From: Muench, Joanna (jmuench_at_fhcrc.org)
Date: Mon Feb 02 2004 - 13:39:47 PST
The paper by Schroeder et al. (1984) reports on the authors' experience with
the use of an in-house distributed, replicated system. The paper provides a
brief overview of the Grapevine system, which was designed to provide
message delivery, naming, authentication, resource location and access
control services over an internet of computers. The network spanned multiple
geographic sites and therefore worked over both Ethernet and telephone
lines. Primary design criteria were reliability and transparency to the
user.
Most of the paper discusses the successes and problems with the Grapevine
system after three years of use. While the system had multiple functions,
the primary challenge to the original design was the message delivery
system. Several assumptions about how users would interact with the system
did not turn out as planned, requiring some reconfiguring of the system. The
largest issue was how distribution lists scaled. While the original design
assumed an increase in users would lead to an increasing number of
distribution lists, with stable list size, the actual use turned out to be
increasing size of the distribution lists. From the name of the system one
might infer that the wine drinkers interest group was particularly popular.
The delivery algorithm was not optimized for this pattern of use and the
system was already close to its limit of acceptable use, at a size below the
original design specification.
Other unforeseen uses were the message system as a storage device, as
opposed to a temporary buffer, and delays in propagating registration
database changes. Initially all database changes were propagated with an
entire changed entry in a message, that would then be merged into the local
registry. These merges could take a significant amount of time, loading down
the system. Since the primary culprit in creating these changes were
alterations to distribution lists, the system designers created a separate
mechanism for these sorts of updates. Other problems included delays in
authentication due a combination of remote access times and the depths of
group definitions.
From the perspective of 20 years, I think a fundamental problem with the
system design was attempting to fully incorporating the message system with
authentication, resource location and access control services. The design
makes sense if there is significant overlap between group memberships for
distribution lists and authentication, however the discussion and my own
experience of distribution lists lead me to guess this was not the case. In
most other ways the system appears to have successfully addressed its
primary concerns of reliability and transparency to the user.
This archive was generated by hypermail 2.1.6 : Mon Feb 02 2004 - 13:42:43 PST