TSSP Procedures: Difference between revisions

From ReddNet
Jump to navigation Jump to search
(New page: This section contains recommendations pertaining to the Issues section of the TSSP Framework article. = Fault Tolerance = <table> <tr> <th>Step</th><th>Occurrence</th><th>Failure Ty...)
 
 
(18 intermediate revisions by the same user not shown)
Line 1: Line 1:
This section contains recommendations pertaining to the Issues section of the [[TSSP Framework]] article.  
This section contains recommendations pertaining to the Issues section of the [[TSSP Framework]] article.  
(back to [[Protocol Standardization Efforts]])


= Fault Tolerance =
= Fault Tolerance =
The steps that compose the five proposed standard operations are shown ranked by how many times they appear in the operations' construction. Also, each step is categorized as being able, or desired, to be implemented in parallel. Steps that support parallelism assume that the failure of one of the executing threads compromises the entire operation, triggering aggressive rollback when possible. Inability to rollback can result in several undesired channel states:
* Inaccessible channel capacity (can not be remedied by TSSP)
* Inaccessible channel content (can not be remedied by TSSP)
* Skewed channel duration
* Skewed channel capacity


<table>
<table border=1>
<tr>
<tr>
<th>Step</th><th>Occurrence</th><th>Failure Type</th><th>Procedure</th>
<th>Step</th><th>Occurrence</th><th>Parallel (T/F)</th><th>Cause of Failure</th><th>Procedure</th>
</tr>
</tr>
  <tr>
  <tr>
  <td>obtain metadata</td>
  <td>obtain metadata</td>
  <td align=center>5</td>
  <td align=center>5</td>
  <td>-</td>
  <td align=center>F</td>
  <td>-</td>
  <td>
# connection timeout
# authentication failed
# path not found
# permission denied
# connection broken
# operation canceled
# operation interrupted (client crash)
# size mismatch
# invalid schema
</td>
<td>
# exit
# exit
# exit
# exit
# exit
# exit
# no action
# retry (limit?). exit
# exit
</td>
</tr>
</tr>
<tr>
<tr>
  <td>fill channel</td>
  <td>fill channel (store/copy)</td>
  <td align=center>3</td>
  <td align=center>3</td>
  <td>-</td>
  <td align=center>T</td>
  <td>-</td>
  <td>
# connection timeout
# authentication failed
# invalid capability
# invalid WRITE key
# insufficient space
# connection broken
# operation canceled
# operation interrupted (client crash)
# size mismatch
# input stream closed
</td>
<td>
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
# redo allocate
# redo allocate
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
# retry (limit?). otherwise, expire channel, purge metadata, and exit
# expire channel, purge metadata, and exit
# no action. results in inaccessible channel capacity and content
# expire channel, purge metadata, and exit
# expire channel, purge metadata, and exit
</td>
</tr>
</tr>
<tr>
<tr>
  <td>obtain depot set</td>
  <td>obtain depot set</td>
  <td align=center>2</td>
  <td align=center>2</td>
  <td>-</td>
  <td align=center>T</td>
  <td>-</td>
<td>
# connection timeout
# authentication failed
# empty set returned (i.e. non-existent resource)
# connection broken
# operation canceled
# invalid schema
</td>
  <td>
# exit
# exit
# exit
# retry (limit?). otherwise, exit
# exit
# exit
</td>
</tr>
</tr>
<tr>
<tr>
  <td>determine next depot</td>
  <td>determine next depot</td>
  <td align=center>2</td>
  <td align=center>2</td>
  <td>-</td>
  <td align=center>F</td>
  <td>-</td>
  <td>
# malformed query
# invalid schema
# null result
</td>
<td>
# exit
# exit
# exit
</td>
</tr>
</tr>
<tr>
<tr>
  <td>reserve channel</td>
  <td>reserve channel (alloc)</td>
  <td align=center>2</td>
  <td align=center>2</td>
  <td>-</td>
  <td align=center>T</td>
  <td>-</td>
  <td>
# connection timed out
# authentication failed
# invalid resource
# insufficient capacity
# insufficient duration
# connection broken
# operation canceled
# operation interrupted (client crash)
</td>
<td>
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
# exit
# no action. results in inaccessible channel capacity
</td>
</tr>
</tr>
<tr>
<tr>
  <td>publish/record metadata</td>
  <td>publish/record metadata</td>
  <td align=center>2</td>
  <td align=center>2</td>
<td align=center>F</td>
  <td>
  <td>
* connection timed out
# connection timeout
* authentication failed
# authentication failed
* path not found
# path not found
* permission denied
# permission denied
* not enough space
# not enough space
* connection broken
# connection broken
* transfer canceled
# operation canceled
* client detroyed
# operation interrupted (client crash)
</td>
<td>
# retry (limit?). otherwise cache locally(?) or expire channel. exit
# cache locally(?) or expire channel. exit
# expire channel. exit
# expire channel. exit
# expire channel. exit
# retry (limit?). otherwise cache locally or expire channel. exit
# expire channel. exit
# no action. results in inaccessible channel capacity and content
  </td>
  </td>
<td>-</td>
</tr>
</tr>
<tr>
<tr>
  <td>order depot set</td>
  <td>order depot set</td>
  <td align=center>1</td>
  <td align=center>1</td>
  <td>-</td>
  <td align=center>F</td>
  <td>-</td>
  <td>
# malformed query
# invalid schema
</td>
<td>
# exit
# exit
</td>
</tr>
</tr>
<tr>
<tr>
  <td>expire channel</td>
  <td>expire channel</td>
  <td align=center>1</td>
  <td align=center>1</td>
  <td>-</td>
  <td align=center>T</td>
  <td>-</td>
  <td>
# connection timed out
# authentication failed
# invalid capability
# invalid MANAGE key
# connection broken
# operation canceled
# operation interrupted (client crash)
</td>
<td>
# metadata is not purged, remains in the namespace, and contains unexpired allocations. retry (limit? time?)
# metadata is not purged, remains in the namespace, and contains unexpired allocations. exit
# interpreted as expired allocation. metadata is purged
# interpreted as unauthorized allocation. metadata is purged
# retry (limit?). exit
# metadata is not purged, remains in the namespace, and contains unexpired allocations (i.e. partial channel and content). exit
# no action. can result in partial channel and content
</td>
</tr>
</tr>
<tr>
<tr>
  <td>consume content</td>
  <td>consume content (load)</td>
  <td align=center>1</td>
  <td align=center>1</td>
  <td>-</td>
  <td align=center>T</td>
  <td>-</td>
  <td>
# connection timed out
# authentication failed
# invalid capability
# invalid READ key
# size mismatch
# connection broken
# operation canceled
# operation interrupted (client crash)
# output stream closed
</td>
<td>
# retry. try replica. exit
# exit
# try replica. exit
# try replica. exit
# retry. try replica. exit
# retry. try replica. exit
# exit
# no action
# exit
</td>
</tr>
</tr>
<tr>
<tr>
  <td>channel duration</td>
  <td>channel duration</td>
  <td align=center>1</td>
  <td align=center>1</td>
  <td>-</td>
  <td align=center>T</td>
  <td>-</td>
  <td>
# connection timed out
# authentication failed
# invalid capability
# invalid MANAGE key
# insufficient duration
# connection broken
# operation canceled
# operation interrupted (client crash)
</td>
<td>
# retry (limit?). exit
# exit
# exit
# exit
# exit
# retry (limit?). exit
# undo duration changes to altered allocations. exit
# no action. results in skewed channel duration
</td>
</tr>
</tr>
<tr>
<tr>
  <td>channel capacity</td>
  <td>channel capacity</td>
  <td align=center>1</td>
  <td align=center>1</td>
  <td>-</td>
  <td align=center>T</td>
  <td>-</td>
  <td>
# connection timed out
# authentication failed
# invalid capability
# invalid MANAGE key
# insufficient capacity
# connection broken
# operation canceled
# operation interrupted (client crash)
</td>
<td>
# retry (limit?). exit
# exit
# exit
# exit
# exit
# retry (limit?). exit
# undo resizing of altered allocations. exit
# no action. results in skewed channel capacity
</td>
</tr>
</tr>
</table>
</table>

Latest revision as of 20:40, 31 January 2008

This section contains recommendations pertaining to the Issues section of the TSSP Framework article.

(back to Protocol Standardization Efforts)

Fault Tolerance

The steps that compose the five proposed standard operations are shown ranked by how many times they appear in the operations' construction. Also, each step is categorized as being able, or desired, to be implemented in parallel. Steps that support parallelism assume that the failure of one of the executing threads compromises the entire operation, triggering aggressive rollback when possible. Inability to rollback can result in several undesired channel states:

  • Inaccessible channel capacity (can not be remedied by TSSP)
  • Inaccessible channel content (can not be remedied by TSSP)
  • Skewed channel duration
  • Skewed channel capacity
StepOccurrenceParallel (T/F)Cause of FailureProcedure
obtain metadata 5 F
  1. connection timeout
  2. authentication failed
  3. path not found
  4. permission denied
  5. connection broken
  6. operation canceled
  7. operation interrupted (client crash)
  8. size mismatch
  9. invalid schema
  1. exit
  2. exit
  3. exit
  4. exit
  5. exit
  6. exit
  7. no action
  8. retry (limit?). exit
  9. exit
fill channel (store/copy) 3 T
  1. connection timeout
  2. authentication failed
  3. invalid capability
  4. invalid WRITE key
  5. insufficient space
  6. connection broken
  7. operation canceled
  8. operation interrupted (client crash)
  9. size mismatch
  10. input stream closed
  1. try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
  2. try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
  3. redo allocate
  4. redo allocate
  5. try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
  6. retry (limit?). otherwise, expire channel, purge metadata, and exit
  7. expire channel, purge metadata, and exit
  8. no action. results in inaccessible channel capacity and content
  9. expire channel, purge metadata, and exit
  10. expire channel, purge metadata, and exit
obtain depot set 2 T
  1. connection timeout
  2. authentication failed
  3. empty set returned (i.e. non-existent resource)
  4. connection broken
  5. operation canceled
  6. invalid schema
  1. exit
  2. exit
  3. exit
  4. retry (limit?). otherwise, exit
  5. exit
  6. exit
determine next depot 2 F
  1. malformed query
  2. invalid schema
  3. null result
  1. exit
  2. exit
  3. exit
reserve channel (alloc) 2 T
  1. connection timed out
  2. authentication failed
  3. invalid resource
  4. insufficient capacity
  5. insufficient duration
  6. connection broken
  7. operation canceled
  8. operation interrupted (client crash)
  1. try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
  2. try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
  3. try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
  4. try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
  5. try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
  6. try next depot/resource if available. otherwise, expire channel, purge metadata, and exit
  7. exit
  8. no action. results in inaccessible channel capacity
publish/record metadata 2 F
  1. connection timeout
  2. authentication failed
  3. path not found
  4. permission denied
  5. not enough space
  6. connection broken
  7. operation canceled
  8. operation interrupted (client crash)
  1. retry (limit?). otherwise cache locally(?) or expire channel. exit
  2. cache locally(?) or expire channel. exit
  3. expire channel. exit
  4. expire channel. exit
  5. expire channel. exit
  6. retry (limit?). otherwise cache locally or expire channel. exit
  7. expire channel. exit
  8. no action. results in inaccessible channel capacity and content
order depot set 1 F
  1. malformed query
  2. invalid schema
  1. exit
  2. exit
expire channel 1 T
  1. connection timed out
  2. authentication failed
  3. invalid capability
  4. invalid MANAGE key
  5. connection broken
  6. operation canceled
  7. operation interrupted (client crash)
  1. metadata is not purged, remains in the namespace, and contains unexpired allocations. retry (limit? time?)
  2. metadata is not purged, remains in the namespace, and contains unexpired allocations. exit
  3. interpreted as expired allocation. metadata is purged
  4. interpreted as unauthorized allocation. metadata is purged
  5. retry (limit?). exit
  6. metadata is not purged, remains in the namespace, and contains unexpired allocations (i.e. partial channel and content). exit
  7. no action. can result in partial channel and content
consume content (load) 1 T
  1. connection timed out
  2. authentication failed
  3. invalid capability
  4. invalid READ key
  5. size mismatch
  6. connection broken
  7. operation canceled
  8. operation interrupted (client crash)
  9. output stream closed
  1. retry. try replica. exit
  2. exit
  3. try replica. exit
  4. try replica. exit
  5. retry. try replica. exit
  6. retry. try replica. exit
  7. exit
  8. no action
  9. exit
channel duration 1 T
  1. connection timed out
  2. authentication failed
  3. invalid capability
  4. invalid MANAGE key
  5. insufficient duration
  6. connection broken
  7. operation canceled
  8. operation interrupted (client crash)
  1. retry (limit?). exit
  2. exit
  3. exit
  4. exit
  5. exit
  6. retry (limit?). exit
  7. undo duration changes to altered allocations. exit
  8. no action. results in skewed channel duration
channel capacity 1 T
  1. connection timed out
  2. authentication failed
  3. invalid capability
  4. invalid MANAGE key
  5. insufficient capacity
  6. connection broken
  7. operation canceled
  8. operation interrupted (client crash)
  1. retry (limit?). exit
  2. exit
  3. exit
  4. exit
  5. exit
  6. retry (limit?). exit
  7. undo resizing of altered allocations. exit
  8. no action. results in skewed channel capacity