2/23/2009CS50901 Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial Fred B. Schneider Presenter: Aly Farahat.

Slides:



Advertisements
Similar presentations
Impossibility of Distributed Consensus with One Faulty Process
Advertisements

CS 542: Topics in Distributed Systems Diganta Goswami.
CS425 /CSE424/ECE428 – Distributed Systems – Fall 2011 Material derived from slides by I. Gupta, M. Harandi, J. Hou, S. Mitra, K. Nahrstedt, N. Vaidya.
Byzantine Generals. Outline r Byzantine generals problem.
Agreement: Byzantine Generals UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 739 Distributed Systems Andrea C. Arpaci-Dusseau Paper: “The.
Teaser - Introduction to Distributed Computing
Replication. Topics r Why Replication? r System Model r Consistency Models r One approach to consistency management and dealing with failures.
Replication Management. Motivations for Replication Performance enhancement Increased availability Fault tolerance.
Consensus Hao Li.
The Byzantine Generals Problem Boon Thau Loo CS294-4.
Byzantine Generals Problem: Solution using signed messages.
Distributed Systems Fall 2010 Replication Fall 20105DV0203 Outline Group communication Fault-tolerant services –Passive and active replication Highly.
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.
CS 582 / CMPE 481 Distributed Systems
CMPT 431 Dr. Alexandra Fedorova Lecture XII: Replication.
Replication Management using the State-Machine Approach Fred B. Schneider Summary and Discussion : Hee Jung Kim and Ying Zhang October 27, 2005.
1 Principles of Reliable Distributed Systems Lecture 5: Failure Models, Fault-Tolerant Broadcasts and State-Machine Replication Spring 2005 Dr. Idit Keidar.
Distributed Systems Fall 2011 Gossip and highly available services.
Distributed Systems Fall 2009 Replication Fall 20095DV0203 Outline Group communication Fault-tolerant services –Passive and active replication Highly.
Last Class: Weak Consistency
Practical Byzantine Fault Tolerance (The Byzantine Generals Problem)
Page 1 Copyright © Alexander Allister Shvartsman CSE 6510 (461) Fall 2010 Selected Notes on Fault-Tolerance (12) Alexander A. Shvartsman Computer.
State Machines CS 614 Thursday, Feb 21, 2002 Bill McCloskey.
1 A Modular Approach to Fault-Tolerant Broadcasts and Related Problems Author: Vassos Hadzilacos and Sam Toueg Distributed Systems: 526 U1580 Professor:
Fault Tolerance via the State Machine Replication Approach Favian Contreras.
Distributed Algorithms – 2g1513 Lecture 9 – by Ali Ghodsi Fault-Tolerance in Distributed Systems.
Secure Systems Research Group - FAU 1 A survey of dependability patterns Ingrid Buckley and Eduardo B. Fernandez Dept. of Computer Science and Engineering.
Copyright © George Coulouris, Jean Dollimore, Tim Kindberg This material is made available for private study and for direct.
CS 5204 (FALL 2005)1 Leases: An Efficient Fault Tolerant Mechanism for Distributed File Cache Consistency Gray and Cheriton By Farid Merchant Date: 9/21/05.
Reliable Communication in the Presence of Failures Based on the paper by: Kenneth Birman and Thomas A. Joseph Cesar Talledo COEN 317 Fall 05.
Replicated State Machines ITV Model-based Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P. Ravn Aalborg.
Practical Byzantine Fault Tolerance
Byzantine fault-tolerance COMP 413 Fall Overview Models –Synchronous vs. asynchronous systems –Byzantine failure model Secure storage with self-certifying.
1 ZYZZYVA: SPECULATIVE BYZANTINE FAULT TOLERANCE R.Kotla, L. Alvisi, M. Dahlin, A. Clement and E. Wong U. T. Austin Best Paper Award at SOSP 2007.
Byzantine fault tolerance
IM NTU Distributed Information Systems 2004 Replication Management -- 1 Replication Management Yih-Kuen Tsay Dept. of Information Management National Taiwan.
Agenda Fail Stop Processors –Problem Definition –Implementation with reliable stable storage –Implementation without reliable stable storage Failure Detection.
Replication (1). Topics r Why Replication? r System Model r Consistency Models – How do we reason about the consistency of the “global state”? m Data-centric.
Prepared By: Md Rezaul Huda Reza
Copyright © George Coulouris, Jean Dollimore, Tim Kindberg This material is made available for private study and for direct.
CSE 60641: Operating Systems Implementing Fault-Tolerant Services Using the State Machine Approach: a tutorial Fred B. Schneider, ACM Computing Surveys.
Fault Tolerance. Basic Concepts Availability The system is ready to work immediately Reliability The system can run continuously Safety When the system.
Chapter 11 Fault Tolerance. Topics Introduction Process Resilience Reliable Group Communication Recovery.
UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department
Hwajung Lee.  Improves reliability  Improves availability ( What good is a reliable system if it is not available?)  Replication must be transparent.
Replication Improves reliability Improves availability ( What good is a reliable system if it is not available?) Replication must be transparent and create.
A Survey of Fault Tolerance in Distributed Systems By Szeying Tan Fall 2002 CS 633.
Fault Tolerance Chapter 7. Goal An important goal in distributed systems design is to construct the system in such a way that it can automatically recover.
PROCESS RESILIENCE By Ravalika Pola. outline: Process Resilience  Design Issues  Failure Masking and Replication  Agreement in Faulty Systems  Failure.
Relying on Safe Distance to Achieve Strong Partitionable Group Membership in Ad Hoc Networks Authors: Q. Huang, C. Julien, G. Roman Presented By: Jeff.
From Coulouris, Dollimore, Kindberg and Blair Distributed Systems: Concepts and Design Edition 5, © Addison-Wesley 2012 System Models by Dr. Sarmad Sadik.
Distributed Systems Lecture 9 Leader election 1. Previous lecture Middleware RPC and RMI – Marshalling 2.
Fail-Stop Processors UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 739 Distributed Systems Andrea C. Arpaci-Dusseau One paper: Byzantine.
Fundamentals of Fault-Tolerant Distributed Computing In Asynchronous Environments Paper by Felix C. Gartner Graeme Coakley COEN 317 November 23, 2003.
Chapter 8 Fault Tolerance. Outline Introductions –Concepts –Failure models –Redundancy Process resilience –Groups and failure masking –Distributed agreement.
EEC 688/788 Secure and Dependable Computing Lecture 10 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Replication Hari Shreedharan. Papers! ● Implementing Fault-Tolerant Services using the State Machine Approach (Dec, 1990) Fred B. Schneider Cornell University.
Coordination and Agreement
The consensus problem in distributed systems
Distributed Systems – Paxos
View Change Protocols and Reconfiguration
Replication Improves reliability Improves availability
Active replication for fault tolerance
EEC 688/788 Secure and Dependable Computing
UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department
Fault-Tolerant State Machine Replication
Distributed Systems CS
EEC 688/788 Secure and Dependable Computing
EEC 688/788 Secure and Dependable Computing
Implementing Consistency -- Paxos
Presentation transcript:

2/23/2009CS50901 Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial Fred B. Schneider Presenter: Aly Farahat

2/23/2009CS50902 Contents Introduction State Machines Fault-Tolerance Agreement & Order –Logical Clocks –Synchronized Clocks –Server Side Ordering Faulty Output Devices Faulty Clients Using Time to Make Requests Reconfiguration –Managing Reconfiguration –Integrating Repaired Replicas

2/23/2009CS50903 Client/Server Model

2/23/2009CS50904 Fault Types Fail Stop Faults: a faulty component enters a predefined state and halts Byzantine Faults: arbitrary malicious faults Q: Why do we need logic for programs?

2/23/2009CS50905 Fault Tolerance Based on the concept of Replication t- tolerant: system delivers correct service up to a failure of t components Identical Replicas of Server t+1 for Fail Stop faults 2t+1 for Byzantine faults Q: What kind of fault tolerance is this? What types of faults it can tolerate?

2/23/2009CS50906 Replication Scheme

2/23/2009CS50907 State Machine Model Each Server Replica is an identical state machine State Machines are Request Driven Machines and cannot progress on their own A client Issues a Request to the State Machine

2/23/2009CS50908 State Machine Behavior with respect to clients O1: Requests Issued by a single client should be processed in the same order they were issued O2: If a request r2 is causally related to r1, r1 should be processed before r2

2/23/2009CS50909 Example Q: Find the analogy between state machine in this context and FSM used in sequential circuits synthesis

2/23/2009CS Agreement and Order Coordination is necessary to assure O1 and O2 Agreement: All Replicas agree upon the value of request they should process Order: All Replicas should process requests in the same order (agree on order of requests) Stable Request: a request whose value and order are agreed among Replicas

2/23/2009CS Agreement IC1: All nonfaulty processors agree on the same value IC2: If the transmitter is nonfaulty, all nonfaulty processors use its value as the one on which they agree Q: How to determine faulty processors assuming a byzantine fault model?

2/23/2009CS Order and Stability Order: all replicas process the requests in the same order Stability: a property of a request, meaning that it is in the correct order Protocols: –Logical Clocks –Synchronized Clocks –Server Side Identification Q: Suggest a scenario for an out of order request reception

2/23/2009CS Logical Clocks

2/23/2009CS Stability Test r is stable at a replica if for a new request r’ from every client, T(r) < T(r’): ( T: returns the logical clock value appended to a request) As unbounded delays of messages are accepted, agreement in the case of Byzantine faults is impossible

2/23/2009CS Synchronized Real-Time Clocks Each Processor has a real-time clock synchronized with all other processors clocks. Upper bounds on request delays guarantee order in the case of Byzantine failures

2/23/2009CS Stability Test 1- Replica waits to guarantee no reception of requests: disadvantage (Replica has to wait) 2- Check for a request from every client with a larger identifier In practice the disjunction of both tests is used Q: How Byzantine Failures are handled in this case?

2/23/2009CS Replica Generated Identifiers Advantage: not all processors need to communicate Phase 1: each replica proposes a unique ID for the received request, a request is seen in this case Phase 2: all replicas agree upon the request ID, the request is accepted in this case

2/23/2009CS Requirements for Stability Agreement Stability Test: For all received request r’ from every client, their candidate identifiers should be strictly greater than an accepted request r

2/23/2009CS Generating Unique Identifiers Q: What is the significance of i/N term?

2/23/2009CS Tolerating Faulty Output Devices Outputs Used Outside the System –Replicate Output Devices –Replicate Voters Outputs Used Inside the system –Outputs go back to Clients – Each Client has a voter inside it

2/23/2009CS Tolerating Faulty Clients Replication –Server State Machine Modification –Voter Inside the State Machine Requests having same content but different identifiers Requests having different content and identifiers Q: How a voter failure inside server is handled?

2/23/2009CS Defensive Programming Replicas are not always possible –Lack of hardware –Application Semantics do not allow replication Defensive Programming: additional requirements on state machines to prevent some possibly destructive actions from a faulty client Examples: –Memory Partitioning and prevention of shared access –Bounded time shared resources by using scheduled requests on the server side

2/23/2009CS Timed Requests Pro: No need to transmit requests Con: Does not have parameters Default Request: Executes on time at the server unless the client sends a different request

2/23/2009CS Reconfiguration

2/23/2009CS C, O and S A configuration is a Triplet –C: the set of operational clients –O: the set of operational output devices –S: the set of operational state machine replicas C and O are needed by the state machine replicas S is needed by the agreement protocol

2/23/2009CS Configurators Manages a single object in C, O or S Detects failures and repairs of this objects Are clients by themselves Issue requests of reconfiguration to State Machine Replicas State machine use application dependent mechanisms for failure detection

2/23/2009CS Note The Next Slides are adapted from a presentation by Leon Traille From Georgia Tech For a presenatation of the same paper

2/23/2009CS Integrating a Repaired Object e[r i ]:the state that a non-faulty system element e should be after processing requests r 0 through r i An element joining the configuration immediately after request r join must be in state e[r join ] before it can participate Fail-stop failures –output device : e[r join ] is likely to be a small amount of setup information that can be provided by state variables of sm i –a client : e[r join ] is frequently based on previous sensor values and can be determined by information from other clients –a state machine replica :the information for e[r join ] is stored in state variables and pending requests at sm i Byzantine failures –require t + 1 replicas instead of just one

2/23/2009CS Integration with Logical Clocks Integrating element e by state machine replica sm i at request r join Fail-stop processors If e is client or e is output device then send any relevant portion of state variables to e before sending any output produced by requests with unique identifiers larger than the one on r join If e is state machine replica sm new then 1) send the values of its state variables and copies of any pending requests to sm new 2) send to sm new every subsequent received from each client c such that uid(r) < uid(r c ) where r c is the first request sm new received directly from c after being restarted Byzantine failures –Because information from sm i might be incorrect t + 1 copies of identical state information and t + 1 copies of relayed messages must be obtained

2/23/2009CS Integration with Real-time Clocks Integrating element e by state machine replica sm i at request r join Fail-stop processors If e is client or e is output device then send relevant portions of its state variables to e before sending any output produced by requests with unique identifiers larger than the one on r join If e is state machine replica sm new then 1) send the values of its state variables and copies of any pending requests to sm i 2) send to sm new every request received during the next interval of duration Δ Byzantine failures –Because information from sm i might be incorrect t + 1 copies of identical state information and t + 1 copies of relayed messages must be obtained

2/23/2009CS Stability Test During Restart Relaying of messages break the stability tests A request r may be received directly from client c but later a request r’, also from c, is relayed by sm i with uid(r) > uid(r’) Solution: must consider requests from c as stable only after no relayed requests from c can arrive Stability Test During Restart: A request r received directly from a client c by restarting state machine replica sm new is stable only after the last request from c relayed by another processor has been received by sm new

2/23/2009CS Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.