Slides Tamc07
Upcoming SlideShare
Loading in...5
×
 

Slides Tamc07

on

  • 590 views

A distributed algorithm for stateful fault recovery

A distributed algorithm for stateful fault recovery

Statistics

Views

Total Views
590
Views on SlideShare
586
Embed Views
4

Actions

Likes
0
Downloads
2
Comments
0

2 Embeds 4

http://www.linkedin.com 3
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Slides Tamc07 Slides Tamc07 Presentation Transcript

  • TAMC 2007 25 th May, 2007 A Distributed Algorithm of Fault Recovery For Stateful Failover Indranil Saha HTS (Honeywell Technology Solutions) Research Bangalore, India Email: indranil.saha@honeywell.com and Debapriyay Mukhopadhyay Ixia Technologies Kolkata, India Email: dmukhopadhyay@ixiacom.com A Distributed Algorithm of Fault Recovery For Stateful Failover 1
  • TAMC 2007 25 th May, 2007 Presentation Outline I will talk about • Introduction • System Models • Distributed Algorithm for Automated Fault Recovery • Formal verification of the Distributed Algorithm • Conclusion A Distributed Algorithm of Fault Recovery For Stateful Failover 2
  • TAMC 2007 25 th May, 2007 Presentation Outline • Introduction • System Models • Distributed Algorithm for Automated Fault Recovery • Formal verification of the Distributed Algorithm • Conclusion A Distributed Algorithm of Fault Recovery For Stateful Failover 3
  • TAMC 2007 25 th May, 2007 Introduction • Critical business processes and mission critical systems should provide a high degree of availability and reliability to the end users. • Redundancy techniques are mostly used to achieve fault-tolerance. • Redundancy can be achieved by using extra copies of its components which include hardware, software and network components. A Distributed Algorithm of Fault Recovery For Stateful Failover 4
  • TAMC 2007 25 th May, 2007 Stateful and Stateless Failover • Stateless Failover: - Occasional loss of application state information or data is tolerable. - The system can restart without any state or data restoration after a failure. - Any live node in the network is a promising candidate to take over the processes of any failed node • Stateful Failover - Restoration of the state or data pertaining to the application is required for highly accurate recovery. - How to distribute the state information of a node across the network is an important issue. A Distributed Algorithm of Fault Recovery For Stateful Failover 5
  • TAMC 2007 25 th May, 2007 Related Works • Graph theoretic models have been extensively used to represent processor-to-processor interconnection structure of fault tolerant designs for specific multi-processor architectures (Kuhl80, Yang88, Sridhar91, Mukhopadhyay92, Sung00, Hung01). • Minimum k-Hamilton graphs are widely used to meet reliability considerations for loop type communication networks (Mukhopadhyay92, Sung00, Hung01). • Fault tolerant networks based on de Bruijn graph are proposed, which can tolerate up to k − 2 node faults, where the graph is regular of degree k and have k n number of vertices for some n (Sridhar91). None of these works talk about stateful failover. A Distributed Algorithm of Fault Recovery For Stateful Failover 6
  • TAMC 2007 25 th May, 2007 Presentation Outline • Introduction • System Models • Distributed Algorithm for Automated Fault Recovery • Formal verification of the Distributed Algorithm • Conclusion A Distributed Algorithm of Fault Recovery For Stateful Failover 7
  • TAMC 2007 25 th May, 2007 System Model • The network consists of the set of nodes N with |N | = n • Each node is labeled with a unique id from 0 to n − 1. • Each node handles one process initially, and is capable of executing at most m processes simultaneously. • Pi is the process node i starts executing initially when the network becomes functional. • Failures are of failstop kind, i.e., the nodes in the network can stop operating at any point of time due to a crash. • With a processor failed, all the links incident on that node also becomes non-functional. • k node faults are allowed in the network. A Distributed Algorithm of Fault Recovery For Stateful Failover 8
  • TAMC 2007 25 th May, 2007 Network Topology Each node i ∈ N, (0 ≤ i ≤ n − 1), in the network is connected to the set of nodes Pi ⊆ N, such that |Pi | = l = k + x, where k + x(≤ n − 1) is even, and Pi = {j ∈ N : j = (i + p)(mod n), where − l/2 ≤ p ≤ l/2, p = 0} Underlying undirected graph modeling the network can be written as (N, E) where n−1 E = ∪i=0 {(i, j) : j ∈ Pi }. The state information of processor i, i ∈ N , is periodically forwarded to all the nodes in the set Fi ⊆ N such that |Fi | = k and Fi = {j ∈ S : j = (i + p)(mod n), where − k/2 ≤ p ≤ k/2 , p = 0} A Distributed Algorithm of Fault Recovery For Stateful Failover 9
  • TAMC 2007 25 th May, 2007 Connectivity - The graph (N, E) represents a regular network, for, the degree of each node is l. - For any n and k, the graph (N, E) corresponds to the Harary Graph Hl,n , where   k + 2, for k even, l =k+x≥  k + 1, for k odd, The network is l-connected with χ(G) ≥ l(> k), χ(G) denotes the connectivity of G. A Distributed Algorithm of Fault Recovery For Stateful Failover 10
  • TAMC 2007 25 th May, 2007 Theoretical Results Theorem 1. A. Forwarding state information of each process to k other nodes in the network ensures k-fault tolerance. B. A sufficient condition to ensure k-fault tolerance is to forward the state information by each node to at least k other nodes in the network. Theorem 2. As long as k ≤ m−1 .n , no live node has to execute m more than m processes including one of its own and an algorithm to attain the same under the proposed framework can also be found. Theorem 3. Minimum number of nodes with which any node in a network with n > 2k (or n = 2k) is required to be connected directly is 2k (or 2k − 1) to ensure that all the eligible nodes corresponding to a process can be updated about its state information all the time in one hop. A Distributed Algorithm of Fault Recovery For Stateful Failover 11
  • TAMC 2007 25 th May, 2007 Network Example Illustration of a network with n = 10, m = 2 and k = 4 A Distributed Algorithm of Fault Recovery For Stateful Failover 12
  • TAMC 2007 25 th May, 2007 Presentation Outline • Introduction • System Models • Distributed Algorithm for Automated Fault Recovery • Formal verification of the Distributed Algorithm • Conclusion A Distributed Algorithm of Fault Recovery For Stateful Failover 13
  • TAMC 2007 25 th May, 2007 Message Types 1. INFO • In the first round, each node i sends an IN F O message to all the nodes in the set Fi . • Message consists of the tuple (j, Fj ) 2. STATUS • Starting from the second round in each successive rounds, every live node i sends ST AT U S message for every process pj that is running on it to all the live nodes in the set Fj . • Message consists of the tuple (pj , Spj ) • Ommision of the Status message for a process for a round indicates the failure of the process. 3. RESOLVED Message is sent to all the nodes in Fj by the node who has resolved the failure of process j. A Distributed Algorithm of Fault Recovery For Stateful Failover 14
  • TAMC 2007 25 th May, 2007 Preference for the Neighbours i prefj . denotes the preference of node i to take process j in case of its failure among the nodes in Fj . A Distributed Algorithm of Fault Recovery For Stateful Failover 15
  • TAMC 2007 25 th May, 2007 Distributed Algorithm: Example Illustration of the distributed algorithm for a network with n = 10, m = 2 and k = 4 Every node is running its own process. A Distributed Algorithm of Fault Recovery For Stateful Failover 16
  • TAMC 2007 25 th May, 2007 Distributed Algorithm: Example Node 9 is faulty A Distributed Algorithm of Fault Recovery For Stateful Failover 17
  • TAMC 2007 25 th May, 2007 Distributed Algorithm: Example Node 1 takes the process of node 9 after one round as it is the highest preference node for process 9. A Distributed Algorithm of Fault Recovery For Stateful Failover 18
  • TAMC 2007 25 th May, 2007 Distributed Algorithm: Example Node 2 is faulty A Distributed Algorithm of Fault Recovery For Stateful Failover 19
  • TAMC 2007 25 th May, 2007 Distributed Algorithm: Example Node 4 takes the process of node 2 after one round as it is the highest preference node for process 2. A Distributed Algorithm of Fault Recovery For Stateful Failover 20
  • TAMC 2007 25 th May, 2007 Distributed Algorithm: Example Node 8 is faulty A Distributed Algorithm of Fault Recovery For Stateful Failover 21
  • TAMC 2007 25 th May, 2007 Distributed Algorithm: Example Node 0 takes the process of node 8 after one round as it is the highest preference node for process 8. A Distributed Algorithm of Fault Recovery For Stateful Failover 22
  • TAMC 2007 25 th May, 2007 Distributed Algorithm: Example Node 0 is faulty. Real problem begins... A Distributed Algorithm of Fault Recovery For Stateful Failover 23
  • TAMC 2007 25 th May, 2007 Distributed Algorithm: Example Node 7 takes the process of node 8 after 3 rounds as it is the third preference node for process 8. A Distributed Algorithm of Fault Recovery For Stateful Failover 24
  • TAMC 2007 25 th May, 2007 Distributed Algorithm: Example Node 1 stops running process 9 and starts running process 0 after 6 rounds of node 0’s failure. According to Theorem 1 there is at least one node available to take process 9. A Distributed Algorithm of Fault Recovery For Stateful Failover 25
  • TAMC 2007 25 th May, 2007 Distributed Algorithm: Example Node 7 stops running process 8 and starts running process 9 after 8 rounds when node 1 stops running process 9. A Distributed Algorithm of Fault Recovery For Stateful Failover 26
  • TAMC 2007 25 th May, 2007 Distributed Algorithm: Example Node 6 starts running process 8 after 4 rounds when node 7 stops running process 8. No more failure is possible. A Distributed Algorithm of Fault Recovery For Stateful Failover 27
  • TAMC 2007 25 th May, 2007 Analysis of the Algorithm • At most 2k rounds are required to resolve a single fault. • To resolve a single fault, the maximum number of RESOLV ED messages that is required to be sent across the network is (k − 2)m + 1, where m is the maximum number of processes that a node is capable of executing. A Distributed Algorithm of Fault Recovery For Stateful Failover 28
  • TAMC 2007 25 th May, 2007 Presentation Outline • Introduction • System Models • Distributed Algorithm for Automated Fault Recovery • Formal verification of the Distributed Algorithm • Conclusion A Distributed Algorithm of Fault Recovery For Stateful Failover 29
  • TAMC 2007 25 th May, 2007 Correctness of the Algorithm • We show the correctness of the distributed algorithm through formal verification. • We use Spin Model checker for modeling and verification of the algorithm. • We have been able to verify our model for N=8, K=3 and M=2 and all lower instances. • Due to the state-space explosion problem inherent in model checker SPIN, we could not verity our algorithm for more than 8 processors. A Distributed Algorithm of Fault Recovery For Stateful Failover 30
  • TAMC 2007 25 th May, 2007 Spin Model Checker • Tool for automatically model checking distributed algorithms • Promela is a language for modeling systems of concurrent processes that can interact via shared variables and message channels • Given a concurrent system modeled by a Promela program, SPIN can check for deadlock, dead code, violations of user specified assertions, and temporal properties expressed by LTL formulas • When a violation of a property is detected, SPIN reports a scenario, i.e., a sequence of transitions, violating the property. A Distributed Algorithm of Fault Recovery For Stateful Failover 31
  • TAMC 2007 25 th May, 2007 Properties Safety 1 Whenever a node becomes faulty, at least one of its neighboring nodes is non-faulty. Safety 2 No node has to take more than M processes at any point of time. Liveness Whenever a node becomes faulty, its process is eventually taken up by some other live nodes. Timeliness Every fault is recovered in no more than 2K rounds. A Distributed Algorithm of Fault Recovery For Stateful Failover 32
  • TAMC 2007 25 th May, 2007 Presentation Outline • Introduction • System Models • Distributed Algorithm for Automated Fault Recovery • Formal verification of the Distributed Algorithm • Conclusion A Distributed Algorithm of Fault Recovery For Stateful Failover 33
  • TAMC 2007 25 th May, 2007 Conclusion • We have presented a distributed algorithm of automated fault recovery for stateful failover in a network. • In whatever way the fault may arise the algorithm can handle that fault • In at most 2k rounds the processes of the faulty processor are taken up by a(some) eligible live node(nodes) in the network. • The message complexity of our algorithm is linear with the number of nodes. • The correctness of the algorithm has been proved by modeling the algorithm in SPIN and verifying its desired properties. A Distributed Algorithm of Fault Recovery For Stateful Failover 34
  • TAMC 2007 25 th May, 2007 Thank You!! A Distributed Algorithm of Fault Recovery For Stateful Failover 35