This section contains recommendations pertaining to the Issues section of the TSSP Framework article.
(back to Protocol Standardization Efforts)
Fault Tolerance
The steps that compose the five proposed standard operations are shown ranked by how many times they appear in the operations' construction. Also, each step is categorized as being able, or desired, to be implemented in parallel. Steps that support parallelism assume that the failure of one of the executing threads compromises the entire operation, triggering aggressive rollback when possible. Inability to rollback can result in several undesired channel states:
- Inaccessible channel capacity (can not be remedied by TSSP)
- Inaccessible channel content (can not be remedied by TSSP)
- Skewed channel duration
- Skewed channel capacity
Step | Occurrence | Parallel (T/F) | Cause of Failure | Procedure |
obtain metadata |
5 |
F |
- connection timeout
- authentication failed
- path not found
- permission denied
- connection broken
- operation canceled
- operation interrupted
- size mismatch
- invalid schema
|
- exit
- exit
- exit
- exit
- exit
- exit
- retry (limit?)
- retry (limit?)
- exit
|
fill channel (store/copy) |
3 |
T |
- connection timeout
- authentication failed
- invalid capability
- invalid WRITE key
- insufficient space
- connection broken
- operation canceled
- operation interrupted
- size mismatch
- input stream closed
|
- try next depot/resource if available. otherwise, decrement successful allocations, purge metadata, and exit
- try next depot/resource if available. otherwise, decrement successful allocations, purge metadata, and exit
- redo allocate
- redo allocate
- try next depot/resource if available. otherwise, decrement successful allocations, purge metadata, and exit
- retry (limit?). otherwise, decrement successful allocations, purge metadata, and exit
- decrement successful allocations, purge metadata, and exit
- retry (limit?). otherwise, decrement successful allocations, purge metadata, and exit
- decrement successful allocations, purge metadata, and exit
- decrement successful allocations, purge metadata, and exit
|
obtain depot set |
2 |
T |
- connection timeout
- authentication failed
- empty set returned
- connection broken
- operation canceled
- invalid schema
|
- exit
- exit
- exit (=non-existant resource)
- retry (limit?). otherwise, exit
- exit
- exit
|
determine next depot |
2 |
F |
- malformed query
- invalid schema
- null result
|
- exit
- exit
- exit
|
reserve channel (alloc) |
2 |
T |
- connection timed out
- authentication failed
- invalid resource
- insufficient capacity
- insufficient duration
- connection broken
- operation canceled
- operation interrupted
|
- -
- -
- -
- -
- -
- -
- -
- -
|
publish/record metadata |
2 |
F |
- connection timeout
- authentication failed
- path not found
- permission denied
- not enough space
- connection broken
- operation canceled
- operation interrupted
|
- -
- -
- -
- -
- -
- -
- -
- -
|
order depot set |
1 |
F |
- malformed query
- invalid schema
|
- -
- -
|
expire channel |
1 |
T |
- connection timed out
- authentication failed
- invalid capability
- invalid MANAGE key
- connection broken
- operation canceled
- operation interrupted
|
- -
- -
- -
- -
- -
- -
- -
|
consume content (load) |
1 |
T |
- connection timed out
- authentication failed
- invalid capability
- invalid READ key
- size mismatch
- connection broken
- operation canceled
- operation interrupted
- output stream closed
|
- -
- -
- -
- -
- -
- -
- -
- -
- -
|
channel duration |
1 |
T |
- connection timed out
- authentication failed
- invalid capability
- invalid MANAGE key
- insufficient duration
- connection broken
- operation canceled
- operation interrupted
|
- -
- -
- -
- -
- -
- -
- -
- -
|
channel capacity |
1 |
T |
- connection timed out
- authentication failed
- invalid capability
- invalid MANAGE key
- insufficient capacity
- connection broken
- operation canceled
- operation interrupted
|
- -
- -
- -
- -
- -
- -
- -
- -
|