DOCSLIB.ORG

Limitations on Database Availability When Networks Partition

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Limitations on Database Availability When Networks Partition Limitations on Database Availability when Networks Partition Brian A. Coan, Brian M. Oki, and Elliot K. Kolodner Laboratory for Computer Science Massachusetts Institute of Technology Cambridge, MA 02139 Abstract: In designing fault-tolerant distributed database 1 Introduction systems, a frequent goal is making the system highly avail- able despite component failure. We examine software ap- In designing fault-tolerant distributed database sys- proaches to achieving high availability in the presence of tems, a frequent objective is to make the system highly partitions. In particular, we consider various replicated- available in spite of component failures. We measure avail- data management protocols that maintain database consis- tency and attempt to increase database availability when ability as the fraction of transactions presented to the sys- networks partition. We conclude that no protocol does bet- tem that complete. One technique to increase data avail- ter than a bound we have determined. Our conclusions hold ability is replicating the data at various sites in the net- under the assumption that the pattern of data accesses by work. In this paper, we examine several replicated-data transactions obeys a uniformity assumption. There may be management protocols that maintain database consistency some particular distribution for which specialized protocols can increase availability. and attempt to make replicated data highly available in the presence of network partitions. (Partitions are failures that divide a system into two or more components between which communication is impossible.) The protocols we examine in this paper maintain one- copy serializability [1] [8], and are of the on-line kind, that is, those that are required to make irrevocable commit/abort decisions at the time the transaction is processed. We do not consider other classes of protocols, such as off-line pro- tocols, which are protocols that may defer commit/abort decisions until the partitions are rejoined; protocols that abandon one-copy serializability as the correctness crite- rion; and protocols that use type-specific information. Da- vidson's optimistic protocol [2] is an example of an off- This research was supported in part by the Advanced Research line protocol. The partition-tolerant distributed databases Projects Agency of the Department of Defense, monitored by the project at the Computer Corporation of America [9] is an Office of Naval Research under contracts N00014-83-K-0125 and N00014-85-K-0168, in part by the National Science Foundation example of a system that abandons one-copy serializability under grants DCR-8503662 and DCR-83-02091, and in part by to achieve higher availability. Herlihy [7] deals with repli- the Office of Army Research under contract DAAG29-84-K-0058. cation methods for abstract data types. The main objective of replicated-data management pro- tocols is achieving availability while maintaining data con- sistency. No protocol whose correctness criterion is one- copy serializability can do better than a bound we have determined, under the assumption that the pattern of data accesses by transactions obeys a certain uniformity assump- Permission to copy without fee all or part of this material is granted tion that we explain. We believe this assumption is area- provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specfic permission. © 1986 ACM 0-89791-198-9/86/0800-0187 75¢ "18 7 sonable one if we know nothing in particular about the one another is called a partition group, following Davidson transaction distributions; there might be some particular [2]. We make the simplifying assumption that a partitioned distributions for which specialized protocols achieve greater network consists of only two partition groups, called a ma- availability. Furthermore, this assumption permits us to do jority partition and a minority partition. This simplifica- the analysis. tion does not change our conclusions because we believe In the context of a simple model we have developed, that this kind of partition is rare and that more extensive we analyze the level of availability achieved by several partitioning is even rarer; we analyze the most common replicated-data management protocols proposed in the lit- case. We define L i as the load on the system for a site j erature. The protocols we look at use different rules to based on the fraction of transactions that run there. That increase data availability during a partition. Given the au- is, thors' informal discussion of availability achievable by these number of transactions initiated at site j protocols, it is difficult to determine how one protocol com- Li = number of transactions pares against the others. We provide a uniform basis for Then set S of sites is a majority if and only if comparison. In addition, we show that several of the proto- (~0~s Lo) > ~. We use this somewhat nonstandard defi- cols achieve the upper bound for availability, so the bound nition of majority because it ensures the desirable property is tight. that during a partition more than one-half of the work sub- Our analysis shows that there is a severe limitation on mitted to the system is submitted to the majority partition. the availability that can be achieved during a partition. In this paper, we are interested in availability. It is Because of this limitation, networks should be designed to a measure of the amount of work that can be done by a minimize the probability that partitions will occur. system. We define availability as follows. This paper is organized as follows. Section 2 begins with Availability = some assumptions and definitions underlying our model, de- number of transactions successfully completed fines the notion of availability, and provides a bound on the number of transactions presented to the system level of availability achievable with replicated-data manage- ment protocols that maintain one-copy serializability. In We do not study other aspects of performance, such as the section 3 we describe some of the known replicated-data relative expense of read/write operations or the cost of re- management protocols and, for each protocol, give a quan- joining partitions. titative measure of the availability achieved by the protocol. In order to quantify our observations concerning avail- Finally, in section 4, we summarize our results. ability, we are interested in the following parameters. t = total number of transactions presented during 2 Bounds on Availability the partition u,~ i = fraction of t that are update transactions and In this section, we define availability and then prove a are in the majority partition bound on the availability achievable. u,ra, = fraction of t that are update transactions and are in the minority partition 2.1 Assumptions and Definitions rraai = fraction of t that are read - only transactions The context of our work is a distributed database system and are in the majority partition rm~. = fraction of t that are read - only transactions in which the data is fully replicated. This system consists of and are in the minority partition a collection of n sites, numbered I,..., n. We have chosen this special case of a distributed database system because 2.2 Analysis it simplifies our analysis. Transactions can operate on data items by reading or updating. We assume no blind updates, We now show that no on-line replicated-data manage- where a blind update is one that updates a data item with- ment protocol that maintains one-copy serializability can out first reading it. The set of data items updated by a achieve a level of availability that is better than ur~ai + transaction is called its write set. rmaj + rrain. A partition occurs in a system when two functioning Our proof depends on an assumption regarding system sites are unable to communicate for a significant interval of workload, which we call the uniformity assumption. One time. A maximal set of sites that can communicate with informal characterization, which is sufficient for the unifor- '188 Majority Minority 0 Y.,.~ TA: Z,nia U d • Z,~j a 0 t R(x) Rix) e W(x) W(x) R,,,,,i R,,~. R e Figure 1: Execution £ a d Majority Minority mity assumption to be satisfied, is that the transaction mix Figure 2: Sets of transactions used in proof of Lemma 2 be the same at each site. Uniformity assumption• For all D where D is a sub- set of the data items, and for all j E 1,... ,n. bound on the availability achievable by a replicated-data Number of D - transactions initiated at site j management protocol that maintains one-copy serializabU- Total number of D - transactions = Li ity. where a D-transaction is a transaction with write set D. Lemma 2. Let .4 be any replicated-data management For example, suppose 10% of the update transactions run at protocol that satisfies the correctness property and that site 1; then our assumption says that of those transactions operates in a system in which the uniformity assumption that update a set of data items, 10% of them run at site 1. holds. Any execution ~ of protocol .4 during a partition We find it convenient to formulate the following correct- has availability at most u,uzj + r~j + r,~,~. ness property, which in Theorem 1 we show is a necessary Proof. We use a counting argument to bound the avail- condition for maintaining one-copy serializability. ability from above. See Figure 2 for an illustration of the Correctness property. For all data items d, d is not sets of transactions defined below. updated on both the minority and majority sides of a par- We define the following quantities: tition.
Load more

Recommended publications
  • Plantuml Language Reference Guide (Version 1.2021.2)
    Drawing UML with PlantUML PlantUML Language Reference Guide (Version 1.2021.2) PlantUML is a component that allows to quickly write : • Sequence diagram • Usecase diagram • Class diagram • Object diagram • Activity diagram • Component diagram • Deployment diagram • State diagram • Timing diagram The following non-UML diagrams are also supported: • JSON Data • YAML Data • Network diagram (nwdiag) • Wireframe graphical interface • Archimate diagram • Specification and Description Language (SDL) • Ditaa diagram • Gantt diagram • MindMap diagram • Work Breakdown Structure diagram • Mathematic with AsciiMath or JLaTeXMath notation • Entity Relationship diagram Diagrams are defined using a simple and intuitive language. 1 SEQUENCE DIAGRAM 1 Sequence Diagram 1.1 Basic examples The sequence -> is used to draw a message between two participants. Participants do not have to be explicitly declared. To have a dotted arrow, you use --> It is also possible to use <- and <--. That does not change the drawing, but may improve readability. Note that this is only true for sequence diagrams, rules are different for the other diagrams. @startuml Alice -> Bob: Authentication Request Bob --> Alice: Authentication Response Alice -> Bob: Another authentication Request Alice <-- Bob: Another authentication Response @enduml 1.2 Declaring participant If the keyword participant is used to declare a participant, more control on that participant is possible. The order of declaration will be the (default) order of display. Using these other keywords to declare participants
    [Show full text]
  • BEA Weblogic Platform Security Guide
    UNCLASSIFIED Report Number: I33-004R-2005 BEA WebLogic Platform Security Guide Network Applications Team of the Systems and Network Attack Center (SNAC) Publication Date: 4 April 2005 Version Number: 1.0 National Security Agency ATTN: I33 9800 Savage Road Ft. Meade, Maryland 20755-6704 410-854-6191 Commercial 410-859-6510 Fax UNCLASSIFIED UNCLASSIFIED Acknowledgment We thank the MITRE Corporation for its collaborative effort in the development of this guide. Working closely with our NSA representatives, the MITRE team—Ellen Laderman (task leader), Ron Couture, Perry Engle, Dan Scholten, Len LaPadula (task product manager) and Mark Metea (Security Guides Project Oversight)—generated most of the security recommendations in this guide and produced the first draft. ii UNCLASSIFIED UNCLASSIFIED Warnings Do not attempt to implement any of the settings in this guide without first testing in a non-operational environment. This document is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment. Furthermore, this guide does not address site-specific configuration issues. Care must be taken when implementing this guide to address local operational and policy concerns. The security configuration described in this document has been tested on a Solaris system. Extra care should be taken when applying the configuration in other environments. SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
    [Show full text]
  • Plantuml Language Reference Guide
    Drawing UML with PlantUML Language Reference Guide (Version 5737) PlantUML is an Open Source project that allows to quickly write: • Sequence diagram, • Usecase diagram, • Class diagram, • Activity diagram, • Component diagram, • State diagram, • Object diagram. Diagrams are defined using a simple and intuitive language. 1 SEQUENCE DIAGRAM 1 Sequence Diagram 1.1 Basic examples Every UML description must start by @startuml and must finish by @enduml. The sequence ”->” is used to draw a message between two participants. Participants do not have to be explicitly declared. To have a dotted arrow, you use ”-->”. It is also possible to use ”<-” and ”<--”. That does not change the drawing, but may improve readability. Example: @startuml Alice -> Bob: Authentication Request Bob --> Alice: Authentication Response Alice -> Bob: Another authentication Request Alice <-- Bob: another authentication Response @enduml To use asynchronous message, you can use ”->>” or ”<<-”. @startuml Alice -> Bob: synchronous call Alice ->> Bob: asynchronous call @enduml PlantUML : Language Reference Guide, December 11, 2010 (Version 5737) 1 of 96 1.2 Declaring participant 1 SEQUENCE DIAGRAM 1.2 Declaring participant It is possible to change participant order using the participant keyword. It is also possible to use the actor keyword to use a stickman instead of a box for the participant. You can rename a participant using the as keyword. You can also change the background color of actor or participant, using html code or color name. Everything that starts with simple quote ' is a comment. @startuml actor Bob #red ' The only difference between actor and participant is the drawing participant Alice participant "I have a really\nlong name" as L #99FF99 Alice->Bob: Authentication Request Bob->Alice: Authentication Response Bob->L: Log transaction @enduml PlantUML : Language Reference Guide, December 11, 2010 (Version 5737) 2 of 96 1.3 Use non-letters in participants 1 SEQUENCE DIAGRAM 1.3 Use non-letters in participants You can use quotes to define participants.
    [Show full text]
  • Hive Where Clause Example
    Hive Where Clause Example Bell-bottomed Christie engorged that mantids reattributes inaccessibly and recrystallize vociferously. Plethoric and seamier Addie still doth his argents insultingly. Rubescent Antin jibbed, his somnolency razzes repackages insupportably. Pruning occurs directly with where and limit clause to store data question and column must match. The ideal for column, sum of elements, the other than hive commands are hive example the terminator for nonpartitioned external source table? Cli to hive where clause used to pick tables and having a column qualifier. For use of hive sql, so the source table csv_table in most robust results yourself and populated using. If the bucket of the sampling is created in this command. We want to talk about which it? Sql statements are not every data, we should run in big data structures the. Try substituting synonyms for full name. Currently the where at query, urban private key value then prints the where hive table? Hive would like the partitioning is why the. In hive example hive data types. For the data, depending on hive will also be present in applying the example hive also widely used. The electrician are very similar to avoid reading this way, then one virtual column values in data aggregation functionalities provided below is sent to be expressed. Spark column values. In where clause will print the example when you a script for example, it will be spelled out of subquery must produce such hash bucket level of. After copy and collect_list instead of the same type is only needs to calculate approximately percentiles for sorting phase in keyword is expected schema.
    [Show full text]
  • Asymmetric-Partition Replication for Highly Scalable Distributed Transaction Processing in Practice
    Asymmetric-Partition Replication for Highly Scalable Distributed Transaction Processing in Practice Juchang Lee Hyejeong Lee Seongyun Ko SAP Labs Korea SAP Labs Korea POSTECH [email protected] [email protected] [email protected] Kyu Hwan Kim Mihnea Andrei Friedrich Keller SAP Labs Korea SAP Labs France SAP SE [email protected] [email protected] [email protected] ∗ Wook-Shin Han POSTECH [email protected] ABSTRACT 1. INTRODUCTION Database replication is widely known and used for high Database replication is one of the most widely studied and availability or load balancing in many practical database used techniques in the database area. It has two major use systems. In this paper, we show how a replication engine cases: 1) achieving a higher degree of system availability and can be used for three important practical cases that have 2) achieving better scalability by distributing the incoming not previously been studied very well. The three practi- workloads to the multiple replicas. With geographically dis- cal use cases include: 1) scaling out OLTP/OLAP-mixed tributed replicas, replication can also help reduce the query workloads with partitioned replicas, 2) efficiently maintain- latency when it accesses a local replica. ing a distributed secondary index for a partitioned table, and Beyond those well-known use cases, this paper shows how 3) efficiently implementing an online re-partitioning opera- an advanced replication engine can serve three other prac- tion. All three use cases are crucial for enabling a high- tical use cases that have not been studied very well.
    [Show full text]
  • Partitionable Blockchain
    Partitionable Blockchain A thesis submitted to the Kent State University Honors College in partial fulfillment of the requirements for University Honors by Joseph Oglio May, 2020 Thesis written by Joseph Oglio Approved by _____________________________________________________________________, Advisor ______________________________________, Chair, Department of Computer Science Accepted by ___________________________________________________, Dean, Honors College ii TABLE OF CONTENTS LIST OF FIGURES…..………………………………………………………………….iv ACKNOWLEDGMENTS……………...………………………………………………...v CHAPTER 1. INTRODUCTION……………………………………………….……………….1 2. PARTITIONABLE BLOCKCHAIN...…………………………….…………….7 2.1. Notation……………………………..…………………...…………………7 2.2. The Partitionable Blockchain Consensus Problem…………………..……10 2.3. Impossibility...………………………………………………………….…10 2.4. Partitioning Detectors……………………………………………………..12 2.5. Algorithm PART………………………………………………………….15 2.6. Performance Evaluation…………………………………………………..19 2.7. Multiple Splits…………………………………………………………….21 3. CONCLUSION, EXTENSIONS, AND FUTURE WORK…………………….25 BIBLIOGRAPHY………………………………………………………………….…...27 iii LIST OF FIGURES Figure 2.1 Implementation of ◊AGE using WAGE …………………..…….…………….14 Figure 2.2 Algorithm PART.………………………………………………….…………...22 Figure 2.3 Global blockchain tree generated by PART.…………………………..……….23 Figure 2.4 PART with perfect AGE. Split at round 100.………………………….……….23 Figure 2.5 PART+◊AGE. Split at round100, detector recognizes it at round 200…..…….23 Figure 2.6 PART+◊AGE. No split in computation, detector mistakenly
    [Show full text]
  • Alter Table Add Partition Oracle
    Alter Table Add Partition Oracle Inquilinous and tetrasyllabic Wallie never lists polygonally when Woochang zigzagged his most. Antagonizing Wallie usually bares some Sammy or overworn fervidly. Preconceived and Anglo-French Douglas gunges his secretaryship kick-offs dodge downwind. Thanks for object. The alter table archive table that corresponds to all tables and high workload produced during a new attributes or subpartitions of clustered table. You add a nice explanation! Select ibm kc did they belong to map lower boundary for the online clause allows for creating index if a single logical entity, even if it! This oracle adds a global index corrects this speeds up the add a single partition with the dba should do an equipartitioned local index is. Partitions produced per partition or add key in oracle adds a view to. You can be executed and oracle is an example we encourage you can be limited time to alter table in this index or local indexes are performed. The alter statement adds a version, then dropping index or false depending on the move a partitioned. One load to users table to this statement for adding literal values clause in a partition contains more composite partitioning is dropping table and high. The number of indexes in? In the primary key values from one can be rolled up the tablespace location. Corresponding local index partition level and oracle table itself. Specifying a hash partition operation oracle adds a tablespace location for rows from both tables are local index is useful in above results in? The alter table itself to continue your pdf request was obvious that the duration.
    [Show full text]
  • How Voltdb Does Transactions
    TECHNICAL NOTE How VoltDB does Transactions Note to readers: Some content about read-only transaction coordination in this document is out of date due to changes made in v6.4 as a result of Jepsen testing. Updates are forthcoming. A few years ago (VoltDB version 3.0) we made substantial changes to the transaction management system at the heart of VoltDB. There are several older posts and articles describing the original system but I was surprised to find that we never explained at length how the current transaction system is constructed. Well, no time like the present. Hammock Time: starting with a thought experiment Start with some DRAM and a single CPU. How do we structure a program to run commands to create, query and update structured data at the highest possible throughput? How do you run the maximum number of commands in a unit of time against in-memory data? One solution is to fill a queue with the commands you want to run. Then, run a loop that reads a command off the queue and runs that command to completion. It is easy to see that you can fully saturate a single core running commands in this model. Except for the few nanoseconds it requires to poll() a command from the command queue and offer() a response to a response queue, the CPU is spending 100% of its cycles running the desired work. In VoltDB’s case, the end-user’s commands are execution plans for ad hoc SQL statements, execution plans for distributed SQL fragments (more on this in a second), and stored procedure invocations.
    [Show full text]
  • The Complete IMS HALDB Guide All You Need to Know to Manage Haldbs
    Front cover The Complete IMS HALDB Guide All You Need to Know to Manage HALDBs Examine how to migrate databases to HALDB Explore the benefits of using HALDB Learn how to administer and modify HALDBs Jouko Jäntti Cornelia Hallmen Raymond Keung Rich Lewis ibm.com/redbooks International Technical Support Organization The Complete IMS HALDB Guide All You Need to Know to Manage HALDBs June 2003 SG24-6945-00 Note: Before using this information and the product it supports, read the information in “Notices” on page xi. First Edition (June 2003) This edition applies to IMS Version 7 (program number 5655-B01) and IMS Version 8 (program number 5655-C56) or later for use with the OS/390 or z/OS operating system. © Copyright International Business Machines Corporation 2003. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . .xi Trademarks . xii Preface . xiii The team that wrote this redbook. xiii Become a published author . xiv Comments welcome. xv Part 1. HALDB overview . 1 Chapter 1. HALDB introduction and structure . 3 1.1 An introduction to High Availability Large Databases . 4 1.2 Features and benefits . 5 1.3 Candidates for HALDB . 6 1.4 HALDB definition process . 7 1.4.1 Database Recovery Control (DBRC) . 9 1.5 DL/I processing . 9 1.6 Logical relationships with HALDB . 10 1.7 Partition selection . 10 1.7.1 Partition selection using key ranges . 10 1.7.2 Partition selection using a partition selection exit routine .
    [Show full text]
  • Designing and Architecting for Internet Scale: Sharding
    Designing and Architecting for Internet Scale: Sharding Article based on The Cloud at Your Service EARLY ACCESS EDITION The when, how, and why of enterprise cloud computing Jothy Rosenberg and Arthur Mateos MEAP Release: February 2010 Softbound print: Summer 2010 | 200 pages ISBN: 9781935182528 This article is taken from the book The Cloud at Your Service. The authors discuss the concept of sharding, a term invented by and a concept heavily employed by Google that is about how to partition databases so they scale infinitely. They show how Yahoo!, Flickr, Facebook, and many other sites that deal with huge user communities have been using this method of database partitioning to enable a good user experience concurrently with rapid growth. Get 35% off any version of The Cloud at Your Service, with the checkout code fcc35. Offer is only valid through http://www.manning.com. When you think Internet scale—by which we mean exposure to the enormous population of entities (human and machine) any number of which could potentially access our application—any number of very popular services might appropriately come to mind. Google is the obvious king of the realm, but Facebook, Flickr, Yahoo!, and many others have had to face the issues of dealing with scaling to hundreds of millions of users. In every case, each of these services was throttled at some point by the way they used the database where information about their users was being accessed. These problems were so severe that major reengineering was required, sometimes many times over. That’s a good lesson to learn early as you are thinking about how your Internet scale applications should be designed in the first place.
    [Show full text]
  • Database DB2 Multisystem
    IBM i 7.2 Database DB2 Multisystem IBM Note Before using this information and the product it supports, read the information in “Notices” on page 57. This edition applies to IBM i 7.2 (product number 5770-SS1) and to all subsequent releases and modifications until otherwise indicated in new editions. This version does not run on all reduced instruction set computer (RISC) models nor does it run on CISC models. This document may contain references to Licensed Internal Code. Licensed Internal Code is Machine Code and is licensed to you under the terms of the IBM License Agreement for Machine Code. © Copyright International Business Machines Corporation 1999, 2013. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Db2 Multisystem....................................................................................................1 PDF file for DB2 Multisystem....................................................................................................................... 1 Best practice for partitioning data...............................................................................................................1 DB2 Multisystem overview.......................................................................................................................... 2 Benefits of using DB2 Multisystem........................................................................................................ 3 DB2 Multisystem: Basic terms and concepts.......................................................................................
    [Show full text]
  • Oracle9i Has Several Types of Tablespaces
    THE DATA DEFINITION LANGUAGE Tablespaces Oracle9i has several types of tablespaces. These are: 1. Data tablespaces - Contains data and the objects that control the data (i.e. indexes, synonyms). 2. System tablespaces - Contains information Oracle needs to control itself. 3. Temporary tablespaces - Contains temporary information. For example, the space is used if Oracle needs temporary disk space for sorting a large set of rows. 4. Tool tablespaces - Contains space required for Oracle tools. 5. Rollback tablespaces - Contains information such as uncommitted database changes and enables Oracle’s internal mechanisms for read consistency. 6. User tablespaces - Default tablespace assigned to the user. 1 Creating a Tablespace There are several components to the Create Tablespace command: ? Datafile - Contains the name of the file used by the tablespace. ? Autoextend clause - Enables or disables the automatic extension of the tablespace. Off disables this feature. On enables the feature. The next keyword specifies the amount of disk space to allocate when an extension occurs. Unlimited sets no limit. The Maxsize keyword specifies the maximum amount of space to allocate. ? Size - Determines the maximum size of the file used for the tablespace. Two setting symbols are used. These are K and M. Each increment of K increases the file or tablespace size by 1024 bytes. Each increment of M increases the file or tablespace size by 1,048,576 bytes. ? Initial extent - The amount of disk space initially set-aside for the tablespace. An extent is a portion of disk space that is reserved for the tablespace. This disk space is unavailable to any other application until it is released.
    [Show full text]