FaultTolerant Consensus

1
Fault-Tolerant Consensus

2
Communication Model

• Complete graph
• Synchronous, network

3
Broadcast
a
a
a
a
Send a message to all processors in one round
4
a
a
a
a
At the end of round everybody receives a
5
Broadcast
a
b
a
b
a
a
b
b
Two or more processes can broadcast at the same
round
6
a,b
b
a,b
a,b
a
7
Crash Failures
a
Faulty processor
a
a
a
8
a
Faulty processor
a
Some of the messages are lost, they are never
received
9
a
Faulty processor
a
10
Round 1
Round 2
Round 3
Round 4
Round 5
Failure
After failure the process disappears from the
network
11
Consensus
0
Start
1
4
3
2
Everybody has an initial value
12
3
Finish
3
3
3
3
Everybody must decide the same value
13
Validity condition
If everybody starts with the same value they must
decide that value
Finish
Start
14
A simple algorithm
Each processor

• Broadcast value to all processors
• Decide on the minimum

(only one round is needed)
15
Start
0
1
4
3
2
16
Broadcast values
0,1,2,3,4
0
0,1,2,3,4
0,1,2,3,4
1
4
0,1,2,3,4
3
2
0,1,2,3,4
17
Decide on minimum
0,1,2,3,4
0
0,1,2,3,4
0,1,2,3,4
0
0
0,1,2,3,4
0
0
0,1,2,3,4
18
Finish
0
0
0
0
0
19
This algorithm satisfies the validity condition
Finish
Start
If everybody starts with the same initial
value, everybody decides on that value (minimum)
20
Consensus with Crash Failures
The simple algorithm doesnt work
Each processor

• Broadcast value to all processors
• Decide on the minimum

21
Start
fail
0
0
1
0
4
3
2
The failed processor doesnt broadcast Its value
to all processors
22
Broadcasted values
fail
0
0,1,2,3,4
1,2,3,4
1
4
0,1,2,3,4
1,2,3,4
3
2
23
Decide on minimum
fail
0
0,1,2,3,4
1,2,3,4
0
1
0,1,2,3,4
1,2,3,4
0
1
24
Finish
fail
0
0
1
0
1
No Consensus!!!
25
If an alforithm solves consensus for f failed
process we say it is
an f-resilient consensus algorithm
26
Example
The input and output of a 3-resilient consensus
algorithm
27
New validity condition
if all non-faulty processes start with the same
value then all non-faulty processes decide that
value
28
An f-resilient algorithm
Round 1 Broadcast my value Round 2 to round
f1 Broadcast any new received values
End of round f1 Decide on the minimum
value received
29
Example f1 failures, f1 2 rounds needed
Start
0
1
4
3
2
30
Example f1 failures, f1 2 rounds needed
Round 1
0
fail
0
0,1,2,3,4
1,2,3,4
1
0
4
(new values)
0,1,2,3,4
1,2,3,4
3
2
Broadcast all values to everybody
31
Example f1 failures, f1 2 rounds needed
Round 2
0,1,2,3,4
0,1,2,3,4
1
4
0,1,2,3,4
0,1,2,3,4
3
2
Broadcast all new values to everybody
32
Example f1 failures, f1 2 rounds needed
Finish
0,1,2,3,4
0,1,2,3,4
0
0
0,1,2,3,4
0,1,2,3,4
0
0
Decide on minimum value
33
Example f2 failures, f1 3 rounds needed
Start
0
1
4
3
2
Another example execution with 3 failures
34
Example f2 failures, f1 3 rounds needed
Round 1
0
Failure 1
1,2,3,4
1,2,3,4
1
0
4
0,1,2,3,4
1,2,3,4
3
2
Broadcast all values to everybody
35
Example f2 failures, f1 3 rounds needed
Round 2
0
Failure 1
0,1,2,3,4
1,2,3,4
1
4
0,1,2,3,4
1,2,3,4
3
2
Failure 2
Broadcast new values to everybody
36
Example f2 failures, f1 3 rounds needed
Round 3
0
Failure 1
0,1,2,3,4
O, 1,2,3,4
1
4
0,1,2,3,4
0,1,2,3,4
3
2
Failure 2
Broadcast new values to everybody
37
Example f2 failures, f1 3 rounds needed
Finish
0
Failure 1
0,1,2,3,4
O, 1,2,3,4
0
0
0,1,2,3,4
0,1,2,3,4
3
0
Failure 2
Decide on the minimum value
38
Example f2 failures, f1 3 rounds needed
Start
0
1
4
3
2
Another example execution with 3 failures
39
Example f2 failures, f1 3 rounds needed
Round 1
0
Failure 1
1,2,3,4
1,2,3,4
1
0
4
0,1,2,3,4
1,2,3,4
3
2
Broadcast all values to everybody
40
Example f2 failures, f1 3 rounds needed
Round 2
0
Failure 1
0,1,2,3,4
0,1,2,3,4
1
4
0,1,2,3,4
0,1,2,3,4
3
2
Broadcast new values to everybody
Remark
At the end of this round all processes know about
all the other values
41
Example f2 failures, f1 3 rounds needed
Round 3
0
Failure 1
0,1,2,3,4
0,1,2,3,4
1
4
0,1,2,3,4
0,1,2,3,4
3
2
Failure 2
Broadcast new values to everybody
(no new values are learned in this round)
42
Example f2 failures, f1 3 rounds needed
Finish
0
Failure 1
0,1,2,3,4
0,1,2,3,4
0
0
0,1,2,3,4
0,1,2,3,4
3
0
Failure 2
Decide on minimum value
43
If there are f failures and f1 rounds then
there is a round with no failed process
2
3
4
5
6
1
Round
Example 5 failures, 6 rounds
No failure
44
In the algorithm, at the end of the round with no
failure

• Every (non faulty) process knows
• about all the values of all other
• participating processes

• This knowledge doesnt change until
• the end of the algorithm

45
Therefore, at the end of the round with no
failure
everybody would decide the same value
However, we dont know the exact position of this
round, so we have to let the algorithm execute
for f1 rounds
46
Validity of algorithm
when all processes start with the same input
value then the consensus is that value
This holds, since the value decided from each
process is some input value
47
A Lower Bound
Any f-resilient consensus algorithm requires at
least f1 rounds
Theorem
48
Proof sketch
Assume for contradiction that f or less rounds
are enough
Worst case scenario
There is a process that fails in each round
49
Worst case scenario
Round
1
a
before process fails, it sends its value a
to only one process
50
Worst case scenario
2
Round
1
a
before process fails, it sends value a to
only one process
51
Worst case scenario
2
f
3
Round
1

a
At the end of round f only one process knows
about value a
52
Worst case scenario
decide
2
f
3
Round
1
b

a
Process may decide a, and all other
processes may decide another value (b)
53
Worst case scenario
decide
2
f
3
Round
1
b

a
Therefore f rounds are not enough At least f1
rounds are needed