feat(internal): implement Bigtable specific channel pool optimizations

[sushanb]

1. The hot path (selecting a connection for an RPC) is highly optimized for performance. as The list of connections is stored in an atomic.Value, and load counters are managed with atomic operations
2. The pool automatically detects and evicts the single worst-performing unhealthy connection at a regular interval.
3. If the percentage of unhealthy connections exceeds a high-water mark (PoolwideBadThreshPercent), all evictions are suspended to avoid overwhelming the system during a wider service degradation.
4. Evictions are rate-limited by a minimum interval (MinEvictionInterval) to ensure stability.
5. A ChannelHealthMonitor runs in the background, periodically probing each connection in the pool.
6. Probes are performed by sending a PingAndWarm RPC to the Bigtable backend, verifying end-to-end connectivity.
7. Connection health is evaluated based on the percentage of failed probes over a sliding time window (WindowDuration). A connection is marked unhealthy if its failure rate exceeds a configurable threshold (FailurePercentThresh).

[gemini-code-assist]

Summary of Changes

Hello @sushanb, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a comprehensive health checking and self-healing mechanism for the Bigtable gRPC connection pool. The primary goal is to enhance the reliability and performance of the client by proactively identifying and replacing unhealthy connections. This ensures that requests are consistently routed to functional channels, improving overall service stability and responsiveness.

Highlights

• Enhanced gRPC Channel Health Checking: Implemented a robust health monitoring system for Bigtable gRPC connections, utilizing periodic Prime() RPCs (which internally call PingAndWarm) to verify end-to-end connectivity.
• Intelligent Unhealthy Connection Eviction: The connection pool now automatically detects and evicts the single worst-performing unhealthy connection at regular intervals, based on a configurable failure rate over a sliding time window.
• Circuit Breaker for Pool Stability: A circuit breaker mechanism is introduced to suspend evictions if a high percentage of connections are unhealthy, preventing cascading failures during widespread service degradation.
• Improved Connection Management: The internal BigtableChannelPool now uses atomic.Value to store connection entries (connEntry), which encapsulate the BigtableConn (a wrapper around grpc.ClientConn), its load, and its health state, allowing for efficient and thread-safe updates.
• Configurable Logging: Added a Logger option to the Bigtable client and connection pool, along with debug logging utilities, to provide better visibility into connection health and pool operations.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a sophisticated health checking mechanism for the gRPC connection pool, which is a great feature for improving the client's resilience. The implementation includes periodic probing of connections using PingAndWarm RPCs, tracking health over a sliding window, and evicting unhealthy connections. My review focuses on a few areas for improvement, including addressing TODOs for performance and correctness (like parallel dialing and graceful connection draining), and restoring test coverage that was reduced during refactoring. Addressing these points will make the implementation more robust and reliable.

[sushanb]

FYI. i have a TODO to make DynamicChannelScaleup, MetricsExporter, HealthChecker all part of BackgroundProcess interface.

[nimf]

Few high-level comments from the first pass:

1. Concurrent scaling down and picking a connection.
   There is a chance that while selectFunc picks a connection to send RPC to, the connection may be closed by removeConnections. The RPC will be refused immediately on a closed connection. We should have some protection or workaround here.
2. Concurrent scaling and eviction.
   While this doesn't crash anything it can still bring surprising edge cases. For example, there is a small chance that the pool can scale up/down while detectAndEvictUnhealthy is picking an index of a channel to evict. As the detectAndEvictUnhealthy works with a snapshot of channels prior to scaling event, the index it passes to replaceConnection may point to a "good" channel.
   Maybe we should pass a pointer to a channel instead, or restrict running scaling and eviction at the same time.
3. It feels like ChannelHealthMonitor and DynamicScaleMonitor should live in their own files (maybe same package though).

[sushanb]

Few high-level comments from the first pass:

1. Concurrent scaling down and picking a connection.
   There is a chance that while selectFunc picks a connection to send RPC to, the connection may be closed by removeConnections. The RPC will be refused immediately on a closed connection. We should have some protection or workaround here.

I added a drainingState atomic.Bool in connEntry.
We avoid choosing a conn in drainState and actively wait for a period of time for the load on the chosen conn to evict to be zero and Close() it. Close() is thread safe so can be called multiple times on conn.

2. Concurrent scaling and eviction.
   While this doesn't crash anything it can still bring surprising edge cases. For example, there is a small chance that the pool can scale up/down while detectAndEvictUnhealthy is picking an index of a channel to evict. As the detectAndEvictUnhealthy works with a snapshot of channels prior to scaling event, the index it passes to replaceConnection may point to a "good" channel.

replaceConnection takes the actual conn pointer rather than index which avoids this bug. Thanks for finding the bug.

Maybe we should pass a pointer to a channel instead, or restrict running scaling and eviction at the same time.
3. It feels like ChannelHealthMonitor and DynamicScaleMonitor should live in their own files (maybe same package though).

Will refactor.

[nimf]

Comments from the second pass.

[nimf]

No action needed. But for the next time:
This test file's diff on GitHub is pretty hard to review, because it shows as if functions were replaced but they are not. I got a much saner diff locally using --diff-algorithm=patience but that's extra moves/efforts.
Maybe better to keep comments like this, because then the diff algorithm would have additional "anchors" to produce more readable diff.

[nimf]

why are we removing this check?

[nimf]

no action needed, just some thoughts for future improvements. Here and everywhere in the tests where we use time.Sleep or wait for some goroutine to do its job -- such tests are usually prone to flakiness, so we should consider starting using testing/synctest package.

[nimf]

Suggested change

	if fake.getPingCount() < 1 {
	if fake.getPingCount() < 5 {

[nimf]

If the filename is not ending with _test.go this will be included in build, right? I suppose we don't want that.

[nimf]

This will roughly create new channel for every concurrent RPC. Should we have a more reasonable default here? targetLoad of 0 could be only when both AvgLoadLowThreshold and AvgLoadHighThreshold are zero which seems like a misconfiguration.

[nimf]

Suggested change

	t.Fatal("Could not find ChannelHealthMonitor in pool")
	t.Fatal("Could not find DynamicScaleMonitor in pool")

[nimf]

Suggested change

	t.Fatal("Could not find ChannelHealthMonitor in pool")
	t.Fatal("Could not find DynamicScaleMonitor in pool")

[nimf]

Do we still use this?

[nimf]

RPCs and errors are integers. Why do we need this histograms as floats?

[nimf]

BTW, can this be atomic.Pointer[[]*connEntry] ? Then we won't need to typecast.

[mutianf]

only looked at connpool.go and had some questions.

[mutianf]

nit: is it possible to pass in default channel pool size in one place?

[mutianf]

Are we exposing any of these for customers to tune?

[mutianf]

1 second seems long. lets make this consistent with Java? the probe deadline is 500 ms

[mutianf]

This seems short, maybe lets make it consistent with java as well which is 10 minutes ?

[mutianf]

just double checking, this will set the x-goog-request-params header right?

[mutianf]

when will poolctx be done?

[mutianf]

Suggested change

	recordEviction() // Record eviction time *before* replacing. // Record eviction time *before* replacing.
	recordEviction() // Record eviction time *before* replacing.

[mutianf]

will this ever happen? wouldn't oldEntry.markAsDraining() means it should already be drained by smoething else?

[mutianf]

This is already done on line 589?

[mutianf]

if the prime request failed does the connection get added to the pool?

[mutianf]

is this the same as the java metric? The buckets should be consistent.