11/01/06 - Updated to include more commentary on tradeoffs and reliability
3/01/06 - Updated to include ifExists issues
Plenty of people have asked me to add clustering to Blitz and I’ve certainly been spending time looking at that idea but it’s time for a confession:
I dislike clustering intensely!
Especially when I consider it in the context of JINI philosophy. See, clustering is an attempt to hide and handle partial failure seamlessly allowing clients to imagine that all is well. It offends me on other levels as well - clustering is not simple to implement, not simple to deploy and not simple to manage. Not exactly a great example of the KISS principle and it flys in the face of the “Recovery Oriented Computing” approach taken by the likes of Google and Amazon.
Here are some of the other things that cause me to pause for thought:
(1) Data partitioning - how does one partition Entry’s across multiple JavaSpaces? There has to be some key field that we differentiate on. Or we just differentiate on Entry type which means all Entry’s of one type will end up in one place - not good for scaling. Okay, so which field is key? How do we express that? Do you want it in the Entry itself or in a configuration file? Do you want to change that dynamically or shut everything down, reconfigure and restart. And make no mistake moving data around as the result of changing configuration is going to be slow and painful!
(2) Load balancing - If one uses a master-slave approach, there’s no need for load balancing, there’s only one machine. But if you’re using multiple active machines you need to select a collection of potential query nodes on the basis of the partitioning information above after which you can consider load at each node to determine a choice. But how do you measure that load? Queries per second? Network traffic? CPU time? Disk load? And there’s another nasty factor that kicks around in this mix………..
(3) Replication - if you have multiple active machines serving queries for the same set of Entry’s, each machine has to inform others of changes to state via something like two-phase commit, paxos or whatever. So more nodes sharing Entry’s means more network traffic as they arbitrate over state changes. i.e. Just because you have several nodes providing access to shared data doesn’t mean you’ll scale because they must arbitrate in the same way as SMP processor boxes must. This multiple active machines approach works really well for read-mostly loads but JavaSpaces are update-mostly because take and write are the common operations.
(4) Performance through asynchronous replication - you can’t do this and be an official JavaSpace implementation because part of the JavaSpaces specification (under Operation Ordering) says:
Operations on a space are unordered. The only view of operation order can be a thread’s view of the order of the operations it performs. A view of inter-thread order can be imposed only by cooperating threads that use an application-specific protocol to prevent two or more operations being in progress at a single time on a single JavaSpaces service. Such means are outside the purview of this specification.
For example, given two threads T and U, if T performs a write operation and U performs a read with a template that would match the written entry, the read may not find the written entry even if the write returns before the read. Only if T and U cooperate to ensure that the write returns before the read commences would the read be ensured the opportunity to find the entry written by T (although it still might not do so because of an intervening take from a third entity).
Pay particular attention to that statement about co-operating threads and write/take. Note that when the write completes, it must be visible to the take immediately. Were we to use asynchronous replication, we would not be compliant with this requirement. I suspect given the way one should use take this shouldn’t matter in practice but it has implications for timeliness which might be inconvenient.
(5) Network partitioning - to handle these problems between client and cluster-member requires multiple network routes into the cluster. One cannot select another cluster-member if they are all accessed through a single network pipe. The same principles apply to intra-cluster communications. Whilst there are algorithms to tolerate these problems the ability to make progress under updates will be inhibited and clients may be repeatedly attempting to act on out-of-date state only to be aborted at transaction commit time as the algorithm determines that there is no viable resolution at this time. And even once the network is fixed, there will be a period of instability as things come back into sync.
(6) ifExists - fundamentally, the ifExists variants peer inside of transactions. In a master slave configuration this is not an issue but when one has multiple active partitions, there is a requirement to co-ordinate actions across all nodes which may have a possible match and a blocking transaction. Worse is that you can’t optimize this in any fashion, when the ifExists is issued, one must query all relevant bits of the cluster, arrange for any necessary callbacks and block accordingly.
Whilst it is possible to tackle all of these issues in a clustered implementation, a developer would only have so much control and it mightn’t be what is required for a particular application. There are all sorts of issues which may occur that have strange or undesirable manifestations from an application perspective and are not easily cured. The benefits of such a system are dubious in my opinion given the typical operation profile of a JavaSpaces application.
I can’t help but feel that there must be a better way……..
Other Observations
Many talk about a need for clustering when what they actually need is reliability. That is to say they want their systems to continue to make progress in the face of failures. There are many implementation options available for achieving this and clustering is but one. These same people then make things worse by also placing the requirements for load balancing, partitioning etc onto the cluster solution. This makes things considerably more complex by inter-mingling all sorts of complex and conflicting requirements. This results in either a clustering solution that is horribly difficult to configure or a less configurable solution that has a fixed set of trade-offs assumed for these inter-mingled requirements.
“Continuing to make progress in the face of failures” is a very foggy statement from an engineering perspective. Do we make progress across all work regardless of number of failures. Do we mean make progress with most work in the face a fixed number of failures or some other variation? If you want progress for all work regardless of number of failures, you better have big pockets for a lot of kit. Further, your performance ceiling will be limited because solutions for this problem require a lot of network traffic between members of the partition responsible for the data. More members means more resilience but more traffic and therefore less performance.
Entries (RSS)
January 10th, 2006 at 4:04 am
I’m pretty new to this stuff. I can understand the significant problems inherent with clustering, but I’m wondering what alternative approaches exist for using Javaspaces. If I correctly understand how Blitz works currently, a Javaspace instance can be hosted only on one machine. This then becomes a single point of failure, which was one of the problems I was hoping Jini/Javaspaces would help me avoid.
So what is a good approach to avoid a single point of failure, without using clustering? The only idea I have is to use multiple Javaspaces, with one or more workers asynchronously copying objects between them as needed. Clients somehow discover the Javaspaces that are available and manually failover between them. Am I making sense at all?
January 10th, 2006 at 10:51 am
You are making sense and that’s one approach though not the one I would adopt.
There are a number of ways to handle replication/state-loss (publicly documented on the web and elsewhere) which can be used to solve this problem. I have constructed several different solutions which I’m currently productizing. Thus, due to commercial constraints, I’m not able to provide further details at this point.
JINI/JavaSpaces does indeed help avoid SPOF’s but you potentially need other things as well, in particular appropriate algorithms/architecture. I can only offer the following:
If you think about the solution in terms of clustering or other solutions you’re familiar with, you’re unlikely to find the other options.
February 13th, 2006 at 6:51 pm
[…] As I’ve said in a previous posting, I’m not a fan of infrastructure level clustering. It basically comes down to the fact that this kind of approach to resilience and scale is achieved through centralization and strict control of the environment. Whilst such a level of control and centralization might be possible in certain well-defined, small scale circumstances, it gets much more difficult across a network of any size and with any more than a few machines. […]