QUORUMS - PowerPoint PPT Presentation

About This Presentation
Title:

QUORUMS

Description:

Server S updates a pair of value/timestamp, only if the timestamp is greater ... The cardinality of the smallest quorum is denoted by c(S) ... – PowerPoint PPT presentation

Number of Views:56
Avg rating:3.0/5.0
Slides: 44
Provided by: Gil53
Category:
Tags: quorums

less

Transcript and Presenter's Notes

Title: QUORUMS


1
QUORUMS
  • By gil ben-zvi

2
definition
  • Assume a universe U of servers, sized n. A quorum
    system S is a set of subsets of U, every pair of
    which intersect, each Q belongs to S is called a
    quorum.

3
EXAMPLES
  • Weighted majorities assume that every server s
    in the universe U is assigned a number of votes
    w(s). Then weighted majorities is a quorum set
    defined by

4
EXAMPLES
  • MAJORITIES a weighted majorities quorum system
    when all weights are the same.
  • Singleton a weighted majorities quorum system
    when for one server s w(s)1, and for each v of
    the other servers w(v)0. (only quorum is s)

5
EXAMPLES
  • Grid suppose n is a square of some integer k.
    arrange the universe in a k x k grid. A quorum is
    the union of a full row and one element from each
    row below.
  • FPP suppose a projective plane over a field
    sized q. each point is an element, and each line
    is a quorum. By projective plane attributes, each
    quorum intersect.

6
More definitions
  • Coterie a coterie S is a quorum system such that
    for any Q1,Q2 quorums in S Q1 isnt included in
    Q2
  • Domination coterie S1 dominates coterie S2 if
    for every quorum Q2 belongs to S2, there exist Q1
    in S1, such that S1 is contained in S2.
  • Strategy a probability vector representing the
    probability to access each quorum.

7
measures
  • Load the load L(S) of a quorum system is the
    minimal access probability minimized over the
    strategies.
  • Resilience resilience is k, if k is the largest
    number such that for every k server crashes, one
    quorum remains unhit.

8
measures
  • Failure probability if every server has certain
    probability to crash (assuming independently
    here), the probability that each quorum is hit.
    Usually assuming each server has the same crash
    probability p.

9
Measures examples
  • Singleton load1, resilience0, failure
    probabilityp
  • Majorities load is about ½. Resilience about
    (n-1)/2. failure probability (if p lt ½) smaller
    than exp(e,-n).
  • Grid load is O(1/sqrt(n)). Resilience
    sqrt(n)-1, failure probability tends to 1 as n
    grows.

10
Access protocol
  • Implements the semantics of a multi-writer
    multi-reader atomic variable.
  • Assumes all clients and servers are non
    byzantine, unique timestamp for a client
  • Write a client asks some quorum to obtain a set
    of value/timestamps pairs, then he writes his
    value with higher timestamp than each of the
    timestamps received to each server in the quorum.

11
Access protocol
  • Read a client asks for each server in some
    quorum to obtain a set of value/timestamp. The
    client chooses the pair with the highest
    timestamp. It writes back the pair to each server
    in some quorum
  • Server S updates a pair of value/timestamp, only
    if the timestamp is greater than the timestamp
    currently in S

12
Byzantine quorum systems
  • We will use access protocol to demonstrate the
    subject
  • Assuming communication is reliable, clients are
    correct, servers can be byzantine, assuming that
    a non-empty set of subsets of U BAD, is known,
    some B in BAD contains all the faulty servers.

13
Masking quorum systems
  • A quorum system S is a masking quorum system for
    a fail-prone system BAD if the following
    properties are satisfied

14
Access protocol
  • write remains the same
  • Read for a client to read the variable x, it
    queries servers for some quorum Q to obtain a set
    of value/timestamp pairs

15
Access protocol
  • The client chooses the pair with the highest
    timestamp in C, or null if C is empty.

16
Access protocol
  • Claim a read operation that is concurrent with
    no write operations return the value written by
    the last preceding write operation in some
    serialization of all preceding write operations.
  • Claim there exists a masking quorum system for
    BAD iff is a
    masking quorum system for BAD

17
Access protocol
  • Criterion there exists a masking quorum system
    for BAD iff for all

18
F-masking quorum systems
  • F-masking quorum system A masking quorum system
    where BAD is the set of all groups of servers
    sized f.
  • By previous claims
  • There exists a masking quorum system for BAD iff
    ngt4f
  • Each pair of quorums must intersect by at least
    2f1 elements.

19
examples
  • For f-masking quorums

20
Dissemination quorum systems
  • Assumes clients can digitally sign the
    value/timestamp they propagate.
  • Therefore weaker demands than masking
  • A quorum system S is a dissemination quorum
    system for a fail-prone system BAD if the
    following properties are satisfied

21
Dissemination quorum systems
  • The same way as masking we reach the (different)
    criterion
  • There exists a dissemination quorum system for
    BAD iff
  • If no more than f servers can fail, but any set
    of f servers can fail, then must hold ngt3f

22
Opaque masking quorum systems
  • Motivation We want not to expose the fail-prone
    system BAD.
  • done by majority decision.
  • properties for quorum system to become opaque
    masking system

23
Opaque masking quorum systems
  • Read the modification is that the client choose
    the pair ltv,tgt that appears most often, if there
    are multiple such sets, it chooses the newest
    one.
  • Claim Suppose maximum f servers can fail, there
    exists an opaque quorum system for BAD iff ngt5f,
    sufficient because quorums sized (2n2f)/3 is
    an opaque quorum system for B.

24
Opaque masking quorum system
  • Claim The load of any opaque system is at least
    ½.
  • Proof if we sum up the load of a certain quorum,
    well get its bigger than its size/2. the claim
    follows.
  • Example hadamard matrix, world of size exp(2,l)

25
Faulty clients
  • Solves the problem that a client will try to fail
    the protocol.
  • The treatment here provides a single-writer
    multi-reader semantics.
  • The write operation starts when the 1st server
    receives update request, and ends when the last
    server sent acknowledgment.

26
Faulty clients
  • Write for a client c to write the value v, it
    chooses legal timestamp, larger than any
    timestamp it has chosen before, chooses a quorum
    Q, And then it sends ltupdate,Q,v,tgt to each
    server in Q, if after some timeout period it has
    not received acknowledgment, than it chooses
    another quorum.

27
Faulty clients-servers protocol
  • The servers protocol is as follows
  • if a server receives ltupdate,Q,v,tgt from a client
    c, with legal timestamp, then it sends
    ltecho,Q,v,tgt to each member of Q.
  • If a server receives identical echo messages
    ltecho,Q,v,tgt from every server in Q, then it
    sends ltready,Q,v,tgt to each member of Q.

28
Faulty clients-servers protocol
  • 3. If a server receives identical ready messages
    ltready,Q,v,tgt from a set of servers that
    certainly doesnt contain faulty server, it sends
    ltready,Q,v,tgt to Q.
  • 4. If a server receives identical ready messages
    ltready,Q,v,tgt from a set Q1 of servers, such that
    Q1Q\B for some B in BAD, it sends acknowledgment
    for c, and update the pair if t is greater than
    the timestamp it currently has.

29
Faulty servers-properties
  • Agreement if a correct server delivers ltv,tgt and
    a correct server delivers ltr,tgt then rv
  • Proof if a correct server delivers ltv,tgt, then
    echo must have been send by all correct servers
    in Q1. same about Q2, they intersect in a correct
    server, which doesnt send different value with
    the same timestamp

30
Faulty servers-properties
  • Claim Read received last written value if its
    not concurrent with write operations.
  • Proof same as masking quorum system.
  • Propagation similar ideas to r.b, and byzantine
    agreement, if server decides to deliver, it is
    promised that all other decides that too.
  • Validity at the end a correct quorum will be
    accessed, so the write can end.

31
Load, capacity, availability
  • Load we will mark L(S), definition as before
  • availability failure probability with the same
    p for all the servers, we will mark it as Fp(S)
  • Capacity well define a(S,k) as the maximum
    number of quorum accesses that S can handle
    during a period of k time units. Capp(S) is the
    limit of a(S,k)/k as k tends to infinity.

32
Load, capacity, availability
  • Example majorities
  • The claim is that cap(S)1/L(S), and there is a
    trade off between good availability and good
    load.

33
definitions
  • The cardinality of the smallest quorum is denoted
    by c(S)
  • The degree of an element i in a quorum system S
    is the number of quorums that contain i
  • Let S be a quorum system. S is a s-uniform if Q
    s for each Q in S
  • S is (s,d) fair if it is s-uniform and deg(i)d
    foreach i, it is called s-fair if it is (s,d)
    fair for some d.

34
LP
  • We can use a linear programming to calculate the
    load and the strategy achieving the load.

35
DUAL LP
  • Some time we want to use the dual linear program,
    in which we give probabilities over the elements
    of the world. It is a known fact that DLPltLP

36
The load with failures
  • A configuration is a vector
    in which it holds 1 in places representing the
    failing elements in the world
  • Dead(x) is the group of elements failed, live(x)
    is the non failed ones
  • S(x) is the sub collection of functioning quorums

37
Load with failiures
  • The load of quorum system S over a configuration
    x, if S(x) is empty then L(S(x)) 1, if there
    are functioning quorums we define it in similar
    way as before by linear programming problem.
  • Let the elements fail with probabilities
    P(p1,,pn). Then the load is a random variable
    Lp(S) defined by

38
Load with fails
  • Claim E(Lp(S))gtFp(S)
  • Claim If (configurations) xgtz than
    L(S(x))gtL(S(z))
  • Proof S(z) contains S(x), strategy for S(x) is
    for S(z) too.
  • Claim E(Lp(S)) is a non decreasing function.

39
Properties of the load
  • Claim L(S)gtc(S)/n
  • Claim L(S)gt1/c(S)
  • Proof if we choose probability 1/c(S) for every
    element in c(S) and 0 in the rest, we achieve
    possible solution for the DLP problem.
  • Conclusion L(S)gt1/sqrt(n) (achieved when c(S) is
    close to sqrt(n)

40
Load/fail probability trade off
  • Claim Fp(S)gtexp(p,nL(S))
  • Proof the probability that all the elements in
    the smallest quorum will fail, (and therefore the
    quorum system fails) exp(p,c(S)). Since
    c(S)ltnL(S) the claim follows.

41
examples
  • Optimal load, optimal load/ failure tradeoff,
    good failure load paths system
  • B-grid system
  • SC-grid system
  • AndOr system

42
Load analyses
  • Claim Non dominated coteries have lower bounds.
  • The claim follows if you choose strategy for the
    dominator by giving the probability only in
    quorums which contained by a quorum in the
    dominated quorum system
  • Claim voting systems have high load (more than
    ½)

43
Last slide!!!!
  • Proof if we define Vthe sum of all votes (Vi),
    then the vector YiVi/V is a solution for DLP
    larger than ½.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "QUORUMS" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!