reaching reliable agreement in an unreliable world
play

Reaching reliable agreement in an unreliable world Heidi Howard - PowerPoint PPT Presentation

Feb 22, 2024 •191 likes •829 views

Reaching reliable agreement in an unreliable world Heidi Howard heidi.howard@cl.cam.ac.uk twitter: @heidiann blog: hh360.user.srcf.net Cambridge Tech Talks 17th November 2015 slides: hh360.user.srcf.net/slides/cam_tech_talks.pdf 1

  1. Reaching reliable agreement in an unreliable world Heidi Howard heidi.howard@cl.cam.ac.uk twitter: @heidiann blog: hh360.user.srcf.net Cambridge Tech Talks 17th November 2015 slides: hh360.user.srcf.net/slides/cam_tech_talks.pdf 1

  2. Distributed Systems in Practice • Social networks • Banking • Government information systems • E-commerce • Web servers 2

  3. Distributed Systems in Theory “… a collection of distinct processes which are spatially operated and which communicate with one another by exchanging messages … the message delay is not negligible compared to the time between events in a single process” [CACM ‘78] Leslie Lamport 3

  4. Introducing Alice Alice is new graduate of to the world of work. She joins a cool new start up, where she is responsible for a distributed system. 4

  5. Key Value Store A 7 B 2 C 1 5

  6. Key Value Store A? 7 A 7 B 2 C 1 6

  7. Key Value Store A? 7 A 7 B=5 B 2 C 1 7

  8. Key Value Store A? 7 A 7 B=5 B 5 C 1 OK 8

  9. Key Value Store A? 7 A 7 B=5 B 5 C 1 OK B? 5 9

  10. Requirements • Scalability - High throughout processing of operations. • Latency - Low latency commit of operation as perceived by the client. • Fault-tolerance - Availability in the face of machine and network failures. • Linearizable semantics - Operate as if a single server system. 10

  11. Single Server System A 7 B 2 Server Client 1 Client 2 Client 3 11

  12. Single Server System A 7 B 2 Server A? 7 Client 1 Client 2 Client 3 12

  13. Single Server System A 7 3 B 2 Server B=3 OK Client 1 Client 2 Client 3 13

  14. Single Server System A 7 3 B 2 Server 3 B? Client 1 Client 2 Client 3 14

  15. Single Server System Pros Cons • easy to deploy • system unavailable if server or network fails • low latency (1 RTT in • throughput limited to one common case) server • requests executed in-order 15

  16. Single Server System (v.2) Pros Cons • easy to deploy • system unavailable if server fails • low latency (1 RTT in common case) • throughput limited to one server • linearizable semantics • durability with write-ahead logging • partition tolerance with retransmission & command cache 16

  17. Backups A 7 B 2 Client 1 A? Backup 1 7 A 7 B 2 A 7 Primary B 2 Backup 1 Client 2 A 7 B 2 Backup 1 aka Primary backup replication 17

  18. Backups A 7 B 2 Client 1 Backup 1 A 7 B 2 B=1 A 7 Primary B 2 Backup 1 Client 2 A 7 B 2 Backup 1 aka Primary backup replication 18

  19. Backups A 7 B 2 Client 1 Backup 1 A 7 B 1 A 7 B 1 B=1 A 7 Primary B 2 Backup 1 Client 2 A 7 B 2 Backup 1 aka Primary backup replication 19

  20. Backups A 7 B 1 OK Client 1 Backup 1 A 7 OK B 1 A 7 Primary B 1 OK Backup 1 OK Client 2 A 7 B 1 Backup 1 aka Primary backup replication 20

  21. Big Gotcha We are assuming total ordered broadcast 21

  22. Totally Ordered Broadcast (aka atomic broadcast) the guarantee that messages are received reliably and in the same order by all nodes. 22

  23. Intro (Review) So far we have: • Defined our notion of a distributed system • Introduced an example distributed system (Alice and her key-value store) • Seen that straw man approaches to building this system are not sufficient Any questions so far? 23

  24. Doing the Impossible 24

  25. CAP Theorem Pick 2 of 3: • Consistency • Availability Eric Brewer • Partition tolerance Proposed by Brewer in 1998, still debated and regarded as misleading. [Brewer’12] [Kleppmann’15] 25

  26. FLP Impossibility It is impossible to guarantee consensus when messages may be delay if even one node may fail. [JACM’85] 26

  27. Consensus is impossible [PODC’89] Nancy Lynch 27

  28. Aside from Simon PJ Don’t drag your reader or listener through your blood strained path. Simon Peyton Jones 28

  29. Paxos Paxos is at the foundation of (almost) all distributed consensus protocols. It is a general approach of using two phases and majority quorums. It takes much more to construct a complete fault- tolerance distributed systems. 29

  30. Consensus is hard 30

  31. Doing the Impossible (Review) In this section, we have: • Learned about various impossibly results in the field such as CAP theorem and the FLP results • Introduced the fundamental (yet famously difficult to understand) Paxos algorithm Any questions so far? 31

  32. A raft in the sea of confusion 32

  33. Case Study 1: Raft Raft, the understandable replication algorithm. Provides us with linearisable semantics and in the best case 2 RTT latency. A complete(ish) architecture for making our application fault-tolerance. 33

  34. State Machine Replication A 7 A 7 B 2 B 2 Server Server A 7 B 2 Server B=3 Client 34

  35. State Machine Replication A 7 A 7 B 2 B 2 Server Server A 7 B 2 Server B=3 Client 35

  36. State Machine Replication A 7 A 7 3 B 2 3 B 2 Server Server A 7 B 2 3 Server Client 36

  37. State Machine Replication A 7 A 7 3 B 2 3 B 2 Server Server A 7 B 2 3 Server B=3 Client 37

  38. Leadership Startup/ Step down Restart Step down Timeout Win Follower Candidate Leader Timeout 38

  39. Ordering Each node stores is own perspective on a value known as the term. Each message includes the sender’s term and this is checked by the recipient. The term orders periods of leadership to aid in avoiding conflict. Each has one vote per term, thus there is at most one leader per term. 39

  40. ID: 1 Term: 0 Vote: n ID: 5 ID: 2 Term: 0 Term: 0 Vote: n Vote: n ID: 4 ID: 3 Term: 0 Term: 0 Vote: n Vote: n 40

  41. Leadership Startup/ Step down Restart Step down Timeout Win Follower Candidate Leader Timeout 41

  42. ID: 1 Term: 0 Vote: n ID: 5 ID: 2 Term: 0 Term: 0 Vote: n Vote: n ID: 4 ID: 3 Term: 1 Term: 0 Vote: me Vote: n Vote for me in term 1! 42

  43. ID: 1 Term: 1 Vote: 4 ID: 5 ID: 2 Term: 1 Term: 1 Vote: 4 Vote: 4 ID: 4 ID: 3 Term: 1 Term: 1 Vote: me Vote: 4 Ok! 43

  44. Replication Each node has a log of client commands and a index into this representing which commands have been committed. A command is consider as committed when the leader has replicated it into the logs of a majority of servers. 44

  45. Evaluation • The leader is a serious bottleneck -> limited scalability • Can only handle the failure of a minority of nodes • Some rare network partitions render protocol in livelock 45

  46. Raft in the sea of confusion (Review) In this section, we have: • Introduced the Raft algorithm • Seen how Raft elects a leader between a collect of nodes • Evaluated the Raft algorithm Any questions so far? 46

  47. Beyond Raft 47

  48. Case Study 2: Tango Tango is designed to be a scalable replication protocol. It’s a variant of chain replication. It is leaderless and pushes more work onto clients 48

  49. Simple Replication 0 0 0 A=4 A=4 A=4 Server 1 Server 2 Server 3 B=5 A 7 A 4 Sequencer B 2 B 2 Next: 1 Client 1 Client 2 49

  50. Simple Replication 0 0 0 A=4 A=4 A=4 Server 1 Server 2 Server 3 B=5 A 7 A 4 Sequencer 1 B 2 B 2 Next: 2 Client 1 Client 2 Next? 50

  51. Simple Replication 0 1 0 0 A=4 B=5 A=4 A=4 Server 1 Server 2 Server 3 OK B=5 B=5 @ 1 A 7 A 4 Sequencer B 2 B 2 Next: 2 Client 1 Client 2 51

  52. Simple Replication 0 1 0 0 1 A=4 B=5 A=4 A=4 B=5 Server 1 Server 2 Server 3 B=5 @ 1 OK A 7 A 4 Sequencer B 2 B 2 Next: 2 Client 1 Client 2 52

  53. Simple Replication 0 1 0 0 1 1 B=5 A=4 B=5 A=4 A=4 B=5 Server 1 Server 2 Server 3 B=5 @ 1 OK A 7 A 4 Sequencer B 2 B 2 Next: 2 Client 1 Client 2 53

  54. Simple Replication 0 1 0 0 1 1 B=5 A=4 B=5 A=4 A=4 B=5 Server 1 Server 2 Server 3 A 7 A 4 Sequencer B 2 B 5 Next: 2 Client 1 Client 2 54

  55. Beyond Raft (Review) In this section, we have: • Introduced an alternative algorithm, known as Tango • Tango is scalable, as the leader is not longer the bottleneck but has high latency Any questions so far? 55

  56. Next Steps 56

  57. wait… we’re not finished yet! 57

  58. Requirements • Scalability - High throughout processing of operations. • Latency - Low latency commit of operation as perceived by the client. • Fault-tolerance - Availability in the face of machine and network failures. • Linearizable semantics - Operate as if a single server system. 58

  59. Many more examples • Raft [ATC’14] - Good starting point, understandable algorithm from SMR + multi-paxos variant • Tango [SOSP’13] - Scalable algorithm for f+1 nodes, uses CR + multi-paxos variant • VRR [MIT-TR’12] - Raft with round-robin leadership & more distributed load • Zookeeper [ATC'10] - Primary backup replication + atomic broadcast protocol (Zab [DSN’11]) • EPaxos [SOSP’13] - leaderless Paxos varient for WANs 59

Recommend

Using IP to Underpin 5G Networks Making the Unreliable Reliable Adrian Farrel

Using IP to Underpin 5G Networks Making the Unreliable Reliable Adrian Farrel

Using IP to Underpin 5G Networks Making the Unreliable Reliable Adrian Farrel adrian@olddog.co.uk 28th IEEE International Conference on Network Protocols October 13 th , 2020 OLD DOG CONSULTING Topics What Services do we Want to Enable?

407 views • 14 slides
Unreliable Failure Detectors for Reliable Distributed Systems Mikel Larrea Departamento de

Unreliable Failure Detectors for Reliable Distributed Systems Mikel Larrea Departamento de

Unreliable Failure Detectors for Reliable Distributed Systems Mikel Larrea Departamento de Arquitectura y Tecnologa de Computadores UPV / EHU Contents References Introduction System Model Failure Detectors Reliable Broadcast The

539 views • 28 slides
Probabilistic Logics and the Synthesis of Reliable Organisms from Unreliable Components John Z.

Probabilistic Logics and the Synthesis of Reliable Organisms from Unreliable Components John Z.

Probabilistic Logics and the Synthesis of Reliable Organisms from Unreliable Components John Z. Sun Massachusetts Institute of Technology September 21, 2011 Outline Automata Theory Error in Automata Controlling Error Extensions 2 / 19

600 views • 19 slides
Vicis: A Reliable Network for Unreliable Silicon Andrew DeOrio, David Fick, Jin Hu, Valeria

Vicis: A Reliable Network for Unreliable Silicon Andrew DeOrio, David Fick, Jin Hu, Valeria

1 Vicis: A Reliable Network for Unreliable Silicon Andrew DeOrio, David Fick, Jin Hu, Valeria Bertacco, David Blaauw, Dennis Sylvester Electrical Engineering & Computer Science Department The University of Michigan, Ann Arbor 1/30 1 1

701 views • 30 slides
1 rdt2.0: FSM specification rdt2.0: operation with no errors rdt_send(data) rdt_send(data)

1 rdt2.0: FSM specification rdt2.0: operation with no errors rdt_send(data) rdt_send(data)

Principles of Reliable data transfer important in app., transport, link layers top-10 list of important networking topics! Reliable Data Transfer characteristics of unreliable channel will determine complexity of reliable data transfer

229 views • 6 slides
LECTURE 7: when they are self interested? In an extreme case (zero sum Reaching Agreements

LECTURE 7: when they are self interested? In an extreme case (zero sum Reaching Agreements

Reaching Agreements How do agents reaching agreements LECTURE 7: when they are self interested? In an extreme case (zero sum Reaching Agreements encounter) no agreement is possible but in most scenarios, there is potential for

526 views • 13 slides
Computing over Unreliable Computing over Unreliable C C Communication Networks Communication

Computing over Unreliable Computing over Unreliable C C Communication Networks Communication

Computing over Unreliable Computing over Unreliable C C Communication Networks Communication Networks i i i i N N k k Nicola Elia Joint work with Jing Wang D Dept. of Electrical and Computer Engineering t f El t i l d C t E i i

833 views • 42 slides
Unreliable Publish/Subscribe Protocols Georgios Bouloukakis 1,3 , Ajay Kattepur 2 , Nikolaos

Unreliable Publish/Subscribe Protocols Georgios Bouloukakis 1,3 , Ajay Kattepur 2 , Nikolaos

Queueing Network Modeling Patterns for Reliable and Unreliable Publish/Subscribe Protocols Georgios Bouloukakis 1,3 , Ajay Kattepur 2 , Nikolaos Georgantas 3 & Valrie Issarny 3 New York, USA, November 2018 15th EAI International Conference

422 views • 14 slides
Reaching Agreement: Auctions Contents Introductjon Auctjon Parameters English, Dutch,

Reaching Agreement: Auctions Contents Introductjon Auctjon Parameters English, Dutch,

Reaching Agreement: Auctions Contents Introductjon Auctjon Parameters English, Dutch, and Vickrey Auctjons Generalized Auctjons Google & Yahoo Introductjon I With the rise of the Internet, auctjons have become popular

385 views • 20 slides
Reaching & Understanding Consumers In A Digital World Francis Nicholas Group Digital

Reaching & Understanding Consumers In A Digital World Francis Nicholas Group Digital

Reaching & Understanding Consumers In A Digital World Francis Nicholas Group Digital Director, Nomad Foods Europe 7 th March 2017 1 #1 Frozen Food position in Europe #1 player In 9 markets 2 Looking at the Omnichannel World A

646 views • 32 slides
Unreliable Datagram Extension to QUIC draft-pauly-quic-datagram-00 Tommy Pauly , Eric Kinnear,

Unreliable Datagram Extension to QUIC draft-pauly-quic-datagram-00 Tommy Pauly , Eric Kinnear,

Unreliable Datagram Extension to QUIC draft-pauly-quic-datagram-00 Tommy Pauly , Eric Kinnear, David Schinazi QUIC IETF 103, November 2018, Bangkok 1 Why unreliable QUIC frames? Several application use cases take advantage of unreliable

346 views • 10 slides
Pistonless Pump for Safe and Reliable Space Access A& D Forum 2016 Steve Harrington, Ph.D.

Pistonless Pump for Safe and Reliable Space Access A& D Forum 2016 Steve Harrington, Ph.D.

Pistonless Pump for Safe and Reliable Space Access A& D Forum 2016 Steve Harrington, Ph.D. Photo: Atlas Vernier w ith Pistonless pump Problem: Turbopumps are Unreliable 1 out of 300 orbital launches fail due to turbopump problems. In Oct

153 views • 14 slides
REACHING OUT On Missions REACHING OUT On Missions Agenda 1. Overview on Missions/Community

REACHING OUT On Missions REACHING OUT On Missions Agenda 1. Overview on Missions/Community

REACHING OUT On Missions REACHING OUT On Missions Agenda 1. Overview on Missions/Community Engagement Model 2. Practical Next steps (forming teams / defining our missional plan / engagement strategy / research: ethnic groups,

486 views • 19 slides
reaching for policy and practice for net positive energy in the built environment reaching for

reaching for policy and practice for net positive energy in the built environment reaching for

Southwest Michigan Sustainable Business Forum and U.S. Green Building Council West Michigan Chapter present reaching for policy and practice for net positive energy in the built environment reaching for Mission Zero House Presented by:

244 views • 7 slides
Agreement and Disagreement in a Non-Classical World Adam Brandenburger, Patricia

Agreement and Disagreement in a Non-Classical World Adam Brandenburger, Patricia

Agreement and Disagreement in a Non-Classical World Adam Brandenburger, Patricia Contreras-Tejada, Pierfrancesco La Mura, Giannicola Scarpa, and Kai Steverson New York University, Instituto de Ciencias Matemticas, Madrid, HHL Leipzig

514 views • 15 slides
REACHING A CULTURE REACHING A CULTURE THAT HAS THAT HAS ABANDONED SCRIPTURE ABANDONED

REACHING A CULTURE REACHING A CULTURE THAT HAS THAT HAS ABANDONED SCRIPTURE ABANDONED

REACHING A CULTURE REACHING A CULTURE THAT HAS THAT HAS ABANDONED SCRIPTURE ABANDONED SCRIPTURE Acts 17:16-34 IDOLATR IDOLATRY at ATHE Y at ATHE NS S 1. Introduction - Context 2. Inquiries of Intellectuals 17:16-21 a. Initiative of

1.02k views • 39 slides
World Climate: Negotiating a Global Climate Agreement Agenda 1. Introduction and schedule 2.

World Climate: Negotiating a Global Climate Agreement Agenda 1. Introduction and schedule 2.

World Climate: Negotiating a Global Climate Agreement Agenda 1. Introduction and schedule 2. Assign Roles 3. The World Climate Negotiation 4. Debrief and your feedback Climate Change: Carbon Cycle 3 Climate Change: Greenhouse Gases 4 Actual

671 views • 40 slides
Reaching Definitions Global Opt: Reaching Definitions Concept of definition and use Using

Reaching Definitions Global Opt: Reaching Definitions Concept of definition and use Using

Reaching Definitions Global Opt: Reaching Definitions Concept of definition and use Using Program Analysis a=x+y for Optimization is a definition of a. is a use of x and y. A definition reaches a use if value written Advanced

379 views • 5 slides
Long-term energy modeling for a decarbonized world: an assessment of the Paris Agreement with an

Long-term energy modeling for a decarbonized world: an assessment of the Paris Agreement with an

Long-term energy modeling for a decarbonized world: an assessment of the Paris Agreement with an optimization bottom-up model Sandrine SELOSSE & Seungwoo KANG & Nadia MAIZI MINES ParisTech, PSL Research University, CMA-Centre for Applied

382 views • 23 slides
Highly-Available Applications on Unreliable Infrastructure: Microservice Architectures in

Highly-Available Applications on Unreliable Infrastructure: Microservice Architectures in

Highly-Available Applications on Unreliable Infrastructure: Microservice Architectures in Practice Daniel Richter, Marcus Konrad, Katharina Utecht, and Andreas Polze Operating Systems & Middleware Group Hasso Plattner Institute at

679 views • 29 slides
SKF A world of reliable rotation Niclas Rosenlew, CFO Bond issue, June 2020 Investor

SKF A world of reliable rotation Niclas Rosenlew, CFO Bond issue, June 2020 Investor

SKF A world of reliable rotation Niclas Rosenlew, CFO Bond issue, June 2020 Investor presentation Slide 1 Disclaimer / Important information This presentation material (the Ma Mater erial ) has been prepared by Aktiebolaget SKF

844 views • 43 slides
Safe and Reliable Test Results Handling Neil Houston Clinical Lead The World Health

Safe and Reliable Test Results Handling Neil Houston Clinical Lead The World Health

Safe and Reliable Test Results Handling Neil Houston Clinical Lead The World Health Organization identified that the rates of test follow- up remain suboptimal, resulting in serious lapses in patient care, delays to treatment and

421 views • 39 slides
Reaching as many viewers as possible using only libre video technologies. Reaching as

Reaching as many viewers as possible using only libre video technologies. Reaching as

How Libre can you go? Reaching as many viewers as possible using only libre video technologies. Phil Cluff, February 2019 Reaching as many viewers as possible using only libre video technologies. Reaching as many web viewers as

651 views • 39 slides
LVMH reaches an agreement with Belmond to increase its presence in the ultimate hospitality world

LVMH reaches an agreement with Belmond to increase its presence in the ultimate hospitality world

LVMH reaches an agreement with Belmond to increase its presence in the ultimate hospitality world DECEMBER 14, 2018 DISCLAIMER 2 This document may contain certain forward looking statements which are based on estimations and forecasts. By

77 views • 6 slides

More recommend