Dealing efficiently with data-center disasters

In disaster-resilient systems, wide-area networks play the dual roles of solution and problem. They allow systems to survive disasters because different parts of a system can be located in geographically dispersed locations. They present a problem since communication of disaster-recovery information along wide-area links has high latency. The challenge is to continuously send disaster-recovery information to backup data centers without seriously degrading the on-line response time of the primary data center. We present a disaster-resilient, atomic broadcast algorithm that meets this challenge.One key to achieving disaster resilience at a reasonable cost is to define an atomic broadcast abstraction that is tailored to the multi-data-center setting. Unlike traditional atomic broadcast abstractions, our hierarchical atomic broadcast (HABcast) abstraction gives different delivery guarantees to processes in different data centers. The HABcast properties reflect the fact that only the processes in the primary data center are online (i.e., connected to clients). Roughly speaking, because processes in a backup data center do not interact with external entities, we can give them weaker delivery guarantees without compromising the overall reliability of the system.Another key to practical disaster resilience is for algorithms to exploit the underlying fail-over mechanism between data centers. The fail-over to a backup data center is initiated by human operators, so-called "push-button" switch-over. Because the fail-over decision is made by a human operator, the system itself does not have to guard against false disaster suspicions, and can thus be more efficient.Our HABcast algorithm exploits the above aspects of disaster-resilient systems. Basically, the algorithm overlays a primary-backup scheme on top of a per-data-center atomic algorithm that broadcasts messages within a single data center. This combination presents some unique challenges, such as handling the simultaneous occurrence of failures and disasters, and preventing the plurality of processes within a single data center from resulting in a plurality of messages being communicated between data centers.

[1]  Louise E. Moser,et al.  The Totem multiple-ring ordering and topology maintenance protocol , 1998, TOCS.

[2]  André Schiper Early consensus in an asynchronous system with a weak failure detector , 1997, Distributed Computing.

[3]  Louise E. Moser,et al.  A reliable ordered delivery protocol for interconnected local area networks , 1995, Proceedings of International Conference on Network Protocols.

[4]  Paulo Veríssimo,et al.  Totally ordered multicast in large-scale systems , 1996, Proceedings of 16th International Conference on Distributed Computing Systems.

[5]  Yair Amir,et al.  A low latency, loss tolerant architecture and protocol for wide area group communication , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[6]  Gul A. Agha,et al.  ACTORS - a model of concurrent computation in distributed systems , 1985, MIT Press series in artificial intelligence.

[7]  Andreas Reuter,et al.  Transaction Processing: Concepts and Techniques , 1992 .

[8]  Carl Hewitt,et al.  Viewing Control Structures as Patterns of Passing Messages , 1977, Artif. Intell..

[9]  Louise E. Moser,et al.  The Totem single-ring ordering and membership protocol , 1995, TOCS.

[10]  Katherine Guo,et al.  Structured virtual synchrony: exploring the bounds of virtual synchronous group communication , 1996, EW 7.

[11]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[12]  Idit Keidar,et al.  A client-server oriented algorithm for virtually synchronous group membership in WANs , 2000, Proceedings 20th IEEE International Conference on Distributed Computing Systems.

[13]  Kenneth P. Birman,et al.  Bimodal multicast , 1999, TOCS.

[14]  Michel Raynal,et al.  Atomic broadcast in asynchronous crash-recovery distributed systems , 2000, Proceedings 20th IEEE International Conference on Distributed Computing Systems.

[15]  Sam Toueg,et al.  Unreliable failure detectors for reliable distributed systems , 1996, JACM.

[16]  Sam Toueg,et al.  Fault-tolerant broadcasts and related problems , 1993 .