Brewer’s Conjecture and the Feasibility of Consistent, Available, Partition-Tolerant Web Services Authored by: Seth Gilbert and Nancy Lynch Presented by: Karl Smith

 CAP  Consistency  Availability  Partition-Tolerance  Three desirable, and expected properties of real- world services  Brewer states that it is impossible to guarantee all three Introduction

 Most web services attempt to provide strongly consistent data  Most use ACID databases  Atomic  Consistent  Isolated  Durable  Web services also need fault-tolerance  Handle crashing nodes, and network partitioning ACID

Formal Model

 Data should maintain atomic consistency  There must exist a total order on all operations such that each operation looks as if it were completed at a single instant  This is not the same as the Atomic requirement in ACID Atomic Data Objects

 Every request received by a non-failing node in the system must result in a response  No time requirement  Difficult because even in severe network failures, every request must terminate  Brewer originally only required almost all requests get a response, this has been simplified to all Available Data Objects

 When the network is partitioned all messages sent from nodes in one partition to nodes in another partition are lost  This causes the difficulty because  Every response must be atomic even though arbitrary messages might not be delivered  Every node must respond even though arbitrary messages may be lost  No failure other then total network failure is allowed to cause incorrect responses Partition Tolerance

 Asynchronous Networks  There is no clock  Nodes must make decisions based only on messages received and local computation  Partially Synchronous Networks  Each system has a clock  Clocks increase at the same rate  Clocks my not be synchronized Different Networks

 It is impossible to provide the following in all fair executions (included those in which messages are lost)  Availability  Atomic Consistency  Proven by contradiction Asynchronous Network Impossible

 Let the system be made of two nodes(G1,G2) that are partitioned separately such that all messages between G1 and G2 are lost  If a write occurs on G1, then later a read occurs on G2, G2 cannot return the data written as a result of the write to G1 Impossible Proof

 No solution exists to meet all three requirements, but any two can be accommodated Partial Solutions

 Ignore all requests  Alternate solution: each data object is hosted on a single node and all actions involving that object are forwarded to the node hosting the object Atomic & Partition Tolerant

 If no partitions occur it is clearly possible to provided atomic, available data  Systems that run on intranets and LANs are an example of these algorithms Atomic & Available

 The service can return the initial value for all requests  The system can provide weakened consistency, this is similar to web caches Available & Partition Tolerant

 It is impossible to provide the following in all fair executions (included those in which messages are lost)  Availability  Atomic Consistency  Proven by contradiction  (This is very similar to the synchronous slide) Partially Synchronous Network Still Impossible

 Let the system be made of two nodes(G1,G2) that are partitioned separately such that all messages between G1 and G2 are lost  If a write occurs on G1, then later a read occurs on G2, G2 cannot return the data written as a result of the write to G1  (This seems familiar) Impossible Proof

 By allowing stale data to be returned when messages are lost it is possible to maintain a weaker consistency  Delayed-t consistency- there is an atomic order for operations only if there was an interval between the operations in which all messages were delivered Weaker Consistency Conditions

1.P is a partial order that orders all write operations, and orders all read operations with respect to the write operations. 2.The value returned by every read operation is exactly the one written by the previous write operation in P (or the initial value, if there is no such previous write in P). 3.The order in P is consistent with the order of read and write requests submitted at each node. 4.(Atomicity) If all messages in the execution are delivered, and an operation θ completes before an operation Φ begins, then Φ does not precede θ in the partial order P, 5.(Weakly Consistent) Assume there exists an interval of time longer than t in which no messages are lost. Further, assume an operation, θ, completes before the interval begins, and another operation, Φ, begins after the interval ends. Then Φ does not precede θ in the partial order Definition

1.A sends a request to C for the most recent value. 2.If A receives a response from C, save the value and send it to the client. 3.If A concludes that a message was lost (i.e. a timeout occurs), then return the value with the highest sequence number received from C (see below), or the initial-value (if no value has yet been received from C). Read

1.A sends a message to C with the new value. 2.If A receives an acknowledgement from C, then A sends an acknowledgement to the client, and stops. 3.If A concludes a message was lost (i.e. a timeout occurs), then A sends an acknowledgement to the client. 4.If A has not yet received an acknowledgement from C, then A sends a message to C with the new value. 5.If A concludes a message was lost (i.e. a timeout occurs), A repeats step 4 within t − 4 * t timeout seconds. Write

1.C increments its sequence number by 1. 2.C sends out the new value and the sequence number to every node. 3.If C concludes a message was lost (i.e. a timeout occurs), then C resends the value and sequence number to the missing node within time t − 2 * t timeout seconds. 4.Repeat step 3 until every node has acknowledged the value. New Value

 Proved that CAP is impossible to provide  Any two properties can be maintained  It is possible to achieve a compromise between consistency and availability in a partially synchronous network Conclusion