Kinds of Failure

Computers in general are known to fail in spectacular and interesting ways. Some bugs are just a simple mistake while writing code, or configuring an application. Others are much more complex.

Let's take a moment to review various kinds of failure.

Disk/File

Many distributed systems ultimately rely on some form of physical storage (SSDs, NVMe) to keep their data safe. Like all hardware, these devices can fail due to age, wear, or misuse.

Common Failures

  • A file that was expected was not present. (open fails)

  • A file that was not expected was present. (create fails)

  • A file was removed after being opened. (read / write fails)

  • A file contains data that is invalid to the reader. (encoding mismatch, missing/extra data)

Network

Our nodes would exist in an isolated state if not for networks. Communicating with an external API could pass through hundreds of cables, routers, and switches, all of which (including the API) can fail in various ways.

Without a reliable network connection a node can be in the dark about the world. Perhaps it can only reach some of the nodes it expects, perhaps it can reach none.

Common Failures:

  • One node becomes isolated from the rest.

  • A partition isolates two (or more) distinct node groups.

  • Two particular nodes can no longer communicate.

  • Malformed (or outright hostile) requests

  • Increased probability of packet corruption (forcing re-transmits)

  • The network becomes intolerably slow at some or all links.

Scheduler

Events such as a network request, a file read, or even a thead context switch go through the scheduler. Depending on the state of the greater system(s) these events be scheduled in any number of different orders.

Even in a single-machine (but multi-threaded) system changing this schedule in subtle ways can expose interesting errors.

Common Failures:

  • The system expects to have events ABC in order and gets ACB instead.

Power

Occasionally power grids (or supplies) hiccup or fail. This is different than just a network isolation, as the node may be in an unexpected state when it returns (what if the filesystem has errors now? What if the system had to do a rollback?)

Common Failures

  • A machine loses power, and is replaced some time later (minutes, hours) after being repaired. (Try to find the worst cases possible for this, eg in the middle of a 2 phase commit.)

  • A machine reboots, disappearing and reappearing a minute later.

  • A machine with persistent data reboots, and returns with corrupted data.

Byzantine

Byzantine Fault Tolerance is described as the following:

Trying to get a sufficiently large number of nodes to agree on something while a small number bad actors subvert the system.

Learn more at https://blog.cdemi.io/byzantine-fault-tolerance/.

Byzantine fault tolerance is not relevant to most distributed systems, and introduces a significant amount of system complexity. Notable exceptions being things like Blockchains (eg Ethereum).

Common Failures

  • A node starts sending messages it shouldn't be, under the influence of a bad actor.

  • A node is under the wrong impression about the state of the greater system due to some bug, and sends messages it shouldn't. (Eg "I'm the master replica now, listen to me!")

Data Center

In many distributed systems cross-data center deployments are used to help protect against regional failures. This is mostly just the "Big sister" of the above network and disk failures.

Common Failures

  • Data center(s) loses connectivity (Eg an undersea fiber is cut)

  • Data center is lost entirely and a new one needs to be bootstrapped.

PreviousPrinciples of ChaosNextGoals and Non-goals

Last updated