Skip to main content
QUICK REVIEW

[论文解读] Building on Quicksand

Pat Helland, David G. Campbell|ArXiv.org|Sep 9, 2009
Distributed systems and fault tolerance参考文献 14被引用 36
一句话总结

本文提出了一种通过在大规模组件故障面前接受最终一致性和概率性保证来构建高可用分布式系统的模型。通过将主系统确认与备份同步解耦,该模型在牺牲临时不一致性的代价下实现了低延迟响应,要求应用程序通过幂等操作和状态协调来处理最终一致性。

ABSTRACT

Reliable systems have always been built out of unreliable components. Early on, the reliable components were small such as mirrored disks or ECC (Error Correcting Codes) in core memory. These systems were designed such that failures of these small components were transparent to the application. Later, the size of the unreliable components grew larger and semantic challenges crept into the application when failures occurred. As the granularity of the unreliable component grows, the latency to communicate with a backup becomes unpalatable. This leads to a more relaxed model for fault tolerance. The primary system will acknowledge the work request and its actions without waiting to ensure that the backup is notified of the work. This improves the responsiveness of the system. There are two implications of asynchronous state capture: 1) Everything promised by the primary is probabilistic. There is always a chance that an untimely failure shortly after the promise results in a backup proceeding without knowledge of the commitment. Hence, nothing is guaranteed! 2) Applications must ensure eventual consistency. Since work may be stuck in the primary after a failure and reappear later, the processing order for work cannot be guaranteed. Platform designers are struggling to make this easier for their applications. Emerging patterns of eventual consistency and probabilistic execution may soon yield a way for applications to express requirements for a "looser" form of consistency while providing availability in the face of ever larger failures. This paper recounts portions of the evolution of these trends, attempts to show the patterns that span these changes, and talks about future directions as we continue to "build on quicksand".

研究动机与目标

  • 解决大规模分布式系统中因同步备份通信导致的系统延迟增长问题。
  • 提出从强一致性向最终一致性转变,作为现代分布式系统中容错的可行模型。
  • 通过允许主系统在确认备份复制之前即响应请求,提升系统可用性和响应能力。
  • 为平台设计者和应用开发人员提供指导,以表达和管理更宽松的一致性需求。
  • 识别并形式化在不可靠环境中概率性执行和状态管理的新兴模式。

提出的方法

  • 引入异步状态捕获模型,即主系统在确保备份复制之前即确认请求。
  • 依赖概率性保证:若备份未收到通知,主系统做出的承诺无法保证在故障后存活。
  • 通过幂等操作和状态协调,确保在请求重排序或重复时仍能实现最终一致性。
  • 设计系统以容忍在承诺做出后短时间内发生的故障,假设此类故障发生概率较低。
  • 利用应用层逻辑检测并解决不一致问题,而非依赖同步协调。
  • 通过设计原则隐式采用版本向量和无冲突复制数据类型(CRDTs)等模式。

实验结果

研究问题

  • RQ1当同步备份通信引入不可接受的延迟时,如何提升系统响应能力?
  • RQ2在分布式系统中,将请求确认与备份复制解耦会产生何种影响?
  • RQ3应用程序如何在概率性保证和故障后潜在数据丢失的情况下确保正确性和一致性?
  • RQ4哪些架构模式能够使在本质上不可靠的组件上构建可信赖系统成为可能,且可扩展?
  • RQ5平台如何暴露抽象机制,使开发者能够管理并预测最终一致性?

主要发现

  • 异步状态捕获显著提升了系统响应能力,消除了等待备份确认的时间。
  • 该模型引入了概率性保证:尽管没有任何承诺是完全保证的,但失败概率低且可管理。
  • 应用程序必须设计为能够处理最终一致性,包括幂等操作和故障后的状态协调。
  • 从强一致性向最终一致性的转变,使大规模分布式系统具备更高的可用性和可扩展性。
  • 幂等性与冲突解决等新兴模式对于在不可靠组件上构建可靠系统至关重要。
  • 本文识别出一种范式转变:系统必须从设计上构建在‘流沙’——即不稳定的基石之上,而非偶然。

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。