--- id: wiki-2026-0508-비기능-요구사항-non-functional-requirem title: 비기능 요구사항 (Non-functional Requirements) category: 10_Wiki/Topics status: verified canonical_id: self aliases: [NFR, Non-functional Requirements, Quality Attributes, -ilities] duplicate_of: none source_trust_level: A confidence_score: 0.9 verification_status: applied tags: [architecture, requirements, quality-attributes, nfr, sre] raw_sources: [] last_reinforced: 2026-05-10 github_commit: pending tech_stack: language: YAML/SQL framework: SLO frameworks (Google SRE) --- # 비기능 요구사항 (Non-functional Requirements, NFRs) ## 매 한 줄 > **"매 NFR은 시스템이 *어떻게* 동작해야 하는가의 명세이며 매 architecture는 NFR 의 함수다"**. 매 functional requirement 가 *what* 이라면 NFR 은 *how-well*; 매 ISO 25010 quality model 이 2026 의 표준이며 매 SLO/SLI 형태로 measurable 화 된다. ## 매 핵심 ### 매 ISO/IEC 25010 quality attributes - **Performance efficiency**: time behaviour, resource utilization, capacity. - **Reliability**: availability, fault tolerance, recoverability, maturity. - **Security**: confidentiality, integrity, non-repudiation, authenticity, accountability. - **Maintainability**: modularity, reusability, analyzability, modifiability, testability. - **Portability**: adaptability, installability, replaceability. - **Compatibility**: co-existence, interoperability. - **Usability**: learnability, operability, accessibility. - **Functional suitability**: completeness, correctness, appropriateness. ### 매 measurable 화 - **SLI**: 매 service-level indicator (latency p99, error rate, availability ratio). - **SLO**: 매 service-level objective (99.9% over 30d, p99 < 250ms). - **SLA**: 매 contract with consequences (penalty, refund). - **Error budget**: 매 1 - SLO; 매 deploy/feature freeze trigger. ### 매 응용 1. 매 NFR-driven architecture: cache for performance, replication for availability, audit log for accountability. 2. 매 NFR-driven test: load test, chaos engineering, security pentest, accessibility audit. 3. 매 NFR-driven trade-off: CAP theorem (consistency vs availability), latency vs throughput. ## 💻 패턴 ### NFR specification (FURPS+) ```yaml nfr: performance: latency_p99_ms: 250 throughput_rps: 1000 cpu_utilization_max: 0.7 availability: slo: 99.95 measurement_window: 30d error_budget_min_per_quarter: 0.001 security: auth: OAuth2 + PKCE transport: TLS 1.3 only data_at_rest: AES-256-GCM audit_log_retention: 7y scalability: horizontal: 10x peak in 5min observability: log_format: JSON, OpenTelemetry trace_sampling: 0.1 ``` ### SLO definition (Prometheus) ```yaml - alert: APILatencyBudgetBurn expr: | ( histogram_quantile(0.99, sum(rate(http_request_duration_seconds_bucket{job="api"}[5m])) by (le)) > 0.25 ) for: 10m annotations: summary: p99 latency exceeds 250ms SLO ``` ### Multi-burn-rate alert ```yaml # Google SRE multi-window multi-burn-rate - alert: ErrorBudgetFastBurn expr: | ( sum(rate(http_requests_total{status=~"5.."}[1h])) / sum(rate(http_requests_total[1h])) ) > (14.4 * (1 - 0.999)) AND ( sum(rate(http_requests_total{status=~"5.."}[5m])) / sum(rate(http_requests_total[5m])) ) > (14.4 * (1 - 0.999)) ``` ### Performance budget (frontend) ```javascript // budget.config.js — Lighthouse CI module.exports = { ci: { assert: { assertions: { 'first-contentful-paint': ['error', { maxNumericValue: 1800 }], 'largest-contentful-paint': ['error', { maxNumericValue: 2500 }], 'total-blocking-time': ['error', { maxNumericValue: 200 }], 'cumulative-layout-shift': ['error', { maxNumericValue: 0.1 }], }, }, }, }; ``` ### Resilience: circuit breaker ```typescript class CircuitBreaker { private failures = 0; private state: 'closed'|'open'|'half-open' = 'closed'; private openedAt = 0; constructor(private fn: () => Promise, private threshold = 5, private cooldownMs = 30_000) {} async call(): Promise { if (this.state === 'open') { if (Date.now() - this.openedAt > this.cooldownMs) this.state = 'half-open'; else throw new Error('circuit-open'); } try { const r = await this.fn(); this.failures = 0; this.state = 'closed'; return r; } catch (e) { if (++this.failures >= this.threshold) { this.state = 'open'; this.openedAt = Date.now(); } throw e; } } } ``` ### Accessibility audit (a11y NFR) ```typescript // axe-core CI gate import { AxePuppeteer } from '@axe-core/puppeteer'; const results = await new AxePuppeteer(page).analyze(); const critical = results.violations.filter(v => v.impact === 'critical'); if (critical.length > 0) throw new Error(`a11y: ${critical.length} critical violations`); ``` ## 매 결정 기준 | 상황 | Approach | |---|---| | Public API | Latency + availability SLO + rate limit | | Financial system | Strong consistency + audit log + 7y retention | | Mobile app | Battery + bundle size + offline-first | | B2B SaaS | Multi-tenant isolation + SOC2 + 99.9% SLA | | Real-time game | p99 latency + tick budget + recoverability | **기본값**: 매 SMART NFR (Specific, Measurable, Achievable, Relevant, Time-bounded) + SLO 형태로 명세. ## 🔗 Graph - 부모: [[Software Architecture]] - 응용: [[ATAM (Architecture Trade-offs Analysis Method)]] · [[소프트웨어 아키텍처 평가 (Software Architecture Evaluation)]] - Adjacent: [[SLO]] · [[Chaos Engineering]] · [[복잡한 비즈니스 도메인 (금융 헬스케어 이커머스 등)]] ## 🤖 LLM 활용 **언제**: 매 NFR elicitation workshop, SLO/SLI draft, ISO 25010 mapping, NFR-to-architecture trace matrix. **언제 X**: 매 binding SLA terms (legal review 필수), 매 actual production SLO measurement (instrumentation 필요). ## ❌ 안티패턴 - **Wishlist NFR**: 매 "fast", "secure", "scalable" — non-measurable. - **NFR as afterthought**: 매 sprint 끝에 retrofit → architectural rewrite 발생. - **One-size SLO**: 매 모든 endpoint 99.99% → cost 폭증. - **No error budget**: 매 SLO 만 있고 budget consumption tracking 없음 → meaningless. - **Gold-plating reliability**: 매 needed 99.9% 위 99.999% pursuit → 100x cost. ## 🧪 검증 / 중복 - Verified (ISO/IEC 25010:2023, Google SRE Book Ch.4, Bass et al. "Software Architecture in Practice" 4ed). - 신뢰도 A. ## 🕓 Changelog | 날짜 | 변경 | |---|---| | 2026-05-08 | Phase 1 | | 2026-05-10 | Manual cleanup — ISO 25010 + SLO/SLI + NFR specification patterns |