In Cliapter 4, where the recovery mechanism s are presented, it was pointed out that there is the possibility that a piece o f data is required w hile its corresponding data path is being restored. If this situation arises, the correct data path might fail to be rebuilt or the second request packet might m istakenly detect an inconsistency and hence start a simultaneous recovery procedure for the same data path. N ot only is this simultaneous recovery procedure unnecessary but also it m ight clash w ith the one already in place. This problem, its consequences and the adopted solution are discussed in Section 4.1.4. This appendix discusses the probability o f such a problem occurring.
T he probability o f such a situation arising is proportional to
> tim e interval between detection time and end o f correction m echanism (i.e. when
rebuilding packet reaches the root node), > detection rate A*
> total request rate A,.
The average number o f data paths being restored at any given time is given by
A .xA r,,
(B .l)
Hence, if c is total number o f data paths in tlie system, then the m aximum clashing rate, is given by
(B.2)
T he maximum number o f clashes, n^, that can occur within a certain time interval At is then given
by
T his is the maximum number because it ignores the distribution and locality o f transactions. That m eans the probability o f clashes occurring is restricted to the network portions at which tlie transactions are performed and not for the w hole network as assumed for tlie sim plified calculations above. Therefore, represents the upper bound for tlie number o f clashes tliat can
occur w ithin a tim e interval A t.
B.2 A n alysis o f D ependencies
Since the detection rate is mainly determined by the error rate, the dependency on the detection rate Xj m eans that the higher the error rate the larger the probability o f a clashing occurring, as
expected. The time interval Atj^ should remain approximately constant for low error rates. As tlie
error rate is increased, the delays w ithin the system (including Atj^ ) start to build up due to the
frequent recovery procedures. However, the increase in Atj^ further increases the clashing
probability, causing more recovery procedures to be put in place. Hence this is a cascading effect, in w hich longer delays cause more clashes that in turn generate more recovery procedures further increasing the delays. Therefore, once the delays start to build up, the system should crash very quickly due to this described effect.
If the total request rate is given by
f j . C
(B.4)
w here f r is the total fraction o f the population tliat generates requests witlun time interval A t, then equation (B.2) can be rewritten so that the dependency on the total number o f data paths is eliminated.
I-, = (B.5)
A t
Hence, if the error rate is kept constant, the clashing rate does not increase as the number o f data paths (and consequently the total request rate) is increased because there is no dependency on this parameter. H ow ever, the maximum ratio o f the error rate to the total request rate the system can cope with becom es smaller. That means, the maximum value for tlie ratio o f the number o f corrupted entries to the total number o f database entries is also reduced. It is important to note that
if the network is expanded then the tim e interval Atj^ w ill be affected, increasing the clashing
B.3 C onclusions
It is important to em pliasise that the analysed expression (equation (B .2)) represents tlie upper limit for the clashing rate r^. This is so because the calculations ignore the distribution and locality o f tlie transactions. In the m echanisms described in Section 4.1.4 a sim ple set o f tests is used to avoid
tlie occurrence o f certain clashes and for the clashes that are detected after tliey have occurred, tlie tests m inim ize the consequences. These m echanisms effectively reduce the clashing rate and make the system able to cope with higher error rates. The performance o f the m echanism s is demonstrated in Chapter 6.
The m echanism s to lim it the depth o f spread o f the flood fill m echanism discussed in Section 4.4 should significantly reduce the clashing probability. This is so because the time interval between
error detection and correction, , is reduced and because the flood fill and rebuilding packets
are restricted to a sub-network and can only clash with requests involved in that portion o f the network. In addition to that, dynamic re-configuration, discussed in Chapter 5, should help to avoid congestions (and consequently increases in network delays) due to bottlenecks or hardware failures and to increase the percentage o f local transactions by m odifying the network topology according to the current status o f the system.