1. EEC 688/788 Secure and Dependable Computing
Lecture 12
Wenbing Zhao
Department of Electrical and Computer Engineering
Cleveland State University

2. EEC688/788: Secure & Dependable Computing
Outline
Distributed consensus and Paxos algorithms
Dynamic Paxos
Cheap Paxos
Fast Paxos
5/25/2019
EEC688/788: Secure & Dependable Computing

3. Dynamic Paxos Designed to accommodate reconfiguration
Extension majority concept to quorum
Classic Paxos => uses static quorum
Dynamic quorum: quorum size may change dynamically
Cheap Paxos uses dynamic quorum

4. Dynamic Paxos
Fewer replicas are required by using spare replicas and reconfiguration provided no other fault during reconfiguration
Without reconfiguration, 3f+1 replicas can only tolerate up to 3f/2 faulty replicas
2f+1 active replicas, plus f spares can tolerate up to 3f-1 faulty replicas via substitution and reconfiguration
As long as 1 active replica and 1 spare are operating

5. Dynamic Paxos
Reconfiguration request must be totally ordered with respect to regular application requests
A reconf request includes both new membership and quorum definition
Replicas in the new membership should not accept msgs unrelated to reconf from replicas that have been excluded from the membership
External replicas should not be allowed to participate the consensus step
Replica mistakenly excluded can join via recofiguration

8. Cheap Paxos Cheap Paxos is a special instance of Dynamic Paxos
Aims to minimize involvement of spare replicas
Enable the use of f+1 active replicas to tolerate f faults, provided that sufficient spares are available (f or more)
Active replicas are referred to as main replicas
Spare replicas are referred to as auxiliary replicas

9. Cheap Paxos Primary quorum Secondary quorum
Consists of all active replicas
Secondary quorum
Must be formed by the majority of combined replicas
Consists of at least one main replica => Ensures intersection between primary and secondary quorums
Question: what if only one active replica left?

12. Cheap Paxos
Upon detection of the failure of an active replica, a reconfiguration request is issued
New primary quorum still consists of all surviving active replicas
When reconfig request is executed, switch to new configuration
Auxiliary replicas are not bothered unless a reconfiguration is necessary
What if the primary fails => view change

13. Cheap Paxos: View Change
For history information: new primary must collect info from every active replica except the old primary
For approval of the primary role, the new primary must collect votes from all surviving active replicas plus one or more auxiliary replica => a secondary quorum
The secondary quorum is used to complete all Paxos instances started by old primary but not yet completed

14. Cheap Paxos
Replicas in secondary quorum must propagate their knowledge to all replicas prior to moving back to primary quorum
So that auxiliary replicas do not have to keep all requests and control msgs
How to achieve this
Primary notifies its latest state to all replicas not in secondary quorum
Main replica (if it is not in secondary quorum) requests for retransmission of missing msgs
Auxiliary replica keeps new info from primary and purge old data, and ack to the primary
Primary resumes ordering requests after it receives ack from every replica

15. Example

16. Example

17. Example

18. Example

19. Fast Paxos Multi-Paxos: use one round of P1 for all instances of Paxos
Fast Paxos: aims to further reduce the cost of consensus by running one P2a for all instances of Paxos
Enables an acceptor to select a value (provide by a client) unilaterally and sends P2b to the primary
However, there is no free lunch => we need more replicas to tolerate f faulty nodes (> 2f+1 for sure)
We will also have to deal with collision recovery

20. Fast Paxos: Basic Steps
Fast Paxos runs in rounds and each round has up to two phases
In each round, 1st phase: prepare phase to enable the coordinator to solicit the status and promises
2nd phase for the coordinator to select a value to be voted on
When an acceptor responded to P1a in round i, it has participated the round I
When an acceptor sent P2b in response to P2a, it has casted its vote

21. Fast Paxos: Basic Steps
Start from an initial membership, phase 1 will always enable the coordinator to select any value for P2b
Need to run P1 once for all rounds
Need to run P2a once for all rounds => eliminate another communication step
Classic round is used only when a consensus is not reached in the fast round
Due to coordinator failure
Due to a collision

22. Fast Paxos: Normal Operation

23. Fast Paxos: Collision Recovery
In the presence of multiple clients, acceptors may chose different requests (values)
The coordinator must collect from a quorum of replicas on their values and select the right value
On detecting a collision, i.e., the presence of multiple values, the coordinator initiates a Classic round
Phase 1 can be omitted in Classic round because the coordinator already collected enough info

24. Fast Paxos: Quorum Requirement
Quorum based on majority will not work
Coordinator cannot rule out any value in the presence of collision
Any value could have been chosen
The coordinator must select a value that have been chosen or might have been chosen
Intuition: coordinator selects a value only if it is present in the majority of the votes collected
Need to make sure that a value in the minority could not have been chosen

25. Fast Paxos: Quorum Requirement
How to ensure that a value in the minority could not have been chosen
First, it cannot be chosen in the same fast round => the majority value makes it impossible
Second, make sure two fast quorums (Rf) intersect in more than half of |Rf| acceptors
Third, make sure any fast quorum Rf, and any classic quorum Rc intersect in more than half of |Rc| acceptors

26. Fast Paxos: Quorum Requirement
Let total number of acceptors be n, number of faults tolerated in a fast round e, and # of faults tolerated in a classic round f
Derive inequalities
(n-f)+(n-f)-n>0
(n-e)+(n-e)-n>(n-e)/2
(n-e)+(n-f)-n>(n-f)/2
Reduce to
n > 2f and n > 2e+f

27. Fast Paxos: Quorum Requirement
First quorum formation: maximize e => e=f, n> 3f => |Rc| = n-f > 2f => n = 3f+1
Second quorum formation: maximize f
f < n/2
e <= n/4
If e=1, n=4; |Rf| = |Rc| = 3

28. Fast Quorum: Coordinator Value Selection Rule
If no acceptor has casted any vote, the coordinator gets to select any value for P2b
If only a single value in the votes, select that value
If multiple values, select that one that is in the majority, if one is present. Otherwise, select any value