building highly available systems in erlang
play

Building highly available systems in Erlang Joe Armstrong - PowerPoint PPT Presentation

Apr 26, 2023 •135 likes •712 views

Building highly available systems in Erlang Joe Armstrong Saturday, March 3, 2012 How can we get 10 nines reliability? Saturday, March 3, 2012 Why Erlang? Erlang was designed to program fault-tolerant systems Saturday, March 3, 2012

  1. Building highly available systems in Erlang Joe Armstrong Saturday, March 3, 2012

  2. How can we get 10 nines reliability? Saturday, March 3, 2012

  3. Why Erlang? Erlang was designed to program fault-tolerant systems Saturday, March 3, 2012

  4. Overview n Types of HA systems n Architecture/Algorithms n HA data n The six rules for building HA systems n Quotes on system building n How the six rules are programmed in Erlang Saturday, March 3, 2012

  5. Types of HA n Washing machine/pacemaker n Deep-space mission (Voyager 1 & 2) n Aircraft control systems n Internet applications this talk n ... Saturday, March 3, 2012

  6. “Internet” HA n Always on-line n Soft real-time n Code upgrade on-the-fly n Once started never stopped - evolving n Very scalable (one machine to planet-wise) Saturday, March 3, 2012

  7. Highly available data S n Data is sacred - but we need multiple copies S S S with independent paths to the data. n Computation can be P = probability of C loosing data on one performed anywhere machine = 10 -3 n Note: in “washing machine” Probability of loosing HA - the data and the data with computation are in the 4 machines = 10 -12 same place. Saturday, March 3, 2012

  8. Where is my data? data Imagine 10 million computers. My data is in ten of them. Computer To find my data I need to know where it is Key = [5,26,61,...] Saturday, March 3, 2012

  9. Architectures/algorithms S S S S S S L C S C C Server S “traditional” Client C architectures Load balancer L Saturday, March 3, 2012

  10. Chord S1 IP = 235.23.34.12 S2 IP = 223.23.141.53 S S S2 IP = 122.67.12.23 .. md5(ip(s1)) = C82D4DB065065DBDCDADFBC5A727208E S S md5(ip(s2)) = 099340C20A42E004716233AB216761C3 md5(ip(s3)) = A0E607462A563C4D8CCDB8194E3DEC8B Sorted C 099340C20A42E004716233AB216761C3 => s2 S A0E607462A563C4D8CCDB8194E3DEC8B => s3 C82D4DB065065DBDCDADFBC5A727208E => s1 S ... S lookup Key = "mail-23412" md5(“mail-23412”) => S B91AF709D7C1E6988FCEE7ADF7094A26 S So the Value is on machine s3 (first machine with Md5 lower than md5 of key) Main idea Replica md5(md5(“mail-23412”)) => Hash keys & IP addresses into D604E7A54DC18FD7AC70D12468C34B63 the same namespace So the replica is on machine s1 Saturday, March 3, 2012

  11. Failure probabilities n Assume we keep 9 replicas (odd number) n We want to retrieve 5 copies (more than half) n works with 1 .. 4 machine failing - but if 5 fail we’re screwed n If probability of 1 failure 10 -2 the probability of 5 failing at the same time =10 -10 Saturday, March 3, 2012

  12. Collect five copies in parallel P P Peer P P So making 5 P P P replicas takes P the same time P as two P P “P2P is the new client-server” Saturday, March 3, 2012

  13. The problem of reliable storage of data has been solved Saturday, March 3, 2012

  14. How do we write the code? Saturday, March 3, 2012

  15. SIX RULES Saturday, March 3, 2012

  16. ONE ISOLATION Saturday, March 3, 2012

  17. Isolation n Things must be isolated n 10 nines = 99.99999999% availability n P(fail) = 10 -10 n If P(fail | one computer) = 10 -3 then P(fail | four computers) = 10 -12 Saturday, March 3, 2012

  18. TWO CONCURRENCY Saturday, March 3, 2012

  19. Concurrency n World is concurrent n Many problems are Embarrassingly Parallel n Need at least TWO computers to make a non-stop system (or a few hundred) n TWO or more computers = concurrent and distributed Saturday, March 3, 2012

  20. THREE MUST DETECT FAILURES Saturday, March 3, 2012

  21. Failure detection n If you can’t detect a failure you can’t fix it n Must work across machine boundaries the entire machine might fail n Implies distributed error handling, no shared state, asynchronous messaging Saturday, March 3, 2012

  22. FOUR FAULT IDENTIFICATION Saturday, March 3, 2012

  23. Fault Identification n Fault detection is not enough - you must no why the failure occurred n Implies that you have sufficient information for post hock debugging Saturday, March 3, 2012

  24. FIVE LIVE CODE UPGRADE Saturday, March 3, 2012

  25. Live code upgrade n Must upgrade software while it is running n Want zero down time n Once a system is started we never stop it Saturday, March 3, 2012

  26. SIX STABLE STORAGE Saturday, March 3, 2012

  27. Stable storage n Must store stuff forever n No backup necessary - storage just works n Implies multiple copies, distribution, ... n Must keep crash reports Saturday, March 3, 2012

  28. QUOTES Saturday, March 3, 2012

  29. Those who cannot learn from history are doomed to repeat it. George Santayana Saturday, March 3, 2012

  30. GRAY As with hardware, the key to software fault-tolerance is to hierarchically decompose large systems into modules, each module being a unit of service and a unit of failure. A failure of a module does not propagate beyond the module. ... The process achieves fault containment by sharing no state with other processes; its only contact with other processes is via messages carried by a kernel message system - Jim Gray - Why do computers stop and what can be done about it - Technical Report, 85.7 - Tandem Computers,1985 Saturday, March 3, 2012

  31. GRAY Fault containment through fail-fast software modules. n Process-pairs to tolerant hardware and transient software faults. n Transaction mechanisms to provide data and message integrity. n Transaction mechanisms combined with process-pairs to ease n exception handling and tolerate software fault Software modularity through processes and messages. n Saturday, March 3, 2012

  32. Fail fast The process approach to fault isolation advocates that the process software be fail-fast, it should either function correctly or it should detect the fault, signal failure and stop operating. Processes are made fail-fast by defensive programming. They check all their inputs, intermediate results and data structures as a matter of course. If any error is detected, they signal a failure and stop. In the terminology of [Christian], fail-fast software has small fault detection latency. Gray Why ... Saturday, March 3, 2012

  33. Fail early A fault in a software system can cause one or more errors. The latency time which is the interval between the existence of the fault and the occurrence of the error can be very high, which complicates the backwards analysis of an error ... For an effective error handling we must detect errors and failures as early as possible Renzel - Error Handling for Business Information Systems, Software Design and Management, GmbH & Co. KG, München, 2003 Saturday, March 3, 2012

  34. KAY Folks -- Just a gentle reminder that I took some pains at the last OOPSLA to try to remind everyone that Smalltalk is not only NOT its syntax or the class library, it is not even about classes . I'm sorry that I long ago coined the term "objects" for this topic because it gets many people to focus on the lesser idea. The big idea is "messaging" -- that is what the kernel of Smalltalk/ Squeak is all about (and it's something that was never quite completed in our Xerox PARC phase).... http://lists.squeakfoundation.org/pipermail/squeak-dev/1998-October/ 017019.html Saturday, March 3, 2012

  35. SCHNEIDER Halt on failure in the event of an error a processor should halt instead of performing a possibly erroneous operation. Failure status property when a processor fails, other processors in the system must be informed. The reason for failure must be communicated. Stable Storage Property The storage of a processor should be partitioned into stable storage (which survives a processor crash) and volatile storage which is lost if a processor crashes. Schneider ACM Computing Surveys 22(4):229-319, 1990 Saturday, March 3, 2012

  36. ARMSTRONG Processes are the units of error encapsulation. Errors n occurring in a process will not affect other processes in the system. We call this property strong isolation . Processes do what they are supposed to do or fail as soon n as possible. Failure and the reason for failure can be detected by n remote processes. Processes share no state, but communicate by message n passing. Armstrong Making reliable systems in the presence of software errors PhD Thesis, KTH, 2003 Saturday, March 3, 2012

  37. Programming Saturday, March 3, 2012

  38. How do we program our six rules? n Use a library? n Use a programming language designed for this Saturday, March 3, 2012

  39. Erlang was designed to program fault-tolerant systems Saturday, March 3, 2012

  40. How we implement the six rules in Erlang Saturday, March 3, 2012

  41. Rule 1 = Isolation n Erlang processes are isolated n One process cannot damage another n One Erlang node can have millions of processes n Process have no shared memory n Process are very lightweight Saturday, March 3, 2012

  42. Rule 2 = Concurrency n Erlang processes are concurrent n All processes run in parallel (in theory) n On a multi-core the processes spread over the cores Pid = spawn(fun() -> ... end) Pid ! Message receive Pattern1 -> Actions1; Pattern2 -> Actions2; Pattern3 -> Actions3; ... end Saturday, March 3, 2012

Recommend

Robust Erlang John Hughes Genesis of Erlang Problem: telephony systems in the late 1980s

Robust Erlang John Hughes Genesis of Erlang Problem: telephony systems in the late 1980s

Robust Erlang John Hughes Genesis of Erlang Problem: telephony systems in the late 1980s Digital More and more complex Plain Old Telephony Highly concurrent System Hard to get right Approach: a group at Ericsson

629 views • 50 slides
The ABC of Erlang Jo Jonty Pearce Editor The ABC of Erlang In Historical Order Erlang B

The ABC of Erlang Jo Jonty Pearce Editor The ABC of Erlang In Historical Order Erlang B

The ABC of Erlang Jo Jonty Pearce Editor The ABC of Erlang In Historical Order Erlang B Erlang C Erlang A Erlang B Invented by AK Erlang (Danish Mathematician) Works out the Percentage of Blocking in a Phone System

567 views • 10 slides
ERLANG/OTP Torben Ho fg mann Erlang Solutions @LeHo fg torben@erlang-solutions.com

ERLANG/OTP Torben Ho fg mann Erlang Solutions @LeHo fg torben@erlang-solutions.com

TORBEN HOFFMANN presents ERLANG/OTP Torben Ho fg mann Erlang Solutions @LeHo fg torben@erlang-solutions.com www.erlang-solutions.com W HAT I S S CALABILITY ? handle tra ffj c spike Behave predictably under extended heavy load Carry the tra ffj

841 views • 60 slides
Building RESTful Web Services with Erlang and Yaws Steve Vinoski Member of Technical Staff

Building RESTful Web Services with Erlang and Yaws Steve Vinoski Member of Technical Staff

Building RESTful Web Services with Erlang and Yaws Steve Vinoski Member of Technical Staff Verivue, Inc., Westford, MA USA http://steve.vinoski.net/ QCon San Francisco 20 November 2008 Erlang Functional programming language created in

820 views • 45 slides
An Introduction to Erlang Erlang Buzzwords Functional (strict) Automatic memory

An Introduction to Erlang Erlang Buzzwords Functional (strict) Automatic memory

An Introduction to Erlang Erlang Buzzwords Functional (strict) Automatic memory management (GC) Single-assignment Virtual Machine Dynamically typed (BEAM) Part 1 Sequential Erlang Concurrent Dynamic code

304 views • 6 slides
Erlang: An Overview Part 1 Sequential Erlang Thanks to Richard Carlsson for the original

Erlang: An Overview Part 1 Sequential Erlang Thanks to Richard Carlsson for the original

Erlang: An Overview Part 1 Sequential Erlang Thanks to Richard Carlsson for the original version of many slides in this part Erlang buzzwords Functional (strict) Automatic memory management (GC) Single-assignment Virtual

360 views • 34 slides
Parallel Programming in Erlang John Hughes What is Erlang? Haskell Erlang - Types - Lazyness

Parallel Programming in Erlang John Hughes What is Erlang? Haskell Erlang - Types - Lazyness

Parallel Programming in Erlang John Hughes What is Erlang? Haskell Erlang - Types - Lazyness - Purity + Concurrency + Syntax If you know Haskell, Erlang is easy to learn! QuickSort again Haskell qsort [] = [] qsort (x:xs) = qsort [y

895 views • 61 slides
Nadia Zryanina EMBEDDED SYSTEMS WITH ROBOTICS AND SENSORS USING ERLANG HARDWARE COMPONENTS

Nadia Zryanina EMBEDDED SYSTEMS WITH ROBOTICS AND SENSORS USING ERLANG HARDWARE COMPONENTS

Nadia Zryanina EMBEDDED SYSTEMS WITH ROBOTICS AND SENSORS USING ERLANG HARDWARE COMPONENTS SOFTWARE DEMO FUTURE THE GRISP BOARD SPECS EMBEDDED WIRELESS DEVICE REAL ERLANG ON REAL BARE METAL CONNECTORS FOR SENSORS & ACTUATORS

1.09k views • 53 slides
Lua & Erlang James Lee The George Washington University June 16, 2009 James Lee Lua &

Lua & Erlang James Lee The George Washington University June 16, 2009 James Lee Lua &

Lua Erlang Lua & Erlang James Lee The George Washington University June 16, 2009 James Lee Lua & Erlang Introduction Lua Examples Erlang The C API History Created in 1993 by members of Computer Graphics Technology Group at

206 views • 16 slides
Erlang and RTEMS Embedded Erlang, two case studies Peer Stritzinger Talk at Erlang Factory Light

Erlang and RTEMS Embedded Erlang, two case studies Peer Stritzinger Talk at Erlang Factory Light

Erlang and RTEMS Embedded Erlang, two case studies Peer Stritzinger Talk at Erlang Factory Light Munich 2013 Outline Case 1: Hydraprog-3, Reflashing system for Automotive "Embedded Control Units" (= ECUs) Big picture

448 views • 30 slides
Erlang in Production I wish I'd known that when I started Or This is nothing like the

Erlang in Production I wish I'd known that when I started Or This is nothing like the

Erlang in Production I wish I'd known that when I started Or This is nothing like the brochure :-( Who the Hell are you? ShoreTel Sky http://shoretelsky.com Enterprise Grade VoIP Elevator Pitch Our Systems

780 views • 44 slides
Erlang/OTP XX.12.2008 xmpp:astro@spaceboyz.net Geschichte Agner Krarup Erlang (1878 1929)

Erlang/OTP XX.12.2008 xmpp:astro@spaceboyz.net Geschichte Agner Krarup Erlang (1878 1929)

C3D2-Themenabend Erlang/OTP XX.12.2008 xmpp:astro@spaceboyz.net Geschichte Agner Krarup Erlang (1878 1929) Ericsson Language 1986, 1998 Konzept http://muharem.wordpress.com/2007/07/31/erlang-vs-stackless-python-a-first-benchmark/ Hilfe

1.08k views • 81 slides
Beautiful Concurrency with Erlang Kevin Scaldeferri OSCON 23 July 2008 6 years at Yahoo,

Beautiful Concurrency with Erlang Kevin Scaldeferri OSCON 23 July 2008 6 years at Yahoo,

Beautiful Concurrency with Erlang Kevin Scaldeferri OSCON 23 July 2008 6 years at Yahoo, building large high-concurrency distributed systems Not an expert, dont use it professionally Dabbled, liked it, want to share what I think is cool

960 views • 70 slides
Raspberry Pi and the Embedded Domain . The Erlang Embedded Project Omer Kilic || @OmerK

Raspberry Pi and the Embedded Domain . The Erlang Embedded Project Omer Kilic || @OmerK

The Actor Model applied to the Raspberry Pi and the Embedded Domain . The Erlang Embedded Project Omer Kilic || @OmerK omer@erlang-solutions.com Outline Current state of Embedded Systems Overview of Erlang and the Actor Model

669 views • 49 slides
Erlang: Developing Scalable Systems Rise of collaborative systems Sequential system cannot

Erlang: Developing Scalable Systems Rise of collaborative systems Sequential system cannot

Erlang: Developing Scalable Systems Rise of collaborative systems Sequential system cannot scale. Need more concurrency. Parallel code can scale Collaborative computing Amdhals law Dont Scale up and Scale out Hitting

322 views • 31 slides
That's Billion with a B: Scaling to the next level at WhatsApp Rick Reed WhatsApp Erlang

That's Billion with a B: Scaling to the next level at WhatsApp Rick Reed WhatsApp Erlang

That's Billion with a B: Scaling to the next level at WhatsApp Rick Reed WhatsApp Erlang Factory SF March 7, 2014 1 About Me Joined WhatsApp in 2011 Learned Erlang at WhatsApp Scalability & multimedia Team Small (~10 on Erlang)

649 views • 44 slides
Scaling Distributes Systems Natalia Chechina and RELEASE Team June 11, 2015 N. Chechina,

Scaling Distributes Systems Natalia Chechina and RELEASE Team June 11, 2015 N. Chechina,

Distributed Erlang Scalable Distributed (SD) Erlang Operational Semantics Plans Sources Scaling Distributes Systems Natalia Chechina and RELEASE Team June 11, 2015 N. Chechina, RELEASE team Scaling Distributes Systems Distributed Erlang

727 views • 60 slides
ErlyWeb A web development framework for Erlang Yariv Sadan 12/6/2007 Benefits Erlang/OTP

ErlyWeb A web development framework for Erlang Yariv Sadan 12/6/2007 Benefits Erlang/OTP

ErlyWeb A web development framework for Erlang Yariv Sadan 12/6/2007 Benefits Erlang/OTP Industrial-strength platform built by Ericsson (better than 5 nines) Functional programming Concurrent programming MVC

561 views • 21 slides
Protocols The Glue for Applications Torben Hoffmann CTO @ Erlang Solutions

Protocols The Glue for Applications Torben Hoffmann CTO @ Erlang Solutions

Protocols The Glue for Applications Torben Hoffmann CTO @ Erlang Solutions torben.hoffmann@erlang-solutions.com @LeHoff Why are we here? Distributed Systems How likely is it that this will just work? source:

872 views • 51 slides
IV P E R K 1 S X T Jw fshjxht Gjxfw n sn Erlang Solutions @FrancescoC

IV P E R K 1 S X T Jw fshjxht Gjxfw n sn Erlang Solutions @FrancescoC

FRANCESCO CESARINI presents IV P E R K 1 S X T Jw fshjxht Gjxfw n sn Erlang Solutions @FrancescoC francesco@erlang-solutions.com www.erlang-solutions.com W HAT I S S CALABILITY ? W HAT I S ( MASSIVE ) C ONCURRENCY ? W HAT I S H IGH

751 views • 60 slides
Implementing Garbage Collection for Active Objects on Top of Erlang Sigmund Hansen Master thesis

Implementing Garbage Collection for Active Objects on Top of Erlang Sigmund Hansen Master thesis

Implementing Garbage Collection for Active Objects on Top of Erlang Sigmund Hansen Master thesis autumn 2014 Problem ABS is a modeling language for distributed systems ABS has an Erlang back end Back end cannot collect garbage

687 views • 40 slides
HiPE Implemented and commercially supported by Ericsson, but the source code is free and

HiPE Implemented and commercially supported by Ericsson, but the source code is free and

Open Source Erlang (Erlang/OTP) Part of Ericssons Open Telecom Platform (OTP). HiPE Implemented and commercially supported by Ericsson, but the source code is free and High Performance Erlang available on-line ( www.erlang.org ).

325 views • 5 slides
Riak Core: Dynamo Building Blocks Andy Gross (@argv0) Basho Technologies QCon SF 2010 About

Riak Core: Dynamo Building Blocks Andy Gross (@argv0) Basho Technologies QCon SF 2010 About

Riak Core: Dynamo Building Blocks Andy Gross (@argv0) Basho Technologies QCon SF 2010 About Me Basho Technologies - Riak, Riak Search, Webmachine, Erlang open source Mochi Media - Ad network written in Erlang Apple - distributed

726 views • 45 slides
Raspberry Pi and the Embedded Domain Omer Kilic || @OmerK omer@erlang-solutions.com Agenda

Raspberry Pi and the Embedded Domain Omer Kilic || @OmerK omer@erlang-solutions.com Agenda

The Actor Model applied to the Raspberry Pi and the Embedded Domain Omer Kilic || @OmerK omer@erlang-solutions.com Agenda Current state of Embedded Systems Overview of the Actor Model Erlang Embedded Project Modelling and

974 views • 45 slides

More recommend