Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Wolfgang Oberle Ferdinand Herrmann Wolfgang Graetsch Wolfgang Blau Anita Borg Presented by Marina Surlevich Fault Tolerance Under Unix.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Wolfgang Oberle Ferdinand Herrmann Wolfgang Graetsch Wolfgang Blau Anita Borg Presented by Marina Surlevich Fault Tolerance Under Unix."— Presentation transcript:

1 1 Wolfgang Oberle Ferdinand Herrmann Wolfgang Graetsch Wolfgang Blau Anita Borg Presented by Marina Surlevich Fault Tolerance Under Unix

2 2 Introduction to Targon/32 System Hardware and software based system Allows recovery of arbitrary programs Recovers from both hardware and software failure All processors available for productive execution in the absence of failure Degree of back up is set by the user Backup and recovery transparent to the user

3 3 Introduction to Targon/32 System Backup and recovery criteria –A crashed process’s state must be available –All messages that would have been available to the primary at that state or since that state was reached must be available in the correct order –Process must behave deterministically

4 4 System Architecture LAN of 2 to 16 machines connected via a fast dual bus –three processors on each machine Peripheral devices are dual-ported Root pair –Two machines connected to disk containing the root file system Atomic three-way message delivery Messages arrive in order

5 5 Atomic Three-Way Message Delivery All machines listen for their address to come across the bus The sender requests bus mastership. On receipt of mastership, transmits the three destination machine identifiers and waits A machine seeing its address on the bus prepares to receive. If cannot receive a message, sends a NACK. A machine that can neither receive not NACK is dead If the sender receives no NACK within a specified period of time, it sends the message across the bus once The message is picked off the bus by each of the ready receivers

6 6 Process Fundamental recoverable unit of execution Controlled by OS kernel Communicate with each other and receive all input via messages

7 7 Processes and Their Backups Primary process has an inactive backup process on another machine All messages to primary are broadcasted to backup (three-way atomic broadcast) All messages sent by primary are counted by backup as “writes-since-sync”

8 8

9 9 Processes and Their Backups Primary and backup are periodically synchronized (Sync operation) –System defined number of messages or –Amount of time since last synchronization On failure of primary backup will –Demand-page in address space of primary since last synchronization –Recompute current state

10 10 Server Processes Execute in their own address space Provide services to other processes Modularity, modifiability, distribution, recoverability Servers that always exist: file servers, page servers, TTY servers, raw servers, process server Page servers and root file server reside permanently in memory

11 11 Process Families and Backup Modes Processes divided into families All members reside on one machine and have common ancestor Server processes – single member families Process family – basic backed-up unit Created by wexec (walking exec) – has an argument to specify how to backup –Quarterbacks –Halfbacks –Fullbacks (not implemented)

12 12 Interprocess Communication Channel – recoverable two-way communication mechanism –Example: open file is represented by a channel to the file server managing the file –Explicitly used or implicitly used Messages are placed on general input queue –Arrival number assigned to each message –Processed in arrival order

13 13 Backup and Synchronization of User Processes Creation of backup processes –When process created “birth notice” is sent to parent’s backup –When parent synchronizes, children are forced to sync

14 14 Synchronization Sync – automatically called by the kernel Dirty pages sent to the page server Sync message –Sent to process’s backup, to page server and it’s backup –Contains Machine-independent information about process’s state Channel information for every open channel Information to allow construction of kernel stack on recovery

15 15 Deterministic Execution Process and its backup must be insulated from local differences Synchronous interaction –Information returned by kernel is maintained –Page faults are transparent Asynchronous interaction –Primary syncs before handling any signal –Ignored signals are counted and removed from primary’s queue

16 16 Backup and Synchronization of Servers (File Server) Behaves differently from user processes Modified srv_read and srv_write –History array of the form Sync and fsync are combined (clears history array) Recovers explicitly

17 17

18 18 Crash Detection and Handling Machines organized in a virtual ring Each machine expects regular report from left neighbor On failed communication –Determine if it can communicate with another machine If not, it assumes it crashed If yes, order the uncommunicative machine to die –Broadcast a “machine-dead” message –Locate new left neighbor

19 19 Process Recovery For primary processes whose backups were lost –Primary Quarterbacks marked “not backed up” –Primary Halfbacks marked “not currently backed up” Kernel must do: –Allocate and initialize structures for local kernel state and memory mapping –Request a list of pages from page server –Set up kernel stack from latest sync information –Put process on the run queue

20 20 Roll Forward Period during which a process reexecutes code that was previously executed by primary Messages are not sent while “writes-since-sync” count is positive. Before forking, birth notices are checked –Birth notice exists Primary child was synced (no new process is created) Primary child was not synced (child process is created) Process not allowed to sync until end of roll forward.

21 21 Machine Reintegration and Rebackup When kernel is booted, machine sends “machine-up” message to process server New backup processes created for halfbacks that lost their primaries or backups Resync is done for all families that have to be rebacked up Switch sync can be done to reverse the roles of primary and backup

22 22 Machine Reintegration and Rebackup (Resync) Reconstruct either a wexec message or a birht notice and send it to backup machine Force all children to resync Sync If last in the family to finish syncing, send “notify” message for local and backup machines Send the backup machine copies of all messages currently linked to the process’s routing table queues that arrived before the notify message

23 23 Performance Affected by: Distributed message-based architecture Overhead for fault tolerance

24 24 Overall Performance Distributed message-based system organization reduces performance by 15% Each additional machine increases the overall capacity by 70% Fault tolerance reduces performance by 10% If benchmarks are run on a two-machine system, the performance increases 1.6 times. The delay experienced by the user whose primary process dies is 5~15 seconds.

25 25 Conclusion System can recover from a large class of kernel software faults System can recover from hardware failures Fault-tolerant operation is automatic and transparent to the user Unaffected processes are not penalized during recovery

Download ppt "1 Wolfgang Oberle Ferdinand Herrmann Wolfgang Graetsch Wolfgang Blau Anita Borg Presented by Marina Surlevich Fault Tolerance Under Unix."

Similar presentations

Remus: High Availability via Asynchronous Virtual Machine Replication

Remus: High Availability via Asynchronous Virtual Machine Replication
Operating Systems Lecture 7.

Operating Systems Lecture 7.
System Area Network Abhiram Shandilya 12/06/01. Overview Introduction to System Area Networks SAN Design and Examples SAN Applications.

System Area Network Abhiram Shandilya 12/06/01. Overview Introduction to System Area Networks SAN Design and Examples SAN Applications.
More on Processes Chapter 3. Process image _the physical representation of a process in the OS _an address space consisting of code, data and stack segments.

More on Processes Chapter 3. Process image _the physical representation of a process in the OS _an address space consisting of code, data and stack segments.
Chapter 3 Process Description and Control

Chapter 3 Process Description and Control
MACHINE-INDEPENDENT VIRTUAL MEMORY MANAGEMENT FOR PAGED UNIPROCESSOR AND MULTIPROCESSOR ARCHITECTURES R. Rashid, A. Tevanian, M. Young, D. Golub, R. Baron,

MACHINE-INDEPENDENT VIRTUAL MEMORY MANAGEMENT FOR PAGED UNIPROCESSOR AND MULTIPROCESSOR ARCHITECTURES R. Rashid, A. Tevanian, M. Young, D. Golub, R. Baron,
QNX® real-time operating system

QNX® real-time operating system
 2004 Deitel & Associates, Inc. All rights reserved. 1 Chapter 3 – Process Concepts Outline 3.1 Introduction 3.1.1Definition of Process 3.2Process States:

 2004 Deitel & Associates, Inc. All rights reserved. 1 Chapter 3 – Process Concepts Outline 3.1 Introduction 3.1.1Definition of Process 3.2Process States:
CS 582 / CMPE 481 Distributed Systems Fault Tolerance.

CS 582 / CMPE 481 Distributed Systems Fault Tolerance.
Processes CSCI 444/544 Operating Systems Fall 2008.

Processes CSCI 444/544 Operating Systems Fall 2008.
Figure 2.8 Compiler phases. 2.8.1 Compiling. Figure 2.9 Object module. 2.8.2 Linking.

Figure 2.8 Compiler phases Compiling. Figure 2.9 Object module Linking.
Scheduler Activations Effective Kernel Support for the User-Level Management of Parallelism.

Scheduler Activations Effective Kernel Support for the User-Level Management of Parallelism.
3.5 Interprocess Communication Many operating systems provide mechanisms for interprocess communication (IPC) –Processes must communicate with one another.

3.5 Interprocess Communication Many operating systems provide mechanisms for interprocess communication (IPC) –Processes must communicate with one another.
Inter Process Communication:  It is an essential aspect of process management. By allowing processes to communicate with each other: 1.We can synchronize.

Inter Process Communication:  It is an essential aspect of process management. By allowing processes to communicate with each other: 1.We can synchronize.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 3: Processes.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 3: Processes.
3.5 Interprocess Communication

3.5 Interprocess Communication
Advanced OS Chapter 3p2 Sections 3.4 / 3.5. Interrupts These enable software to respond to signals from hardware. The set of instructions to be executed.

Advanced OS Chapter 3p2 Sections 3.4 / 3.5. Interrupts These enable software to respond to signals from hardware. The set of instructions to be executed.
Remus: High Availability via Asynchronous Virtual Machine Replication.

Remus: High Availability via Asynchronous Virtual Machine Replication.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 3: Processes.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 3: Processes.
Process Processes are executing or executable instances of programs. Processes in a modern OS haveOS –management information –resources –unique process.

Process Processes are executing or executable instances of programs. Processes in a modern OS haveOS –management information –resources –unique process.

Similar presentations

Ads by Google