Trading Consistency for Availability in a Replicated System

Distributed systems are of unprecedented interest and importance today. Their omnipresence pervades many aspects of our daily lives leading to an increasing demand for dependability of such systems, sometimes very critically as in systems for air traffic control or public safety. As systems are expected to continue functioning even in the presence of failures, fault-tolerance as one means to enhance dependability is of particular interest. It is common to build such systems using distributed objects, which are replicated to provide the redundancy necessary for fault-tolerance. Furthermore, data integrity rules called constraints are defined among them. As concurrent access from different clients is a basic requirement, the isolation necessary to offer a comprehensible view to clients has to be provided. The system takes care of all those functions. In this regard, there are three types of consistency to be analyzed, defined, and compared: Replica consistency, which defines the correctness of replicated data, concurrency consistency, which defines the correctness of concurrent access to a single set of replicas, and constraint consistency, which defines the correctness of the system state with respect to the set of constraint conditions. Deploying these considerations, this thesis examines a very specific aspect of fault-tolerant distributed systems: the explicit trade-off between availability and constraint consistency. The type of replica consistency is used as a means of configuring the trade-off between constraint consistency and replica availability. If the system faces site crashes or network partitions, less but well controlled constraint consistency is accepted to gain higher availability of objects. Furthermore, a model for enabling this trade-off within a distributed system is introduced, the fault-tolerant naming service (FTNS). The key idea of the respective system architecture is to use asynchronous replication of persistent object-states, while operating on objects synchronously. During normal operation the system is set up like a conventional distributed system, while propagating persistent object-states prepares for degraded scenarios. Additionally, a proof of concept implementation is presented, the Distributed Telecommunication Management System (DTMS): It is an object-oriented, distributed and highly available software for managing a telecommunication network to be used in air traffic control.