[tahoe-dev] split brain? how handled in tahoe -- docs?
Two Spirit
twospirit6905 at gmail.com
Mon Aug 6 23:08:32 UTC 2012
If the algorithm is "last writer wins", then any edits by the other
disconnected half are lost. Wouldn't it make sense to approach it like a
source control merge conflict where both revisions are preserved and
presented to the user for the user to resolve? Depending on the length of
outage, this could be significant data loss. Even for short outages, if the
two halves are unaware of the disconnect, you've got unknown data loss. I
think unknown data loss is even worse than known data loss, because you
don't even know to go try to retrieve backups. I don't think it is right
that data just vanishes without some kind of red flag or ERROR message. Is
there any sort of journaling going on to get a list of the exact changes
somewhere?
On Mon, Aug 6, 2012 at 12:38 PM, Tony Arcieri <tony.arcieri at gmail.com>wrote:
> On Mon, Aug 6, 2012 at 12:30 PM, Zooko Wilcox-O'Hearn <zooko at zooko.com>wrote:
>
>> “At Virginia Tech Linux and Unix Users Group, we have a working
>> Tahoe-LAFS deployment of about 9-14 nodes. It's incredibly reliable.
>> It's based at Virginia Tech, with the introducer on a
>> university-hosted servers, plus a few nodes in the dorms. One day, VT
>> disappeared from the net. They had a problem with one of their uplinks
>> and all their edge routers stopped routing. The introducer and about
>> half the nodes on the grid were down for maybe an hour. At no point
>> was any data stored on the grid inaccessible to any of the nodes,
>> because all the ones outside could talk to the ones outside, and the
>> ones inside could talk to the ones inside.”—Marcus Wanner
>>
>> How can both that story and also the things that have already been
>> posted on this thread both be true?
>>
>> I think I'll just leave it at that for now.
>
>
> As far as CAP theorem goes, it sounds like Tahoe falls into the AP space,
> that is: network partitions do not (necessarily) result in a loss of
> availability of service, however the two partitions may become inconsistent
> during the event of a network partition.
>
> From what I've read of how Tahoe handles conflicts, it employs a monotonic
> version number and timestamps. So it sounds like in the event of a
> conflict, Tahoe employs a last writer wins strategy?
>
> --
> Tony Arcieri
>
>
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at tahoe-lafs.org
> https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20120806/cd78a4fc/attachment.html>
More information about the tahoe-dev
mailing list