You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As discussed here we should make membership changes even more robust by requiring the leader does a pre-check to ensure new peers are alive before committing view changes. This helps the leader avoid making a change that will result in the quorum being lost (eg. commit a view that contains peers that are currently offline) and therefore improves liveness.
This change has nothing to do with safety. The existing approach is already safe. This approach simply attempts to improve liveness in the common case. Obviously, there is the corner case where the new peers become unavailable in between the pre-check and the actual view change, but this unavoidable and is no worse then the current approach where we do no pre-check at all.
For the pre-check, how about adding a new message that is identical to a commit (as far as the states that accept it / the checks that it performs) that simply doesn't do the actual commit -- eg. no state/disk change? That would be the most valuable, as it suggests the peers are in a state that would allow them to support a quorum.
The text was updated successfully, but these errors were encountered:
As discussed here we should make membership changes even more robust by requiring the leader does a pre-check to ensure new peers are alive before committing view changes. This helps the leader avoid making a change that will result in the quorum being lost (eg. commit a view that contains peers that are currently offline) and therefore improves liveness.
This change has nothing to do with safety. The existing approach is already safe. This approach simply attempts to improve liveness in the common case. Obviously, there is the corner case where the new peers become unavailable in between the pre-check and the actual view change, but this unavoidable and is no worse then the current approach where we do no pre-check at all.
For the pre-check, how about adding a new message that is identical to a commit (as far as the states that accept it / the checks that it performs) that simply doesn't do the actual commit -- eg. no state/disk change? That would be the most valuable, as it suggests the peers are in a state that would allow them to support a quorum.
The text was updated successfully, but these errors were encountered: