Presentation is loading. Please wait.

Presentation is loading. Please wait.

EEC 688/788 Secure and Dependable Computing

Published bySannidhi Ghosh Modified over 5 years ago

Similar presentations

Presentation on theme: "EEC 688/788 Secure and Dependable Computing"— Presentation transcript:

1 EEC 688/788 Secure and Dependable Computing
Lecture 11 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

2 EEC688/788: Secure & Dependable Computing
Outline Distributed consensus and Paxos algorithms Distributed consensus problem Classic Paxos Multi-Paxos 2/21/2019 EEC688/788: Secure & Dependable Computing

3 Distributed Consensus
Distributed consensus is a fundamental problem in distributed computing Ensure replica consistency Asynchronous distributed system No upper bound on processing time No upper bound on clock drift rate No upper bound on networking delay In an asynchronous distributed system, you cannot tell a crashed process from a slow one, even if you can assume that messages are sequenced and retransmitted (arbitrary numbers of times), so they eventually get through 2/21/2019 EEC688/788: Secure & Dependable Computing

4 FLP Impossibility Results
FLP (Fischer, Lynch and Paterson) Impossibility result A single faulty process can prevent consensus Because a slow process is indistinguishable from a crashed one Chandra/Toueg Showed that FLP Impossibility applies to many problems, not just consensus In particular, they show that FLP applies to group membership, reliable multicast So these practical problems are impossible to solve in asynchronous systems They also look at the weakest condition under which consensus can be solved Ways to bypass the impossibility result Use unreliable failure detector Use a randomized consensus algorithm 2/21/2019 EEC688/788: Secure & Dependable Computing

5 Distributed Consensus
Older generation of consensus algorithms rely on the use of an unreliable failure detector to exclude failed processes from the consensus consideration Difficult to understand and harder to prove for correctness The Paxos algorithm introduced by Lamport Separate safety and liveness properties “Paxos is among the simplest and most obvious of distributed algorithm” by Lamport Consensus can be reached during periods of synchrony No consensus is possible if system very asynchronous, but guarantees no disagreement 2/21/2019 EEC688/788: Secure & Dependable Computing

6 EEC688/788: Secure & Dependable Computing
Consensus Problem Safety: Only a value that has been proposed may be chosen If a value is chosen by a process, then the same value must be chosen by any other process that has chosen a value If a process learns a value, then the value must have been chosen by some process Liveness: Some proposed value is eventually chosen and, if a value has been chosen, then a process can eventually learn the value 2/21/2019 EEC688/788: Secure & Dependable Computing

7 The Paxos Algorithm – Consensus for Asynchronous Distributed Systems
Contribution: separately consider safety and liveness issues. Safety can be guaranteed and liveness is ensured during period of synchrony Participants of the algorithm are divided into three categories Proposers: those who propose values Accepters: those who decide which value to choose Learners: those who are interested in learning the value chosen 2/21/2019 EEC688/788: Secure & Dependable Computing

8 EEC688/788: Secure & Dependable Computing
The Paxos Algorithm How to choose a value Use a single acceptor: straightforward but not fault tolerant Use a number of acceptors: a value is chosen if the majority of the acceptors have accepted it Accepted does not mean chosen. However, if a value has been chosen, it must have been accepted first 2/21/2019 EEC688/788: Secure & Dependable Computing

9 EEC688/788: Secure & Dependable Computing
The Paxos Algorithm Requirements for choosing a value P1. An acceptor must accept the first proposal that it receives P2. If a proposal with value v is chosen, then every higher-numbered proposal that is chosen has value v Since the proposal numbers are totally ordered, P2 guarantees the safety property 2/21/2019 EEC688/788: Secure & Dependable Computing

10 The Paxos Algorithm How to guarantee P2?
P2a: If a proposal with value v is chosen, then every higher-numbered proposal accepted by any acceptor has value v But what if an acceptor that has never accepted v accepted a proposal with v’? P2b: if a proposal with value v is chosen, then every higher-numbered proposal issued by any proposer has value v P2b implies P2a, which implies P2 P2b P2a P2 V is chosen by some acceptor Newer proposal Must propose v Only v could Have been accepted Only v could Have been chosen by other acceptors 2/21/2019 EEC688/788: Secure & Dependable Computing

11 EEC688/788: Secure & Dependable Computing
The Paxos Algorithm How to ensure P2b? P2c: For any v and n, if a proposal with value v and number n is issued, then there is a set S consisting of a majority of acceptors such that either (a) no acceptor in S has accepted any proposal numbered less than n, or (b) v is the value of the highest-numbered proposal among all proposals numbered less than n accepted by the acceptors in S 2/21/2019 EEC688/788: Secure & Dependable Computing

12 EEC688/788: Secure & Dependable Computing
The Paxos Algorithm To ensure P2c, an acceptor must promise: It will not accept any more proposals numbered less than n, once it has accepted a proposal n 2/21/2019 EEC688/788: Secure & Dependable Computing

13 EEC688/788: Secure & Dependable Computing
The Paxos Algorithm Phase 1. (a) A proposer selects a proposal number n and sends a prepare request with number n to a majority of acceptors. (b) If an acceptor receives a prepare request with number n greater than that of any prepare request to which it has already responded, then it responds to the request with a promise not to accept any more proposals numbered less than n and with the highest-numbered proposal (if any) that it has accepted. 2/21/2019 EEC688/788: Secure & Dependable Computing

14 EEC688/788: Secure & Dependable Computing
The Paxos Algorithm Phase 2. (a) If the proposer receives a response to its prepare requests (numbered n) from a majority of acceptors, then it sends an accept request to each of those acceptors for a proposal numbered n with a value v, where v is the value of the highest-numbered proposal among the responses, or is any value if the responses reported no proposals. (b) If an acceptor receives an accept request for a proposal numbered n, it accepts the proposal unless it has already responded to a prepare request having a number greater than n. 2/21/2019 EEC688/788: Secure & Dependable Computing

15 EEC688/788: Secure & Dependable Computing
The Paxos Algorithm 2/21/2019 EEC688/788: Secure & Dependable Computing

16 Importance of Keeping Promises (for not accepting older proposal)
Not a problem if a value has been chosen 2/21/2019 EEC688/788: Secure & Dependable Computing

17 Importance of Keeping Promises (for not accepting older proposal)
Safety violated without promise with competing proposers 2/21/2019 EEC688/788: Secure & Dependable Computing

18 Importance of Keeping Promises (for not accepting older proposal)
Safety is ensured by the promise with competing proposers 2/21/2019 EEC688/788: Secure & Dependable Computing

19 Multi-Paxos: Paxos for State Machine Replication
Client: partially assumes the role of a proposer Server replicas: acceptors Value to be agreed on: total ordering of requests sent by clients Total ordering accomplished by running a sequence of instances of Paxos Each instance is assigned a sequence number, representing the total ordering of the request that is chosen Value to be chosen: the request chosen for the instance

20 Multi-Paxos: Paxos for State Machine Replication
Client: partially assumes the role of a proposer Only propose a value (i.e., request it sends) without the corresponding proposal number A server replica, the primary, decides on the proposal number Primary: essentially the proposer in Paxos Propose a sequence number – request binding Propagate value chosen (i.e., total ordering info) to other replicas (i.e., learners) Initial membership is known with a sole primary First phase can be omitted during normal operation When the primary is suspected, a new primary is elected (view change)

21 Multi-Paxos: Paxos for State Machine Replication
Normal operation of Multi-Paxos

22 Multi-Paxos: Checkpointing and Garbage Collection
Paxos is open-ended: it never terminates A proposer is allowed to initiate a new proposal even if every acceptor has accepted a proposal An acceptor must remember the last proposal that it has accepted and the latest proposal number it has accepted In Multi-Paxos, every replica must remember such info for every instance of Paxos: Need infinite memory Solution: periodic checkpointing, e.g., once for every n requests Garbage collect logs after taking each checkpoint Request or control msg needed by a slow replica may not be available anymore after a checkpoint => state transfer

23 Multi-Paxos: Leader Election and View Change
Leader election: can be done using a full Paxos instance New primary needs to determine if a value has been chosen in each incomplete instance of Paxos Leader election and history determination can be done in a simple full paxos: view change

24 Multi-Paxos: View Change
A set of 2f+1 replicas, replica id: 0,1,…,2f History of system: a sequence of views Each view: one and only one primary Initially replica 0 assumes the primary role for v=0 Subsequently, replicas take the primary role in a round-robin fashion To ensure liveness A replica starts a view change timer on the initiation of each instance of Paxos If the replica does not learn the request chosen before timer expires => suspect the primary

25 View Change On suspecting the primary, a replica broadcasts a view change message to all Current primary, if it is wrongly suspected, joins the view change anyway (i.e., it steps down from primary role) A replica joins the view change even if it’s view change timer has not expired yet On joining view change, a replica stops accepting normal control msgs and respond to only checkpointing and view change msgs

26 View change View change msg contains
New view # Seq# of last stable checkpoint A set of accepted records since last stable checkpoint Each record consists of view#, seq#, request msg On receiving f+1 view change msgs, new primary sends new view msg Include a set of accept msgs Include all accepted msgs as part of view change msg When a gap in seq# is detected, create an accept request with no op A replica accepts new view msg if it has not installed a newer view

27 Exercise 1: There are 2 proposers p1 and p2, 3 acceptors a1, a2, a3. Proposer p1 sends a prepare request to a1 and a2 with (p#=1). Proposer p2 sends a prepare request to a2 and a3 with (p#=2). a1 and a2 reply to proposer p1 that they received the proposal p1(p#=1). Similarly a2 and a3 reply to proposer p2 that they received the proposal p2(p#=2). If p1 then sends an accept request to a1 and a2 with (p#=1, v#=2), what happens at a1 and a2? If proposer p2 sends a accept request to a2 and a3 with (p#=2, v3#=3), what happens at a2 and a3? If proposer 1 again sends a new proposal and accept request, say p3, to a1 and a2 with (p#=3), does a1 and a2 accept the proposal? Assume that the value is already chosen in question b, what is the final value chosen for this new proposal?

Download ppt "EEC 688/788 Secure and Dependable Computing"

Similar presentations

CS 542: Topics in Distributed Systems Diganta Goswami.

CS 542: Topics in Distributed Systems Diganta Goswami.
CS 5204 – Operating Systems1 Paxos Student Presentation by Jeremy Trimble.

CS 5204 – Operating Systems1 Paxos Student Presentation by Jeremy Trimble.
Distributed Systems Overview Ali Ghodsi

Distributed Systems Overview Ali Ghodsi
Consensus Hao Li.

Consensus Hao Li.
Paxos Made Simple Gene Pang. Paxos L. Lamport, The Part-Time Parliament, September 1989 Aegean island of Paxos A part-time parliament – Goal: determine.

Paxos Made Simple Gene Pang. Paxos L. Lamport, The Part-Time Parliament, September 1989 Aegean island of Paxos A part-time parliament – Goal: determine.
Asynchronous Consensus (Some Slides borrowed from ppt on Web.(by Ken Birman) )

Asynchronous Consensus (Some Slides borrowed from ppt on Web.(by Ken Birman) )
EEC 688/788 Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 16 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 16 Wenbing Zhao Department of Electrical and Computer Engineering.
Eddie Bortnikov & Aran Bergman, Principles of Reliable Distributed Systems, Technion EE, Spring 2006 1 Principles of Reliable Distributed Systems Recitation.

Eddie Bortnikov & Aran Bergman, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Recitation.
EEC 688/788 Secure and Dependable Computing Lecture 11 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 11 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 16 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 16 Wenbing Zhao Department of Electrical and Computer Engineering.
EEC 688/788 Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Chapter 6 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University Building Dependable Distributed Systems.

Chapter 6 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University Building Dependable Distributed Systems.
EEC 688 Secure and Dependable Computing Lecture 16 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688 Secure and Dependable Computing Lecture 16 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
EEC 688/788 Secure and Dependable Computing Lecture 11 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 11 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Paxos Made Simple Jinghe Zhang. Introduction Lock is the easiest way to manage concurrency Mutex and semaphore. Read and write locks. In distributed system:

Paxos Made Simple Jinghe Zhang. Introduction Lock is the easiest way to manage concurrency Mutex and semaphore. Read and write locks. In distributed system:
Bringing Paxos Consensus in Multi-agent Systems Andrei Mocanu Costin Bădică University of Craiova.

Bringing Paxos Consensus in Multi-agent Systems Andrei Mocanu Costin Bădică University of Craiova.
EEC 688/788 Secure and Dependable Computing Lecture 14 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 14 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Practical Byzantine Fault Tolerance

Practical Byzantine Fault Tolerance
Paxos A Consensus Algorithm for Fault Tolerant Replication.

Paxos A Consensus Algorithm for Fault Tolerant Replication.

Similar presentations

Ads by Google