An illustrated proof of the CAP theorem (2018)

269 pointsby tripdout7 months ago

18 comments

CAP theorem is great, though it does omit latency. Which leads you to the logical extension, PACELC [1]:If there is a network Partition you must choose Availability or Consistency, Else the tradeoff is Latency vs Consistency.This offers practical intuition for certain design choices.For example Google Spanner [2] is a distributed DB that offers globally consistent reads/writes, but to achieve high performance (low latency) nodes must synchronize with multiple extremely accurate reference clocks (GPS & atomic) and follow a complex two phase commit protocol that ensures transactional linearizability using lower bounds and uncertainty of timestamps.As another example, your multicore CPU leverages a cache coherency protocol that faces remarkably similar tradeoffs. Perhaps others have made this connection before…it does feel like some sort of universal law of physics.[1] <a href="https://en.m.wikipedia.org/wiki/PACELC_theorem" rel="nofollow">https://en.m.wikipedia.org/wiki/PACELC_theorem</a>[2] <a href="https://static.googleusercontent.com/media/research.google.com/en//archive/spanner-osdi2012.pdf" rel="nofollow">https://static.googleusercontent.com/media/research.google.c...</a>

评论 #41774145 未加载

评论 #41773774 未加载

评论 #41776845 未加载

评论 #41776997 未加载

评论 #41776430 未加载

stevebmark7 months ago

I prefer the walkthrough of the CAP theorem in “Designing Data Intensive Applications,” which says that the CAP “theorem” is an undefined and generally unhelpful concept in distributed systems. “Available” has no formal definition.And it’s confusing that it’s three letters, because it’s not “choose two”. It’s not that a system is “partition tolerant,” it’s if there’s a network partition, you choose availability or consistency. And obviously you choose availability for the distributed systems you most commonly encounter.

评论 #41774967 未加载

评论 #41776902 未加载

评论 #41776682 未加载

评论 #41777027 未加载

评论 #41780349 未加载

puzzledobserver7 months ago

One thing that I've always wondered about: Is the CAP theorem really making a non-trivial claim?If a distributed system is consistent and available, it must return the last written value, and successfully do this all the time. How can it do this if the system is partitioned, and the node receiving the last write was unable to propagate this to other nodes?The proof described in this website appears to confirm this. Am I missing something?

评论 #41775275 未加载

评论 #41778794 未加载

评论 #41781362 未加载

vzaliva7 months ago

The text left me wanting a more formal treatment of the theorem. I went ahead and found a paper which does just that:<a href="https://dl.acm.org/doi/10.1145/564585.564601" rel="nofollow">https://dl.acm.org/doi/10.1145/564585.564601</a> PDF: <a href="https://users.ece.cmu.edu/~adrian/731-sp04/readings/GL-cap.pdf" rel="nofollow">https://users.ece.cmu.edu/~adrian/731-sp04/readings/GL-cap.p...</a>

评论 #41774481 未加载

magnio7 months ago

The "proof" is kind of weird. We assume there exists a system that has all three of CAP, but how can we assume that system has the layout in the post with two servers and one client?

评论 #41773941 未加载

jascha_eng7 months ago

This is trivial but the problem is that especially consistency is not a binary choice. Heck even non distributed systems can give you varying consistency guarantees it's the whole point of isolation levels of most RDBMS.It's good to visualize that there is a trade off to be made. However that trade off does not have to be binary. You can get a bit more consistency for a little less partition tolerance or availability. All of Designing data intensive applications is about those trade offs.

评论 #41774006 未加载

评论 #41775324 未加载

dmitry-vsl7 months ago

So, it's impossible to transfer a value from one machine to another if there's no network connection between them? How did this extremely trivial observation become a well-known theorem?

评论 #41774071 未加载

评论 #41773298 未加载

whatshisface7 months ago

How about this:1. A read is returned with a map of the network the replying node has become consistent with.2. A client that is not satisfied with the map can read again from the other partition.These two steps get around the proof by changing one of its assumptions (that the operation to read a value can only involve a request to one node).

评论 #41773143 未加载

评论 #41773116 未加载

评论 #41773659 未加载

评论 #41773117 未加载

评论 #41773333 未加载

kentosi-dw7 months ago

I was a little surprised that they author went though such detail to explain Consistency, and yet Availability was just 2 sentences and a quote...

mrybczyn7 months ago

Thank you! That makes a lot more sense than several other descriptions of the proof I have read (and promptly forgotten!)

dweinus7 months ago

> "Let's consider a very simple distributed system. Our system is composed of two servers, [Math Processing Error] and [Math Processing Error]."Yup. Pretty sure I've built that system before. Can relate.

dang7 months ago

Related:An Illustrated Proof of the CAP Theorem - <a href="https://news.ycombinator.com/item?id=17528817">https://news.ycombinator.com/item?id=17528817</a> - July 2018 (71 comments)

ljsprague7 months ago

Is availability sacrificed more often than the other two?

评论 #41773785 未加载

评论 #41773131 未加载

评论 #41775339 未加载

评论 #41773360 未加载

fithisux7 months ago

Is there a formalization of this proof? Lean, Coq, .... ?

lysecret7 months ago

I always think of capital asset pricing theorem first.

peter_d_sherman7 months ago

>"G2 returns v0 to our client after the client had already written v1 to G1. This is inconsistent."This is absolutely true IF AND ONLY IF client and servers (and data) have no notion of time...If client and servers are say, synchronized to a central clock, and do include a timestamp with any data updated, and include timestamps with any response/"done" messages and check those timestamps for accuracy (the client should perform timestamp checking as well as the servers), and if the client checks timestamps of response messages from different servers, it could then check different servers that it would later connect with, to see if they had been updated appropriately or not.If later-connected-to-servers that should have been updated were not appropriately updated, then the client (if client and server are exchanging data and timestamp information) could decide how to proceed at that point.If a later-connected-to-server was determined to be inconsistent, then depending upon how the client code was written, it could do many things to mitigate the problem. It could notify other servers that it knows about of data inconsistency on the inconsistent server(s), for example...Hmm, now that I think about it, on any distributed database, for any given row of data, there should not be one, but TWO timestamp fields, one for the time that the data was updated on the first server it was updated on, i.e., the one the client connected to.The second timestamp field would be for the time that a secondary given distributed server received the data and processed it...Those two fields could be separated by mere nanoseconds of time (if distributed servers are tightly coupled), but it could be up to weeks if a secondary server was knocked offline for a long enough time period...But see, if the client software is software engineered properly, and contains the client's history, then the client (or main server, or server multiplexing proxy) can check the veracity of any arbitrary distributed server it connects to by asking it to "read me back this data", getting its timestamps and comparing with the local copies...All of that coupled with databases that do not delete/overwrite old records when data is updated, but rather keep a log of all updates with a timestamp, aka "append-only" aka "immutable" database, such as InfluxDB, Apache Cassandra, CouchDB, SQL Server Temporal Tables, (and I think that RethinkDB may have done something like that in the past) should equate to, at the very least, the client being able to know if a given server in a distributed system was updated properly (is consistent), or not...If it were engineered properly, the client itself could determine what to do under such anomalous conditions...It could even take it upon itself to update the server properly IF it contained a copy of the correct most up-to-date data AND had the authority to do so... which wouldn't be the case for some types of applications (i.e., banking, due to necessary security constraints), but might be the case for other types of applications (i.e., a distributed social media app, where the client is posting to the user's own account and has total permission to update any of the user's data as needed...)Maybe a better question to ask when dealing with the CAP theorem is not so much "is it true", so much as "what kind of distributed database requires consistency such that the CAP theorem is required?" (i.e., banking), and "what kind of distributed database doesn't require consistency such that the CAP theorem isn't required?" (i.e., distributed social media over a plethora of distributed servers)...If we see that CAP is required in only some specifc types of database/application/database contexts, then perhaps those specific databases/applications/distributed systems -- should be individually separated from non-CAP requiring ones...This being said, I think Michael Stonebraker is a brilliant Computer Scientist, and I have tremendous respect for him and the CAP Theorem...

raincole7 months ago

What if the client just reads from every server and compares the timestamps?

评论 #41773815 未加载

评论 #41774008 未加载

评论 #41773577 未加载

评论 #41773594 未加载

DarkmSparks7 months ago

The problem with the example is it never actually visualises a partition, because the client can always reach both servers.an actual partition is when clients and servers are partitioned and cant talk to each other.solving for the situation presented is fairly trivial, and is pretty much exactly what blockchain systems solve.