lecture 1 – introduction to distributed systems 1 15-440 distributed systems
TRANSCRIPT
Lecture 1 – Introduction to Distributed Systems
1
15-440 Distributed Systems
What Is A Distributed System?
“A collection of independent computers that appears to its users as a single coherent system.” •Features:
• No shared memory – message-based communication• Each runs its own local OS• Heterogeneity• Expandability
•Ideal: to present a single-system image:• The distributed system “looks like” a single computer
rather than a collection of separate computers.
Definition of a Distributed System
Figure 1-1. A distributed system organized as middleware. The middleware layer runs on all machines, and offers a uniform interface to the system
Distributed Systems: Goals
• Resource Availability: remote access to resources• Distribution Transparency: single system image
• Access, Location, Migration, Replication, Failure,…
• Openness: services according to standards (RPC)• Scalability: size, geographic, admin domains, …
• Example of a Distributed System? • Web search on google • DNS: decentralized, scalable, robust to failures, ... • ...
04/21/23 4
Lecture 2 & 3 – 15-441 in 2 Days
15-440 Distributed Systems
Packet Switching – Statistical Multiplexing
• Switches arbitrate between inputs• Can send from any input that’s ready
• Links never idle when traffic to send• (Efficiency!)
Packets
6
Model of a communication channel
• Latency - how long does it take for the first bit to reach destination
• Capacity - how many bits/sec can we push through? (often termed “bandwidth”)
• Jitter - how much variation in latency?
• Loss / Reliability - can the channel drop packets?
• Reordering
7
Packet Switching
• Source sends information as self-contained packets that have an address.• Source may have to break up single message in multiple
• Each packet travels independently to the destination host.• Switches use the address in the packet to determine how to
forward the packets• Store and forward
• Analogy: a letter in surface mail.
8
Internet
• An inter-net: a network of networks.• Networks are connected using
routers that support communication in a hierarchical fashion
• Often need other special devices at the boundaries for security, accounting, ..
• The Internet: the interconnected set of networks of the Internet Service Providers (ISPs)• About 17,000 different networks
make up the Internet
Internet
9
Network Service Model
• What is the service model for inter-network?• Defines what promises that the network gives for any
transmission• Defines what type of failures to expect
• Ethernet/Internet: best-effort – packets can get lost, etc.
10
Possible Failure models
• Fail-stop:• When something goes wrong, the process stops / crashes /
etc.• Fail-slow or fail-stutter:
• Performance may vary on failures as well• Byzantine:
• Anything that can go wrong, will.• Including malicious entities taking over your computers and
making them do whatever they want.• These models are useful for proving things;• The real world typically has a bit of everything.
• Deciding which model to use is important!
11
What is Layering?
• Modular approach to network functionality• Example:
Link hardware
Host-to-host connectivity
Application-to-application channels
Application
12
IP Layering
• Relatively simple
Bridge/Switch Router/GatewayHost Host
Application
Transport
Network
Link
Physical
13
Protocol Demultiplexing
• Multiple choices at each layer
FTP HTTP TFTPNV
TCP UDP
IP
NET1 NET2 NETn…
TCP/UDPIPIPX
Port Number
Network
Protocol Field
Type Field
14
Goals [Clark88]
0 Connect existing networksinitially ARPANET and ARPA packet radio network
1.Survivabilityensure communication service even in the presence of
network and router failures
2.Support multiple types of services3. Must accommodate a variety of networks4. Allow distributed management5. Allow host attachment with a low level of effort6. Be cost effective7. Allow resource accountability
15
Goal 1: Survivability
• If network is disrupted and reconfigured…• Communicating entities should not care!• No higher-level state reconfiguration
• How to achieve such reliability?• Where can communication state be stored?
Network Host
Failure handing Replication “Fate sharing”
Net Engineering Tough Simple
Switches Maintain state Stateless
Host trust Less More16
CIDR IP Address Allocation
Provider is given 201.10.0.0/21
201.10.0.0/22 201.10.4.0/24 201.10.5.0/24 201.10.6.0/23
Provider
17
18
Ethernet Frame Structure (cont.)
• Addresses: • 6 bytes• Each adapter is given a globally unique address at
manufacturing time• Address space is allocated to manufacturers
• 24 bits identify manufacturer• E.g., 0:0:15:* 3com adapter
• Frame is received by all adapters on a LAN and dropped if address does not match
• Special addresses• Broadcast – FF:FF:FF:FF:FF:FF is “everybody”• Range of addresses allocated to multicast
• Adapter maintains list of multicast groups node is interested in
18
End-to-End Argument
• Deals with where to place functionality• Inside the network (in switching elements)• At the edges
• Argument• If you have to implement a function end-to-end anyway
(e.g., because it requires the knowledge and help of the end-point host or application), don’t implement it inside the communication system
• Unless there’s a compelling performance enhancement
• Key motivation for split of functionality between TCP,UDP and IP
Further Reading: “End-to-End Arguments in System Design.” Saltzer, Reed, and Clark. 19
User Datagram Protocol (UDP): An Analogy
Postal Mail• Single mailbox to receive
messages• Unreliable • Not necessarily in-order
delivery• Each letter is independent• Must address each reply
Example UDP applicationsMultimedia, voice over IP
UDP• Single socket to receive
messages• No guarantee of delivery• Not necessarily in-order
delivery• Datagram – independent
packets• Must address each packet
Postal Mail• Single mailbox to receive
letters• Unreliable • Not necessarily in-order
delivery• Letters sent independently
• Must address each letter
20
Transmission Control Protocol (TCP): An Analogy
TCP• Reliable – guarantee
delivery• Byte stream – in-order
delivery• Connection-oriented –
single socket per connection
• Setup connection followed by data transfer
Telephone Call• Guaranteed delivery• In-order delivery• Connection-oriented • Setup connection
followed by conversation
Example TCP applicationsWeb, Email, Telnet
21
Lecture 5 – Classical Synchronization
25
15-440 Distributed Systems
Classic synchronization primitives
• Basics of concurrency • Correctness (achieves Mutex, no deadlock, no livelock)• Efficiency, no spinlocks or wasted resources • Fairness
• Synchronization mechanisms • Semaphores (P() and V() operations) • Mutex (binary semaphore) • Condition Variables (allows a thread to sleep)
• Must be accompanied by a mutex • Wait and Signal operations
• Work through examples again + GO primitives
04/21/23 26
Lecture 6 – RPC
15-440 Distributed Systems
27
RPC Goals
• Ease of programming• Hide complexity • Automates task of implementing distributed
computation• Familiar model for programmers (just make a
function call)
Historical note: Seems obvious in retrospect, but RPC was only invented in the ‘80s. See Birrell & Nelson, “Implementing Remote Procedure Call” ... orBruce Nelson, Ph.D. Thesis, Carnegie Mellon University: Remote Procedure Call., 1981 :)
Passing Value Parameters (1)
• The steps involved in a doing a remote computation through RPC.
29
Stubs: obtaining transparency
• Compiler generates from API stubs for a procedure on the client and server
• Client stub • Marshals arguments into machine-independent format• Sends request to server• Waits for response• Unmarshals result and returns to caller
• Server stub• Unmarshals arguments and builds stack frame• Calls procedure• Server stub marshals results and sends reply
30
Real solution: break transparency
• Possible semantics for RPC:• Exactly-once
• Impossible in practice
• At least once: • Only for idempotent operations
• At most once• Zero, don’t know, or once
• Zero or once• Transactional semantics
31
Asynchronous RPC (3)
• A client and server interacting through two asynchronous RPCs.
32
Important Lessons
• Procedure calls• Simple way to pass control and data• Elegant transparent way to distribute application• Not only way…
• Hard to provide true transparency• Failures• Performance• Memory access• Etc.
• How to deal with hard problem give up and let programmer deal with it• “Worse is better”
33
Lecture 7,8 – Distributed File Systems
34
15-440 Distributed Systems
Why DFSs?
• Why Distributed File Systems: • Data sharing among multiple users
• User mobility
• Location transparency
• Backups and centralized management
• Examples: NFS (v1 – v4), AFS, CODA, LBFS
• Idea: Provide file system interfaces to remote FS’s• Challenge: heterogeneity, scale, security, concurrency,..
• Non-Challenges: AFS meant for campus community
• Virtual File Systems: pluggable file systems
• Use RPC’s
35
NFS vs AFS Goals
• AFS: Global distributed file system• “One AFS”, like “one Internet”• LARGE numbers of clients, servers (1000’s cache files)• Global namespace (organized as cells) => location transparency• Clients w/disks => cache, Write sharing rare, callbacks • Open-to-close consistency (session semantics)
• NFS: Very popular Network File System • NFSv4 meant for wide area • Naming: per-client view (/home/yuvraj/…)• Cache data in memory, not on disk, write through cache• Consistency model: buffer data (eventual, ~30seconds)• Requires significant resounces as users scale
36
DFS Important bits (1)
• Distributed filesystems almost always involve a tradeoff: consistency, performance, scalability.
• We’ve learned a lot since NFS and AFS (and can implement faster, etc.), but the general lesson holds. Especially in the wide-area.
• We’ll see a related tradeoff, also involving consistency, in a while: the CAP tradeoff. Consistency, Availability, Partition-resilience.
DFS Important Bits (2)
• Client-side caching is a fundamental technique to improve scalability and performance• But raises important questions of cache consistency
• Timeouts and callbacks are common methods for providing (some forms of) consistency.
• AFS picked close-to-open consistency as a good balance of usability (the model seems intuitive to users), performance, etc.• AFS authors argued that apps with highly concurrent,
shared access, like databases, needed a different model
Coda Summary
• Distributed File System built for mobility• Disconnected operation key idea
• Puts scalability and availability beforedata consistency• Unlike NFS
• Assumes that inconsistent updates are very infrequent
• Introduced disconnected operation mode and file hoarding and the idea of “reintegration”
40
Low Bandwidth File SystemKey Ideas
• A network file systems for slow or wide-area networks
• Exploits similarities between files • Avoids sending data that can be found in the server’s
file system or the client’s cache• Uses RABIN fingerprints on file content (file chunks)
• Can deal with byte offsets when part of file change
• Also uses conventional compression and caching• Requires 90% less bandwidth than traditional
network file systems
41
Lecture 9 – Time Synchronization
42
15-440 Distributed Systems
Impact of Clock Synchronization
• When each machine has its own clock, an event that occurred after another event may nevertheless be assigned an earlier time.
43
Clocks in a Distributed System
• Computer clocks are not generally in perfect agreement• Skew: the difference between the times on two clocks (at any instant)
• Computer clocks are subject to clock drift (they count time at different rates)• Clock drift rate: the difference per unit of time from some ideal reference
clock • Ordinary quartz clocks drift by about 1 sec in 11-12 days. (10-6 secs/sec).• High precision quartz clocks drift rate is about 10-7 or 10-8 secs/sec
44
Perfect networks
• Messages always arrive, with propagation delay exactly d
• Sender sends time T in a message• Receiver sets clock to T+d
• Synchronization is exact
Cristian’s Time Sync
mr
mt
pTime server,S
• A time server S receives signals from a UTC source• Process p requests time in mr and receives t in mt from S• p sets its clock to t + RTT/2
• Accuracy ± (RTT/2 - min) :• because the earliest time S puts t in message mt is min after p sent mr. • the latest time was min before mt arrived at p• the time by S’s clock when mt arrives is in the range [t+min, t + RTT - min]
Tround is the round trip time recorded by pmin is an estimated minimum round trip time
46
Berkeley algorithm
• Cristian’s algorithm - • a single time server might fail, so they suggest the use of a group of
synchronized servers• it does not deal with faulty servers
• Berkeley algorithm (also 1989)• An algorithm for internal synchronization of a group of computers• A master polls to collect clock values from the others (slaves)• The master uses round trip times to estimate the slaves’ clock values• It takes an average (eliminating any above average round trip time or with
faulty clocks)• It sends the required adjustment to the slaves (better than sending the
time which depends on the round trip time)• Measurements
• 15 computers, clock synchronization 20-25 millisecs drift rate < 2x10-5
• If master fails, can elect a new master to take over (not in bounded time)
•47
NTP Protocol
• All modes use UDP• Each message bears timestamps of recent events:
• Local times of Send and Receive of previous message• Local times of Send of current message
• Recipient notes the time of receipt T3 (we have T0, T1, T2, T3)
48
T3
T2T1
T0
Server
Client
Time
m m'
Time
Logical time and logical clocks (Lamport 1978)
• Instead of synchronizing clocks, event ordering can be used
1. If two events occurred at the same process pi (i = 1, 2, … N) then they occurred in the order observed by pi, that is the definition of: “ i”
2. when a message, m is sent between two processes, send(m) happens before receive(m)
3. The happened before relation is transitive
• The happened before relation is the relation of causal ordering49
Total-order Lamport clocks
• Many systems require a total-ordering of events, not a partial-ordering
• Use Lamport’s algorithm, but break ties using the process ID• L(e) = M * Li(e) + i
• M = maximum number of processes• i = process ID
Vector Clocks
• Note that e e’ implies V(e)<V(e’). The converse is also true
• Can you see a pair of parallel events?• c || e (parallel) because neither V(c) <= V(e) nor V(e) <= V(c)
51
Lecture 10 – Mutual Exclusion
15-440 Distributed Systems
Example: Totally-Ordered Multicasting
• San Fran customer adds $100, NY bank adds 1% interest• San Fran will have $1,111 and NY will have $1,110
• Updating a replicated database and leaving it in an inconsistent state.
• Can use Lamport’s to totally order55
(San Francisco) (New York)
(+$100) (+1%)
Mutual ExclusionA Centralized Algorithm (1)
@ Client Acquire: Send (Request, i) to coordinator Wait for reply
@ Server:while true:
m = Receive()
If m == (Request, i):If Available():
Send (Grant) to i
56
Distributed Algorithm Strawman
• Assume that there are n coordinators• Access requires a majority vote from m > n/2
coordinators. • A coordinator always responds immediately to a
request with GRANT or DENY
• Node failures are still a problem• Large numbers of nodes requesting access can
affect availability
57
A Distributed Algorithm 2(Lamport Mutual Exclusion)
• Every process maintains a queue of pending requests for entering critical section in order. The queues are ordered by virtual time stamps derived from Lamport timestamps• For any events e, e' such that e --> e' (causality ordering), T(e) <
T(e')• For any distinct events e, e', T(e) != T(e')
• When node i wants to enter C.S., it sends time-stamped request to all other nodes (including itself) • Wait for replies from all other nodes.• If own request is at the head of its queue and all replies have been
received, enter C.S.• Upon exiting C.S., remove its request from the queue and send a
release message to every process.
58
A Distributed Algorithm 3(Ricart & Agrawala)
• Also relies on Lamport totally ordered clocks.
• When node i wants to enter C.S., it sends time-stamped request to all other nodes. These other nodes reply (eventually). When i receives n-1 replies, then can enter C.S.
• Trick: Node j having earlier request doesn't reply to i until after it has completed its C.S.
59
A Token Ring Algorithm
• Organize the processes involved into a logical ring• One token at any time passed from node to
node along ring
60
A Token Ring Algorithm
• Correctness:• Clearly safe: Only one process can hold token
• Fairness: • Will pass around ring at most once before getting
access.
• Performance:• Each cycle requires between 1 - ∞ messages• Latency of protocol between 0 & n-1
• Issues• Lost token
61
Summary
• Lamport algorithm demonstrates how distributed processes can maintain consistent replicas of a data structure (the priority queue).
• Ricart & Agrawala's algorithms demonstrate utility of logical clocks.
• Centralized & ring based algorithms much lower message counts
• None of these algorithms can tolerate failed processes or dropped messages.
62
Lecture 11 – Concurrency, Transactions
63
15-440 Distributed Systems
Distributed Concurrency Management
• Multiple-Objects, Multiple Servers. Ignore Failure• Single Server: Transactions (RD/WR to Global State)• ACID: Atomicity, Consistency, Isolation, Durability • Learn what these mean in the context of transactions• E.g. banking app => ACID is violated if not careful• Solutions: 2-phase locking (General, strict, strong strict)
• Deadling with deadlocks => build “waits-for” graph• Transactions: 2 phases (prep, commit/abort)
• Preparation: generate Lock Set “L”, Updates “U”
• COMMIT (updated global state), ABORT (leave state as is)
• Example using banking app
04/21/23 64
Distributed Transactions – 2PC
• Similar idea as before, but: • State spread across servers (maybe even WAN)
• Want to enable single transactions to read and update global state while maintaining ACID properties
• Overall Idea: • Client initiate transaction. Makes use of “co-ordinator”
• All other relevant servers operate as “participants”
• Co-ordinator assigns unique transaction ID (TID)
• 2 Phase-Commit • Prepare & Vote (client determine states, talk to Coord.)
• Commit/Abort Phase (co-ordinator boardcast to clients)
65
Lecture 12 – Logging and Crash Recovery
66
15-440 Distributed Systems
Summary – Fault Tolerance
• Real Systems (are often unreliable) • Introduced basic concepts for Fault Tolerant Systems
including redundancy, process resilience, RPC
• Fault Tolerance – Backward recovery using checkpointing, both Independent and coordinated
• Fault Tolerance –Recovery using Write-Ahead-Logging, balances the overhead of checkpointing and ability to recover to a consistent state
67
Dependability Concepts
• Availability – the system is ready to be used immediately.
• Reliability – the system runs continuously without failure.
• Safety – if a system fails, nothing catastrophic will happen. (e.g. process control systems)
• Maintainability – when a system fails, it can be repaired easily and quickly (sometimes, without its users noticing the failure). (also called Recovery)
• What’s a failure? : System that cannot meet its goals => faults• Faults can be: Transient, Intermittent, Permanent
Masking Failures by Redundancy
• Strategy: hide the occurrence of failure from other processes using redundancy.
1. Information Redundancy – add extra bits to allow for error detection/recovery (e.g., Hamming codes and the like).
2. Time Redundancy – perform operation and, if needs be, perform it again. Think about how transactions work (BEGIN/END/COMMIT/ABORT).
3. Physical Redundancy – add extra (duplicate) hardware and/or software to the system.
Recovery Strategies
• When a failure occurs, we need to bring the system into an error free state (recovery). This is fundamental to Fault Tolerance.
1. Backward Recovery: return the system to some previous correct state (using checkpoints), then continue executing.
-- Can be expensive, however still used
2. Forward Recovery: bring the system into a correct new state, from which it can then continue to execute.
-- Need to know potential errors up front!
Independent Checkpointing
The domino effect – Cascaded rollback
P2 crashes, roll back, but 2 checkpoints inconsistent (P2 shows m received, but P1 does not show m sent)
Solution? Co-ordinated checkpointing
Shadow Paging Vs WAL
• Shadow Pages• Provide Atomicity and Durability, “page” = unit of storage• Idea: When writing a page, make a “shadow” copy
• No references from other pages, edit easily!
• ABORT: discard shadow page • COMMIT: Make shadow page “real”. Update pointers to
data on this page from other pages (recursive). Can be done atomically
72
Shadow Paging vs WAL
• Write-Ahead-Logging • Provide Atomicity and Durability• Idea: create a log recording every update to database • Updates considered reliable when stored on disk• Updated versions are kept in memory (page cache) • Logs typically store both REDO and UNDO operations• After a crash, recover by replaying log entries to
reconstruct correct state • 3 Passes: (Analysis Pass, recovery pass, Undo Pass) • WAL is more common, fewer disk operations,
transactions considered committed once log written.
73
Lecture 13 – Errors and Failures
15-440 Distributed Systems
Measuring Availability
• Mean time to failure (MTTF)• Mean time to repair (MTTR)• MTBF = MTTF + MTTR
• Availability = MTTF / (MTTF + MTTR)• Suppose OS crashes once per month, takes 10min to
reboot. • MTTF = 720 hours = 43,200 minutes
MTTR = 10 minutes• Availability = 43200 / 43210 = 0.997 (~“3 nines”)
75
Disk failure conditional probability distribution - Bathtub curve
Expected operating lifetime
1 / (reported MTTF)
Infantmortality
Burn out
76
Parity Checking
Single Bit Parity:Detect single bit errors
77
Block Error Detection
• EDC= Error Detection and Correction bits (redundancy)• D = Data protected by error checking, may include header fields • Error detection not 100% reliable!
• Protocol may miss some errors, but rarely• Larger EDC field yields better detection and correction
78
Error Detection – Cyclic Redundancy Check (CRC)
• Polynomial code• Treat packet bits a coefficients of n-bit polynomial• Choose r+1 bit generator polynomial (well known –
chosen in advance)• Add r bits to packet such that message is divisible by
generator polynomial
• Better loss detection properties than checksums• Cyclic codes have favorable properties in that they are
well suited for detecting burst errors• Therefore, used on networks/hard drives
79
Error Recovery
• Two forms of error recovery• Redundancy
• Error Correcting Codes (ECC)• Replication/Voting
• Retry
• ECC• Keep encoded redundant data to help repair losses• Forward Error Correction (FEC) – send bits in advance
• Reduces latency of recovery at the cost of bandwidth
80
Summary
• Definition of MTTF/MTBF/MTTR: Understanding availability in systems.
• Failure detection and fault masking techniques• Engineering tradeoff: Cost of failures vs. cost of
failure masking.• At what level of system to mask failures?• Leading into replication as a general strategy for fault
tolerance
• Thought to leave you with:• What if you have to survive the failure of entire
computers? Of a rack? Of a datacenter?
81
81
Lecture 14 – RAID
Thanks to Greg Ganger and Remzi Arapaci-Dusseau for slides
15-440 Distributed Systems
Just a bunch of disks (JBOD)
• Yes, it’s a goofy name• industry really does sell “JBOD enclosures”
83
Disk Striping
• Interleave data across multiple disks • Large file streaming can enjoy parallel transfers • High throughput requests can enjoy thorough load
balancing• If blocks of hot files equally likely on all disks (really?)
84
Redundancy via replicas
• Two (or more) copies• mirroring, shadowing, duplexing, etc.
• Write both, read either
85
Simplest approach: Parity Disk
• Capacity: one extra disk needed per stripe
86
Updating and using the parity
87
Solution: Striping the Parity
• Removes parity disk bottleneck
88
RAID Taxonomy
• Redundant Array of Inexpensive Independent Disks• Constructed by UC-Berkeley researchers in late 80s (Garth)
• RAID 0 – Coarse-grained Striping with no redundancy • RAID 1 – Mirroring of independent disks • RAID 2 – Fine-grained data striping plus Hamming code disks
• Uses Hamming codes to detect and correct multiple errors • Originally implemented when drives didn’t always detect errors • Not used in real systems
• RAID 3 – Fine-grained data striping plus parity disk • RAID 4 – Coarse-grained data striping plus parity disk • RAID 5 – Coarse-grained data striping plus striped parity
89
How often are failures?
• MTBF (Mean Time Between Failures)• MTBFdisk ~ 1,200,00 hours (~136 years, <1% per year)
• MTBFmutli-disk system = mean time to first disk failure • which is MTBFdisk / (number of disks) • For a striped array of 200 drives• MTBFarray = 136 years / 200 drives = 0.65 years
90
Rebuild: restoring redundancy after failure
• After a drive failure • data is still available for access • but, a second failure is BAD
• So, should reconstruct the data onto a new drive • on-line spares are common features of high-end disk arrays
• reduce time to start rebuild
• must balance rebuild rate with foreground performance impact • a performance vs. reliability trade-offs
• How data is reconstructed • Mirroring: just read good copy • Parity: read all remaining drives (including parity) and compute
91
Conclusions
• RAID turns multiple disks into a larger, faster, more reliable disk
• RAID-0: StripingGood when performance and capacity really matter, but reliability doesn’t
• RAID-1: MirroringGood when reliability and write performance matter, but capacity (cost) doesn’t
• RAID-5: Rotating ParityGood when capacity and cost matter or workload is read-mostly• Good compromise choice