple requests over a single connection. To achieve the speed, HTTP1.1 had 6 TCP connections behind the scenes instead of 1.

HTTP 2

Though HTTP 1.1 was much faster than HTTP 1, it had some problems, most importantly, it was not making use of TCP connection completely. Each connection was sending one request at a time. This problem was solved in HTTP 2 and multiple concurrent requests could be sent.

HTTP 2

To achieve this parallel request over a single HTTP connection, HTTP 2 uses the concept of streams. That is, each request being sent from the client has a unique stream id attached behind the scenes. This helps the client and server identify the calling and receiving endpoints. One can think of each stream as an independent channel for communication.

HTTP 3

One problem with HTTP 2 is that the streams we have defined are at the HTTP level. TCP is not aware of the concept and is just sending packets at a lower layer. So if there are 4 independent requests sent using 4 different streams, and even if a single packet for any of the requests is lost in the communication, the backend server will keep waiting for the packet and all 4 requests will wait.

HTTP 3 plans to solve this problem by implementing HTTP over QUIC instead of TCP. QUIC too has the concept of streams inbuilt, so in the above-mentioned scenario, when one packet is lost for one request out of 4, only one stream is impacted and response for the other 3 requests will be successfully served.

Disclaimer: This post was originally posted by me in the cloud community –https://cloudyforsure.com/networking/http-1-vs-2-vs-3/

Decision Making – Fundamentals

What is a good decision?

A good decision is based on logic, consider all available data and possible alternatives, and is obtained through rational analysis of data and alternatives.

Does a good decision always result in favorable outcome?

No. Remember, at times good decisions can fail and bad decisions can be a success.

Steps in Decision making

  1. Clearly define the problem: Do we understand the problem or stuck at symptoms?
  2. List the possible alternatives: What options are available? Doing nothing is also an alternative.
  3. Identify the possible outcomes (or states of nature): What outcomes are possible for the alternatives figured out in step 2? Identify each outcome, positive or negative.
  4. List the payoff or profit of each combination of alternatives and outcomes: Create a matrix for each alternative + outcome combination, and figure out payoff.
  5. Select one of the decision theory models
  6. Apply the model and make your decision

Let’s say a book company is planning to launch an ebook reader (like Kindle). they have 2 prototypes currently in RnD.

Problem statement: Come up with a ebook reader which can boost sales for ebooks.

  • Alternative 1: Launch Prototype 1
  • Alternative 2: Launch Prototype 2
  • Alternative 3: Do not launch a product

Now say for each alternatives we can have various outcomes

  • Huge Success (Sales above 100K in a quarter)
  • Moderate Success
  • Failure

After this we will analyze each combination of payoffs, for example

Alternative 1 (Prototype 1) + Outcome 1 (Huge Success) = Payoff (Profit 200K, selling 100K readers)

Similarly a matrix is created for each combination possible,.

Before making a decision, one needs to take into account the Risk-taking ability of the person or organization. We can divide risk nature into

  • Risk Averese
  • Risk Nuetral
  • Risk Lovers

Also, the risk appetite will change based on the risk involved, for example, for someone earning 100K, a risk of 1K is low, but when the same risk becomes high when it involves 200K.

In addition, one also needs to take Decision making environment into consideration

Decision making Environments

  1. Decision making under certainty: Decision-maker knows with certainty the consequences of every alternative
  2. Decision making under uncertainty: decision-maker does not know probabilities of various outcomes
  3. Decision-making under risk: Decision-maker knows the probabilities of various outcomes.

In short, when a company needs to make a decision, it will start from a decision under an uncertainty position, and try to move to the decision under risk by associating some probabilities to the outcomes based on past experience or market research. When the probability is straight 1 or 0, it is a decision under certainty, which is almost never possible.

Let’s go back to our previous example, and make it simple with just 2 outcomes, and based on past experience company can predict a 50-50 chance of success or failure.

AlternativeSuccess OutcomeFailure Outcome
Go with prototype 1200,000-180,000
Go with prototype 2100,000-20,000
Do nothing00
Decision/ Payoff Table

So considering this a Decision under risk scenario, we use a popular method called Expected Monetary Value, to evaluate the alternatives.

EMV or Expected Monitory Value (alternative i) = (payoff of first outcome) * (probability of first outcome) + (payoff of second outcome) * (probability of second outcome) + ….. +(payoff of Nth outcome) * (probability of Nth outcome)

Going back to our use case, we can say

EMV for prototype 1: (0.5)*(200,000) + (0.5) *(-180,000) = 10,000

EMV for prototype 2: (0.5)*(100,000) + (0.5) *( -20,000)=40,000

EMV for Do nothing: (0.5)*0 + (0.5)*0= 0

So based on our analysis, we can see prototype 2 has the largest EMV and is the best option to go under current circumstances.

GraphQL- Security

We have covered GraphQL Basics, GraphQL Schema, and GraphQL Architecture. Another important aspect one needs to consider is security. Here we will talk about some of the basic concepts on techniques that can be used to implement GraphQL security.

Timeouts: First and most basic strategy is to implement timeouts. It is easy to implement at the server level and can save one from malformed, complex, and time-consuming queries.

Maximum Query Depth: It is easy for a client to create a complex query with deep relation or at times cyclic relation. One needs to set up a limit on the maximum depth we are supporting.

query{
   me{ #Depth 1
      friend{ #Depth 2
         friend{ #Depth 3
            friend{ #Depth 4
               #this could go on

Complexity: Another way to control query executions to have a complexity limit for queries that can be executed. By default, every query is given a default one complexity.

query {
author(id: "abc") { # complexity: 1
  posts {           # complexity: 1
    title           # complexity: 1
   }
  }
}

The above query will fail if we set the max complexity for the schema to 2. We can also update default complexity for a query, for example, if we feel posts query should have a complexity of 5, we can do that.

Throttling: Another aspect to control clients from overloading the server is throttling. GraphQL normally suggests two types of throttling, server time based and complexity based. In server time-based throttling, each client can be given a limit of time it can use on the server, mostly based on the leaky bucket strategy where time will get added if you are not using the server. The complexity-based throttling poses a limit of maximum complexity that a client can execute, for example, if the limit is 10, and the client sends 4 queries with complexity 3 each, one would be rejected.

Disclaimer: This post was originally posted by me in the cloud community –https://cloudyforsure.com/graphql/graphql-security/