Post on 01-Apr-2015
Shameless Statements Shameless Statements about Replicationabout Replication
Rachid Guerraoui
School of Computer and Communication Sciences, EPFL
Joint ruminations with Eli Gafni (UCLA-MSR)
Shameless Statements about Replication Slide 2
Replication is all over the Replication is all over the placeplace
• Replicated databasesReplicated databases
• Reliable middleware
• Storage systems
• Non-blocking data structures
• Group communication
Shameless Statements about Replication Slide 3
Highlight the important principles
(results/algorithms)
Deconstructing Deconstructing replicationreplication
Shameless Statements about Replication Slide 4
A perspective on replicationA perspective on replication
Shameless Statements about Replication Slide 5
“Here are my principles. If you don’t like them, I have
others”
Groucho Marx
A grain of saltA grain of salt
Shameless Statements about Replication Slide 6
Deconstructing Deconstructing replicationreplication
• For now, let’s For now, let’s • (1) ignore performance and focus on • (2) strong and general replication of
• (3) an object shared by 2 processes
Shameless Statements about Replication Slide 7
ReplicationReplication
P1P1
P2P2
OOOO
opAopA opAopA
opBopBopBopB
Shameless Statements about Replication Slide 8
The players
Shameless Statements about Replication Slide 9
The scheduler decides which process goes next
The processes take steps
The game
Shameless Statements about Replication Slide 10
ReplicationReplication
P1P1
P2P2
OO
O’O’
opAopA opBopB
Fair agreement on the order Fair agreement on the order
opAopA
opBopBopAopAopBopB
Shameless Statements about Replication Slide 11
ReplicationReplication
P1P1
P2P2
OO
O’O’
opAopA
opBopB
ConsensusConsensusSharedShared
memorymemory
opBopBopAopA
opBopBopAopA
Shameless Statements about Replication Slide 12
StatementStatement
• (1) Behind every (1) Behind every replicationreplication lie a lie a
consensusconsensus and a and a shared memoryshared memory
ConsensusConsensus
Shameless Statements about Replication Slide 13
Consensus is impossible: FLPConsensus is impossible: FLP
Asynchronous shared Asynchronous shared
memory systemmemory system
p1p1 p2p2
Shameless Statements about Replication Slide 14
Synchronous consensus is possibleSynchronous consensus is possible
Synchronous systemSynchronous system
Asynchronous systemAsynchronous system
Shameless Statements about Replication Slide 15
<>Synchronous consensus is <>Synchronous consensus is possiblepossible
<>Synchronous system<>Synchronous system
Asynchronous systemAsynchronous system
Shameless Statements about Replication Slide 16
Consensus is almost possibleConsensus is almost possible
-synchronous system-synchronous system
Shameless Statements about Replication Slide 17
“One person is missing and the whole world seems depopulated”
Alphonse de la Martine
Consensus is possible iff Consensus is possible iff -synchrony-synchronyp1p1 p2p2
Shameless Statements about Replication Slide 18
Bottom lineBottom line
• (1) Behind every (1) Behind every replicationreplication lie a lie a
consensusconsensus and a and a shared memoryshared memory
• (2) Behind every consensus lies some -synchrony
-synchrony-synchrony
Shameless Statements about Replication Slide 19
Consensus is almost possible
Shameless Statements about Replication Slide 20
Consensus (primary)Consensus (primary)
P1P1
P2P2
V1V1
V2V2
V1V1
SharedShared
memorymemory
V1V1
Shameless Statements about Replication Slide 21
Consensus (primary)Consensus (primary)
P1P1
P2P2
V1V1
V2V2
SharedShared
memorymemory
V1V1crashcrash
Shameless Statements about Replication Slide 22
Consensus (primary-backup)Consensus (primary-backup)
P1P1
P2P2
V1V1
V2V2V1V1
SharedShared
memorymemory
V1V1 V1V1
Shameless Statements about Replication Slide 23
Consensus (primary-backup)Consensus (primary-backup)
P1P1
P2P2
V1V1
V2V2
V2V2
SharedShared
memorymemory
crashcrashV1V1
Shameless Statements about Replication Slide 24
Consensus (primary-backup)Consensus (primary-backup)
P1P1
P2P2
V1V1
V2V2V2V2
SharedShared
memorymemory
V1V1 V1V1
V2V2
Shameless Statements about Replication Slide 25
Consensus (2PC)Consensus (2PC)
P1P1
P2P2
V1V1
V2V2
Shared memoryShared memory
V1V1
V1V1
V1V1 commitcommit
Shameless Statements about Replication Slide 26
Consensus (2PC)Consensus (2PC)
P1P1
P2P2
V1V1
V2V2
Shared memoryShared memory
V2V2
V2V2V2V2commitcommit
Shameless Statements about Replication Slide 27
Consensus (2PC)Consensus (2PC)
P1P1
P2P2
V1V1
V2V2
Shared memoryShared memory
V1V1
V2V2
abortabort
abortabort
Shameless Statements about Replication Slide 28
Towards indulgent consensusTowards indulgent consensus
Asynchronous systemAsynchronous system
• Indulgence: tolerates arbitrarily long periods of asynchrony, i.e., tolerates any prefix
Shameless Statements about Replication Slide 29
Indulgence
Shameless Statements about Replication Slide 30
« He that is without sin among you, let him cast the first stone at her » John 8:3-11
Indulgence
Shameless Statements about Replication Slide 31
Indulgence
Always preserves safety
Ensures liveness whenever possible
« While there is life there is hope » Cicero
Shameless Statements about Replication Slide 32
Indulgent consensus Indulgent consensus (3PC)(3PC)
P1P1
P2P2
V1V1
V2V2
commit/abortcommit/abort commit/abortcommit/abort
Shameless Statements about Replication Slide 33
• The processes dynamically exclude one suffix of a run, using a system oracle:
Indulgent consensus Indulgent consensus (3PC)(3PC)
A failure detectorA failure detector
Shameless Statements about Replication Slide 34
Weakest failure detector
• The weakest failure detector for consensus -
• The weakest failure detector question translates into the smallest suffix set to be excluded
Shameless Statements about Replication Slide 35
Weakest failure detectorWeakest failure detector
p1p1 p2p2
Shameless Statements about Replication Slide 36
Shared memory assumptionShared memory assumption
Helps better understand consensus Helps better understand consensus results (FLP, FD, 2PC, 3PC)results (FLP, FD, 2PC, 3PC)
Needed anyway for replication (and indulgent consensus)
Shameless Statements about Replication Slide 37
Bottom lineBottom line
• (1) Behind every (1) Behind every replicationreplication lie a lie a
consensusconsensus and a and a shared memoryshared memory
• (2) Behind every consensus lies some -synchrony
shared memoryshared memory
Shameless Statements about Replication Slide 38
ABD (Snapshot)ABD (Snapshot)
P1P1
P2P2
V1V1
V2V2
QuorumQuorum
writewrite
readread
Shameless Statements about Replication Slide 39
The many faces of quorumsThe many faces of quorums
Byzantine quorums
Failure detector quorums
Refined quorums
Probabilistic quorums
Shameless Statements about Replication Slide 40
Bottom lineBottom line
• (1) Behind every (1) Behind every replicationreplication lie a lie a
consensusconsensus and a and a shared memoryshared memory
• (2) Behind every consensus lies some -synchrony
• (3) Behind every shared memory lies a quorum
Shameless Statements about Replication Slide 41
Deconstructing Deconstructing replicationreplication
• (1) ignoring performance And focusing on• (2) strong and general replication of• (3) one object shared by 2 processes
Shameless Statements about Replication Slide 42
The engineerThe engineer
In real systems, we do care about In real systems, we do care about performanceperformance and we are happy with and we are happy with weak replicationweak replication
Much ado about nothing?
Shameless Statements about Replication Slide 43
What about performance?What about performance?
Let’s move now to a message passing system with communication delays/rounds
Shameless Statements about Replication Slide 44
What about performance?What about performance?
Synchronous system with few failuresSynchronous system with few failures
Asynchronous systemAsynchronous system
Plan for the worst and hope for the bestPlan for the worst and hope for the best
Shameless Statements about Replication Slide 45
What about performance?What about performance?
How many synchronous rounds does consensus How many synchronous rounds does consensus need? need?
A shared memory system of n processes with 1 failure can simulate x rounds of a synchronous system with x failures
At least t+1
Shameless Statements about Replication Slide 46
The inherent price of The inherent price of indulgenceindulgence
• How many synchronous rounds does an indulgent consensus need to decide with f failures?
A shared memory system of n processes with 1 failure can simulate x+1 synchronous rounds of an indulgent consensus algorithm with x failures
At least f+2
Shameless Statements about Replication Slide 47
The inherent price of The inherent price of indulgenceindulgence
• For how long does a system need to be synchronous for indulgent consensus to terminate?
No clue…
Shameless Statements about Replication Slide 48
The inherent price of The inherent price of indulgenceindulgence
• How many servers need to be correct in order for indulgent consensus to decide in x synchronous rounds?
Refined quorums
Shameless Statements about Replication Slide 49
More about performance…More about performance…
•Disk accesses?
•Throughput?
Shameless Statements about Replication Slide 50
What about weak replication? What about weak replication?
Is consensus necessary for weak replication?Is consensus necessary for weak replication?
If replicas would never need to agree on any state, they would not be called replicas
Shameless Statements about Replication Slide 51
What is weak replication? What is weak replication?
The answer, my friend, is blowin' in the wind
Shameless Statements about Replication Slide 52
What about weak replication? What about weak replication?
Does ad-hoc replication need consensus?
We need consensus among 2 processes
Say we know the semantics of an object, e.g., a queue? (weaker than consensus)
Shameless Statements about Replication Slide 53
What about weak replication? What about weak replication?
• Does eventual replication need consensus?
• It does eventually..
• Does probabilistic replication need consensus?
• It does need randomized consensus..
Shameless Statements about Replication Slide 54
What if What if
• We give up safety and let some of the replicas disagree?
• We might need set-agreement
• We give up liveness and ensure termination only if k processes are concurrent?
• We might need set-agreement
Shameless Statements about Replication Slide 55
The future of replication
• What form of quorum (shared memory) does a set-agreement actually need?
• For how long does a system need to be synchronous for indulgent set-agreement to terminate?
Shameless Statements about Replication Slide 56
The one slide to rememberThe one slide to remember
• (1) Behind every (1) Behind every replicationreplication lie lie
agreementagreement and and shared memoryshared memory
• (2) Behind every agreement lies -synchrony
• (3) Behind every shared memory lies a quorum
Shameless Statements about Replication Slide 57
Or at least this oneOr at least this one
Shameless Statements about Replication Slide 58
What about more processes?What about more processes?
f-process wait-free systemf-process wait-free system
n-process (f-1)-resilient systemn-process (f-1)-resilient system