Distributed Systems Theory

Similar documents
Scalability. We can measure growth in almost any terms. But there are three particularly interesting things to look at:

Brewer s Conjecture and the Feasibility of Consistent, Available, Partition-Tolerant Web Services

Synchronization in. Distributed Systems. Cooperation and Coordination in. Distributed Systems. Kinds of Synchronization.

Dr Markus Hagenbuchner CSCI319. Distributed Systems

Blockchain, Throughput, and Big Data Trent McConaghy

Distributed systems Lecture 6: Elec3ons, consensus, and distributed transac3ons. Dr Robert N. M. Watson

Cloud Computing mit mathematischen Anwendungen

Cheap Paxos. Leslie Lamport and Mike Massa. Appeared in The International Conference on Dependable Systems and Networks (DSN 2004 )

Big Data Management and NoSQL Databases

Survey on Comparative Analysis of Database Replication Techniques

Availability Digest. MySQL Clusters Go Active/Active. December 2006

SCALABILITY AND AVAILABILITY

A new Cluster Resource Manager for heartbeat

Massive Data Storage

Middleware and Distributed Systems. System Models. Dr. Martin v. Löwis. Freitag, 14. Oktober 11

Database Replication with MySQL and PostgreSQL

High Availability with Postgres Plus Advanced Server. An EnterpriseDB White Paper

CSE-E5430 Scalable Cloud Computing Lecture 11

Distribution transparency. Degree of transparency. Openness of distributed systems

Principles and characteristics of distributed systems and environments

Bounded Cost Algorithms for Multivalued Consensus Using Binary Consensus Instances

Client/Server and Distributed Computing

Outline. Failure Types

Megastore: Providing Scalable, Highly Available Storage for Interactive Services

Cloud DBMS: An Overview. Shan-Hung Wu, NetDB CS, NTHU Spring, 2015

Database Replication with Oracle 11g and MS SQL Server 2008

Distributed File System. MCSN N. Tonellotto Complements of Distributed Enabling Platforms

HA / DR Jargon Buster High Availability / Disaster Recovery

Data Management in the Cloud

HRG Assessment: Stratus everrun Enterprise

Cloud Computing at Google. Architecture

Highly Available Hadoop Name Node Architecture-Using Replicas of Name Node with Time Synchronization among Replicas

Proactive, Resource-Aware, Tunable Real-time Fault-tolerant Middleware

Geo-Replication in Large-Scale Cloud Computing Applications

Non-Stop Hadoop Paul Scott-Murphy VP Field Techincal Service, APJ. Cloudera World Japan November 2014

Business Continuity: Choosing the Right Technology Solution

Cluster Computing. ! Fault tolerance. ! Stateless. ! Throughput. ! Stateful. ! Response time. Architectures. Stateless vs. Stateful.

Distributed Systems, Failures, and Consensus. Jeff Chase Duke University

How to Build a Highly Available System Using Consensus

Low-Latency Multi-Datacenter Databases using Replicated Commit

Distributed Data Management

Name: 1. CS372H: Spring 2009 Final Exam

Homework 1 (Time, Synchronization and Global State) Points

Database Replication Techniques: a Three Parameter Classification

Distributed Systems. Tutorial 12 Cassandra

How To Understand The Power Of Zab In Zookeeper

Distributed Data Stores

Practical Cassandra. Vitalii

Virtual Full Replication for Scalable. Distributed Real-Time Databases

Distributed File Systems

Distributed Synchronization

Berkeley Ninja Architecture

Cassandra A Decentralized, Structured Storage System

Distributed Database Management Systems

Modular Communication Infrastructure Design with Quality of Service

PipeCloud : Using Causality to Overcome Speed-of-Light Delays in Cloud-Based Disaster Recovery. Razvan Ghitulete Vrije Universiteit

Cloud Based Application Architectures using Smart Computing

BASIC CONCEPTS AND RELATED WORK

CHAPTER 2 MODELLING FOR DISTRIBUTED NETWORK SYSTEMS: THE CLIENT- SERVER MODEL

In Memory Accelerator for MongoDB

Software-Based Replication for Fault Tolerance

Stretching A Wolfpack Cluster Of Servers For Disaster Tolerance. Dick Wilkins Program Manager Hewlett-Packard Co. Redmond, WA dick_wilkins@hp.

CS2510 Computer Operating Systems

CS2510 Computer Operating Systems

Visualizations and Correlations in Troubleshooting

<Insert Picture Here> Oracle NoSQL Database A Distributed Key-Value Store

F1: A Distributed SQL Database That Scales. Presentation by: Alex Degtiar (adegtiar@cmu.edu) /21/2013

DISTRIBUTED AND PARALLELL DATABASE

Facebook: Cassandra. Smruti R. Sarangi. Department of Computer Science Indian Institute of Technology New Delhi, India. Overview Design Evaluation

Comparing Microsoft SQL Server 2005 Replication and DataXtend Remote Edition for Mobile and Distributed Applications

Introduction to Distributed Systems

Synchrony Versus S synchronity

Fault-Tolerant Computing

Chapter 14: Recovery System

A Review of Column-Oriented Datastores. By: Zach Pratt. Independent Study Dr. Maskarinec Spring 2011

Big Data Storage Architecture Design in Cloud Computing

CS5412: TWO AND THREE PHASE COMMIT

High Availability Solutions for the MariaDB and MySQL Database

Transaction Management in Distributed Database Systems: the Case of Oracle s Two-Phase Commit

High Availability Storage

Lecture 5: GFS & HDFS! Claudia Hauff (Web Information Systems)! ti2736b-ewi@tudelft.nl

DCaaS: Data Consistency as a Service for Managing Data Uncertainty on the Clouds

Transactions and Recovery. Database Systems Lecture 15 Natasha Alechina

HIGH AVAILABILITY AND DISASTER RECOVERY FOR NAS DATA. Paul Massiglia Chief Technology Strategist agámi Systems, Inc.

3.7. Clock Synch hronisation

The CAP theorem and the design of large scale distributed systems: Part I

Dependability in Web Services

Design Patterns for Distributed Non-Relational Databases

EonStor DS remote replication feature guide

Special Relativity and the Problem of Database Scalability

Chapter Outline. Chapter 2 Distributed Information Systems Architecture. Middleware for Heterogeneous and Distributed Information Systems

Distributed Architectures. Distributed Databases. Distributed Databases. Distributed Databases

TranScend. Next Level Payment Processing. Product Overview

Segmentation in a Distributed Real-Time Main-Memory Database

A Framework for Highly Available Services Based on Group Communication

Hadoop and Map-Reduce. Swati Gore

How To Understand The Concept Of A Distributed System

Continuous Data Protection for any Point-in-Time Recovery: Product Options for Protecting Virtual Machines or Storage Array LUNs

Data Consistency on Private Cloud Storage System

Transcription:

Distributed Systems Theory Dependable Systems 2014 Lena Herscheid, Dr. Peter Tröger Distributed Systems Theory Dependable Systems 2014 1

Distributed Systems Theory Dependable Systems 2014 2

Distributed Systems Motivation Distributed programming is the art of solving the same problem that you can solve on a single computer using multiple computers. For Scalability For Performance / Throughput For Availability Build a highly-available or reliable system using unreliable components Divide and conquer approach Partition data over multiple nodes Replicate data for fault tolerance or shorter response time Distributed Systems Theory Dependable Systems 2014 3

Transparency of Distribution A distributed system is a collection of independent computers that appears to its users as a single coherent system Access transparency Location transparency Replication transparency Concurrency transparency Failure transparency: Failures and recoveries of components are hidden from applications/users Distributed Systems Theory Dependable Systems 2014 4

Fallacies of Distributed Computing (L. Peter Deutsch, 1994) 1. The network is reliable 2. Latency is zero 3. Bandwidth is infinite 4. The network is secure 5. Topology doesn t change 6. There is one administrator 7. Transport cost is zero 8. The network is homogeneous Jim Gray: Transparency In Its Place: The Case Against Transparent Access to Geographically Distributed Data Choose the right system model (Weaker assumptions more robustness and generality) Distributed Systems Theory Dependable Systems 2014 5

Buzzwords! http://en.wikipedia.org/wiki/file:schematic_itsc_and_rto,_rpo,_mi.jpg High Availability 99.999% 5.39 min downtime / year Disaster Recovery Protect IT systems from large-scale disasters (natural or human made) Part of business continuity planning Recovery Point Objective (RPO): Maximum period in which data may be lost due to disaster Recovery Time Objective (RTO): Maximum time until service restoration after disaster Geographic Distribution Multiple data centres on different continents increased latency and consistency challenges Big Data Datasets getting so big that traditional implementations fail to handle them Distributed Systems Theory Dependable Systems 2014 6

Distributed Fault Tolerance High level of concurrency Complex interaction patterns increased likelihood for errors Many levels of potential failures Heterogeneity of components Increased operation effort Operation errors have high impact Latency issues Consistency concerns Distributed Systems Theory Dependable Systems 2014 7

Divide and conquer Distributed computing has two major challenges: latency and failures Replication Increase performance and availability through redundancy Increased infrastructure cost P = 0.25 C = 4 Partition Decrease latency by co-locating related data Mitigate the impact of faults by increased independence P = 0.4375 C = 2 1 2 3 4 1 2 3 4 1 2 3 4 A B A B Distributed Systems Theory Dependable Systems 2014 8

Distributed Systems Abstractions You can t tolerate faults you haven t considered. Timing assumptions Synchronous Known upper bound on message delay Each processor has an accurate clock Asynchronous Processes execute at independent rates Message delay can be unbounded Partially synchronous Failure model: Crash, Byzantine, Failure detectors: strong/weakly accurate, strong/weakly complete Consistency model Strong: the visibility of updates is equivalent to a non-replicated system Weak: client-centric, causal, eventual Distributed Systems Theory Dependable Systems 2014 9

Quiz 1. Why can it be problematic to measure only availability (e.g. in SLAs)? 2. Why does increasing the stochastic independence of faults increase availability? 3. Why is it harder to implement fault tolerance in geographically distributed systems? Distributed Systems Theory Dependable Systems 2014 10

Timing Model Lamport, Leslie. "Time, clocks, and the ordering of events in a distributed system." Communications of the ACM 21.7 (1978): 558-565. Network Time Protocol, RFC 5905, http://tools.ietf.org/html/rfc5905 Corbett, James C., et al. "Spanner: Google s globally distributed database."acm Transactions on Computer Systems (TOCS) 31.3 (2013): 8. Distributed Systems Theory Dependable Systems 2014 11

Timing Model Synchronous: known upper bound on message transmission Time complexity: number of messaging rounds until a result is computed Partially synchronous: in practice, some assumptions can still be made Clocks of limited accuracy, which may be out of sync Asynchronous: message delays are unpredictable Algorithms for asynchronous systems work in any system Approaches to mitigate asynchrony 1. Simulate a synchronous system in an asynchronous system Synchronizers: send clock pulses within which messages are transmitted High message overhead 2. Simulate global time Virtual time: Lamport clocks 3. Simulate global state Snapshot algorithm Synchronous Partially synchronous Asynchronous Distributed Systems Theory Dependable Systems 2014 12

Logical Time How to order events in an asynchronous system without physical clocks? Assume sequential events within each process Happened before relation ( ) p3 Mathematically, a partial ordering a b, if A and B are in the same process, and A comes before B p2 A is a send and B is a receipt of the same message a b b c a c (transitivity) Concurrency: b a a b p1 Denotes that an event causally affects another q3 q2 q1 Distributed Systems Theory Dependable Systems 2014 13

Lamport Clocks For each process, C a assigns a number to any event Clock condition: a b C a C b Each process increments clock between events For message send from a to b: Message contains logical timestamps T = C a Receiver sets C to a value >= its present value and > T Can be used to build a total order ( ) Use an arbitrary total ordering of the processes a b, if C a < C b or C a = C b P a P b p3 p2 p1 q3 q2 q1 Distributed Systems Theory Dependable Systems 2014 14

Lamport Clocks http://commons.wikimedia.org/ wiki/file:lamport-clock-en.svg Distributed Systems Theory Dependable Systems 2014 15

Timing in Distributed Systems Clock drift: distributed, slightly inaccurate clocks drift apart need synchronization Christian s algorithm Assumes central time server Requires round trip time (RTT) << required accuracy Berkeley algorithm Uses coordinator election No central clock, global clock is the average of local slave clocks Master sends clock adjustments (considering RTT) to the slaves Network Time Protocol (NTP): synchronize clocks to UTC via the internet Sub-millisecond accuracy Implementations based on UDP port 123 Hierarchical approach Each node has a stratum (0: physical clock, 1: primary computer connected to it, 2: secondary client, ) Fault tolerant because of different network routes and redundant clocks and servers Distributed Systems Theory Dependable Systems 2014 16

Quiz 1. Why are logical clocks usually used together with physical clocks? 2. Why is it useful to have a partial order of events? 3. Why is it useful to have a total order of events? Distributed Systems Theory Dependable Systems 2014 17

Fault Model Lamport, Leslie, Robert Shostak, and Marshall Pease. "The Byzantine generals problem." ACM Transactions on Programming Languages and Systems (TOPLAS) 4.3 (1982): 382-401. Chandra, Tushar Deepak, and Sam Toueg. "Unreliable failure detectors for reliable distributed systems." Journal of the ACM (JACM) 43.2 (1996): 225-267. Cristian, Flavin. "Understanding fault-tolerant distributed systems."communications of the ACM 34.2 (1991): 56-78. Distributed Systems Theory Dependable Systems 2014 18

Fault Model Processor stops without notification (until restart) Processor breaks deadline Processor does not react within its time window Processor responds incorrectly Any possible fault Distributed Systems Theory Dependable Systems 2014 19

Byzantine Generals Problem Reliable computer systems must handle malfunctioning components that give conflicting information to different parts of the system Formalized by Leslie Lamport (1982) Generals in the Byzantine Empire must agree on an attack time (consensus) Traitors, which misbehave in arbitrary ways, may exist Asynchronous, unreliable communication Solution criteria 1. All generals decide upon the same plan of action 2. A small number of traitors cannot cause the loyal generals to adopt a bad plan Equivalent formulation with commanding general 1. All loyal lieutenants obey the same order 2. If the commanding general is loyal, then every loyal lieutenant obeys the order he sends Distributed Systems Theory Dependable Systems 2014 20

Byzantine Generals Problem Example Leslie Lamport: The Byzantine Generals Problem Distributed Systems Theory Dependable Systems 2014 21

Byzantine Fault Tolerance Defend against arbitrary failures Malicious attacks Arbitrarily wrong, inconsistent return values Most realistic system model, but hardest to implement Solutions require many message sends Significant overhead for each decision To tolerate F byzantine failures, 3F+1 nodes are needed Outlined proof by contradiction (Lamport) Assume a solution for 3 generals ( Albanian generals ) Derive generalized 3F solution from it But: case enumeration proves 3 generals solution impossible Distributed Systems Theory Dependable Systems 2014 22

Failure Detectors - Motivation How to find out when a node has failed (crashed)? Important for many fault tolerance paradigms (Consensus, Atomic Broadcast, ) Correct crash detection is possible only in synchronous systems In asynchronous systems, you never know if a process is just very slow FLP impossibility Solutions: constrain the assumptions! Constrained timing model (partial synchrony) Weaker problems To preserve asynchronous model: external, unreliable failure detectors Distributed Systems Theory Dependable Systems 2014 23

Failure Detectors - Model Failure Detector: Distributed oracle that provides hints about the operational status of processes Toueg May be incorrect May change its mind In synchronous systems: perfect detection using timeouts Completeness Strong: Eventually, every crashed process is permanently suspected by every correct process Weak: Eventually, every crashed process is permanently suspected by some correct process Accuracy Strong: No process is suspected before it crashes Weak: Some correct process is never suspected Distributed Systems Theory Dependable Systems 2014 24

Failure Detectors - Implementation W: Eventually weak completeness & eventually weak accuracy W is the weakest failure detector for solving consensus in asynchronous systems with f < [n/2] Consensus and atomic broadcast are equivalent problems In practice, W can be implemented using timeouts Increase timeout period after every mistake Eventually, there are probably no premature timeouts Reliable broadcast All correct processes deliver the same messages All messages broadcasted by correct processes are delivered No spurious messages are delivered Distributed Systems Theory Dependable Systems 2014 25

Quiz 1. How many nodes do you need to tolerate crash faults? 2. How many nodes do you need to tolerate byzantine faults? 3. Describe a failure detector satisfying strong completeness, but not weak accuracy. Distributed Systems Theory Dependable Systems 2014 26

Distributed Systems Problems Atomic broadcast All receive messages reliably in the same order Consensus Multiple processors agree on a value Leader election Find unique coordinator, known to every node Atomic commit Apply a set of changes in a single operation Terminating reliable broadcast All eventually receive the correct message Distributed Systems Theory Dependable Systems 2014 27

Leader / Coordinator Election Goal: choose a coordinating process (leader) for a task Coordinators are single points of failure Need to be replaced when they fail Complexity measures Time complexity Messaging complexity Algorithms tailored for different system assumptions Topology: ring, complete graphs, undirected vs unidirectional Timing: synchronous vs asynchronous systems Anonymous systems vs per-process UID Distributed Systems Theory Dependable Systems 2014 28

Consensus Fischer, Michael J., Nancy A. Lynch, and Michael S. Paterson. "Impossibility of distributed consensus with one faulty process." Journal of the ACM (JACM)32.2 (1985): 374-382. Chandra, Tushar D., Robert Griesemer, and Joshua Redstone. "Paxos made live: an engineering perspective." Proceedings of the twenty-sixth annual ACM symposium on Principles of distributed computing. ACM, 2007. Gray, Jim. "A comparison of the Byzantine agreement problem and the transaction commit problem." Fault-tolerant distributed computing. Springer New York, 1990. 10-17. Ongaro, Diego, and John Ousterhout. "In search of an understandable consensus algorithm." Draft of October 7 (2013). Distributed Systems Theory Dependable Systems 2014 29

Two Generals / Coordinated Attack Problem Two spatially separated armies want to attack a city and need to coordinate If they do not attack simultaneously, they die Messengers sent between the armies may be captured Formally: consensus of two processes assuming unreliable network It is impossible to design a safe agreement protocol! Proof by contradiction (informal): 1. Assume a protocol for correct coordination 2. This protocol contains a minimal subset of messages leading to coordinated attack: m 1, m n After m n, a coordinated simultaneous attack occurs 3. Since the network is unreliable, m n may not be delivered. Then, The receiver of m n will attack differently (minimal subset) But the sender will act the same The protocol was not correct after all Distributed Systems Theory Dependable Systems 2014 30

2 Phase Commit (2PC) Goal: coordinate decision whether to commit or abort a transaction Special case of consensus protocol Transaction: atomic, consistent, isolated, durable (ACID) Transactional DBMS implement three phases 1. Begin 2. Execute 3. Success? Commit : Rollback Assumes a global coordinator process 1. Commit-request / prepare / voting phase Coordinator asks all nodes to prepare commit Write to log Lock modified tables, preventing reads Nodes reply to coordinator: Prepared No modification Abort (cannot prepare) 2. Commit phase If all nodes have prepared, coordinator asks for actual commit Nodes reply with acknowledgement coordinator closes log & forgets transaction Distributed Systems Theory Dependable Systems 2014 31

2PC Fault Tolerance and Implementation What if nodes / the network fail? After timeout or node failure, rollback is requested No data change becomes visible externally Rollback based on local logs Disadvantages 2PC is a blocking protocol Coordinator: single point of failure Costly message sends and logging Implementation Typically there are multiple coordinators: Transaction Managers (TM) Optimization: make assumptions about failure cases to send less messages Presumed-abort: omit ack messages before aborting Presumed-commit: omit ack messages before commiting Distributed Systems Theory Dependable Systems 2014 32

Consensus Goal: distributed processors agree on a value Termination: all non-faulty processes eventually decide on a value Agreement: all processes that decide do so on the same value Validity: the value must have been proposed by some process Many applications in distributed systems Decide whether a transaction commits Agree on (logical) time In synchronous systems, solvable for any number of crash failures In eventually synchronous systems, solvable for < n/2 crash failures Algorithms: Paxos, Raft, Chandra-Toueg FLP (Fischer, Lynch, Paterson) impossibility of consensus in asynchronous systems: In an asynchronous system, where at most 1 process can fail (fail-stop), no safe consensus algorithm exists. Distributed Systems Theory Dependable Systems 2014 33

Paxos (Lamport, 1989) Consensus: distributed processors agree on a value Termination: all non-faulty processes eventually decide on a value Agreement: all processes that decide do so on the same value Validity: the value must have been proposed by some process Proven correct, theoretical consensus protocol for unreliable processors + unreliable network System model Crash faults Asynchronous messaging, messages can be lost or duplicated, but not corrupted Persistent processor-local storage Roles: Proposers, Acceptors, Learners In reality, many roles are played by identical node less messaging overhead Processes are usually replicas Frequently entwined with master-slave replication Master = Coordinator, serves requests When coordinator fails, additional re-election overhead is induced Distributed Systems Theory Dependable Systems 2014 34

Paxos Overview Client 0.request P 4.response Client P 2.accept(v) P 1.prepare(1) A, L A, L Quorum 3.accepted(1,v) A, L A, L A, L A, L Quorum L 3.accepted(1,v) Quorum L 1. Preparation: Elect coordinator (Proposer), find quorum 2. Coordinator selects a value, broadcasts it to replicas (Acceptors) Other replicas either acknowledge or reject it 3. Majority acknowledged? consensus reached Notify all replicas (Learners), so they update their states L Distributed Systems Theory Dependable Systems 2014 35

Paxos Failures 1. Preparation: Elect coordinator (Proposer), find quorum 2. Coordinator selects a value, broadcasts it to replicas (Acceptors) Other replicas either acknowledge or reject it 3. Majority acknowledged? consensus reached Notify all replicas (Learners), so they update their states Acceptor failure Tolerated, but changes majority To tolerate F crash faults, 2F+1 Acceptors are needed Proposer failure Leader election may have to ensure that a new proposer exists Learner failure Tolerated, due to assumption of persistent storage Needs to synchronize data Protocol does not cover data synchronization after recovery or failure detection More fault tolerant than 2PC Majority voting (in 2PC, all nodes need to agree) Ordered proposals make redundant proposers possible Distributed Systems Theory Dependable Systems 2014 36

Paxos Duelling Proposers 1. Proposer failure after accept 2. New Proposer 3. Old Proposer recovers Doesn t know it is no longer the only Proposer Gets rejected and re-proposes Duelling with increasing proposal numbers Leader election probably eventually solves this Potential violation of termination requirement! Corresponds to FLP impossibility: For liveness, timeouts are needed Solution: introduce partial synchrony Distributed Systems Theory Dependable Systems 2014 37

Paxos Practical Challenges Determining roles: Paxos is only as live as its leader election protocol Failure detection Not specified in the original algorithm Non-trivial in asynchronous systems I/O complexity Participants to log their state on disk before each message send (they may fail in between) #Acceptors * #Learners messages in the accepted phase Needs efficient broadcast implementation Consensus on single values only Real systems need to apply chains of updates Multi-Paxos Extensions: {Fast / Cheap / Egalitarian / } Paxos Distributed Systems Theory Dependable Systems 2014 38

Paxos Made Live - An Engineering Perspective Chubby: distributed locking, storage of metadata Used in BigTable / GFS Design Disk corruption handling: Node with corrupted disk participates in Paxos as Learner, but not Acceptor rebuilds state Only one master (Proposer), who sends heartbeats Engineering For better understanding/correctness validation: DSL for state machines which compiles to C++ Runtime consistency checks (checksums, asserts) Distributed Systems Theory Dependable Systems 2014 39

Raft Consensus algorithm designed for ease of implementation Designed for series of decisions (e.g., log entries) Administration by a strong leader Receives requests Sends updates + heartbeats Leader election incorporated into the algorithm Interactive visualization: http://thesecretlivesofdata.com/raft/ Distributed Systems Theory Dependable Systems 2014 40

Quiz 1. What makes consensus in asynchronous systems hard? 2. What does the FLP impossibility state? 3. What timing model does Paxos assume? 4. What fault model does Paxos assume? Distributed Systems Theory Dependable Systems 2014 41

Further Reading Scalable Web Architecture and Distributed Systems http://aosabook.org/en/distsys.html Distributed Systems for Fun and Profit http://book.mixu.net/distsys/single-page.html Reading list (theoretical papers) http://courses.cs.washington.edu/courses/cse552/07sp/ Distributed Systems Theory Dependable Systems 2014 42

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information