Data that is stored on the server nodes is represented in a form of key-value pairs. The pairs in their turn are located in specific partitions which belong to individual Ignite caches as it's shown in Picture 2:
Picture 2.
To ensure data consistency and comply with the high-availability principle, server nodes are capable of storing a primary as well as backup copies of data. Basically, there is always a primary copy of a partition with all its key-value pairs in the cluster and might be 0 or more backup copies of the same partition depending on the configuration parameters.
Each cluster node (servers and clients) are aware of all primary and backup copies of every partition. This information is collected and broadcasted to all the nodes from a coordinator (the oldest server node) via internal partition map exchange messages.
However, all the data related requests/operations (get, put, SQL, etc.) go to primary partitions except for some read operations when CacheConfiguration.readFromBackup is enabled. If it's an update operation (put, INSERT, UPDATE) then Ignite ensures that both the primary and backup copies are updated and stay in a consistent state.
This section dives into the details of Ignite transactional protocol. High-level principles and features are described in Ignite technical documentation.
A single transaction in distributed systems usually spans across several server nodes which imposes additional requirements for the sake of data consistency. For instance, it is obligatorily to detect and handle situations when a transaction was not fully committed due to a partial outage or cluster nodes loss. Ignite relies on two-phase commit for handling this and many other situations in order to ensure data consistency cluster-wide.
As the protocol name suggests, a transaction is executed in two phases. The "prepare" phase goes first:
Right after that, the transaction coordinator executes the second phase by sending "commit" message:
Once the backup and primary copies are updated, the transaction coordinator gets acknowledged and assumes that the transaction is finished.
This is how the 2-phase commit works in a nutshell. Below we will see how the protocol tolerates failures, distinguishes pessimistic and optimistic transaction and does many other things.
The transaction coordinator is also known as a near node among Ignite community and committers. The transaction coordinator (near node) initiates a transaction, tracks its state, sends over "prepare" and "commit" message, orchestrates the overall transaction process. Usually, the coordinator is a client node that connects our applications to the cluster. The application triggers tx.call(), cache.put()/get(), tx.commit() methods and the client node takes care of the rest as it's shown below:
Picture 5.
In addition to the transaction coordinator, the transactional protocol defines remote nodes which are server nodes that keep a part of the data being accessed or updated inside of the transaction. Internally, every server node maintains a distributed hash table (DHT) for partitions it owns. The DHT helps to look up partition owners (primary and backups) efficiently from any cluster node including the transaction coordinator. Note, that the data itself is stored in pages that are arranged by B+Tree (refer to memory architecture documentation for more details).
In multi-user applications, different users can modify the same data simultaneously. To deal with reads and updates of the same data sets happening in parallel, transactional subsystems of products such as Ignite implement optimistic and pessimistic locking. In the pessimistic mode, an application will acquire locks for all the data it plans to change and will apply the changes after all the locks are owned exclusively while in the optimistic mode the locks acquisition is postponed to a later phase when a transaction is being already committed.
Locks acquisition time also depends on a type of isolation level. Let's start with the review of isolation levels in conjunction with the pessimistic mode.
In pessimistic & read committed mode the locks are acquired before the changes brought by write operations such (as put or putAll) are applied as it's shown below:
The pessimistic mode holds locks until the transaction is finished that prevents accessing locked data from other transactions. Optimistic transactions in Ignite might increase the throughput of an application by lowering contention among transactions by moving the locks acquisition to a later phase.
In optimistic transactions, locks are acquired on primary nodes during the "prepare" phase, then promoted to backup nodes and released once the transaction is committed. Depending on an isolation level, if Ignite detects that a version of an entry has been changed since the time it was requested by a transaction then the transaction will fail at the "prepare" phase and it will be up to an application to decide whether to restart the transaction or not. This is exactly how optimistic & serializable transactions (aka. deadlock-free transactions) work in Ignite:
On the other hand, repeatable read and read committed optimistic transactions never check if a version of an entry is changed. This mode might bring extra performance benefits but does not give any atomicity guarantees and, thus, rarely used in practice:
Now let's review the entire lifecycle of a transaction in Ignite. Presently it's assumed that the cluster is stable and no any outages happen.
a unique transaction identifier is generated;
the start time of the transaction is recorded;
current topology version/state is recorded;
etc.
Once after that, the transaction status is set to "active" and Ignite starts executing read/write operations that are a part of the transaction following rules of either optimistic or pessimistic mode and specific isolation levels.
When the application executes tx.commit() method (step 9 in Picture 10 above) the near node (transaction coordinator) initiates the 2-phase commit protocol by preparing the "prepare" message enclosing information about the transaction's context into it.
As a part of the "prepare" phase, every primary node receives information about all updated or new key-value pairs and about an order the locks have to be acquired (the latter depends on a combination of locking modes & isolation levels).
The primary nodes on their turn perform the following in response to the "prepare" message:
check up that a version of the cluster topology recorded in the transaction's context matches the current topology version;
obtain all the required locks;
create a DHT context for the transaction and storing all the necessary data therein;
depending on the cache configuration parameters, wait or skip waiting while backup nodes confirm that the "phase" phase is over;
inform the near node that it's time to execute the "commit" phase.
After that, the near node sends the "commit" message, waits for an acknowledgment and moves the transaction in status "committed".
If the transaction was rolled back (tx.rollback() is called by the application), then, in the pessimistic mode, Ignite would be required to release all the acquired locks and delete the transaction's context. In the optimistic mode the locks are acquired when tx.commit() is called by the application, therefore, Ignite would simply clean out the transaction's context on the transaction coordinator (near node).
Ignite allows setting a timeout for a transaction. If transaction's execution time exceeds the timeout then the transaction will be aborted.
In the pessimistic mode, the timeout is compared to the current total execution time every time an entry lock is acquired and when the "prepare" phase is triggered. In the optimistic mode, the timeout is compared only on "prepare" phase.
Picture 11.
If the total execution time has exceeded the timeout at least on any of the participating nodes, then a primary node, where the timeout elapsed, sets a special flag instructing the transaction coordinator to initiate a transaction cancellation.
The section explains how Ignite tackles failover situations or outages that might happen while transactions are being executed.
Picture 12.
The simplest failure scenario to tackle is when a backup node fails on either "prepare" or "commit" phases. Nothing has to be done by Ignite transactional subsystem. Transaction modifications will be applied to the remaining primary and backup nodes and a new backup node for missing partitions will be elected after the transaction is over and that not will preload all the up-to-date data from a respective primary node.
Picture 13.
If a primary node failed before or on the "Prepare" phase, then the transaction coordinator raises an exception and it's up to the application to decide what to do next - restart the transaction or process this exception differently.
If a primary node failed after the "prepare" phase then the transaction coordinator will be waiting for an extra NodeFailureDetection response from respective backup nodes.
Picture 14.
Once the backup nodes detect the failure they will send this message to the transaction coordinator confirming that they successfully committed the changes and no data loss happened because there is still an extra backup copy available for application usage.
Right after that, the transaction coordinator finishes the transaction, the topology is changed (due to the primary node loss) and the cluster will elect a new primary for the partitions that were stored on the previous one.
Handling of transaction coordinator failures is a bit trickier because every remote node (primary and backup) is aware of the transaction's context related to it and doesn't know the overall transaction state. Even more, it is possible that some of the nodes have already received "commit" message while the others haven't.
To solve this situation, the primary nodes exchange internal status with each other to find out the overall transaction state. For instance, if one of the nodes responds that it hasn't received "commit" message then the transaction will be rolled back globally.