Brewer’s Conjecture and the Feasibility of Consistent, Available,

Partition-Tolerant Web ServicesAuthored by: Seth Gilbert

and Nancy LynchPresented by: Karl Smith

CAP Consistency Availability Partition-Tolerance

Three desirable, and expected properties of real-world services

Brewer states that it is impossible to guarantee all three

Introduction

Most web services attempt to provide strongly consistent data

Most use ACID databases Atomic Consistent Isolated Durable

Web services also need fault-tolerance Handle crashing nodes, and network partitioning

ACID

Formal Model

Data should maintain atomic consistency There must exist a total order on all

operations such that each operation looks as if it were completed at a single instant

This is not the same as the Atomic requirement in ACID

Atomic Data Objects

Every request received by a non-failing node in the system must result in a response

No time requirement Difficult because even in severe network

failures, every request must terminate Brewer originally only required almost all

requests get a response, this has been simplified to all

Available Data Objects

When the network is partitioned all messages sent from nodes in one partition to nodes in another partition are lost

This causes the difficulty because Every response must be atomic even though

arbitrary messages might not be delivered Every node must respond even though arbitrary

messages may be lost No failure other then total network failure is

allowed to cause incorrect responses

Partition Tolerance

Asynchronous Networks There is no clock Nodes must make decisions based only on

messages received and local computation Partially Synchronous Networks

Each system has a clock Clocks increase at the same rate Clocks my not be synchronized

Different Networks

It is impossible to provide the following in all fair executions (included those in which messages are lost) Availability Atomic Consistency

Proven by contradiction

Asynchronous Network Impossible

Let the system be made of two nodes(G1,G2) that are partitioned separately such that all messages between G1 and G2 are lost

If a write occurs on G1, then later a read occurs on G2, G2 cannot return the data written as a result of the write to G1

Impossible Proof

No solution exists to meet all three requirements, but any two can be accommodated

Partial Solutions

Ignore all requests Alternate solution: each data object is hosted

on a single node and all actions involving that object are forwarded to the node hosting the object

Atomic & Partition Tolerant

If no partitions occur it is clearly possible to provided atomic, available data

Systems that run on intranets and LANs are an example of these algorithms

Atomic & Available

The service can return the initial value for all requests

The system can provide weakened consistency, this is similar to web caches

Available & Partition Tolerant

It is impossible to provide the following in all fair executions (included those in which messages are lost) Availability Atomic Consistency

Proven by contradiction (This is very similar to the synchronous slide)

Partially Synchronous NetworkStill Impossible

Let the system be made of two nodes(G1,G2) that are partitioned separately such that all messages between G1 and G2 are lost

If a write occurs on G1, then later a read occurs on G2, G2 cannot return the data written as a result of the write to G1

(This seems familiar)

Impossible Proof

By allowing stale data to be returned when messages are lost it is possible to maintain a weaker consistency

Delayed-t consistency- there is an atomic order for operations only if there was an interval between the operations in which all messages were delivered

Weaker Consistency Conditions

1. P is a partial order that orders all write operations, and orders all read operations with respect to the write operations.

2. The value returned by every read operation is exactly the one written by the previous write operation in P (or the initial value, if there is no such previous write in P).

3. The order in P is consistent with the order of read and write requests submitted at each node.

4. (Atomicity) If all messages in the execution are delivered, and an operation θ completes before an operation Φ begins, then Φ does not precede θ in the partial order P,

5. (Weakly Consistent) Assume there exists an interval of time longer than t in which no messages are lost. Further, assume an operation, θ, completes before the interval begins, and another operation, Φ, begins after the interval ends. Then Φ does not precede θ in the partial order

Definition

1. A sends a request to C for the most recent value.

2. If A receives a response from C, save the value and send it to the client.

3. If A concludes that a message was lost (i.e. a timeout occurs), then return the value with the highest sequence number received from C (see below), or the initial-value (if no value has yet been received from C).

Read

1. A sends a message to C with the new value.2. If A receives an acknowledgement from C, then A

sends an acknowledgement to the client, and stops.3. If A concludes a message was lost (i.e. a timeout

occurs), then A sends an acknowledgement to the client.

4. If A has not yet received an acknowledgement from C, then A sends a message to C with the new value.

5. If A concludes a message was lost (i.e. a timeout occurs), A repeats step 4 within t − 4 * t timeout seconds.

Write

1. C increments its sequence number by 1.2. C sends out the new value and the sequence

number to every node.3. If C concludes a message was lost (i.e. a

timeout occurs), then C resends the value and sequence number to the missing node within time t − 2 * t timeout seconds.

4. Repeat step 3 until every node has acknowledged the value.

New Value

Proved that CAP is impossible to provide Any two properties can be maintained It is possible to achieve a compromise

between consistency and availability in a partially synchronous network

Conclusion