Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fault-tolerance techniques RSM, Paxos Jinyang Li.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Fault-tolerance techniques RSM, Paxos Jinyang Li."— Presentation transcript:

1 Fault-tolerance techniques RSM, Paxos Jinyang Li

2 What we’ve learnt so far Fault tolerance –Recoverability All-or-nothing atomicity for updates involving a single server. –2P commit All-or-nothing atomicity for updates involving >=2 servers. –However, system is down while waiting for crashed nodes to reboot This class: –Ensure high availability through replication

3 Achieving high availability using replication BC Idea: upon A’s failure, serve requests from either B or C. Challenge: ensure sequential consistency across such reconfiguration A

4 RSM: Replicated state machine RSM is a general replication method –Lab 8: apply RSM to lock service RSM Rules: –All replicas start in the same initial state –Every replica apply operations in the same order –All operations must be deterministic All replicas end up in the same state

5 Strawman RSM Does it ensure sequential consistency? op

6 RSM based on primary/backup Primary/backup: ensure a single order of ops: –Primary orders operations –Backups execute operations in order op primary backup op backup op

7 RSM: read-only operations Read-only operations need not be replicated W(x) primary backup W(x) backup W(x) R(x)

8 RSM: read-only operations Can clients send read-only ops to any server? W(x) primary backup R(x) W(x)

9 RSM: read-only operations Can clients send read-only ops to any server? W(x)1 primary backup W(x)1 X’s initial value is 0 R(x) 1 0

10 RSM failure handling If primary fails, one backup acts as the new primary Challenges: 1.How to reliable detect primary failure? 2.How to ensure no 2 backups simultaneously become primary? 3.How to preserve sequential consistency across primary changes? Primary can fail after sending an operation W to backup A but before sending W to B A and B must agree on whether W is reflected in the new state after reconfiguration Paxos, a fault-tolerant consensus protocol, addresses these challenges

11 Case study: Hypervisor [Bressoud and Schneider] Goal: fault tolerant computing –Banks, NASA etc. need it –In the 80s, CPUs are very likely to fail Hypervisor: primary/backup replication –If primary fails, backup takes over –Caveat: assuming perfect failure detection

12 Hypervisor replicates at VM-level Why replicating at VM-level? –Hardware fault-tolerant machines are big in 80s –Software solution is more economical –Replicating at O/S level is messy (many interfaces) –Replicating at app level requires programmer efforts Primary and backup execute the same sequence of machine instructions

13 A Strawman design Two identical machines Same initial memory/disk contents Start execution on both machines Will they perform the same computation? mem

14 Hypervisor’s basic plan Execute one instruction at a time using primary/backup primary backup Executed i0? y executed inst i1? ok i0 i1 i2 i0 i1

15 Hypervisor Challenges Operations must be deterministic. –ADD, MUL etc. –Read memory (?) How to handle non-deterministic ops? –Read time-of-day register –Read disk –Interrupt timing –External input devices (network, keyboard) Executing one instruction at a time is VERY SLOW

16 Handle disk operations mem Strawman replicates disks at both machines Problem: disks might not behave identically (e.g. fail at different sectors) primary backup SCSI bus Hypervisor connects devices to to both machines Only primary reads/writes to devices Primary sends read values to backup Only primary handles interrupts from h/w Primary sends interrupts to backup ethernet

17 Hypervisor executes in epochs Challenge: executing one instruction at a time is slow Hypervisor executes in epochs –CPU h/w interrupts every N instructions (so both nodes stop at the same point) –Primary delays all interrupts till end of an epoch –Primary sends all interrupts to backup –Primary/backup execute all interrupts at an epoch’s end.

18 Hypervisor failover Primary fails at epoch E –backup times out waiting for primary to announce end of epoch E –Backup delivers all buffered interrupts at the end of E –Backup starts epoch E+1 –Backup becomes primary at epoch E+1 What about I/O at epoch E?

19 Hypervisor failover Backup does not know if primary executed I/O epoch E? –Relies on O/S to re-try the I/O Device needs to support repeated ops –OK for disk writes/reads –OK for network (TCP will figure it out) –How about keyboard, printer, ATM cash machine?

20 Hypervisor implementation Hypervisor needs to trap every non-deterministic instruction –Time-of-day register –HP TLB replacement –HP branch-and-link instruction –Memory-mapped I/O loads/stores Performance penalty is reasonable –A factor of two slow down (HP 9000/720 50MHz) –How about its performance on modern hardware?

21 Caveats in Hypervisor Hypervisor assumes failure detection is perfect What if the network between primary/backup fails? –Primary is still running –Backup becomes a new primary –Two primaries at the same time! Can timeouts detect failures correctly? –Pings from backup to primary are lost –Pings from backup to primary are delayed

22 Paxos: fault tolerance consensus

23 Paxos: fault tolerant consensus Paxos lets all nodes agree on the same value despite node failures, network failures and delays Extremely useful: –e.g. Nodes agree that X is the primary –e.g. Nodes agree that W should be the most recent operation executed

24 Requirements of consensus Correctness (safety): –All nodes agree on the same value –The agreed value X has been proposed by some node Fault-tolerance: –If less than some fraction of nodes fail, the rest should still reach agreement Termination:

25 Fischer-Lynch-Paterson [FLP’85] impossibility result It is impossible for a set of processors in an asynchronous system to agree on a binary value, even if only a single processor is subject to an unannounced failure. Asynchrony --> timeout is not perfect

26 Paxos Paxos: the only known fault-tolerant agreement protocol Paxos’ properties: –Correct –Fault-tolerance: If less than N/2 nodes fail, the rest nodes reach agreement eventually –No guaranteed termination

27 Paxos: general approach One (or more) node decides to be the leader Leader proposes a value and solicits acceptance from others Leader announces result or try again

28 Paxos’ challenges What if >1 nodes become leaders simultaneously? What if there is a network partition? What if a leader crashes in the middle of solicitation? What if a leader crashes after deciding but before announcing results? What if the new leader proposes different values than already decided value?

29 Paxos setup Each node runs as a proposer, acceptor and learner Proposer (leader) proposes a value and solicit acceptance from acceptors Leader announces the chosen value to learners

30 Strawman Designate a single node X as acceptor (e.g. one with smallest id) –Each proposer sends its value to X –X decides on one of the values –X announces its decision to all learners Problem? –Failure of the single acceptor halts decision –Need multiple acceptors!

31 Strawman 2: multiple acceptors Each proposer (leader) propose to all acceptors Each acceptor accepts the first proposal it receives and rejects the rest If the leader receives positive replies from a majority of acceptors, it chooses its own value –There is at most 1 majority, hence only a single value is chosen Leader sends chosen value to all learners Problem: –What if multiple leaders propose simultaneously so there is no majority accepting? –What if the leader dies?

32 Paxos’ solution Each acceptor must be able to accept multiple proposals Order proposals by proposal # –If a proposal with value v is chosen, all higher proposals have value v

33 Paxos operation: node state Each node maintains: –n a, v a : highest proposal # accepted and its corresponding accepted value –n h : highest proposal # seen –my n: my proposal # in the current Paxos

34 Paxos operation: 3P protocol Phase 1 (Prepare) –A node decides to be leader (and propose) –Leader choose my n > n h –Leader sends to all nodes –Upon receiving If n < n h reply Else n h = n reply This node will not accept any proposal lower than n

35 Paxos operation Phase 2 (Accept): –If leader gets prepare-ok from a majority V = non-empty value corresponding to the highest n a received If V= null, then leader can pick any V Send to all nodes –If leader fails to get majority prepare-ok Delay and restart Paxos –Upon receiving If n < n h reply with else n a = n; v a = V; n h = n reply with

36 Paxos operation Phase 3 (Decide) –If leader gets accept-ok from a majority Send to all nodes –If leader fails to get accept-ok from a majority Delay and restart Paxos

37 Paxos operation: an example Prepare,N1:1 N0N1N2 n h =N1:0 n a = v a = null n h =N0:0 n a = v a = null n h = N1:1 n a = null v a = null ok, n a = v a =null Prepare,N1:1 ok, n a =v a =nulll n h : N1:1 n a = null v a = null n h =N2:0 n a = v a = null Accept,N1:1,val1 n h =N1:1 n a = N1:1 v a = val1 n h =N1:1 n a = N1:1 v a = val1 ok Decide,val1

38 Paxos properties When is the value V chosen? 1.When leader receives a majority prepare-ok and proposes V 2.When a majority nodes accept V 3.When the leader receives a majority accept- ok for value V

39 Understanding Paxos What if more than one leader is active? Suppose two leaders use different proposal number, N0:10, N1:11 Can both leaders see a majority of prepare-ok?

40 Understanding Paxos What if leader fails while sending accept? What if a node fails after receiving accept? –If it doesn’t restart … –If it reboots … What if a node fails after sending prepare-ok? –If it reboots …

41 Using Paxos for RSM Fault-tolerant RSM requires consistent replica membership –Membership: All active nodes must agree on the sequence of view changes: –.. Use Paxos to agree on the for a particular vid –Many instances of Paxos execution, one for each vid. –Each Paxos instance agrees to a single value, e.g. v[1]=x, v[2]=y, …

42 Lab7: Using Paxos to track view changes V[1]: N1 V[2]: N1,N2 V[3]: N1,N2, N3 V[4]: N1,N2 All nodes start with static config vid1:N1, Paxos-instance-1 has static agreement v[1]:N1 N2 joins Paxos-instance-2: make N1 agree on v[2] N3 joins Paxos-instance-3: make N1,N2 agree on v[3] N3 fails Paxos-instance-4: make N1,N2,N3 agree on v[4]

43 Lab7: Using Paxos to track view changes V[1]: N1 V[2]: N1,N2 V[1]: N1 V[2]: N1,N2 N1 N2 N3 V[1]: N1 N3 joins Prepare, i=2, N3:1 oldview, v[2]=N1,N2

44 Lab8: Using Paxos to track view changes V[1]: N1 V[2]: N1,N2 V[1]: N1 V[2]: N1,N2 N1 N2 N3 V[1]: N1 N3 joins V[2]: N1,N2 Prepare, i=3, N3:1

45 Lab8: reconfigurable RSM Use RSM to replicate lock_server Primary (master) assigns a viewstamp to each client requests –Viewstamp is a tuple (vid:seqno) –(1:1)(1:2)(1:3)(2:1)(2:2) Primary can send multiple outstanding requests to backups –All replicas execute client requests in viewstamp order

46 Lab8: Reconfigurable RSM What happens during a view change? –The last couple of outstanding requests might be executed by some but not all replicas Must sync the state of all replicas before accepting requests in new view –All replicas transfer state from the primary –Since all agree on the primary, all replicas’ state are in sync

Download ppt "Fault-tolerance techniques RSM, Paxos Jinyang Li."

Similar presentations

Two phase commit. Failures in a distributed system Consistency requires agreement among multiple servers –Is transaction X committed? –Have all servers.

Two phase commit. Failures in a distributed system Consistency requires agreement among multiple servers –Is transaction X committed? –Have all servers.
Replication techniques Primary-backup, RSM, Paxos Jinyang Li.

Replication techniques Primary-backup, RSM, Paxos Jinyang Li.
CS 542: Topics in Distributed Systems Diganta Goswami.

CS 542: Topics in Distributed Systems Diganta Goswami.
CS425 /CSE424/ECE428 – Distributed Systems – Fall 2011 Material derived from slides by I. Gupta, M. Harandi, J. Hou, S. Mitra, K. Nahrstedt, N. Vaidya.

CS425 /CSE424/ECE428 – Distributed Systems – Fall 2011 Material derived from slides by I. Gupta, M. Harandi, J. Hou, S. Mitra, K. Nahrstedt, N. Vaidya.
CS 5204 – Operating Systems1 Paxos Student Presentation by Jeremy Trimble.

CS 5204 – Operating Systems1 Paxos Student Presentation by Jeremy Trimble.
Distributed Systems Overview Ali Ghodsi

Distributed Systems Overview Ali Ghodsi
CSE 486/586, Spring 2013 CSE 486/586 Distributed Systems Byzantine Fault Tolerance --- 2 Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586, Spring 2013 CSE 486/586 Distributed Systems Byzantine Fault Tolerance Steve Ko Computer Sciences and Engineering University at Buffalo.
Consensus Hao Li.

Consensus Hao Li.
EEC 688/788 Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Distributed Systems Fall 2010 Replication Fall 20105DV0203 Outline Group communication Fault-tolerant services –Passive and active replication Highly.

Distributed Systems Fall 2010 Replication Fall 20105DV0203 Outline Group communication Fault-tolerant services –Passive and active replication Highly.
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.

CS 582 / CMPE 481 Distributed Systems Fault Tolerance.
Strong Consistency and Agreement COS 461: Computer Networks Spring 2011 Mike Freedman 1 Jenkins,

Strong Consistency and Agreement COS 461: Computer Networks Spring 2011 Mike Freedman 1 Jenkins,
Distributed Systems Fall 2009 Replication Fall 20095DV0203 Outline Group communication Fault-tolerant services –Passive and active replication Highly.

Distributed Systems Fall 2009 Replication Fall 20095DV0203 Outline Group communication Fault-tolerant services –Passive and active replication Highly.
CS 425 / ECE 428 Distributed Systems Fall 2014 Indranil Gupta (Indy) Lecture 18: Replication Control All slides © IG.

CS 425 / ECE 428 Distributed Systems Fall 2014 Indranil Gupta (Indy) Lecture 18: Replication Control All slides © IG.
State Machines CS 614 Thursday, Feb 21, 2002 Bill McCloskey.

State Machines CS 614 Thursday, Feb 21, 2002 Bill McCloskey.
Paxos Made Simple Jinghe Zhang. Introduction Lock is the easiest way to manage concurrency Mutex and semaphore. Read and write locks. In distributed system:

Paxos Made Simple Jinghe Zhang. Introduction Lock is the easiest way to manage concurrency Mutex and semaphore. Read and write locks. In distributed system:
Fault Tolerance via the State Machine Replication Approach Favian Contreras.

Fault Tolerance via the State Machine Replication Approach Favian Contreras.
Bringing Paxos Consensus in Multi-agent Systems Andrei Mocanu Costin Bădică University of Craiova.

Bringing Paxos Consensus in Multi-agent Systems Andrei Mocanu Costin Bădică University of Craiova.
Distributed Algorithms – 2g1513 Lecture 9 – by Ali Ghodsi Fault-Tolerance in Distributed Systems.

Distributed Algorithms – 2g1513 Lecture 9 – by Ali Ghodsi Fault-Tolerance in Distributed Systems.
Copyright © George Coulouris, Jean Dollimore, Tim Kindberg 2001 This material is made available for private study and for direct.

Copyright © George Coulouris, Jean Dollimore, Tim Kindberg This material is made available for private study and for direct.

Similar presentations

Ads by Google