You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If replica `R1` receives update `A` and replica `R2` receives update `B`, then these replicas must agree on the order in which these updates should be delivered.
25
25
26
-
If replica `R1` receives update `A` and replica `R2` receives update `B`, then an agreement must be reached concerning the order in which these updates should be delivered.
So, even though the messages will arrive in some unpredictable order, a consensus protocol will be used to decide upon the delivery order.
29
-
In this case, both replicas operate a system of delivery slots and the consensus protocol determines that event `B` should occupy delivery slot `1` and event `A` should occupy delivery slot `2`.
28
+
So, even though the messages arrive in an unpredictable order, a consensus protocol can be used to decide upon the delivery order.
29
+
In this case, the consensus protocol implements the concept of "delivery slots".
30
+
It then determines that both replicas should place event `B` in delivery slot `1` and event `A` in delivery slot `2`.
30
31
31
-
***Q:*** But how many messages need to be sent in order to arrive at this agreement?
32
+
***Q:*** But how many messages need to be sent in order to arrive at this agreement?
32
33
***A:*** Lots!
33
34
34
-
Here's an example showing the messages that need to be exchanged for replicas <code>R<sub>1</sub></code> and <code>R<sub>2</sub></code> simply to agree on a total order for delivering events `A` and `B` shown above.
35
+
Here's an example that shows the number of messages that need to be exchanged simply for replicas <code>R<sub>1</sub></code> and <code>R<sub>2</sub></code> to agree on a total delivery order for events `A` and `B` shown above.
1. Replica <code>R<sub>2</sub></code> sends out a `prepare(6)` message to a majority of acceptors, who each respond with the corresponding `promise` messages.
39
-
4 messages
40
-
1. Just a little time after <code>R<sub>2</sub></code>'s message exchange has taken place, replica <code>R<sub>1</sub></code> sends out its `prepare(5)` messages to a majority of acceptors.
41
-
Acceptor <code>A<sub>1</sub></code> happily accepts this proposal number, but acceptor <code>A<sub>2</sub></code> has already promised to ignore messages with a proposal numbers less than `6`, so this `prepare` message is ignored and replica <code>R<sub>1</sub></code> left hanging.
42
-
3 messages (all of which turn out to be redundant)
43
-
1. Replica <code>R<sub>2</sub></code> sends out its `accept(6,(slot_1,B))` messages to the acceptors who each respond with `accepted(6,(slot_1,B))`.
44
-
So, event `B` now occupies delivery slot 1.
45
-
4 messages
46
-
1. Replica <code>R<sub>1</sub></code> still needs to get agreement on a total order for event `A`, so it tries the prepare/promise phase again, but now with proposal number `7`.
47
-
This time, the proposal number is accepted.
48
-
4 messages
49
-
1. Replica <code>R<sub>1</sub></code> then enters the accept/accepted phase and achieves consensus on event `A` occupying delivery slot 2.
50
-
4 messages
39
+
| Step | Description | Message Count
40
+
|--:|---|--:
41
+
| 1. | Replica <code>R<sub>2</sub></code> sends out a `prepare(6)` message to a majority of acceptors, who each respond with the corresponding `promise` messages | 4
42
+
| 2. | Just a little time after <code>R<sub>2</sub></code>'s message exchange has taken place, replica <code>R<sub>1</sub></code> sends out its `prepare(5)` messages to a majority of acceptors.<br>Acceptor <code>A<sub>1</sub></code> happily accepts this proposal number, but acceptor <code>A<sub>2</sub></code> has already promised to ignore messages with a proposal numbers less than `6`, so this `prepare` message is ignored and replica <code>R<sub>1</sub></code> left hanging. | 3<br>(which all turn out to be redundant)
43
+
| 3. | Replica <code>R<sub>2</sub></code> sends out its `accept(6,(slot_1,B))` messages to the acceptors who each respond with `accepted(6,(slot_1,B))`.<br>So, event `B` now occupies delivery slot 1. | 4
44
+
| 4. | Replica <code>R<sub>1</sub></code> still needs to get agreement on a total order for event `A`, so it tries the prepare/promise phase again, but now with proposal number `7`.<br>This time, the proposal number is accepted. | 4
45
+
| 5. | Replica <code>R<sub>1</sub></code> then enters the accept/accepted phase and achieves consensus on event `A` occupying delivery slot 2. | 4
46
+
| | | 19
51
47
52
48
So, even in this reasonably happy example where we are not sending messages to all the acceptors (only a majority), we've had to send 19 messages, 3 of which turned out to be redundant — and we haven't even accounted for sending messages out to the learners!
53
49
54
-
The point here is that consensus algorithms are really expensive; therefore, we should only implement them in situations where it's ***extremely*** important that everybody agrees on a total order.
50
+
The point here is that in terms of the network traffic they generate, consensus algorithms are really expensive; therefore, we should only implement them in situations where it's ***extremely*** important that everybody agrees on a total order.
55
51
56
-
So far however, we have not even discussed what events `A` and `B` represent.
57
-
Consensus algorithms do not care about a message's payload; they simply see an opaque (I.E. meaningless) block of data to which some metadata has been attached.
52
+
So far however, we have not even discussed what events `A` and `B` represent: this is because consensus algorithms do not care about a message's payload; they simply see an opaque (I.E. meaningless) byte array to which some metadata has been attached.
58
53
Causal Broadcast for instance, looks simply at the message's recipient and the vector clock value, and from these values, determines the delivery order.
59
54
60
55
> ***My Aside***
61
-
>
56
+
>
62
57
> A useful analogy here is to think of the people working in a mail sorting room.
63
58
> These people are concerned with the fact that all the letters and packages have been addressed correctly, and that the correct postage has been paid for a letter or package of that weight and dimensions.
64
-
>
59
+
>
65
60
> It is quite irrelevant for these people to concern themselves with the contents of the letters and packages.
66
61
67
-
However, from the perspective of the human developer, we can see firstly that we're having to go to a lot of trouble simply to agree on the order in which a set of events are delivered, and secondly, the algorithm that determines the delivery order is completely agnostic to the real-life functionality that needs to be performed as a result of processing those events.
62
+
However, from the perspective of the human developer, we can see firstly that we're having to go to a lot of trouble simply to agree on the order in which a set of events are delivered, and secondly, the algorithm that determines the delivery order is completely agnostic to the real-life functionality these events trigger.
68
63
69
64
Rather than having a message-agnostic consensus algorithm then, wouldn't it be smarter to make intelligent decisions about delivery order based on our knowledge of the functionality being implemented?
70
65
71
-
###Safety Properties: Do We Really Need Strong Consistency?
66
+
## Safety Properties: Do We Really Need Strong Consistency?
72
67
73
68
Let's go back to the shopping cart scenario described in [lecture 17](./Lecture%2017.md).
If replicas `R1` and `R2` simply represent shopping carts, then we certainly don't want to go to all the trouble of running a consensus algorithm.
78
-
But we have arrived at this conclusion based on our knowledge of the business process we are implementing.
73
+
But we have arrived at this conclusion based on our knowledge of the business process being implemented.
79
74
In this case, we really don't care whether a book is added to the shopping cart before or after the pair of jeans.
80
75
From the perspective of the business logic, the order in which items are added is simply not important.
81
76
(More technically, the order in which items are added to a shopping cart is commutative, not associative).
82
77
83
78
Of course, there will be some situations in which message delivery order is critical to the logic of your business process, but what we propose here is that strong consistency is needed only in a minority of cases; the greater majority of business scenarios will function quite happily with ***strong convergence***.
84
79
85
-
Just as a reminder:
86
-
87
-
***Strong Consistency***
88
-
If replica `R1` delivers messages in the order `M1`, `M2` and `M3`, then all replicas receiving the same set of messages must deliver them in the same order.
89
-
Only then can it be known that the replicas have equivalent state.
90
-
91
-
***Strong Convergence***
92
-
All replicas delivering the same set of messages eventually have the equivalent state.
93
-
94
-
Strong convergence might still be tricky to implement, but it will be easier than strong consistency, because with strong convergence, we know that state equivalence can be achieved simply by delivering the same set of updates.
95
-
Strong consistency however requires us to deliver the same set of updates in ***precisely the same order***.
96
-
80
+
> ## Reminder
81
+
>
82
+
> ***Strong Consistency***
83
+
>
84
+
> State equivalence between replicas can only be acheived after the ***same*** messages have been delivered in the ***same*** order.
85
+
>
86
+
> ***Strong Convergence***
87
+
>
88
+
> State equivalence between replicas is eventually acheieved after the ***same*** messages have been delivered.
89
+
90
+
Strong convergence might still be tricky to implement, but it will be easier than strong consistency.
97
91
The bottom line here is that you should only implement strong consistency when you have no other choice.
98
92
99
93
## How Do We Generalise the Requirement for Strong Convergence?
@@ -115,7 +109,7 @@ The standard example of a partially ordered set is set inclusion — that is
115
109
116
110
For example, if we have a set containing:
117
111
118
-
|||
112
+
|||
119
113
|---|---|
120
114
|  | A book
121
115
|  | A pair of jeans
@@ -136,7 +130,7 @@ However, other members are not comparable; for instance:
136
130
137
131
### Upper Bounds
138
132
139
-
If we select some elements from our set of subsets, say the singleton set containing the jeans `{👖}` and singleton set containing the torch `{🔦}`, we could ask the following question:
133
+
If we select some elements from our set of subsets, say the singleton set containing the jeans `{👖}` and the singleton set containing the torch `{🔦}`, we could ask the following question:
140
134
141
135
> Which elements of `S` are at least as big as `{👖}` and `{🔦}`?
142
136
@@ -158,14 +152,14 @@ This means it is possible that for the members `a` and `b` there could well be m
158
152
159
153
The upper bound set that contains all the members of the original set is not very interesting because this will always be a common upper bound for all its subsets, so we can ignore this one.
160
154
161
-
Generally speaking, the upper bounds that are the most interesting are the smallest ones.
155
+
Generally speaking, the most interesting upper bounds are the smallest ones.
162
156
But how do we define the smallest upper bound? The formal definition is:
163
157
164
158
> If `a`, `b`, `u` and `v` are all members of the inclusion set `S`, then `u` is the least upper bound[^2] of `a,b ∈ S` if `u ≤ v` for each `v`
165
159
166
160
### Join-semilattice
167
161
168
-
***Q:*** If `S` is the eight-member inclusion set of `{📓,👖,🔦}`, then is it true that every 2 elements of `S` will have a least upper bound (lub)?
162
+
***Q:*** If `S` is the eight-member inclusion set of `{📓,👖,🔦}`, then is it true that every 2 elements of `S` will have a least upper bound (lub)?
169
163
***A:*** Yes!
170
164
171
165
Any set for which this property is true is given the fancy name of a ***Join-semilattice***.
@@ -196,14 +190,14 @@ empty ≤ false
196
190
So, is this a true partially-ordered set?
197
191
To answer this question, we must check that all the axioms are satisfied.
198
192
199
-
***Reflexivity***
193
+
***Reflexivity***
200
194
Since `empty ≤ empty`, `true ≤ true` and `false ≤ false`, then this set satisfies the requirements of reflexivity.
201
195
202
-
***Anti-symmetry***
196
+
***Anti-symmetry***
203
197
Anti-symmetry requires that if `a ≤ b` and `b ≤ a`, then `a = b`.
204
198
However, since this set contains only three members arranged in a two-layer lattice, we have already implicitly satisfied anti-symmetry by satisfying the requirements of reflexivity.
205
199
206
-
***Transitivity***
200
+
***Transitivity***
207
201
Transitivity requires that if `a ≤ b` and `b ≤ c` then `a ≤ c`.
208
202
However, no members of the set can be compared this way, so this set obeys transitivity only in a vacuous sense.
209
203
@@ -217,10 +211,10 @@ Here, these replicas hold the value of our Boolean register and they then receiv
Both replicas synchronise, so when looking at your shopping cart from either your laptop or your phone, you see the same items.
269
+
Both replicas synchronise, so you see the same items in your shopping cart on both devices.
276
270
Everything is fine...
277
271
278
272
From your laptop however, you've read some reviews of the book and decide that it doesn't look so interesting, so you remove it from your shopping cart — right at the very moment a network partition appears between the replicas.
@@ -351,7 +345,7 @@ This is an area of research in which Lindsey Kuper is actively involved.
0 commit comments