cs 5412 lecture 22
play

CS 5412/LECTURE 22 Ken Birman FAULT TOLERANCE IN APACHE Spring, - PowerPoint PPT Presentation

Oct 13, 2022 •223 likes •505 views

CS 5412/LECTURE 22 Ken Birman FAULT TOLERANCE IN APACHE Spring, 2019 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 1 HOW DO APACHE SERVICES HANDLE FAILURE? Weve heard about some of the main tools Zookeeper, to manage

  1. CS 5412/LECTURE 22 Ken Birman FAULT TOLERANCE IN APACHE Spring, 2019 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 1

  2. HOW DO APACHE SERVICES HANDLE FAILURE? We’ve heard about some of the main “tools”  Zookeeper, to manage configuration  HDFS file system, to hold files and unstructured data  HBASE to manage “structured” data  Hadoop to run massively parallel computing tasks  Hive and Pig to do NoSQL database tasks over HBASE, and then to create a nicely formatted (set of) output files HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 2

  3. BUT WHEN A FAILURE OCCURS… Won’t that cause “damage” all through the hierarchy?  How do people working with Apache think about failure?  What are the specific roles Zookeeper plays?  What happens when a failed element later restarts? In Derecho, we saw how all of this can be “combined” in one model (with new group views, and dynamic self-repair), but Apache applications might be spread over thousands of nodes in lots of distinct programs! HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 3

  4. KEY ASPECTS What does Apache do to “detect” failures? What if a failure is just some form of transient overload and self-corrects?  How would the component realize it was dropped by everyone else? How can Apache self-repair the damaged components, and resume? HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 4

  5. KEY ASPECTS In fact Apache uses Zookeeper to sense failures. Then it basically “cleans up”, which means getting rid of partially written output from the failed components. YARN knows which files those are. Then it restarts the things that failed. But it gives up if the same failure repeats again and again (why?) HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 5

  6. CAN EVERY PROBLEM BE SOLVED THIS WAY? We will be discussing this question later in the class! We can think of Apache as a world of  Hierarchical structure: layers and layers of very complex systems!  Roll-forward reliability: if it fails, restart it. But why is it even possible to “clean up”? This is the puzzle. What if an ATM machine already distributed the $500? Can we get it back? HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 6

  7. CORE OF THE PUZZLE It is vitally important to realize that Apache big data tools don’t run in an online manner! They never “talk to an ATM machine”! They run purely in the back end and purely in a batched context! Why? HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 7

  8. ? WAYS TO DETECT FAILURES Something segment faults or throws an exception, then exits A process freezes up (like waiting on a lock) and never resumes A machine crashes and reboots HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 8

  9. SOME REALLY WEIRD EXAMPLES Suppose we just trust TCP timeouts. But FTP and some applications have more than one TCP connection open between the same processes.  What if one connection breaks but the other doesn’t? … can you think of a way to easily cause this?  What if process A in some pool of servers thinks S is down, but B is happily talking to S? When clocks “resynchronize” they can jump ahead or backwards by many seconds or even several minutes.  What would that do to timeouts? HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 9

  10. SLOW NETWORK LINKS CAN MIMIC CRASHES MIT Theoreticians Fischer, Lynch and Paterson modelled fault-tolerant agreement protocols (consensus on a single bit, 0/1). This is easy with perfect failure detection, but can we implement perfect detection?. They proved that in an asynchronous network (like an ethernet), any consensus algorithm that is guaranteed to be correct (consistent) will run some tiny risk of indefinitely stalling and never picking an output value. One implication: on an ethernet, perfect failure sensing is impossible! HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 10

  11. HOW DOES THE “FLP” PROOF WORK? They look at agreeing on consensus via messages, with no deadlines on message delivery. Their proof first shows that there must be some input states in which there is a mix of 0 and 1’s proposed by the members, and where both are possible outcomes (thinking of an election, with two candidates). They call this a “bivalent” state, meaning “two possible vote outcomes” HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 11

  12. EXAMPLE OF A BIVALENT STATE Suppose we are running an election and 0 represents voting for John Doe, whereas 1 represents a vote for Sally Smith. Majority wins. But N=50. To cover the risk of ties, we flipped a coin: in a tie, Sally wins.  Suppose half vote John, half for Sally, but one voter has a “connectivity problem”. If that vote isn’t submitted on time, it won’t be tallied.  With 25 each, Sally is picked. But if just one Sally vote is delayed, then the exact same election comes out 25 for John, 24 for Sally… John wins An algorithm that “tolerates failures” can’t simply wait! It has to decide. HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 12

  13. NEXT STEP IN FLP PROOF Inspired by this example, they consider patterns of message delays that are legal in an asynchronous network and that occur in a bivalent state. They take a situation that leads to the “John wins” outcome. Then they show that no matter what algorithm you use, there must be some message that, if we delay it, leads to a “Sally wins” outcome. … and now they get very tricky. HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 13

  14. FINAL PROOF STEP In a very elegant (sophisticated) bit of mathematics they now show that if they briefly delay that “deciding” message but then allow it through, the voting protocol must end up back in a bivalent state! They point out that this takes time (to send and receive the messages) and yet leads back to where they started. So by repeating this behavior, consensus is never actually reached! It is as if we are endlessly arguing over which votes we should count, and never get to the point of actually tabulating the result. HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 14

  15. DOES FLP MATTER? FLP is often cited as a proof that “consistency is impossible” but in fact it only tells us that any digital system could run into conditions where it jams. We knew that. On the other hand, it also has a problematic “implication”  No asynchronous system can accurately detect failures of its members. (if it were possible, that would contradict FLP). HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 15

  16. IMPLICATION? If we can’t do perfect failure sensing, we need to make do with something imperfect. This leads to the idea of a system that manages its own membership. If the manager layer can’t be sure that some process is healthy, it is allowed to just declare that the process has failed! HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 16

  17. APACHE SOLUTION: ZOOKEEPER! Zookeeper acts like a single, fault-tolerance “decider”. It can keep a list of which processes are up, and which are down. It tells everyone when this changes (the model is sometimes called virtual synchrony and these lists are sometimes called “membership views”… Derecho uses this model, and it dates back to Ken’s Isis system in 1987). Then the whole application just trusts the views. HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 17

  18. APACHE SOLUTION: ZOOKEEPER! µ -service, Zookeeper has an elected leader, a set of “follower” members in the and other “application” processes. There is a TCP connection from each application to some Zookeeper member, from members to the leader, and from the leader to members. Periodic “heartbeat” messages are sent by healthy processes. Each process watches for these heartbeats. A timeout triggers “failure suspicion”. Also, if a TCP connection breaks, the live process will immediately deem the other endpoint as having crashed. A form of Paxos prevents split-brain behavior if leader failure is suspected. HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 18

  19. WHY DOES THIS AVOID THE FLP PROBLEM? Zookeeper didn’t invent this idea (as mentioned, Ken’s Isis Tookit was the first system to use this concept). It treats slow processes like failed ones, even if the process itself wasn’t actually the cause of the slowness (even if the network was at fault). FLP no longer applies because in FLP, a healthy process must be allowed to vote. In systems like Zookeeper, a healthy process might be “killed” by accident, but this keeps the system alive when it might otherwise freeze up). HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 19

  20. ZOOKEEPER CANNOT EVADE THE FLP THEOREM Zookeeper has to manage itself. In doing that, it needs to run consensus and theoretically, one could use FLP to attack it! If you managed to do that (it would be very hard to do), Zookeeper itself freezes up. The probability of this happening is zero unless the attacker can virtualize the entire distributed system and then can control everything. So Apache applications simply use Zookeeper to track health of system, via a special type of file Zookeeper maintains listing system members. HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

In 2020SP, this lecture and lecture 20 are both optional extra material CS 5412/LECTURE 17 Ken

In 2020SP, this lecture and lecture 20 are both optional extra material CS 5412/LECTURE 17 Ken

In 2020SP, this lecture and lecture 20 are both optional extra material CS 5412/LECTURE 17 Ken Birman LEAVE NO TRACE BEHIND Spring, 2020 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2020SP 1 THE PRIVACY PUZZLE FOR I O T We have sensors

1.04k views • 65 slides
CS 5412/LECTURE 3 Ken Birman PROGRAMMING AN I O T SYSTEM Spring, 2019

CS 5412/LECTURE 3 Ken Birman PROGRAMMING AN I O T SYSTEM Spring, 2019

CS 5412/LECTURE 3 Ken Birman PROGRAMMING AN I O T SYSTEM Spring, 2019 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 1 HOW DO WE PROGRAM THE I O T CLOUD? This is a very rapidly evolving and exciting question! To give some context,

1.05k views • 55 slides
CS 5412/LECTURE 17 Ken Birman LEAVE NO TRACE BEHIND Spring, 2019

CS 5412/LECTURE 17 Ken Birman LEAVE NO TRACE BEHIND Spring, 2019

CS 5412/LECTURE 17 Ken Birman LEAVE NO TRACE BEHIND Spring, 2019 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 1 THE PRIVACY PUZZLE FOR I O T We have sensors everywhere, including in very sensitive settings. They are capturing information

897 views • 65 slides
CS 5412/LECTURE 21 Ken Birman FAULT TOLERANCE IN APACHE Spring, 2020

CS 5412/LECTURE 21 Ken Birman FAULT TOLERANCE IN APACHE Spring, 2020

CS 5412/LECTURE 21 Ken Birman FAULT TOLERANCE IN APACHE Spring, 2020 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2020SP 1 HOW DO APACHE SERVICES HANDLE FAILURE? Weve heard about some of the main tools Zookeeper, to manage

797 views • 43 slides
CS 5412: LECTURE 6 Ken Birman TIMESTAMPED DATA Spring, 2019

CS 5412: LECTURE 6 Ken Birman TIMESTAMPED DATA Spring, 2019

CS 5412: LECTURE 6 Ken Birman TIMESTAMPED DATA Spring, 2019 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 1 TODAY: DRILL DOWN ON TIME Last time we discussed time more as an active aspect of a coordinated system (one of a few dimensions in

611 views • 42 slides
CS 5412/LECTURE 18 Ken Birman ACCESSING COLLECTIONS Spring, 2020

CS 5412/LECTURE 18 Ken Birman ACCESSING COLLECTIONS Spring, 2020

CS 5412/LECTURE 18 Ken Birman ACCESSING COLLECTIONS Spring, 2020 HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2020SP 1 STRUCTURED AND UNSTRUCTURED DATA Earlier we learned that cloud data is generally viewed as structured or unstructured.

374 views • 21 slides
CS 5412/LECTURE 13. Ken Birman CEPH: A SCALABLE HIGH-PERFORMANCE Spring, 2020 DISTRIBUTED FILE

CS 5412/LECTURE 13. Ken Birman CEPH: A SCALABLE HIGH-PERFORMANCE Spring, 2020 DISTRIBUTED FILE

CS 5412/LECTURE 13. Ken Birman CEPH: A SCALABLE HIGH-PERFORMANCE Spring, 2020 DISTRIBUTED FILE SYSTEM HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2020SP 1 HDFS LIMITATIONS Although many applications are designed to use the normal POSIX

689 views • 50 slides
CS 5412/LECTURE 24. CEPH: A Ken Birman SCALABLE HIGH-PERFORMANCE Spring, 2019 DISTRIBUTED FILE

CS 5412/LECTURE 24. CEPH: A Ken Birman SCALABLE HIGH-PERFORMANCE Spring, 2019 DISTRIBUTED FILE

CS 5412/LECTURE 24. CEPH: A Ken Birman SCALABLE HIGH-PERFORMANCE Spring, 2019 DISTRIBUTED FILE SYSTEM HTTP://WWW.CS.CORNELL.EDU/COURSES/CS5412/2019SP 1 HDFS LIMITATIONS Although many applications are designed to use the normal POSIX

979 views • 65 slides
CS5412: SPRING 2014 CLOUD COMPUTING Lecture 1 Ken Birman Welcome to CS 5412... 2 A course

CS5412: SPRING 2014 CLOUD COMPUTING Lecture 1 Ken Birman Welcome to CS 5412... 2 A course

CS5412 Spring 2015 (Cloud Computing: Birman) 1 CS5412: SPRING 2014 CLOUD COMPUTING Lecture 1 Ken Birman Welcome to CS 5412... 2 A course dedicated to the technology behind cloud computing! In my country of Khazackstan, many excellent

718 views • 53 slides
CS5412: SPRING 2016 CLOUD COMPUTING Lecture 1 Ken Birman Welcome to CS 5412... 2 A course

CS5412: SPRING 2016 CLOUD COMPUTING Lecture 1 Ken Birman Welcome to CS 5412... 2 A course

CS5412 Spring 2016 (Cloud Computing: Birman) 1 CS5412: SPRING 2016 CLOUD COMPUTING Lecture 1 Ken Birman Welcome to CS 5412... 2 A course dedicated to the technology behind cloud computing! In my country of Khazackstan, many excellent

1.21k views • 37 slides
CS5412: SPRING 2012 CLOUD COMPUTING Lecture 1 Ken Birman Welcome to CS 5412... 2 A completely

CS5412: SPRING 2012 CLOUD COMPUTING Lecture 1 Ken Birman Welcome to CS 5412... 2 A completely

CS5412 Spring 2012 (Cloud Computing: Birman) 1 CS5412: SPRING 2012 CLOUD COMPUTING Lecture 1 Ken Birman Welcome to CS 5412... 2 A completely new course dedicated to the technology behind cloud computing! In my country of Khazackstan, many

588 views • 46 slides
Gossip and Self-Stabilization Lonnie Princehouse CS 5412 February 28, 2012 Gossip Protocols

Gossip and Self-Stabilization Lonnie Princehouse CS 5412 February 28, 2012 Gossip Protocols

Gossip and Self-Stabilization Lonnie Princehouse CS 5412 February 28, 2012 Gossip Protocols Gossip is the family of protocols loosely characterized by Randomized peer selection Probabilistic convergence Round-based execution

1.18k views • 51 slides
Unshackle the Cloud: Commoditization of the Cloud Hakim Weatherspoon Assistant Professor, Dept

Unshackle the Cloud: Commoditization of the Cloud Hakim Weatherspoon Assistant Professor, Dept

Unshackle the Cloud: Commoditization of the Cloud Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5412, Guest Lecture, Cornell University January 24, 2012 Context The promise of the Cloud A computer utility; a

547 views • 40 slides
Words and the Company they keep C(a,b) a b C(a,b) a b 11487 New York 80871 of the

Words and the Company they keep C(a,b) a b C(a,b) a b 11487 New York 80871 of the

Words and the Company they keep C(a,b) a b C(a,b) a b 11487 New York 80871 of the 7261 United Sates 58841 in th 5412 Los Angeles 26430 to the 3301 last year 21842 on the 3191 Saudi Arabia 21839 for the 2699

1.3k views • 117 slides
Lecture # 5 - Monday, Aug 30th In this lecture I reviewed the previous lecture 4, and then

Lecture # 5 - Monday, Aug 30th In this lecture I reviewed the previous lecture 4, and then

Lecture # 5 - Monday, Aug 30th In this lecture I reviewed the previous lecture 4, and then reviewed the final point of lecture #3: Hennigs logical approach to tree inference is valid as logic, but we have a hard time using it because our data

660 views • 7 slides
Algorithms (2IL15) Lecture 13 Wrap-up lecture 1 TU/e Algorithms (2IL15) Lecture 13

Algorithms (2IL15) Lecture 13 Wrap-up lecture 1 TU/e Algorithms (2IL15) Lecture 13

TU/e Algorithms (2IL15) Lecture 13 Algorithms (2IL15) Lecture 13 Wrap-up lecture 1 TU/e Algorithms (2IL15) Lecture 13 Part I of the course: Optimization Problems we want to find valid solution minimizing cost (or maximizing

904 views • 20 slides
An Architecture for Open Pluggable Pluggable An Architecture for Open Edge Services (OPES) Edge

An Architecture for Open Pluggable Pluggable An Architecture for Open Edge Services (OPES) Edge

An Architecture for Open Pluggable Pluggable An Architecture for Open Edge Services (OPES) Edge Services (OPES) draft- -ietf ietf- -opes opes- -architecture architecture- -02 02 draft Abbie Barbir Abbie Barbir

405 views • 13 slides
Towards a Learning Health Care System Experiences in Kootenay Boundary Jennifer Ellis, QI

Towards a Learning Health Care System Experiences in Kootenay Boundary Jennifer Ellis, QI

Towards a Learning Health Care System Experiences in Kootenay Boundary Jennifer Ellis, QI Manager, Kootenay Boundary Division of Family Practice March 6, 2020 Kootenay Boundary 78,000 people 93 GPs and 6 NPs in family practice 49 ED

166 views • 12 slides
Knowledge is Imperfect A CTING ON S TALE , I NCONSISTENT OR M ISSING D ATA U LF W IGER , F

Knowledge is Imperfect A CTING ON S TALE , I NCONSISTENT OR M ISSING D ATA U LF W IGER , F

Knowledge is Imperfect A CTING ON S TALE , I NCONSISTENT OR M ISSING D ATA U LF W IGER , F EUERLABS , I NC . GOTO Aarhus 2013 Wednesday, 2 October 13 Outline War stories No code, no algorithms, no Hadoop Thoughts The

607 views • 29 slides
Speech Processing 15-492/18-492 Spoken Dialog Systems Advanced Concepts in Dialog Spoken Dialog

Speech Processing 15-492/18-492 Spoken Dialog Systems Advanced Concepts in Dialog Spoken Dialog

Speech Processing 15-492/18-492 Spoken Dialog Systems Advanced Concepts in Dialog Spoken Dialog Systems Basic steps for machine conversation: Basic steps for machine conversation: Take speech to text (ASR) Take speech to text (ASR)

732 views • 27 slides
CSCE 970 Lecture 5: More Properties of Bayes Nets Stephen D. Scott 1 Introduction So far,

CSCE 970 Lecture 5: More Properties of Bayes Nets Stephen D. Scott 1 Introduction So far,

CSCE 970 Lecture 5: More Properties of Bayes Nets Stephen D. Scott 1 Introduction So far, have introduced Bayes nets and discussed the Markov condition As mentioned previously, Markov condition entails conditional independencies among

506 views • 48 slides
Properties of Laurent coefficients of multivariate rational functions Workshop on Computer

Properties of Laurent coefficients of multivariate rational functions Workshop on Computer

Properties of Laurent coefficients of multivariate rational functions Workshop on Computer Algebra in Combinatorics Erwin Schroedinger Institute Armin Straub November 14, 2017 University of South Alabama includes joint work with and Frits

1.44k views • 96 slides
CSE 543 - Computer Security Lecture 2 - Introduction August 30, 2007 URL:

CSE 543 - Computer Security Lecture 2 - Introduction August 30, 2007 URL:

CSE 543 - Computer Security Lecture 2 - Introduction August 30, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 A historical moment Mary Queen of Scots is

631 views • 29 slides
Distributed Systems CS425/ECE428 03/04/2020 Logistics HW3 Released on Monday. You

Distributed Systems CS425/ECE428 03/04/2020 Logistics HW3 Released on Monday. You

Distributed Systems CS425/ECE428 03/04/2020 Logistics HW3 Released on Monday. You should be able to solve it completely after todays class. MP1 Due date extended to Monday, March 9 th , 11:59pm. MP2 Will be released

678 views • 48 slides

More recommend