feasibility of consistent feasibility of consistent
play

Feasibility of Consistent, Feasibility of Consistent, Feasibility - PowerPoint PPT Presentation

Feasibility of Consistent, Feasibility of Consistent, Feasibility of Consistent, Feasibility of Consistent, Available, Partition Available, Partition- -Tolerant Tolerant Web Services Web Services Meng Wang Jingxin Feng Feb 14, 2011 Feb


  1. Feasibility of Consistent, Feasibility of Consistent, Feasibility of Consistent, Feasibility of Consistent, Available, Partition Available, Partition- -Tolerant Tolerant Web Services Web Services Meng Wang Jingxin Feng Feb 14, 2011 Feb 14, 2011

  2. Overview Overview Overview Overview � Background B k d � Formal Model � Analysis in Asynchronous Networks � Analysis in Partially Synchronous � Analysis in Partially Synchronous Networks � Conclusion � Other opinions � Other opinions

  3. Background Background Background Background � What do you expect for web Wh t d t f b services?

  4. Background(cont ) Background(cont.) Background(cont.) Background(cont ) Conjecture by Eric Brewer, at PODC 2000 : It is impossible for a web service to provide It i i ibl f r b r i t r id following three guarantees: � Consistency C i t � Availability � Partition-tolerance

  5. Background(cont ) Background(cont ) Background(cont.) Background(cont.) � Consistency– all nodes should see C i t ll d h ld the same data at the same time. � Availability – node failures do not prevent survivors from not prevent survivors from continuing to operate � Partition-tolerance – the system P titi t l th t continues to operate despite arbitrary message loss

  6. Background(cont ) Background(cont ) Background(cont.) Background(cont.) � CAP Theorem CAP Th ◦ Conjecture since 2000 ◦ Established as theorem in 2002: Lynch, Nancy, and Seth Gilbert. Brewer’s conjecture and the feasibility of conjecture and the feasibility of consistent, available, partition-tolerant web services. ACM SIGACT News, v.33(2), , ( ), 2002, p. 51-59.

  7. Formal Model Formal Model Formal Model Formal Model � Atomic/ Linearizable Data Objects At i / Li i bl D t Obj t ◦ Something like ACID, but not quite… ◦ Under this guarantee, there must exist a total order on all operations such that each operation looks as if it were completed at a single instant.

  8. Formal Model(Cont ) Formal Model(Cont ) Formal Model(Cont.) Formal Model(Cont.) Consistent Consistent Need some work…

  9. Formal Model(Cont ) Formal Model(Cont ) Formal Model(Cont.) Formal Model(Cont.) � Available Data Objects A il bl D t Obj t ◦ Every request received by a non- failing node in the system must result in a response. ◦ That is, any algorithm used by service must eventually terminate.

  10. Formal Model(Cont ) Formal Model(Cont ) Formal Model(Cont.) Formal Model(Cont.) Not highly available Not highly available Highly available

  11. Formal Model(Cont ) Formal Model(Cont.) Formal Model(Cont.) Formal Model(Cont ) � Partition Tolerance P titi T l ◦ Partition: all messages sent form one node in one component to nodes in another i t t d i th component are lost. ◦ Partition Tolerance : No set of failures ◦ Partition Tolerance : No set of failures less than total network failure is allowed to cause the system to respond incorrectly y p y

  12. Formal Model(Cont ) Formal Model(Cont ) Formal Model(Cont.) Formal Model(Cont.) � Partition Tolerance � Partition Tolerance ◦ The atomicity requirement implies that every response The atomicity requirement implies that every response will be atomic, even though arbitrary messages sent as part of the algorithm might not be delivered ◦ The availability requirement therefore implies that every node receiving request from a client must respond, even through arbitrary messages that are sent may be lost ◦ Can we? ◦ Can we?

  13. Asynchronous Network Asynchronous Network Asynchronous Network Asynchronous Network � Theorem Th It is impossible in the asynchronous network model to implement a R/W data object that d l t i l t R/W d t bj t th t guarantees the following properties: ◦ Availability ◦ Availability ◦ Atomic consistency In In all fair executions(including those in ll f ir uti n (in ludin th in which messages are lost.)

  14. Asynchronous Network Asynchronous Network Asynchronous Network Asynchronous Network � There is no clock Th i l k � Nodes must make decisions based only on messages received and local computation. local computation.

  15. Asynchronous Network Asynchronous Network Asynchronous Network Asynchronous Network � Data model D t d l The diagram above shows two nodes,N 1 and N 2 . They both share a piece of data V ,which has a value V 0 . A writes new values of V and B l l d reads values of V.

  16. Asynchronous Network Asynchronous Network Asynchronous Network Asynchronous Network � In a sunny day � In a sunny day (1) First A writes a new value of V, which we'll call V 1 . (2) Then a message (M) is passed from N 1 to N 2 which updates the copy of d h h d h V there. (3) Now any read by B of V will return V 1 . return V 1 .

  17. Asynchronous Network Asynchronous Network Asynchronous Network Asynchronous Network � However… � However… If the network partitions (that is messages from N messages from N 1 to N 2 are not delivered) to N are not delivered) then N 2 contains an inconsistent value of V when step (3) occurs.

  18. Asynchronous Network Asynchronous Network Asynchronous Network Asynchronous Network � Corollary C ll It is impossible in the asynchronous network model to implement a R/W data object that d l t i l t R/W d t bj t th t guarantees the following properties: ◦ Availability ◦ Availability ◦ Atomic consistency in fair executions in no messages are lost messages are lost.

  19. Solution in Asynchronous Network Solution in Asynchronous Network Solution in Asynchronous Network Solution in Asynchronous Network � Drop partition tolerance D titi t l If you want to run without partitions, you have to stop them happening. One way to do h t t th h i O t d this is to put everything (related to that transaction) on one machine transaction) on one machine. ◦ Example: Only one node maintains the value of an object. No replicas. j p

  20. Solution in Asynchronous Network Solution in Asynchronous Network Solution in Asynchronous Network Solution in Asynchronous Network � Drop availability D il bilit ◦ Trivial systems: ignores all the requests. ◦ Or just wait on encountering a partition event until data is consistent.

  21. Solution in Asynchronous Network Solution in Asynchronous Network Solution in Asynchronous Network Solution in Asynchronous Network � Drop Consistency D C i t ◦ Trivial systems: just return what you have now… ◦ Or “Eventually Consistent”

  22. Partially Synchronous Network Partially Synchronous Network Model Model In the real world, most networks are not purely , p y � asynchronous In partially synchronous model - every node has In partially synchronous model - every node has � � a clock and all clocks increase(roughly) at the same rate Assume that every message is either delivered � within a given, known time Tmsg or it is lost Also, every node processes a received message � within a given, known time Tlocal and local g , processing time is 0.

  23. Partially Synchronous Networks : Partially Synchronous Networks : Impossibility Result Impossibility Result � Theorem 2: It is impossible in the Th 2 It i i ibl i th partially synchronous network model to implement a read/write data object that guarantees the g following properties: Availability Availability � � Atomic consistency � in all executions (even those in which messages are lost) which messages are lost)

  24. Proof Partially Synchronous Proof Partially Synchronous Networks Networks

  25. Solutions in the Partially Solutions in the Partially Synchronous Model Synchronous Model

  26. Weaker Consistency Conditions Weaker Consistency Conditions

  27. Weaker Consistency Conditions Weaker Consistency Conditions write followed by read write followed by read

  28. Weaker Consistency Conditions Weaker Consistency Conditions write followed by write write followed by write

  29. Weaker Consistency Conditions Weaker Consistency Conditions read followed by read read followed by read

  30. Weaker Consistency Conditions Weaker Consistency Conditions read followed by write read followed by write

  31. Conclusion Conclusion Conclusion Conclusion � It is impossible to reliably � It is impossible to reliably provide atomic, consistent data when there are partitions in the when there are partitions in the network. � It is feasible, however, to I i f ibl h achieve any two of the three properties. � In partially synchronous modes, it is possible to achieve a practical compromise between C and A. p

  32. Other opinions Other opinions Other opinions Other opinions � In the NoSQL community, this theorem In the NoSQL community this theorem has been used as the justification for giving up consistency. f i i i t � Eventually consistency, i.e., when network connectivity has been re- established and enough subsequent g q time has elapsed for replica cleanup. The justification for cleanup. The justification for giving up C is so that the A and P can be preserved can be preserved.

  33. Other opinions Other opinions Other opinions Other opinions � Michael Stonebraker � Michael Stonebraker ◦ The CAP Theorem analysis is suspect, and that recovery from errors has more dimensions to consider.

Recommend


More recommend