TSSP Procedures: Difference between revisions
Jump to navigation
Jump to search
(16 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
This section contains recommendations pertaining to the Issues section of the [[TSSP Framework]] article. | This section contains recommendations pertaining to the Issues section of the [[TSSP Framework]] article. | ||
(back to [[Protocol Standardization Efforts]]) | |||
= Fault Tolerance = | = Fault Tolerance = | ||
The steps that compose the five proposed standard operations are shown ranked by how many times they appear in the operations' construction. Also, each step is categorized as being able, or desired, to be implemented in parallel. Steps that support parallelism assume that the failure of one of the executing threads compromises the entire operation, triggering aggressive rollback when possible. Inability to rollback can result in several undesired channel states: | |||
* Inaccessible channel capacity (can not be remedied by TSSP) | |||
* Inaccessible channel content (can not be remedied by TSSP) | |||
* Skewed channel duration | |||
* Skewed channel capacity | |||
<table border=1> | <table border=1> | ||
<tr> | <tr> | ||
<th>Step</th><th>Occurrence</th><th>Parallel (T/F)</th><th>Failure | <th>Step</th><th>Occurrence</th><th>Parallel (T/F)</th><th>Cause of Failure</th><th>Procedure</th> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 12: | Line 19: | ||
<td align=center>F</td> | <td align=center>F</td> | ||
<td> | <td> | ||
# connection | # connection timeout | ||
# authentication failed | # authentication failed | ||
# path not found | # path not found | ||
# permission denied | # permission denied | ||
# connection broken | # connection broken | ||
# | # operation canceled | ||
# client | # operation interrupted (client crash) | ||
# size mismatch | # size mismatch | ||
# invalid schema | # invalid schema | ||
</td> | </td> | ||
<td> | <td> | ||
# | # exit | ||
# | # exit | ||
# | # exit | ||
# | # exit | ||
# | # exit | ||
# | # exit | ||
# | # no action | ||
# | # retry (limit?). exit | ||
# | # exit | ||
</td> | </td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>fill channel</td> | <td>fill channel (store/copy)</td> | ||
<td align=center>3</td> | <td align=center>3</td> | ||
<td align=center>T</td> | <td align=center>T</td> | ||
<td> | <td> | ||
<td> | # connection timeout | ||
# authentication failed | |||
# invalid capability | |||
# invalid WRITE key | |||
# insufficient space | |||
# connection broken | |||
# operation canceled | |||
# operation interrupted (client crash) | |||
# size mismatch | |||
# input stream closed | |||
</td> | |||
<td> | |||
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit | |||
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit | |||
# redo allocate | |||
# redo allocate | |||
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit | |||
# retry (limit?). otherwise, expire channel, purge metadata, and exit | |||
# expire channel, purge metadata, and exit | |||
# no action. results in inaccessible channel capacity and content | |||
# expire channel, purge metadata, and exit | |||
# expire channel, purge metadata, and exit | |||
</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 46: | Line 75: | ||
<td align=center>T</td> | <td align=center>T</td> | ||
<td> | <td> | ||
# connection | # connection timeout | ||
# authentication failed | # authentication failed | ||
# empty set returned | # empty set returned (i.e. non-existent resource) | ||
# connection broken | # connection broken | ||
# | # operation canceled | ||
# invalid schema | # invalid schema | ||
</td> | </td> | ||
<td> | <td> | ||
# | # exit | ||
# | # exit | ||
# | # exit | ||
# | # retry (limit?). otherwise, exit | ||
# | # exit | ||
# | # exit | ||
</td> | </td> | ||
</tr> | </tr> | ||
Line 67: | Line 96: | ||
<td align=center>F</td> | <td align=center>F</td> | ||
<td> | <td> | ||
# | # malformed query | ||
# invalid schema | # invalid schema | ||
# null result | |||
</td> | </td> | ||
<td> | <td> | ||
# | # exit | ||
# | # exit | ||
# exit | |||
</td> | </td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>reserve channel</td> | <td>reserve channel (alloc)</td> | ||
<td align=center>2</td> | <td align=center>2</td> | ||
<td align=center>T</td> | <td align=center>T</td> | ||
<td> | <td> | ||
<td> | # connection timed out | ||
# authentication failed | |||
# invalid resource | |||
# insufficient capacity | |||
# insufficient duration | |||
# connection broken | |||
# operation canceled | |||
# operation interrupted (client crash) | |||
</td> | |||
<td> | |||
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit | |||
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit | |||
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit | |||
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit | |||
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit | |||
# try next depot/resource if available. otherwise, expire channel, purge metadata, and exit | |||
# exit | |||
# no action. results in inaccessible channel capacity | |||
</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 87: | Line 136: | ||
<td align=center>F</td> | <td align=center>F</td> | ||
<td> | <td> | ||
# connection | # connection timeout | ||
# authentication failed | # authentication failed | ||
# path not found | # path not found | ||
Line 93: | Line 142: | ||
# not enough space | # not enough space | ||
# connection broken | # connection broken | ||
# | # operation canceled | ||
# client | # operation interrupted (client crash) | ||
</td> | </td> | ||
<td> | <td> | ||
# | # retry (limit?). otherwise cache locally(?) or expire channel. exit | ||
# | # cache locally(?) or expire channel. exit | ||
# | # expire channel. exit | ||
# | # expire channel. exit | ||
# | # expire channel. exit | ||
# | # retry (limit?). otherwise cache locally or expire channel. exit | ||
# | # expire channel. exit | ||
# | # no action. results in inaccessible channel capacity and content | ||
</td> | </td> | ||
</tr> | </tr> | ||
Line 111: | Line 160: | ||
<td align=center>1</td> | <td align=center>1</td> | ||
<td align=center>F</td> | <td align=center>F</td> | ||
<td> | <td> | ||
<td> | # malformed query | ||
# invalid schema | |||
</td> | |||
<td> | |||
# exit | |||
# exit | |||
</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 118: | Line 173: | ||
<td align=center>1</td> | <td align=center>1</td> | ||
<td align=center>T</td> | <td align=center>T</td> | ||
<td> | <td> | ||
<td> | # connection timed out | ||
# authentication failed | |||
# invalid capability | |||
# invalid MANAGE key | |||
# connection broken | |||
# operation canceled | |||
# operation interrupted (client crash) | |||
</td> | |||
<td> | |||
# metadata is not purged, remains in the namespace, and contains unexpired allocations. retry (limit? time?) | |||
# metadata is not purged, remains in the namespace, and contains unexpired allocations. exit | |||
# interpreted as expired allocation. metadata is purged | |||
# interpreted as unauthorized allocation. metadata is purged | |||
# retry (limit?). exit | |||
# metadata is not purged, remains in the namespace, and contains unexpired allocations (i.e. partial channel and content). exit | |||
# no action. can result in partial channel and content | |||
</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>consume content</td> | <td>consume content (load)</td> | ||
<td align=center>1</td> | <td align=center>1</td> | ||
<td align=center>T</td> | <td align=center>T</td> | ||
<td> | <td> | ||
<td> | # connection timed out | ||
# authentication failed | |||
# invalid capability | |||
# invalid READ key | |||
# size mismatch | |||
# connection broken | |||
# operation canceled | |||
# operation interrupted (client crash) | |||
# output stream closed | |||
</td> | |||
<td> | |||
# retry. try replica. exit | |||
# exit | |||
# try replica. exit | |||
# try replica. exit | |||
# retry. try replica. exit | |||
# retry. try replica. exit | |||
# exit | |||
# no action | |||
# exit | |||
</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 132: | Line 223: | ||
<td align=center>1</td> | <td align=center>1</td> | ||
<td align=center>T</td> | <td align=center>T</td> | ||
<td> | <td> | ||
<td> | # connection timed out | ||
# authentication failed | |||
# invalid capability | |||
# invalid MANAGE key | |||
# insufficient duration | |||
# connection broken | |||
# operation canceled | |||
# operation interrupted (client crash) | |||
</td> | |||
<td> | |||
# retry (limit?). exit | |||
# exit | |||
# exit | |||
# exit | |||
# exit | |||
# retry (limit?). exit | |||
# undo duration changes to altered allocations. exit | |||
# no action. results in skewed channel duration | |||
</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 139: | Line 248: | ||
<td align=center>1</td> | <td align=center>1</td> | ||
<td align=center>T</td> | <td align=center>T</td> | ||
<td> | <td> | ||
<td> | # connection timed out | ||
# authentication failed | |||
# invalid capability | |||
# invalid MANAGE key | |||
# insufficient capacity | |||
# connection broken | |||
# operation canceled | |||
# operation interrupted (client crash) | |||
</td> | |||
<td> | |||
# retry (limit?). exit | |||
# exit | |||
# exit | |||
# exit | |||
# exit | |||
# retry (limit?). exit | |||
# undo resizing of altered allocations. exit | |||
# no action. results in skewed channel capacity | |||
</td> | |||
</tr> | </tr> | ||
</table> | </table> |
Latest revision as of 20:40, 31 January 2008
This section contains recommendations pertaining to the Issues section of the TSSP Framework article.
(back to Protocol Standardization Efforts)
Fault Tolerance
The steps that compose the five proposed standard operations are shown ranked by how many times they appear in the operations' construction. Also, each step is categorized as being able, or desired, to be implemented in parallel. Steps that support parallelism assume that the failure of one of the executing threads compromises the entire operation, triggering aggressive rollback when possible. Inability to rollback can result in several undesired channel states:
- Inaccessible channel capacity (can not be remedied by TSSP)
- Inaccessible channel content (can not be remedied by TSSP)
- Skewed channel duration
- Skewed channel capacity
Step | Occurrence | Parallel (T/F) | Cause of Failure | Procedure |
---|---|---|---|---|
obtain metadata | 5 | F |
|
|
fill channel (store/copy) | 3 | T |
|
|
obtain depot set | 2 | T |
|
|
determine next depot | 2 | F |
|
|
reserve channel (alloc) | 2 | T |
|
|
publish/record metadata | 2 | F |
|
|
order depot set | 1 | F |
|
|
expire channel | 1 | T |
|
|
consume content (load) | 1 | T |
|
|
channel duration | 1 | T |
|
|
channel capacity | 1 | T |
|
|