Causal Consistency Without Dependency Check Messages Willy Zwaenepoel

INTRODUCTION

Geo-replicated data stores Geo-replicated data centers Full replication between data centers Data in each data center partitioned Data center

The Consistency Dilemma Strong Consistency synchronous replication all replicas share same consistent view sacrifice availability Causal Consistency asynchronous replication all replicas eventually converge sacrifice consistency, but … … replication respects causality Eventual Consistency asynchronous replication all replicas eventually converge sacrifice consistency

The cost of causal consistency

Can we close the throughput gap? The answer is: yes, but there is a price

STATE OF THE ART: WHY THE GAP?

How is causality enforced? Each update has associated dependencies What are dependencies? – metadata to establish causality relations between operations – used only for data replication Internal dependencies – previous updates of the same client session External dependencies – read updates of other client sessions

Internal dependencies W(y = 2) Alice W(x = 1) Bob US Datacenter Europe Datacenter R(y) y = 0 R(y) y = 2 Example of 2 users performing operations at different datacenters at the same partition

External dependencies R(x) Alice W(x = 1) Bob US Datacenter Europe Datacenter x = 1 R(y) y = 0 R(y) y = 2 W(y = x + 1) Charlie Example of 3 users performing operations at datacenters at the same partition

How dependencies are tracked & checked In current implementations – COPS [SOSP ’11], ChainReaction [Eurosys ‘13], Eiger [NSDI ’13], Orbe [SOCC ’13] DepCheck(A) – “Do you have A installed yet?” Partition 0Partition 1 Partition N … Partition 0Partition 1 … US Datacenter Europe Datacenter Client Read(A) Read(B) Write(C, A+B) DepCheck(B) DepCheck(A) Partition N

Encoding of dependencies COPS [SOSP ’11], ChainR. [Eurosys ‘13], Eiger [NSDI ’13] – “direct” dependencies – Worst case: O( reads before a write ) Orbe [SOCC ‘13] – Dependency matrix – Worst case: O( partitions )

The main issues Metadata size is considerable – for both storage and communucation Remote dependency checks are expensive – multiple partitions are queried for each update

The cost of causal consistency

The cost of dependency check messages

CAUSAL CONSISTENCY WITH 0/1 DEPENDENCY CHECK MESSAGES

Getting rid of external dependencies Partitions serve only fully replicated updates – Replication Confirmation messages broadcast periodically External dependencies are removed – replication information implies dependency installation Internal dependencies are minimized – we only track the previous write – requires at most one remote check zero if write is local, one if it is remote

The new replication workflow Example of 2 users performing operations at different datacenters at the same partition Alice W(x = 1) Bob R(x) US Datacenter Europe Datacenter Asia Datacenter Replication Confirmation (periodically) R(x) x = 0 x = 1

Reading your own writes Clients need not wait for the replication confirmation – they can see their own updates immediately – other clients’ updates are visible once they are fully replicated Multiple logical update spaces Global update space (fully visible) Replication update space (not yet visible) Alice’s update space (visible to Alice) Alice’s update space (visible to Alice) Bob’s update space (visible to Bob) Bob’s update space (visible to Bob) … …

The cost of causal consistency

The price paid: update visibility increased With new implementation ~ max ( network latency from origin to furthest replica + network latency from furthest replica to destination + interval of replication information broadcast ) With conventional implementation: ~ network latency from origin to destination

CAUSAL CONSISTENCY WITHOUT DEPENDENCY CHECK MESSAGES ?!

Is it possible? Only make update visible when one can locally determine no causally preceding update will become visible later at another partition

How to do that? Encode causality by means of Lamport clock Each partition maintains its Lamport clock Each update is timestamped with Lamport clock Update visible – update.timestamp ≤ min( Lamport clocks ) Periodically compute minimum

0-msg causal consistency - throughput

The price paid: update visibility increased With new implementation ~ max ( network latency from origin to furthest replica + network latency from furthest replica to destination + interval of minimum computation ) With conventional implementation: ~ network latency from origin to destination

How to deal with “stagnant” Lamport clock? Lamport clock stagnates if no update in a partition Combine – Lamport clock – Loosely synchronized physical clock – (easy to do)

More on loosely synchronized physical clocks Periodically broadcast clock Reduces update visibility latency to – Network latency from furthest replica to destination + maximum clock skew + clock broadcast interval

Can we close the throughput gap? The answer is: yes, but there is a price The price is increased update visibility

MethodThroughput# of dep.check messages Update visibility Conventional< Evt. consistencyO( Rs since W ) O( partitions ) DDDD 01-msg~ Evt. consistencyO or 1~ 2 D max 0-msg~ Evt. consistency0~ 2 D max 0-msg + physical clock~ Evt. consistency0~ D max Conclusion: Throughput, messages, latency