Paper Summary: Perspectives On The Cap Theorem
This is a 2012 brusk newspaper past times Seth Gilbert together with Nancy Lynch that appeared inward a exceptional number commemorating the twelfth anniversary of the CAP theorem. Gilbert together with Lynch larn to write inward this exceptional number because they were the ones to laid about seat out a proof the CAP conjecture seat forwards past times Eric Brewer inward PODC 2000 keynote.
In this paper, Gilbert together with Lynch aim to situate the CAP theorem inward the broader context of a identify unit of measurement of results inward distributed computing theory that shows impossibility of guaranteeing both safety and liveness in an unreliable distributed system. The impossibility results surveyed inward relation to CAP job concern slightly unlike problems together with slightly unlike mistake models. While it is slow to confuse CAP amongst those results on a superficial look, on a closer inspection nosotros run into that the results are all distinct together with none subsume CAP.
Consistency: The organisation provides its clients amongst a unmarried register (emulated by
multiple storage nodes), together with each customer tin read or write from that register.
Availability: Each asking for read or write eventually receives a response.
The FLP (Fisher-Lynch-Patterson) together with the attacking generals impossibility results consider the consensus problem. The specifications for consensus are every bit follows. (The laid about 2 are security properties, the final i a liveness property.)
Agreement: No 2 procedure tin commit unlike decisions.
Validity (Non-triviality): If all initial values are same, nodes must commit
that value.
Termination: Nodes commit eventually.
So hither is the divergence betwixt consensus together with atomic storage. Consensus is supposed to dutifully hollo upward a value that is anchored (stored past times a bulk number of nodes). Consensus is loyal to making that value persist every bit the committed decision. Atomic storage doesn't possess got that responsibility. The nodes don't take away to commit to a determination value, therefore the organisation doesn't take away to proceed rail of together with hollo upward whether a value is anchored. The atomic storage organisation every bit whole accepts novel writes every bit long every bit the reads don't render results that betray the unmarried register (i.e., single-copy) abstraction.
And what is the implication of this difference? FLP number declares that fifty-fifty nether reliable channels assumption, consensus is impossible to solve inward an asynchronous organisation amongst node crash failures. For example, Paxos loses liveness because it tin non converge to a unmarried leader inward an asynchronous model. Did the electrical flow leader crash? The failure detector cannot endure accurate. If the failure detector incorrectly says that the leader (who is supposed to ensure together with hollo upward that a value is anchored) is non crashed, liveness is violated since nodes proceed waiting on a failed leader. If failure detector incorrectly says that the leader is crashed, together with then y'all possess got multiple leaders, together with liveness is violated because of multiple leaders dueling amongst forever escalating ballot numbers to larn the bulk to convey their proposal.
On the other hand, since the atomic storage job doesn't assist most remembering whether a value is anchored, it is oblivious to the dueling leaders clients, together with every bit such it is solvable for crashes of upward to one-half of the nodes amongst the FLP model (i.e., amongst reliable channels inward an asynchronous system). I had blogged most the Attiya, Bar-Noy, Dolev (ABD) algorithm that achieves this feat.
Now that nosotros know atomic storage job is solvable amongst reliable channels amongst upward to minority crashes, what tin nosotros state most the atomic storage inward the presence of unreliable channels? That is covered past times the CAP theorem's mistake model, which nosotros hash out next.
Above I had introduced the FLP mistake model when discussing solvability of consensus versus atomic storage inward the FLP model. FLP mistake model assumes reliable channels, asynchronous system, crash failure. Of course, past times assuming reliable channels, y'all don't larn reliable channels inward your deployment. That is only wishful thinking. But since the attacking generals impossibility number proved that consensus is non achivable inward the presence of unreliability channels, FLP had to consider reliable channels. Even then, nosotros possess got disappointment; consensus is likewise impossible inward the FLP model.
CAP does something courageous together with considers unreliable channels i time to a greater extent than (as inward the attacking generals mistake model) inward its mistake model. Since CAP is concerned amongst the atomic storage problem, which is a slightly easier job than consensus, the attacking generals impossibility number does non subsume the CAP result.
CAP number says that atomic storage job is likewise impossible to solve nether unreliable channels.
Recall that ABD solved the atomic storage job inward the FLP model. If nosotros motion to the CAP mistake model together with permit partitions, nosotros respect from the ABD algorithm that it blocks (loses availability) for a read or write asking that arrives to a node inward a minority partition. Just every bit the CAP says, either consistency or availability has to give.
Here is the proof sketch verbatim from Gilbert-Lynch paper.
Similar to the attacking generals result, the CAP number is oblivious to whether the organisation is synchronous or asynchronous, together with holds inward both cases.
What if nosotros quantify together with restrict the unreliability of the channels to to a greater extent than realistic scenarios. Can nosotros examine to a greater extent than refined versions of CAP? What would endure the consistency degree a organisation tin supply if the organisation model allows eventual message arrival? A recent technical study from University of Texas Austin, "Consistency availability convergence" paper, looks at that problem. We volition hash out that newspaper side past times side inward our distributed systems seminar.
The Gilbert-Lynch newspaper likewise mentions the scalability problems caused due to trying to enforce consistency, but leaves that give-and-take every bit futurity work. PACELC model past times Daniel Abadi provides a to a greater extent than detailed explanation for Low-latency versus Consistency tradeoffs inward the absence of partitions.
In this paper, Gilbert together with Lynch aim to situate the CAP theorem inward the broader context of a identify unit of measurement of results inward distributed computing theory that shows impossibility of guaranteeing both safety and liveness in an unreliable distributed system. The impossibility results surveyed inward relation to CAP job concern slightly unlike problems together with slightly unlike mistake models. While it is slow to confuse CAP amongst those results on a superficial look, on a closer inspection nosotros run into that the results are all distinct together with none subsume CAP.
The CAP problem
The CAP theorem does NOT consider the consensus problem, but considers an easier problem: the atomic read/write register (aka atomic storage) problem. Atomic agency that the organisation provides linearizability, a rigid type of single-copy consistency that guarantees that a read returns the most recent version of data. The specifications of this job are every bit follows. (The laid about is the security property, the mo i liveness.)Consistency: The organisation provides its clients amongst a unmarried register (emulated by
multiple storage nodes), together with each customer tin read or write from that register.
Availability: Each asking for read or write eventually receives a response.
The FLP (Fisher-Lynch-Patterson) together with the attacking generals impossibility results consider the consensus problem. The specifications for consensus are every bit follows. (The laid about 2 are security properties, the final i a liveness property.)
Agreement: No 2 procedure tin commit unlike decisions.
Validity (Non-triviality): If all initial values are same, nodes must commit
that value.
Termination: Nodes commit eventually.
So hither is the divergence betwixt consensus together with atomic storage. Consensus is supposed to dutifully hollo upward a value that is anchored (stored past times a bulk number of nodes). Consensus is loyal to making that value persist every bit the committed decision. Atomic storage doesn't possess got that responsibility. The nodes don't take away to commit to a determination value, therefore the organisation doesn't take away to proceed rail of together with hollo upward whether a value is anchored. The atomic storage organisation every bit whole accepts novel writes every bit long every bit the reads don't render results that betray the unmarried register (i.e., single-copy) abstraction.
And what is the implication of this difference? FLP number declares that fifty-fifty nether reliable channels assumption, consensus is impossible to solve inward an asynchronous organisation amongst node crash failures. For example, Paxos loses liveness because it tin non converge to a unmarried leader inward an asynchronous model. Did the electrical flow leader crash? The failure detector cannot endure accurate. If the failure detector incorrectly says that the leader (who is supposed to ensure together with hollo upward that a value is anchored) is non crashed, liveness is violated since nodes proceed waiting on a failed leader. If failure detector incorrectly says that the leader is crashed, together with then y'all possess got multiple leaders, together with liveness is violated because of multiple leaders dueling amongst forever escalating ballot numbers to larn the bulk to convey their proposal.
On the other hand, since the atomic storage job doesn't assist most remembering whether a value is anchored, it is oblivious to the dueling
Now that nosotros know atomic storage job is solvable amongst reliable channels amongst upward to minority crashes, what tin nosotros state most the atomic storage inward the presence of unreliable channels? That is covered past times the CAP theorem's mistake model, which nosotros hash out next.
The CAP mistake model
We discussed the specifications of the problems considered past times CAP, FLP, together with attacking generals, but nosotros omitted to speak most only about other of import work of the organisation specification, the unreliability/fault model.Above I had introduced the FLP mistake model when discussing solvability of consensus versus atomic storage inward the FLP model. FLP mistake model assumes reliable channels, asynchronous system, crash failure. Of course, past times assuming reliable channels, y'all don't larn reliable channels inward your deployment. That is only wishful thinking. But since the attacking generals impossibility number proved that consensus is non achivable inward the presence of unreliability channels, FLP had to consider reliable channels. Even then, nosotros possess got disappointment; consensus is likewise impossible inward the FLP model.
CAP does something courageous together with considers unreliable channels i time to a greater extent than (as inward the attacking generals mistake model) inward its mistake model. Since CAP is concerned amongst the atomic storage problem, which is a slightly easier job than consensus, the attacking generals impossibility number does non subsume the CAP result.
CAP number says that atomic storage job is likewise impossible to solve nether unreliable channels.
Recall that ABD solved the atomic storage job inward the FLP model. If nosotros motion to the CAP mistake model together with permit partitions, nosotros respect from the ABD algorithm that it blocks (loses availability) for a read or write asking that arrives to a node inward a minority partition. Just every bit the CAP says, either consistency or availability has to give.
Here is the proof sketch verbatim from Gilbert-Lynch paper.
Similar to the attacking generals result, the CAP number is oblivious to whether the organisation is synchronous or asynchronous, together with holds inward both cases.
What is remaining?
Observe from the CAP proof sketch that the CAP mistake model is really rough. When it says unreliable channels, it allows y'all to assume the worst instance (i.e., no message makes it through at all), together with examine the impossibility number for that worst case.What if nosotros quantify together with restrict the unreliability of the channels to to a greater extent than realistic scenarios. Can nosotros examine to a greater extent than refined versions of CAP? What would endure the consistency degree a organisation tin supply if the organisation model allows eventual message arrival? A recent technical study from University of Texas Austin, "Consistency availability convergence" paper, looks at that problem. We volition hash out that newspaper side past times side inward our distributed systems seminar.
More most CAP tradeoffs
The Gilbert-Lynch newspaper discusses only about of the practical implications of the CAP theorem together with says that Consistency versus Availability should non endure seen every bit an absolute together with binary tradeoff. Instead y'all tin consider shades of Consistency versus Availability. Also y'all tin brand unlike Consistency versus Availability tradeoffs at the information level, performance level, together with subsystem level. These observations are really similar to the suggestions made inward Eric Brewer's article inward the same exceptional issue: "CAP 12 years later, how the rules possess got changed".The Gilbert-Lynch newspaper likewise mentions the scalability problems caused due to trying to enforce consistency, but leaves that give-and-take every bit futurity work. PACELC model past times Daniel Abadi provides a to a greater extent than detailed explanation for Low-latency versus Consistency tradeoffs inward the absence of partitions.
0 Response to "Paper Summary: Perspectives On The Cap Theorem"
Post a Comment