This section contains recommendations pertaining to the Issues section of the TSSP Framework article.

(back to Protocol Standardization Efforts)

Fault Tolerance

The steps that compose the five proposed standard operations are shown ranked by how many times they appear in the operations' construction. Also, each step is categorized as being able, or desired, to be implemented in parallel. Steps that support parallelism assume that the failure of one of the executing threads compromises the entire operation, triggering aggressive rollback when possible. Inability to rollback can result in several undesired channel states:

Inaccessible channel capacity (can not be remedied by TSSP)
Inaccessible channel content (can not be remedied by TSSP)
Skewed channel duration
Skewed channel capacity

Step	Occurrence	Parallel (T/F)	Cause of Failure	Procedure
obtain metadata	5	F	connection timeout authentication failed path not found permission denied connection broken operation canceled operation interrupted (client crash) size mismatch invalid schema	exit exit exit exit exit exit no action retry (limit?). exit exit
fill channel (store/copy)	3	T	connection timeout authentication failed invalid capability invalid WRITE key insufficient space connection broken operation canceled operation interrupted (client crash) size mismatch input stream closed	try next depot/resource if available. otherwise, expire channel, purge metadata, and exit try next depot/resource if available. otherwise, expire channel, purge metadata, and exit redo allocate redo allocate try next depot/resource if available. otherwise, expire channel, purge metadata, and exit retry (limit?). otherwise, expire channel, purge metadata, and exit expire channel, purge metadata, and exit no action. results in inaccessible channel capacity and content expire channel, purge metadata, and exit expire channel, purge metadata, and exit
obtain depot set	2	T	connection timeout authentication failed empty set returned (i.e. non-existent resource) connection broken operation canceled invalid schema	exit exit exit retry (limit?). otherwise, exit exit exit
determine next depot	2	F	malformed query invalid schema null result	exit exit exit
reserve channel (alloc)	2	T	connection timed out authentication failed invalid resource insufficient capacity insufficient duration connection broken operation canceled operation interrupted (client crash)	try next depot/resource if available. otherwise, expire channel, purge metadata, and exit try next depot/resource if available. otherwise, expire channel, purge metadata, and exit try next depot/resource if available. otherwise, expire channel, purge metadata, and exit try next depot/resource if available. otherwise, expire channel, purge metadata, and exit try next depot/resource if available. otherwise, expire channel, purge metadata, and exit try next depot/resource if available. otherwise, expire channel, purge metadata, and exit exit no action. results in inaccessible channel capacity
publish/record metadata	2	F	connection timeout authentication failed path not found permission denied not enough space connection broken operation canceled operation interrupted (client crash)	retry (limit?). otherwise cache locally(?) or expire channel. exit cache locally(?) or expire channel. exit expire channel. exit expire channel. exit expire channel. exit retry (limit?). otherwise cache locally or expire channel. exit expire channel. exit no action. results in inaccessible channel capacity and content
order depot set	1	F	malformed query invalid schema	exit exit
expire channel	1	T	connection timed out authentication failed invalid capability invalid MANAGE key connection broken operation canceled operation interrupted (client crash)	metadata is not purged, remains in the namespace, and contains unexpired allocations. retry (limit? time?) metadata is not purged, remains in the namespace, and contains unexpired allocations. exit interpreted as expired allocation. metadata is purged interpreted as unauthorized allocation. metadata is purged retry (limit?). exit metadata is not purged, remains in the namespace, and contains unexpired allocations (i.e. partial channel and content). exit no action. can result in partial channel and content
consume content (load)	1	T	connection timed out authentication failed invalid capability invalid READ key size mismatch connection broken operation canceled operation interrupted (client crash) output stream closed	retry. try replica. exit exit try replica. exit try replica. exit retry. try replica. exit retry. try replica. exit exit no action exit
channel duration	1	T	connection timed out authentication failed invalid capability invalid MANAGE key insufficient duration connection broken operation canceled operation interrupted (client crash)	retry (limit?). exit exit exit exit exit retry (limit?). exit undo duration changes to altered allocations. exit no action. results in skewed channel duration
channel capacity	1	T	connection timed out authentication failed invalid capability invalid MANAGE key insufficient capacity connection broken operation canceled operation interrupted (client crash)	retry (limit?). exit exit exit exit exit retry (limit?). exit undo resizing of altered allocations. exit no action. results in skewed channel capacity

TSSP Procedures

Fault Tolerance

Navigation menu

TSSP Procedures

Fault Tolerance

Navigation menu

Search