[tahoe-dev] split brain? how handled in tahoe -- docs?
Zooko Wilcox-O'Hearn
zooko at zooko.com
Wed Aug 8 08:31:31 UTC 2012
On Mon, Aug 6, 2012 at 1:38 PM, Tony Arcieri <tony.arcieri at gmail.com> wrote:
> On Mon, Aug 6, 2012 at 12:30 PM, Zooko Wilcox-O'Hearn <zooko at zooko.com>
> wrote:
>>
>> How can both that story and also the things that have already been
>> posted on this thread both be true?
...
> As far as CAP theorem goes, it sounds like Tahoe falls into the AP space,
> that is: network partitions do not (necessarily) result in a loss of
> availability of service, however the two partitions may become inconsistent
> during the event of a network partition.
>
> From what I've read of how Tahoe handles conflicts, it employs a monotonic
> version number and timestamps. So it sounds like in the event of a conflict,
> Tahoe employs a last writer wins strategy?
You are right about your guesses here. *Except*, I don't think any of
this applies to the VTLUUG story. My assumption is that never during
the partition did anyone attempt to write to the same file or
directory that someone on the other side of the partition also wrote
to. In fact, it is quite likely that there were no files or
directories to which write access was held by people on both sides of
the partition!
So, empirically, all this distributed consistency stuff that we're
talking about is technically correct, and could probably be very
useful in some specific cases, but with the Tahoe-LAFS access control
architecture -- in which most things are immutable, and most mutable
things are writable by few or only one writer -- such cases appear to
be very rare.
Regards,
Zooko
More information about the tahoe-dev
mailing list