Distributed Systems Consensus

Size: px

Start display at page:

Download "Distributed Systems Consensus"

Blaze Evans
5 years ago
Views:

Distributed Systems Consensus Amir H. Payberah amir@sics.

1 Distributed Systems Consensus Amir H. Payberah Amirkabir University of Technology (Tehran Polytechnic) Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 1 / 56

2 What is the Problem? Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 2 / 56

3 Two Generals Problem Two generals need to be agree on time to attack to win. They communicate through messengers, who may be killed on their way. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 3 / 56

4 Two Generals Problem Two generals need to be agree on time to attack to win. They communicate through messengers, who may be killed on their way. Agreement is the problem. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 3 / 56

5 Replicated State Machine Problem (1/2) Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 4 / 56

6 Replicated State Machine Problem (1/2) Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 4 / 56

7 Replicated State Machine Problem (1/2) The solution: replicate the server. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 4 / 56

8 Replicated State Machine Problem (2/2) Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 5 / 56

9 Replicated State Machine Problem (2/2) Make the server deterministic (state machine). Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 5 / 56

10 Replicated State Machine Problem (2/2) Make the server deterministic (state machine). Replicate the server. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 5 / 56

11 Replicated State Machine Problem (2/2) Make the server deterministic (state machine). Replicate the server. Ensure correct replicas step through the same sequence of state transitions (How?) Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 5 / 56

12 Replicated State Machine Problem (2/2) Make the server deterministic (state machine). Replicate the server. Ensure correct replicas step through the same sequence of state transitions (How?) Agreement is the problem. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 5 / 56

13 The Agreement Problem Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 6 / 56

14 The Agreement Problem Some nodes propose values (or actions) by sending them to the others. All nodes must decide whether to accept or reject those values. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 7 / 56

15 The Agreement Problem Some nodes propose values (or actions) by sending them to the others. All nodes must decide whether to accept or reject those values. But,... Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 7 / 56

16 The Agreement Problem Some nodes propose values (or actions) by sending them to the others. All nodes must decide whether to accept or reject those values. But,... Concurrent processes and uncertainty of timing, order of events and inputs. Failure and recovery of machines/processors, of communication channels. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 7 / 56

17 Agreement Requirements Safety Liveness Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 8 / 56

18 Agreement Requirements Safety Validity: only a value that has been proposed may be chosen. Liveness Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 8 / 56

19 Agreement Requirements Safety Validity: only a value that has been proposed may be chosen. Agreement: no two correct nodes choose different values. Liveness Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 8 / 56

20 Agreement Requirements Safety Validity: only a value that has been proposed may be chosen. Agreement: no two correct nodes choose different values. Integrity: a node chooses at most once. Liveness Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 8 / 56

21 Agreement Requirements Safety Validity: only a value that has been proposed may be chosen. Agreement: no two correct nodes choose different values. Integrity: a node chooses at most once. Liveness Termination: every correct node eventually choose a value. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 8 / 56

22 Agreement in Distributed Systems: Possible Solutions Two-Phase Commit (2PC) Paxos Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 9 / 56

23 Two-Phase Commit (2PC) Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 10 / 56

24 The Two-Phase Commit (2PC) Problem The problem first was encountered in database systems. Suppose a database system is updating some complicated data structures that include parts residing on more than one machine. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 11 / 56

25 The Two-Phase Commit (2PC) Problem The problem first was encountered in database systems. Suppose a database system is updating some complicated data structures that include parts residing on more than one machine. System model: Concurrent processes and uncertainty of timing, order of events and inputs (asynchronous systems). Failure and recovery of machines/processors, of communication channels. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 11 / 56

26 Intuitive Example (1/3) You want to organize outing with 3 friends at 6pm Tuesday. Go out only if all friends can make it. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 12 / 56

27 Intuitive Example (2/3) What do you do? Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 13 / 56

28 Intuitive Example (2/3) What do you do? Call each of them and ask if can do 6pm on Tuesday (voting phase) Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 13 / 56

29 Intuitive Example (2/3) What do you do? Call each of them and ask if can do 6pm on Tuesday (voting phase) If all can do Tuesday, call each friend back to ACK (commit) Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 13 / 56

can do Tuesday, call each friend back to ACK (commit) If one cannot do

30 Intuitive Example (2/3) What do you do? Call each of them and ask if can do 6pm on Tuesday (voting phase) If all can do Tuesday, call each friend back to ACK (commit) If one cannot do Tuesday, call other three to cancel (abort) Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 13 / 56

31 Intuitive Example (3/3) Critical details Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 14 / 56

32 Intuitive Example (3/3) Critical details While you were calling everyone to ask, people who have promised they can do 6pm Tuesday must reserve that slot. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 14 / 56

33 Intuitive Example (3/3) Critical details While you were calling everyone to ask, people who have promised they can do 6pm Tuesday must reserve that slot. You need to remember the decision and tell anyone whom you have not been able to reach during commit/abort phase. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 14 / 56

34 Intuitive Example (3/3) Critical details While you were calling everyone to ask, people who have promised they can do 6pm Tuesday must reserve that slot. You need to remember the decision and tell anyone whom you have not been able to reach during commit/abort phase. That is exactly how 2PC works. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 14 / 56

35 The 2PC Players Coordinator (Transaction Manager) Begins transaction. Responsible for commit/abort. Participants (Resource Managers) The servers with the data used in the distributed transaction. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 15 / 56

36 The 2PC Algorithm Phase 1 - prepare phase Phase 2 - commit phase Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 16 / 56

37 The 2PC Algorithm - Prepare Phase Coordinator asks each participant cancommit. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 17 / 56

38 The 2PC Algorithm - Prepare Phase Coordinator asks each participant cancommit. Participants must prepare to commit using permanent storage before answering yes. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 17 / 56

39 The 2PC Algorithm - Prepare Phase Coordinator asks each participant cancommit. Participants must prepare to commit using permanent storage before answering yes. Lock the objects. Participants are not allowed to cause an abort after it replies yes to cancommit. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 17 / 56

40 The 2PC Algorithm - Prepare Phase Coordinator asks each participant cancommit. Participants must prepare to commit using permanent storage before answering yes. Lock the objects. Participants are not allowed to cause an abort after it replies yes to cancommit. Outcome of the transaction is uncertain until docommit or doabort. Other participants might still cause an abort. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 17 / 56

41 The 2PC Algorithm - Commit Phase The coordinator collects all votes. If unanimous yes, causes commit. If any participant voted no, causes abort. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 18 / 56

42 The 2PC Algorithm - Commit Phase The coordinator collects all votes. If unanimous yes, causes commit. If any participant voted no, causes abort. The fate of the transaction is decided atomically at the coordinator, once all participants vote. Coordinator records fate using permanent storage. Then broadcasts docommit or doabort to participants. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 18 / 56

43 2PC Sequence of Events Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 19 / 56

44 Recovery in 2PC Recovery after timeouts. Recovery after crashes and reboot. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 20 / 56

45 Recovery in 2PC Recovery after timeouts. Recovery after crashes and reboot. Note: you cannot differentiate between the above in a realistic asynchronous network. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 20 / 56

46 Handling Timeout To avoid processes blocking for ever. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 21 / 56

47 Handling Timeout To avoid processes blocking for ever. Two scenarios: Coordinator waits for votes from participants. Participant is waiting for the final decision. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 21 / 56

48 Handling Timeout at Coordinator If B voted no, can coordinator unilaterally abort? If B voted yes, can coordinator unilaterally abort/commit? Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 22 / 56

49 Handling Timeout at Coordinator If B voted no, can coordinator unilaterally abort? If B voted yes, can coordinator unilaterally abort/commit? Coordinator waits for votes from participants. Participant is waiting for the final decision. Coordinator timeout abort and send doabort to participants. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 22 / 56

50 Handling Timeout at Participants If B times out on TM and has voted yes, then execute termination protocol. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 23 / 56

51 Handling Timeout at Participants If B times out on TM and has voted yes, then execute termination protocol. Simple protocol: participant is remained blocked until it can establish communication with coordinator. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 23 / 56

52 Handling Timeout at Participants If B times out on TM and has voted yes, then execute termination protocol. Simple protocol: participant is remained blocked until it can establish communication with coordinator. Cooperative protocol: participant sends a decision-request message to other participants. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 23 / 56

53 Handling Timeout at Participants If B times out on TM and has voted yes, then execute termination protocol. Simple protocol: participant is remained blocked until it can establish communication with coordinator. Cooperative protocol: participant sends a decision-request message to other participants. B sends status message to A Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 23 / 56

54 Handling Timeout at Participants If B times out on TM and has voted yes, then execute termination protocol. Simple protocol: participant is remained blocked until it can establish communication with coordinator. Cooperative protocol: participant sends a decision-request message to other participants. B sends status message to A If A has received commit/abort from TM,... Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 23 / 56

55 Handling Timeout at Participants If B times out on TM and has voted yes, then execute termination protocol. Simple protocol: participant is remained blocked until it can establish communication with coordinator. Cooperative protocol: participant sends a decision-request message to other participants. B sends status message to A If A has received commit/abort from TM,... If A has not responded to TM,... Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 23 / 56

56 Handling Timeout at Participants If B times out on TM and has voted yes, then execute termination protocol. Simple protocol: participant is remained blocked until it can establish communication with coordinator. Cooperative protocol: participant sends a decision-request message to other participants. B sends status message to A If A has received commit/abort from TM,... If A has not responded to TM,... If A has responded with no/yes... Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 23 / 56

57 Handling Crash and Recovery (1/2) All nodes must log protocol progress. Participants: prepared, uncertain, committed/aborted Coordinator: prepared, committed/aborted, done Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 24 / 56

58 Handling Crash and Recovery (1/2) All nodes must log protocol progress. Participants: prepared, uncertain, committed/aborted Coordinator: prepared, committed/aborted, done Nodes cannot back out if commit is decided. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 24 / 56

59 Handling Crash and Recovery (2/2) Coordinator crashes: If it finds no commit on disk, it aborts. If it finds commit, it commits. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 25 / 56

60 Handling Crash and Recovery (2/2) Coordinator crashes: If it finds no commit on disk, it aborts. If it finds commit, it commits. Participant crashes: If it finds no yes on disk, it aborts. If it finds yes, runs termination protocol to decide. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 25 / 56

61 Fault-Tolerance Limitations of 2PC Even with recovery enabled, 2PC is not really fault-tolerant (or live), because it can be blocked even when one (or a few) machines fail. Blocking means that it does not make progress during the failures. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 26 / 56

62 Fault-Tolerance Limitations of 2PC Even with recovery enabled, 2PC is not really fault-tolerant (or live), because it can be blocked even when one (or a few) machines fail. Blocking means that it does not make progress during the failures. Any scenarios? Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 26 / 56

63 2PC Blocking Scenario TM sends docommit to A, A gets it and commits, and then both TM and A die. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 27 / 56

64 2PC Blocking Scenario TM sends docommit to A, A gets it and commits, and then both TM and A die. B, C, D have already also replied yes, have locked their mutexes, and now need to wait for TM or A to reappear. They cannot recover the decision with certainty until TM or A are online. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 27 / 56

65 2PC Blocking Scenario TM sends docommit to A, A gets it and commits, and then both TM and A die. B, C, D have already also replied yes, have locked their mutexes, and now need to wait for TM or A to reappear. They cannot recover the decision with certainty until TM or A are online. This is why 2PC is called a blocking protocol: 2PC is safe, but not live. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 27 / 56

66 Impossibility of Distributed Consensus with One Faulty Process Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 28 / 56

67 FLP Fischer-Lynch-Paterson (FLP) M.J. Fischer, N.A. Lynch, and M.S. Paterson, Impossibility of distributed consensus with one faulty process, Journal of the ACM, Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 29 / 56

68 FLP Impossibility Result It is impossible for a set of processors in an asynchronous system to agree on a binary value, even if only a single process is subject to an unannounced failure. The core of the problem is asynchrony. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 30 / 56

69 FLP Impossibility Result What FLP says: you cannot guarantee both safety and progress when there is even a single fault at an inopportune moment. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 31 / 56

70 FLP Impossibility Result What FLP says: you cannot guarantee both safety and progress when there is even a single fault at an inopportune moment. What FLP does not say: in practice, how close can you get to the ideal (always safe and live)? Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 31 / 56

71 FLP Impossibility Result What FLP says: you cannot guarantee both safety and progress when there is even a single fault at an inopportune moment. What FLP does not say: in practice, how close can you get to the ideal (always safe and live)? So, Paxos... Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 31 / 56

72 Paxos Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 32 / 56

73 Paxos The only known completely-safe and largely-live agreement protocol. L. Lamport, The part-time parliament, ACM Transactions on Computer Systems, Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 33 / 56

74 The Paxos Players Proposers Suggests values for consideration by acceptors. Acceptors Considers the values proposed by proposers. Renders an accept/reject decision. Learners Learns the chosen value. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 34 / 56

75 The Paxos Players Proposers Suggests values for consideration by acceptors. Acceptors Considers the values proposed by proposers. Renders an accept/reject decision. Learners Learns the chosen value. A node can act as more than one roles (usually 3). Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 34 / 56

76 Single Proposal, Single Acceptor Use just one acceptor Collects proposers proposals. Decides the value and tells everyone else. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 35 / 56

77 Single Proposal, Single Acceptor Use just one acceptor Collects proposers proposals. Decides the value and tells everyone else. Sounds familiar? Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 35 / 56

78 Single Proposal, Single Acceptor Use just one acceptor Collects proposers proposals. Decides the value and tells everyone else. Sounds familiar? two-phase commit (2PC) acceptor fails = protocol blocks Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 35 / 56

79 Single Proposal, Multiple Acceptors One acceptor is not fault-tolerant enough. Let s have multiple acceptors. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 36 / 56

80 Single Proposal, Multiple Acceptors One acceptor is not fault-tolerant enough. Let s have multiple acceptors. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 36 / 56

81 Single Proposal, Multiple Acceptors One acceptor is not fault-tolerant enough. Let s have multiple acceptors. From there, must reach a decision. How? Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 36 / 56

82 Single Proposal, Multiple Acceptors One acceptor is not fault-tolerant enough. Let s have multiple acceptors. From there, must reach a decision. How? Decision = value accepted by the majority. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 36 / 56

83 Single Proposal, Multiple Acceptors One acceptor is not fault-tolerant enough. Let s have multiple acceptors. From there, must reach a decision. How? Decision = value accepted by the majority. P1: an acceptor must accept first proposal it receives. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 36 / 56

84 Multiple Proposals, Multiple Acceptors If there are multiple proposals, no proposal may get the majority. 3 proposals may each get 1/3 of the acceptors. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 37 / 56

Multiple Proposals, Multiple Acceptors If there are multiple proposals, no proposal may get the majority. 3 proposals may each get 1/3 of the acceptors.

85 Multiple Proposals, Multiple Acceptors If there are multiple proposals, no proposal may get the majority. 3 proposals may each get 1/3 of the acceptors. Solution: acceptors can accept multiple proposals, distinguished by a unique proposal number. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 37 / 56

86 Handling Multiple Proposals All chosen proposals must have the same value. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 38 / 56

87 Handling Multiple Proposals All chosen proposals must have the same value. P2: If a proposal with value v is chosen, then every higher-numbered proposal that is chosen also has value v. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 38 / 56

88 Handling Multiple Proposals All chosen proposals must have the same value. P2: If a proposal with value v is chosen, then every higher-numbered proposal that is chosen also has value v. P2a:... accepted... Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 38 / 56

89 Handling Multiple Proposals All chosen proposals must have the same value. P2: If a proposal with value v is chosen, then every higher-numbered proposal that is chosen also has value v. P2a:... accepted... P2b:... proposed... Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 38 / 56

90 The Paxos Algorithm Phase 1a - prepare phase Phase 1b - promise phase Phase 2a - accept phase Phase 2b - accepted phase Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 39 / 56

91 Paxos Algorithm Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 40 / 56

92 Paxos Algorithm - Prepare Phase A proposer selects a proposal number n and sends a prepare request with number n to majority of acceptors. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 41 / 56

93 Paxos Algorithm - Promise Phase If an acceptor receives a prepare request with number n greater than that of any prepare request it saw Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 42 / 56

94 Paxos Algorithm - Promise Phase If an acceptor receives a prepare request with number n greater than that of any prepare request it saw It responses yes to that request with a promise not to accept any more proposals numbered less than n. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 42 / 56

95 Paxos Algorithm - Promise Phase If an acceptor receives a prepare request with number n greater than that of any prepare request it saw It responses yes to that request with a promise not to accept any more proposals numbered less than n. It includes the highest-numbered proposal (if any) that it has accepted. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 42 / 56

96 Paxos Algorithm - Accept Phase If the proposer receives a response yes to its prepare requests from a majority of acceptors Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 43 / 56

97 Paxos Algorithm - Accept Phase If the proposer receives a response yes to its prepare requests from a majority of acceptors It sends an accept request to each of those acceptors for a proposal numbered n with a values v, which is the value of the highest-numbered proposal among the responses. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 43 / 56

98 Paxos Algorithm - Accepted Phase If an acceptor receives an accept request for a proposal numbered n Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 44 / 56

99 Paxos Algorithm - Accepted Phase If an acceptor receives an accept request for a proposal numbered n It accepts the proposal unless it has already responded to a prepare request having a number greater than n. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 44 / 56

100 Definition of Chosen A value is chosen at proposal number n, iff majority of acceptors accept that value in phase 2 of the proposal number. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 45 / 56

101 Paxos Example Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 46 / 56

102 Paxos Example Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 47 / 56

103 Paxos - Safety (1/3) If a value v is chosen at proposal number n, any value that is sent out in phase 2 of any later proposal numbers must be also v. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 48 / 56

104 Paxos - Safety (2/3) Decision = Majority (any two majorities share at least one element) Therefore after the first round in which there is a decision, any subsequent round involves at least one acceptor that has accepted v. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 49 / 56

105 Paxos - Safety (3/3) Now suppose our claim is not true, and let m is the first proposal number that is later than n and in 2nd phase, the value sent out is w v. This is not possible, because if the proposer P was able to start 2nd phase for w, it means it got a majority to accept round for m (for m > n). So, either: v would not have been the value decided, or v would have been proposed by P Therefore, once a majority accepts v, that never changes. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 50 / 56

106 Liveness If two or more proposers race to propose new values, they might step on each other toes all the time. P1 : prepare(n 1 ) P2 : prepare(n 2 ) P 1 : accept(n 1, v 1 ) P 2 : accept(n 2, v 2 ) P1 : prepare(n 3 ) P2 : prepare(n 4 )... n 1 < n 2 < n 3 < n 4 < With randomness, this occurs exceedingly rarely. Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 51 / 56

107 Paxos is Everywhere Google: Chubby (Paxos-based distributed lock service) Most Google services use Chubby directly or indirectly Yahoo: Zookeeper (Paxos-based distributed lock service) Zookeeper is open-source and integrates with Hadoop UW: Scatter (Paxos-based consistent DHT) Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 52 / 56

108 Summary Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 53 / 56

109 Summary Replicated State Machine 2PC: blocking FLP impossibility Paxos Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 54 / 56

110 References: M.J. Fischer, N.A. Lynch, and M.S. Paterson, Impossibility of distributed consensus with one faulty process, Journal of the ACM, L. Lamport, The part-time parliament, ACM Transactions on Computer Systems, L. Lamport, Paxos made simple, ACM Sigact News, J. Gray, and L. Lamport, Consensus on transaction commit, ACM Transactions on Database Systems, Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 55 / 56

111 Questions? Acknowledgements Some slides were derived from Jinyang Li slides (New York University). Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 56 / 56

Beyond FLP. Acknowledgement for presentation material. Chapter 8: Distributed Systems Principles and Paradigms: Tanenbaum and Van Steen

Beyond FLP. Acknowledgement for presentation material. Chapter 8: Distributed Systems Principles and Paradigms: Tanenbaum and Van Steen Beyond FLP Acknowledgement for presentation material Chapter 8: Distributed Systems Principles and Paradigms: Tanenbaum and Van Steen Paper trail blog: http://the-paper-trail.org/blog/consensus-protocols-paxos/