Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ken Birman, Cornell University August 18/19, 20101Berkeley Workshop on Scalability.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Ken Birman, Cornell University August 18/19, 20101Berkeley Workshop on Scalability."— Presentation transcript:

1 Ken Birman, Cornell University August 18/19, 20101Berkeley Workshop on Scalability

2  Today, very few cloud applications need consistency in a strong, interactive, real-time sense of the term.  There is a pervasive belief that consistency can compromise scalability / stability  … rather than risk poor performance, cloud systems opt for asynchronous, potentially inconsistent behaviors.  To compensate for inconsistency on the server side, cloud applications are expected to tolerate occasional problems and to reissue requests if a server crashes August 18/19, 2010Berkeley Workshop on Scalability2

3  Inconsistency causes bugs  Responses often based on stale, incorrect data  Weak or “best effort” consistency?  Strong security guarantees demand “right now” (real-time) consistency  Is it safe to trust a medical electronic-health records system or a bank that accepts “weak consistency” for better scalability? My rent check bounced? That can’t be right! August 18/19, 2010Berkeley Workshop on Scalability3 Jason Fane Properties 1150.00 Sept 2009 Tommy Tenant

4  A folk-theorem proposed by Eric Brewer  In a nutshell, you must make a choice between Consistency, or Availability during Partitioning  A data center that embraces CAP will often exhibit inconsistencies. Replicated data used by cloud services will often be stale, perhaps for extended periods of time, and the cloud services won’t realize they are giving incorrect answers. August 18/19, 2010Berkeley Workshop on Scalability4

5  CAP is really about bandwidth!  Cloud systems scale services by replicating them on large numbers of nodes, and this entails replicating the data on which they operate  When updates occur, those replicas need to be brought up to date by applying them in the right order, everywhere  So CAP is an assertion about the speed of data replication and reflects the assumption that scalable data replication is infeasible August 18/19, 20105Berkeley Workshop on Scalability

6  One option is to use IP multicast: one message will reach as many destinations as you like.  Sounds like “replication for free”… and it is!  But this is the less travelled path, as we’ll see….  A second is to run purely on TCP, the standard web services protocol for cloud computing  To send an update to n replicas takes n TCP sends  Often uses a tree of TCP connections so that the update source itself only does a few sends, maybe 2 August 18/19, 20106Berkeley Workshop on Scalability

7  There turn out to be two problems, seen mostly in massive cloud settings  First, most IPMC replication protocols lack any form of flow control (unlike TCP)  Second, the hardware can break down with heavy use ▪ IPMC filtering quality collapses, overloading receivers with unwanted messages, triggering loss  This is why data centers rule out option 1! August 18/19, 20107Berkeley Workshop on Scalability

8  As described by Randy Shoup at LADIS 2008 Thou shalt… 1. Partition Everything 2. Use Asynchrony Everywhere 3. Automate Everything 4. Remember: Everything Fails 5. Embrace Inconsistency August 18/19, 2010Berkeley Workshop on Scalability8

9  Werner Vogels is CTO at Amazon.com…  His first act? He banned reliable multicast * !  Amazon was troubled by platform instability  Vogels decreed: all communication via SOAP/TCP  This was slower… but  Stability matters more than speed * Amazon was (and remains) a heavy pub-sub user August 18/19, 2010Berkeley Workshop on Scalability9

10  Key to scalability is decoupling, loosest possible synchronization  Any synchronized mechanism is a risk  His approach: create a committee  Anyone who wants to deploy a highly consistent mechanism needs committee approval …. They don’t meet very often August 18/19, 2010Berkeley Workshop on Scalability10

11  Applications structured as stateless tasks  Azure decides when and how much to replicate them, can pull the plug as often as it likes  Any consistent state lives in backend servers running SQL server… but application design tools encourage developers to run locally if possible August 18/19, 201011Berkeley Workshop on Scalability

12 12 Consistency technologies just don’t scale! Sept 11, 2009P2P 2009 Seattle, Washington August 18/19, 2010Berkeley Workshop on Scalability

13  A belief that inconsistency is inevitable is the common thread…  But what if all three gurus are wrong?  They all reject IP multicast as an unstable protocol  The whole CAP logic stands on this cornerstone  Can we fix IP multicast? August 18/19, 2010Berkeley Workshop on Scalability13

14  Fix IP multicast.  Cornell & IBM solved this! Dr. Multicast [nsdi 09].  Now develop a new generation of scalable IP multicast-based data replication solutions  Data replication at the speed of light!  Need: flow control, reliability, stability at scale  We’ve done some of this, using ideas that originate in the scalability work on web search! August 18/19, 201014Berkeley Workshop on Scalability

15  Make a rigorous, theoretically sound statement of what we are able to provide  Consistency used to offer coordination, fault- tolerance, security, real-time properties  This “improved” technology is also much faster than today’s TCP-based one  People who adopt the better approach for its speed gain consistency, security, fault-tolerance August 18/19, 201015Berkeley Workshop on Scalability

16  … if our time-keeper permits August 18/19, 201016Berkeley Workshop on Scalability

17 A consistent distributed system will often have many components, but users observe behavior indistinguishable from that of a single-component reference system Reference ModelImplementation August 18/19, 2010Berkeley Workshop on Scalability17

18  They reason this way:  Systems that make guarantees put those guarantees first and struggle to achieve them  For example, any reliability property forces a system to retransmit lost messages, use acks, etc  But modern computers often become unreliable as a symptom of overload… so these consistency mechanisms will make things worse, by increasing the load just when we want to ease off!  So consistency (of any kind) is a “root cause” for meltdowns, oscillations, thrashing August 18/19, 201018Berkeley Workshop on Scalability

19  Transactions that update replicated data  Atomic broadcast or other forms of reliable multicast protocols  Distributed 2-phase locking mechanisms August 18/19, 2010Berkeley Workshop on Scalability19

20  Our systems become “eventually” consistent but can lag far behind reality  Thus application developers are urged to not assume consistency and to avoid anything that will break if inconsistency occurs August 18/19, 201020Berkeley Workshop on Scalability

21  Synchronous runs: indistinguishable from non-replicated object that saw the same updates (like Paxos)  Virtually synchronous runs are indistinguishable from synchronous runs Synchronous executionVirtually synchronous execution August 18/19, 2010Berkeley Workshop on Scalability21 Non-replicated reference execution A=3B=7B = B-A A=A+1

22  During the 1990’s, Isis was a big success  French Air Traffic Control System, New York Stock Exchange, US Navy AEGIS are some blue-chip examples that used (or still use!) Isis  But there were hundreds of less high-profile users  However, it was not a huge commercial success  Focus was on server replication and in those days, few companies had big server pools August 18/19, 201022Berkeley Workshop on Scalability

23  Our new Isis 2 platform is starting to limp along; it offers scalable virtual synchrony in cloud-scale settings  But the work, up to now, was done by one person (me) and far more is needed before the system can be widely deployed August 18/19, 201023Berkeley Workshop on Scalability

24  Take all of this to warp factor 2!  Create a new program aimed at building data center platform technologies that provide high assurance for cloud computing  Such a technology should consist of a theory… a useful prototype… and real applications  It would be a very expensive undertaking. How much did it cost for Microsoft to create Azure?  Benefits? Enormous. August 18/19, 2010Berkeley Workshop on Scalability24

25 1. Proposal rejects the CAP “religion”. But are there reasons (other than the rejection of IPMC) that data centers might be unstable if they attempt to offer consistency? (e.g. convoys, spooky self- synchronization…?) 2. Do applications really need strong consistency? Maybe consistency requirements simply reflect poor application design choices? 3. The proposal asserted a connection between consistency and data center security. Is this assertion valid? August 18/19, 201025Berkeley Workshop on Scalability

Download ppt "Ken Birman, Cornell University August 18/19, 20101Berkeley Workshop on Scalability."

Similar presentations

Reliable Multicast for Time-Critical Systems Mahesh Balakrishnan Ken Birman Cornell University.

Reliable Multicast for Time-Critical Systems Mahesh Balakrishnan Ken Birman Cornell University.
COS 461 Fall 1997 Group Communication u communicate to a group of processes rather than point-to-point u uses –replicated service –efficient dissemination.

COS 461 Fall 1997 Group Communication u communicate to a group of processes rather than point-to-point u uses –replicated service –efficient dissemination.
Isis 2 Design Choices A few puzzles to think about when considering use of Isis 2 in your work.

Isis 2 Design Choices A few puzzles to think about when considering use of Isis 2 in your work.
Teaser - Introduction to Distributed Computing

Teaser - Introduction to Distributed Computing
Brewer’s Conjecture and the Feasibility of Consistent, Available, Partition-Tolerant Web Services Authored by: Seth Gilbert and Nancy Lynch Presented by:

Brewer’s Conjecture and the Feasibility of Consistent, Available, Partition-Tolerant Web Services Authored by: Seth Gilbert and Nancy Lynch Presented by:
Chapter 4 Infrastructure as a Service (IaaS)

Chapter 4 Infrastructure as a Service (IaaS)
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts Amherst Operating Systems CMPSCI 377 Lecture.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts Amherst Operating Systems CMPSCI 377 Lecture.
Reliability on Web Services Presented by Pat Chan 17/10/2005.

Reliability on Web Services Presented by Pat Chan 17/10/2005.
Giovanni Chierico | May 2012 | Дубна Consistency in a distributed world.

Giovanni Chierico | May 2012 | Дубна Consistency in a distributed world.
Distributed Systems 2006 Group Communication I * *With material adapted from Ken Birman.

Distributed Systems 2006 Group Communication I * *With material adapted from Ken Birman.
EEC 688/788 Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 12 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Distributed Systems Fall 2010 Replication Fall 20105DV0203 Outline Group communication Fault-tolerant services –Passive and active replication Highly.

Distributed Systems Fall 2010 Replication Fall 20105DV0203 Outline Group communication Fault-tolerant services –Passive and active replication Highly.
Business Continuity and DR, A Practical Implementation Mich Talebzadeh, Consultant, Deutsche Bank

Business Continuity and DR, A Practical Implementation Mich Talebzadeh, Consultant, Deutsche Bank
A Dependable Auction System: Architecture and an Implementation Framework

A Dependable Auction System: Architecture and an Implementation Framework
Virtual Synchrony Jared Cantwell. Review Multicast Causal and total ordering Consistent Cuts Synchronized clocks Impossibility of consensus Distributed.

Virtual Synchrony Jared Cantwell. Review Multicast Causal and total ordering Consistent Cuts Synchronized clocks Impossibility of consensus Distributed.
Ken Birman Cornell University. CS5410 Fall 2008..

Ken Birman Cornell University. CS5410 Fall
Ken Birman. Massive data centers We’ve discussed the emergence of massive data centers associated with web applications and cloud computing Generally.

Ken Birman. Massive data centers We’ve discussed the emergence of massive data centers associated with web applications and cloud computing Generally.
Virtual Synchrony Ki Suh Lee Some slides are borrowed from Ken, Jared (cs6410 2009) and Justin (cs614 2005)

Virtual Synchrony Ki Suh Lee Some slides are borrowed from Ken, Jared (cs ) and Justin (cs )
1 Sources of Instability in Data Center Multicast Dmitry Basin Ken Birman Idit Keidar Ymir Vigfusson LADIS 2010.

1 Sources of Instability in Data Center Multicast Dmitry Basin Ken Birman Idit Keidar Ymir Vigfusson LADIS 2010.
CS514: Intermediate Course in Operating Systems Professor Ken Birman Vivek Vishnumurthy: TA.

CS514: Intermediate Course in Operating Systems Professor Ken Birman Vivek Vishnumurthy: TA.

Similar presentations

Ads by Google