Slide 16
Slide 16 text
“THE NETWORK IS RELIABLE” tops Peter Deutsch’s
classic list of “Eight fallacies of distributed
computing,” all [of which] “prove to be false in the
long run and all [of which] cause big trouble and
painful learning experiences” (https://blogs.oracle.
com/jag/resource/Fallacies.html). Accounting for and
understanding the implications of network behavior
is key to designing robust distributed programs—
in fact, six of Deutsch’s “fallacies” directly pertain
to limitations on networked communications.
This should be unsurprising: the ability (and often
requirement) to communicate over a shared channel
possibility and impossibility of perform-
ing distributed computations under
particular sets of network conditions.
For example, the celebrated FLP
impossibility result9 demonstrates
the inability to guarantee consensus
in an asynchronous network (that is,
one facing indefinite communication
partitions between processes) with one
faulty process. This means that, in the
presence of unreliable (untimely) mes-
sage delivery, basic operations such
as modifying the set of machines in
a cluster (that is, maintaining group
membership, as systems such as Zoo-
keeper are tasked with today) are not
guaranteed to complete in the event
of both network asynchrony and indi-
vidual server failures. Related results
describe the inability to guarantee the
progress of serializable transactions,7
linearizable reads/writes,11 and a variety
of useful, programmer-friendly guar-
antees under adverse conditions.3 The
implications of these results are not
simply academic: these impossibility
results have motivated a proliferation
of systems and designs offering a range
of alternative guarantees in the event
of network failures.5 However, under a
friendlier, more reliable network that
guarantees timely message delivery,
FLP and many of these related results
no longer hold:8 by making stronger
guarantees about network behavior,
we can circumvent the programmabil-
ity implications of these impossibility
proofs.
Therefore, the degree of reliability
in deployment environments is critical
in robust systems design and directly
determines the kinds of operations
that systems can reliably perform with-
out waiting. Unfortunately, the degree
to which networks are actually reliable
in the real world is the subject of con-
siderable and evolving debate. Some
have claimed that networks are reliable
(or that partitions are rare enough in
practice) and that we are too concerned
with designing for theoretical failure
The
Network
Is Reliable
DOI:10.1145/2643130
Article development led by
queue.acm.org
An informal survey of real-world
communications failures.
BY PETER BAILIS AND KYLE KINGSBURY
CACM,
September
2014
issue