Non functional requirement compliance while traversing a shared network

When we architect any system that has some stringent non functional requirements (for example all transactions need to complete in 8 seconds or less) and that system needs to traverse the public network (such as the internet), there is no way we can ensure NFR compliance 100 percent of the time.

The simple reason for this being that nobody has sole control of a public network that your IT system might be using for communicating with other business partners such as suppliers etc. I understand that we can certainly ensure that our hardware is capable to handle the load and provide the performance required if all is well. However, any time your architecture relies on something that is not in your control, there is no way we can guarantee NFR compliance in all situations. I understand that it is also possible for us to timeout and then eventually declare a transaction as aborted to comply with an NFR. However, this will probably work only for the most trivial of applications.

Also, all architectures except the most trivial ones will have a need to connect to business partners or external entities over a non private network.
One way to get around this is to define NFRs when all aspects of an architecture except our immediate control are performing normally and within acceptable norms.

Any other thoughts on how we can ensure compliance with NFRs when our architecture involves traversing the internet or any other shared network?

The purpose here is to show that you have done everything to guarantee the compliance to this NFR. It may be impossible but you should do all that you can.
I think the most obvious solution is to put an application to a datacenter with a backed up internet connection and sign strict SLAs about this. You cannot guarantee that during the transmission if the message somebody on it's way pulls off the wire, but you've minimized that risk

Thanks Dmitri. I just wanted to confirm that I am not missing anything. Looks like I am not. So when any system has a non functional requirement that says that the system should respond within x seconds 100 percent of the time, it really means that the system will respond within x seconds if all things outside of my immediate control are operating normally.

Let me go back and add an assumption. Thanks again.