Recovering Internet Service Sessions from Operating System Failures Motivation and Approach

Critical Internet services such as ecommerce, online auctions, and banking run on complex, multi-tier architectures built with commodity (offthe-shelf) machines and operating systems. These stateful services are sensitive to server failures: active client sessions on these servers are lost, although the state associated with them might still be intact in a failed machine’s memory. We developed a recovery approach that exploits hardware and software redundancy in Internet service installations to reuse active clients’ session state after OS failures (http://discolab. rutgers.edu/bda). Our lightweight, application-independent system provides both failure detection and recovery, for use with complex, multi-tier Internet services. The core of the system is the novel Backdoors (BD) architecture,1 which uses commodity programmable network interface cards (NICs) with specialized firmware and OS extensions to provide remote access to lightweight application and OS state in a machine’s memory without relying on its OS or processors. Using BD, machines in an Internet server cluster can cooperatively observe each other’s health, detect failures, and take over client sessions from failed nodes. In this article, we describe the BD architecture and our OS extensions for monitoring and recovery of service sessions. We have implemented a prototype in the FreeBSD 4.8 kernel, using Myrinet LanaiXP programmable NICs (www.myri.com). The results from our experiments with the Rice University Bidding System (Rubis; http://rubis.objectweb.org), a cluster-based