Scribd Logo
Upload

Welcome to Scribd!

  • Reliability and State Machines in An Advanced Network Testbed

    Uploaded by

    Rfiq Shaikh
    25 views47 pages
    This document summarizes Mac Newbold's MS thesis defense presentation on using state machines to improve reliability in the Emulab network testbed. The presentation discusses how Emulab faces challenges with reliability, scalability, performance and generality due to its complexity. It proposes enhancing Emulab with a flexible state machine framework to improve monitoring, control and reliability. Key aspects include using state machines to model node boot processes, experiment lifecycles and allocate nodes, with the stated daemon centrally managing state changes. Evaluation found state machines helped prevent issues, support new node types and configurations gracefully, and improve timeout mechanisms for better reliability and scalability.

    Original Description:

    Thesis Defense

    Original Title

    Thesis Defense

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes Mac Newbold's MS thesis defense presentation on using state machines to improve reliability in the Emulab network testbed. The presentation discusses how Emulab faces challenges with reliability, scalability, performance and generality due to its complexity. It proposes enhancing Emulab with a flexible state machine framework to improve monitoring, control and reliability. Key aspects include using state machines to model node boot processes, experiment lifecycles and allocate nodes, with the stated daemon centrally managing state changes. Evaluation found state machines helped prevent issues, support new node types and configurations gracefully, and improve timeout mechanisms for better reliability and scalability.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    25 views47 pages

    Reliability and State Machines in An Advanced Network Testbed

    Uploaded by

    Rfiq Shaikh
    This document summarizes Mac Newbold's MS thesis defense presentation on using state machines to improve reliability in the Emulab network testbed. The presentation discusses how Emulab faces challenges with reliability, scalability, performance and generality due to its complexity. It proposes enhancing Emulab with a flexible state machine framework to improve monitoring, control and reliability. Key aspects include using state machines to model node boot processes, experiment lifecycles and allocate nodes, with the stated daemon centrally managing state changes. Evaluation found state machines helped prevent issues, support new node types and configurations gracefully, and improve timeout mechanisms for better reliability and scalability.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 47

    Reliability and State Machines in

    an Advanced Network Testbed

    Mac Newbold
    School of Computing
    University of Utah
    MS Thesis Defense
    April 5, 2004
    Advisor: Prof. Jay Lepreau
    Distributed Systems
    • Distributed Systems are complex
    – Many components
    – Distributed across multiple systems
    • Component failures are relatively common
    – But should not cause system breakdown
    • “A distributed system is one in which the
    failure of a computer you didn’t even know
    existed can render your own computer
    unusable.” – Leslie Lamport, quoted in
    CACM, June 1992
    April 5th, 2004 Mac Newbold - MS Thesis Defense 2
    Our Context: Emulab
    • Emulab is an advanced network testbed
    • Complex time- and space-shared system
    • System dynamically reconfigures nodes and
    network links to create “experiments”
    • Key architectural feature: Central Database
    – System uses DB for storage, communication
    • Complex system with many different scripts
    and programs on clients and servers
    April 5th, 2004 Mac Newbold - MS Thesis Defense 3
    Emulab Background
    • First prototype in April 2000 (10 nodes)
    • In production since Oct. 2000 (40 nodes)
    • Early versions weren’t perfect
    – Reliability problems
    – Experiments of limited size
    – Inefficient use of resources
    • Problem is becoming harder
    – 200 nodes, 400 remote, 2000 virtual nodes

    April 5th, 2004 Mac Newbold - MS Thesis Defense 4


    Four Key Challenges
    Emulab requirements:
    • Reliability
    • Scalability
    • Performance and Efficiency
    • Generality and Portability

    April 5th, 2004 Mac Newbold - MS Thesis Defense 5


    1. Reliability
    • Complex systems are hard to make reliable
    • Many sources of unreliability:
    – Hardware – commodity PCs as nodes
    – Software – misconfiguration, bugs, etc.
    – Humans – can interrupt at any time
    • More complexity and more parts mean
    higher chance that something is broken at
    any given time

    April 5th, 2004 Mac Newbold - MS Thesis Defense 6


    2. Scalability
    • Almost everything a testbed provides is
    harder to provide at a larger scale
    • Larger scale requires more resources
    • If throughput doesn’t increase, things slow
    down at larger scale
    • Increased load adversely affects reliability
    • Practical scalability limited by reliability,
    performance and efficiency
    April 5th, 2004 Mac Newbold - MS Thesis Defense 7
    3. Performance and Efficiency
    • One direct requirement on performance:
    – Emulab is used in an interactive style
    • System tasks must complete in “a few minutes”
    • Indirect requirements:
    – Scalability requirement places high demands
    on many system components
    – Maximize efficient resource utilization
    • As many users/experiments as possible in the
    shortest time with the fewest resources

    April 5th, 2004 Mac Newbold - MS Thesis Defense 8


    4. Generality and Portability
    • Workload Generality
    – Wide variety of research, teaching,
    development, and testing activities
    – Good support for minimally and non-
    instrumented client OS’s and devices
    • Model generality
    – Evolving system
    – New types of network devices
    • Portable and non-intrusive client software
    April 5th, 2004 Mac Newbold - MS Thesis Defense 9
    Summary of Challenges
    • Three challenges are closely related
    – Fourth is a constraint more than a challenge
    • Reliability is key
    • Failure rates directly impact scalability,
    performance, and efficiency
    • Generality and portability requirements
    constrain any solution used to address the
    challenges

    April 5th, 2004 Mac Newbold - MS Thesis Defense 10


    Thesis Statement

    Enhancing Emulab with a flexible framework


    based on state machines provides better
    monitoring and control, and improves the
    reliability, scalability, performance,
    efficiency, and generality of the system.

    April 5th, 2004 Mac Newbold - MS Thesis Defense 11


    Outline
    • Introduction, Background, and Challenges
    • Thesis Statement
    • State Machines in Emulab
    – Interactions, Control Models, stated
    – Node Boot State Machines
    • Results
    • Related and Future Work
    • Conclusion
    April 5th, 2004 Mac Newbold - MS Thesis Defense 12
    State Machines
    • Also called Finite State Machines (FSMs),
    Finite State Automata (FSAs), or
    Statecharts in UML
    • Well-known model
    • Simple
    • Explicit model
    • Rich and flexible
    • Easy to understand and visualize
    April 5th, 2004 Mac Newbold - MS Thesis Defense 13
    Example State Machine
    • Three main parts:
    • States
    • Transitions
    – Directional
    • Events
    – Associated with
    transitions – labels
    • Stored in database
    – diagrams generated
    automatically from DB

    April 5th, 2004 Mac Newbold - MS Thesis Defense 14


    State Machines in Emulab
    • Each state machine has a “type”
    – Currently three: node boot, node allocation,
    and experiment status
    • Multiple machines allowed within a type
    – Only in one state in one machine of a type
    • States can have “timeouts” with actions
    – Timer starts when state is entered
    • State “triggers” – Entry Actions

    April 5th, 2004 Mac Newbold - MS Thesis Defense 15


    Direct Interaction
    • Within a type, can take a transition from a
    state in one machine (or “mode”) to a state
    in another machine of that type
    – Known as “mode transition” in Emulab
    – Similar to hierarchical state machines
    • Highlights similarities/symmetries
    – Most machines are variations of another
    • Improved code reuse

    April 5th, 2004 Mac Newbold - MS Thesis Defense 16


    Direct Interaction Example

    April 5th, 2004 Mac Newbold - MS Thesis Defense 17


    Models of State Machine Control
    • Centralized monitoring & control: stated
    – State changes submitted, checked for
    correctness, applicable actions performed
    – Daemon tracks timeouts
    – Used for Node Boot state machines
    • Distributed management of state machine
    – No central service enforcing correctness
    – No dependency on central service
    – Timeouts harder to implement
    April 5th, 2004 Mac Newbold - MS Thesis Defense 18
    The stated State Daemon
    • Listens for events continuously
    • State transitions cause database updates
    • Invalid transitions cause notifications
    • Timeouts, timeout actions, triggers
    configurable in DB for each state
    • Caching – only writer of node boot states
    • Modular design – dispatch events to proper
    action handlers
    April 5th, 2004 Mac Newbold - MS Thesis Defense 19
    Node Boot State Machines
    • Nodes in Emulab self-configure
    • Monitored via state machines – stated
    • “Normal” node boot machine
    • Variations – “Minimal”
    • Reloading node disks

    April 5th, 2004 Mac Newbold - MS Thesis Defense 20


    Node Self-Configuration
    • Nodes send state events during booting to
    allow progress to be monitored
    • “Global knowledge” inside state daemon
    – Better decisions about recovery steps
    • Finer granularity gives more information for
    recovery, allows for shorter timeouts
    • Each OS image is associated with a “mode”
    (state machine) that describes its behavior

    April 5th, 2004 Mac Newbold - MS Thesis Defense 21


    “Normal” Node Boot Machine
    • Start in SHUTDOWN
    • DHCP, start OS booting
    • When Emulab-specific
    configuration begins,
    enter TBSETUP
    • ISUP when finished
    • In case of failure, can
    retry from SHUTDOWN
    April 5th, 2004 Mac Newbold - MS Thesis Defense 22
    Variations of Node Boot
    • Example: MINIMAL
    • For OS images with
    little or no special
    Emulab support
    • ISUP generated by
    stated if necessary
    – Immediate or ping
    • SilentReboot allowed
    in this mode
    April 5th, 2004 Mac Newbold - MS Thesis Defense 23
    Reloading Node Disks
    • Mode transition
    into RELOAD /
    SHUTDOWN
    • RELOADDONE
    transitions into
    mode for
    newly-installed
    OS image

    April 5th, 2004 Mac Newbold - MS Thesis Defense 24


    Reloading and Mode Transitions

    April 5th, 2004 Mac Newbold - MS Thesis Defense 25


    Experiment Status State Machine
    • Uses distributed model
    – Stored in database, but not
    strictly enforced
    • Documents life-cycle
    • Restricts user interruption
    – Reduces a source of errors
    • Can queue, activate,
    modify, restart, swap, or
    terminate an expt.
    April 5th, 2004 Mac Newbold - MS Thesis Defense 26
    Node Allocation State Machine
    • Distributed control model
    • Diagram documents the
    way the states are used by
    the program, but not
    currently enforced
    • Either reloads nodes with a
    custom image, or reboots
    them as members of the
    experiment
    April 5th, 2004 Mac Newbold - MS Thesis Defense 27
    Results: Context
    • Emulab in production 1 year before state
    machines were added
    • In production 3 years since first stated
    – 650 users, 150 projects, 75 institutions
    • 19 papers, top venues
    – Over 155,000 nodes allocated in nearly 10,000
    experiment instances
    – 13 classes at 10 universities
    • Emulab SW on 6 more testbeds, 4 planned
    April 5th, 2004 Mac Newbold - MS Thesis Defense 28
    Results
    • Anecdotal: (others in thesis)
    – Reliability/Performance: Preventing race
    conditions
    – Generality: Graceful handling of custom OS
    images
    – Generality: New node types
    • Experiment:
    – Reliability/Scalability: Improved timeout
    mechanisms
    April 5th, 2004 Mac Newbold - MS Thesis Defense 29
    Reliability/Performance:
    Preventing Race Conditions
    • Expt. ends, nodes move to holding expt.,
    get reloaded, then freed while they boot
    • Problem: Getting allocated while booting
    • Node appears unresponsive, gets forcefully
    power cycled, corrupts FS on disk
    • Solution: don’t free immediately
    • Add trigger on next ISUP for a node that
    finishes booting, that frees it when booted
    April 5th, 2004 Mac Newbold - MS Thesis Defense 30
    Generality: Graceful Handling
    of Custom OS Images
    • Users create custom OS images
    • Emulab client software is optional
    • Problem: Nodes don’t send state events
    • Solution: “Minimal” state machine
    • SHUTDOWN: maybe on server, optional
    • BOOTING: server side, trigger checks ISUP
    • ISUP: either node sends, or generated
    when pingable, or generated immediately
    April 5th, 2004 Mac Newbold - MS Thesis Defense 31
    Generality: New Node Types
    • Emulab is always growing and changing
    • State machine model and our framework
    are flexible to provide graceful evolution
    • We’ve added 5 new node types
    – IXPs, wide-area, PlanetLab, vnodes, sim-nodes
    • Mostly used existing machines
    • 2 new machines, slight variations
    • 1 change to stated to add a new trigger
    April 5th, 2004 Mac Newbold - MS Thesis Defense 32
    Reliability/Scalability:
    Improved Timeout Mechanisms
    • Before: reboot node, wait for it to boot
    – Static, 7 minute timeout
    • Pragmatic – minimizes false positives/negatives
    • Avg. 4 min., but max. error-free boot is 15 min.
    • 11 minute delay is too long
    • Improved: state machine monitoring
    – Fine-grained, context-sensitive timeouts
    – Faster error detection
    – Better monitoring and control
    April 5th, 2004 Mac Newbold - MS Thesis Defense 33
    Reliability/Scalability:
    Improved Timeout Mechanisms
    • Experiment: Measure expt. swap-in time,
    with and without the improvements
    – Synthetic but plausible scenario
    • One node, loads an RPM (8 min. install)
    • Node reboots, timeout during RPM install
    – Reboots again, timeout again, mark node dead
    – Try twice per swap-in, 3 swap-in attempts
    – Total failure in 45 min., 3 nodes “dead”

    April 5th, 2004 Mac Newbold - MS Thesis Defense 34


    Reliability/Scalability:
    Improved Timeout Mechanisms
    • With state machines:
    – Timeouts: SHUTDOWN 2 min, BOOTING 3 min,
    TBSETUP 10 min
    • Node reboots, enters BOOTING
    • 1 minute: Enters TBSETUP
    • 9 minutes: Enters ISUP, expt. ready
    • Succeeds, with no dead nodes or retries
    • Cut time from 45 min. to 9 min. (80%)
    April 5th, 2004 Mac Newbold - MS Thesis Defense 35
    Limitations and Issues
    • stated is critical infrastructure
    – Another single point of failure
    – More system complexity, new bugs,
    complicated debugging
    – Potential for scaling problems (none seen yet)
    • Simple heuristics for error detection
    – Send mail for invalid transitions

    April 5th, 2004 Mac Newbold - MS Thesis Defense 36


    Summary of Results
    • Explicit model requires careful thought
    – Improves design and implementation
    • Visualization makes it easier to understand
    • Faster and more accurate error detection
    • Better reliability helps scalability/efficiency
    – Bigger expts. possible, less overhead per expt.
    • Flexibility for evolution, workload generality

    April 5th, 2004 Mac Newbold - MS Thesis Defense 37


    Related Work
    • “Standard” Finite State Automata – basics
    – Timed Automata – have global clock
    • Message Sequence Charts (MSCs)
    – “Scenarios” – hierarchy, like modes/machines
    • UML Statecharts
    – States have entry actions – “triggers”
    – Hierarchical states – similar to modes
    – Can model Emulab’s timeouts

    April 5th, 2004 Mac Newbold - MS Thesis Defense 38


    Future Work
    • Further developing distributed control
    – Add monitoring, timeouts, triggers
    • Better heuristics for error detection
    – Only flag clustered or related errors
    • Implement more ideas from other systems
    – UML’s exit actions, guarded transitions, etc.
    • Move code into database – i.e. triggers
    – Easier to modify, framework code vs. machine

    April 5th, 2004 Mac Newbold - MS Thesis Defense 39


    Conclusion

    Enhancing Emulab with a flexible framework


    based on state machines provides better
    monitoring and control, and improves the
    reliability, scalability, performance,
    efficiency, and generality of the system.

    April 5th, 2004 Mac Newbold - MS Thesis Defense 40


    Bonus Slides

    April 5th, 2004 Mac Newbold - MS Thesis Defense 41


    Demonstrating Improvement
    • Currently: programs have their own retry
    and timeout mechanisms for node reboots
    – No knowledge of progress, just completion
    – Can cause failures by forcing a reboot, which
    can damage file systems on node disk
    • “New Way”: stated handles timeout and
    retry during rebooting
    – Implemented, not installed
    – Knows if progress is being made
    – Programs simply wait for ISUP or failure event
    April 5th, 2004 Mac Newbold - MS Thesis Defense 42
    Demonstrating Improvement (cont’d)
    • These failures directly hurt reliability
    – Node failure can cause experiment setup to fail
    • Significant impact on scaling, performance,
    efficiency
    • Maximum experiment size is limited by
    node failure rate
    – Failures make things take longer
    – A slower system means less efficient use of
    resources
    April 5th, 2004 Mac Newbold - MS Thesis Defense 43
    Demonstrating Improvement (cont’d)
    • Compare current vs. new: failure rate, time
    to completion, etc.
    • Test data; one of:
    – Historical experiments
    – Artificially high load
    – Fault injection, e.g. reboots
    • Why new way should help:
    – Better knowledge for intelligent recovery
    • Know when to wait longer and when to retry
    – Shorter timeouts allow for early error detection
    April 5th, 2004 Mac Newbold - MS Thesis Defense 44
    Future Work:
    Modeling Indirect Interaction
    • Occur between machines of different types
    – Due to external relationships between the
    entities tracked by each type of machine
    • Examples:
    – Same entity may be tracked in two different
    types of machine
    • Nodes are in Boot and Allocation machines
    – Other relationship between entities
    • Nodes may be “owned” or allocated to an
    experiment – links Expt. Status and Node machines
    April 5th, 2004 Mac Newbold - MS Thesis Defense 45
    Question and Answer

    April 5th, 2004 Mac Newbold - MS Thesis Defense 46


    Conclusion

    Enhancing Emulab with a flexible framework


    based on state machines provides better
    monitoring and control, and improves the
    reliability, scalability, performance,
    efficiency, and generality of the system.

    April 5th, 2004 Mac Newbold - MS Thesis Defense 47

    You might also like