Professional Documents
Culture Documents
Coordination and Agreement
Coordination and Agreement
Overview
We start by addressing the question of why process need to coordinate their actions
and agree on values in various scenarios.
A correct process "is one that exhibits no failures at any point in the execution
under consideration." If a process fails, it can fail in one of two ways: a crash
failure or a byzantine failure. A crash failure implies that a node stops working and
does not respond to any messages. A byzantine failure implies that a node exhibits
arbitrary behavior. For example, it may continue to function but send incorrect
values.
Failure Detection
This seems ok if there are no failures. What happens if a failure occurs? In this
case, q will not send a message. In a synchronous system, p waits for d seconds
(where d is the maximum delay in message delivery) and if it does not hear
from q then it knows that q has failed. In an asynchronous system, q can be
suspected of failure after a timeout, but there is no guarantee that a failure has
occurred.
Mutual Exclusion
The first set of coordination algorithms we'll consider deal with mutual exclusion.
How can we ensure that two (or more) processes do not access a shared resource
simultaneously? This problem comes up in the OS domain and is addressed by
negotiating with shared objects (locks). In a distributed system, nodes must
negotiate via message passing.
Central Server
The first algorithm uses a central server to manage access to the shared resource.
To enter a critical section, a process sends a request to the server. The server
behaves as follows:
If no one is in a critical section, the server returns a token. When the process
exits the critical section, the token is returned to the server.
If someone already has the token, the request is queued.
Token Ring
The token ring algorithm arranges processes in a logical ring. A token is passed
clockwise around the ring. When a process receives the token it can enter its
critical section. If it does not need to enter a critical section, it immediately passes
the token to the next process.
This algorithm also achieves safety and liveness, but not ordering, in the case when
no failures occur. However, a significant amount of bandwidth is used because the
token is passed continuously even when no process needs to enter a CS.
Each process has a unique identifier and maintains a logical clock. A process can
be in one of three states: released, waiting, or held. When a process wants to enter
a CS it does the following:
None of the algorithms discussed are appropriate for a system in which failures
may occur. In order to handle this situation, we would need to first detect that a
failure has occurred and then reorganize the processes (e.g., form a new token ring)
and reinitialize appropriate state (e.g., create a new token).
Election
An election algorithm determines which process will play the role of coordinator
or server. All processes need to agree on the selected process. Any process can
start an election, for example if it notices that the previous coordinator has failed.
The requirements of an election algorithm are as follows:
Safety: Only one process is chosen -- the one with the largest identifying
value. The value could be load, uptime, a random number, etc.
Liveness: All process eventually choose a winner or crash.
Ring-based
Processes are arranged in a logical ring. A process starts an election by placing its
ID and value in a message and sending the message to its neighbor. When a
message is received, a process does the following:
If the value is greater that its own, it saves the ID and forwards the value to
its neighbor.
Else if its own value is greater and the it has not yet participated in the
election, it replaces the ID with its own, the value with its own, and
forwards the message.
Else if it has already participated it discards the message.
If a process receives its own ID and value, it knows it has been elected. It
then sends an elected message to its neighbor.
When an elected message is received, it is forwarded to the next neighbor.
Safety is guaranteed - only one value can be largest and make it all the way
through the ring. Liveness is guaranteed if there are no failures. However, the
algorithm does not work if there are failures.
Bully
The bully algorithm can deal with crash failures, but not communication failures.
When a process notices that the coordinator has failed, it sends an election message
to all higher-numbered processes. If no one replies, it declares itself the coordinator
and sends a new coordinator message to all processes. If someone replies, it does
nothing else. When a process receives an election message from a lower-numbered
process it returns a reply and starts an election. This algorithm guarantees safety
and liveness and can deal with crash failures.
Consensus
All of the previous algorithms are examples of the consensus problem: how can we
get all processes to agree on a state? Here, we look at when the consensus problem
is solvable.
The system model considers a collection of processes p i (i = 1, 2, ..., N).
Communication is reliable, but processes may fail. Failures may be crash failures
or byzantine failures.
We can solve Byzantine Generals in a synchronous system as long as less than 1/3
of the processes fail. The commander sends the command to all of the generals and
each general sends the command to all other generals. If each correct process
chooses the majority of all commands, the requirements are met. Note that the
requirements do not specify that the processes must detect that the commander is
fault.
Masking faults - Hide failures by using persistent storage to store state and
restarting processes when they crash.
Failure detectors - Treat an unresponsive process (that may still be alive) as
failed.
Randomization - Use randomized behavior to confuse byzantine processes.
Sami Rollins
Date: 2008-01-24