Distributed File Systems

In a single-machine file system, the question "what data will I read?" has a simple answer: the most recent write. There's one copy of the data, one kernel managing access, and a well-defined order of operations.

But distributed file systems shatter this simplicity. With multiple replicas, network delays, and concurrent clients, fundamental questions become surprisingly complex:

• If I write data and immediately read it back, will I see my write?
• If Process A writes and tells Process B to read, will B see A's write?
• If two processes write to the same file, whose write "wins"?
• Can I ever see a write that hasn't happened yet (from my perspective)?

Consistency models are the formal frameworks that answer these questions. They define the contract between the distributed file system and its applications—what guarantees the system provides, and what assumptions applications can safely make.

Before diving into specific consistency models, let's understand why consistency in distributed systems is fundamentally challenging.

The core problem: no global clock or instant communication

In a distributed system:

1. Events happen at different nodes — Process A writes on node 1; Process B reads on node 2
2. No shared memory — Nodes communicate only through messages
3. Messages take time — Network latency means updates don't propagate instantly
4. Clocks are imperfect — We can't precisely order events across machines
5. Failures happen — Nodes crash, messages are lost, networks partition

These fundamental limitations make it impossible to provide the same consistency guarantees as a single-machine system without paying significant performance costs.

A thought experiment:

Consider this scenario:

Time    Node A (US-West)         Node B (US-East)          Network
─────────────────────────────────────────────────────────────────────
t=0     write(x, "blue")         
        ↓ (send update to B)     
t=50ms                           [update in transit, 100ms delay]
t=75ms                           read(x) → ???
t=100ms                          [update arrives]
t=125ms                          read(x) → "blue"

At t=75ms, what should B's read return?

Option 1: Block until update arrives (100ms delay) → Consistent but slow
Option 2: Return stale/default value ("red") → Fast but inconsistent
Option 3: Error (value not yet known) → Honest but unhelpful

There's no "right" answer—only tradeoffs. Different consistency models represent different choices in this tradeoff space.

Consistency models form a spectrum from strongest (most intuitive but slowest) to weakest (fastest but most surprising). Understanding this spectrum helps you choose appropriate models for different use cases.

The consistency hierarchy:

Key insight:

Stronger consistency models guarantee more intuitive behavior but require more coordination (synchronous communication, consensus protocols, locking). This coordination adds latency and can reduce availability during partitions.

Weaker consistency models allow more concurrent, independent operation but require applications to handle potentially stale or out-of-order data.

Linearizability is the gold standard of consistency—it provides the illusion that operations happen instantaneously, in an order consistent with real time.

Definition:

A system is linearizable if:

1. Every operation appears to execute atomically at some point between its invocation and response
2. If operation A completes before operation B starts (in real time), A appears before B in the linearization

Linearizable execution:

Real time:
────────────────────────────────────────────────────────────────
Client A:  |--write(x,1)---|                    |--read(x)--→3|
Client B:         |--read(x)--→1|  |--write(x,3)--|            |
Client C:                              |--read(x)--→1 or 3|    |
────────────────────────────────────────────────────────────────

Linearization point (one valid ordering):
  write(x,1) → read(x)→1 → write(x,3) → read(x)→3
             ↑                ↑             ↑
         Client B          Client B     Client A

Client C's read overlaps with write(x,3), so can return 1 or 3
(but if it returns 3, any later read must also return 3)

Why linearizability is expensive:

To achieve linearizability, the system must:

1. Synchronize all replicas before acknowledging writes
2. Prevent stale reads by contacting a quorum or the primary
3. Handle partitions conservatively by possibly rejecting operations

Linearizable write protocol (simplified):

1. Client sends write to leader/coordinator
2. Leader assigns a sequence number
3. Leader replicates to quorum of replicas
4. All quorum members acknowledge
5. Leader commits and responds to client

Latency = 2 * RTT_max to quorum
        + consensus protocol overhead
        + disk sync time × quorum size

Real-world linearizable systems:

• Google Spanner: Uses GPS-synchronized clocks (TrueTime) to achieve linearizability with bounded uncertainty
• etcd/ZooKeeper: Provides linearizable operations through Raft/Zab consensus
• Foundation DB: Layer 5 transactional semantics with linearizable ordering

Most distributed file systems do NOT provide linearizability for all operations—the performance cost is too high for file system workloads.

Sequential consistency and causal consistency offer useful middle-ground positions between linearizability and eventual consistency.

Sequential Consistency:

All processes see all operations in the same order. The order must be consistent with each process's program order, but need not match real time.

Sequentially consistent (valid):
────────────────────────────────────────────────────────────────
Client A:  write(x,1)    write(x,2)
Client B:      read(x)→?     read(x)→?
────────────────────────────────────────────────────────────────

Valid orderings:
  w(x,1) → w(x,2) → r(x)→2 → r(x)→2   ✓
  w(x,1) → r(x)→1 → w(x,2) → r(x)→2   ✓
  r(x)→1 → w(x,1) → ...  ✗ (B reads before A writes - only okay
                            if there was a prior value)

Key: A's writes are seen by B in A's order (1 before 2)
     But B might see 2 before observing 1 completed
     Both clients see same total order of operations

Causal Consistency:

Causally-related operations are seen by all processes in the same order. Concurrent (causally-independent) operations may be seen in different orders by different processes.

Many distributed file systems provide client-centric consistency guarantees—promises made to each individual client about its own view of the data, rather than global guarantees about all clients.

The four client-centric guarantees:

Session semantics in distributed file systems:

Many POSIX-like distributed file systems implement close-to-open consistency (a form of session semantics):

Close-to-Open (Session) Consistency:

1. When a file is closed, all modifications are flushed to the server
2. When a file is opened, the client fetches the latest version from server
3. Between open and close, the client may work with a cached version
4. Concurrent writers to the same file have undefined behavior

Timeline:
────────────────────────────────────────────────────────────────
Client A:  open()───write("v1")───close()        
                                     ↓ (flush to server)
Client B:            open()───read()→"old"  close()
                                       ↑
                              (A's write not visible yet)
Client B:                                        open()───read()→"v1"
                                                          ↑
                                                (now sees A's write)
────────────────────────────────────────────────────────────────

Why session semantics are popular:

• Match common file usage patterns (edit file, save, close)
• Allow aggressive client-side caching during a session
• Avoid the overhead of synchronizing every write
• Provide intuitive guarantees within a single editor session

Eventual consistency is the weakest useful consistency model: it only guarantees that if no new updates are made, all replicas will eventually converge to the same value. There's no bound on how long this takes.

Definition:

If no new updates are made to a given data item, eventually all accesses to that item will return the last updated value.

What eventual consistency does NOT guarantee:

Amazon S3: Eventual consistency in practice

S3 historically provided eventual consistency for certain operations:

S3 Consistency Before (2020):

PUT (new object):   Read-after-write consistent for new objects
PUT (overwrite):    Eventual consistency (might read old version)
DELETE:             Eventual consistency (might still read deleted object)
LIST after PUT:     Eventual consistency (new object might not appear)

Real example:
  T=0:    PUT s3://bucket/key with content "v2" (overwrites "v1")
  T=100ms: GET s3://bucket/key → might return "v1" (stale!)
  T=1s:    GET s3://bucket/key → returns "v2"

Workaround for applications:
  - Use unique keys instead of overwriting
  - Include version in key: s3://bucket/data-v2
  - Wait before reading (poor solution)
  - Use DynamoDB for consistent metadata

S3 Strong Consistency (2020):

AWS updated S3 to provide strong read-after-write consistency:

S3 Consistency After (2020):

PUT: Read-after-write consistent for all objects
DELETE: Read-after-write consistent
LIST: Strongly consistent with PUTs and DELETEs

How? Amazon rebuilt the indexing layer to use consensus
for metadata while keeping data path highly available.

POSIX file system semantics define specific consistency requirements that local file systems meet but distributed file systems struggle with. Understanding these helps explain why DFS implementations diverge from traditional expectations.

Key POSIX consistency requirements:

How different DFS handle POSIX:

1. Full POSIX Compliance (attempts)

• CephFS, GPFS, Lustre: Implement distributed locking, metadata coordination
• Cost: Higher latency, complexity, reduced performance
• Use case: HPC, legacy application support

2. Relaxed POSIX with clarifications

• NFS: Close-to-open consistency, attribute caching
• Applications must understand the relaxed model
• Documented deviations from strict POSIX

3. Non-POSIX API

• HDFS: Append-only, no random writes, single-writer
• Forces applications to adapt to different model
• Cleaner semantics for big data workloads

4. Object Storage (S3)

• Completely different API (PUT/GET/DELETE objects)
• Strong consistency for individual objects, no partial updates
• No POSIX pretense—different programming model

Spectrum of POSIX compliance:

Full POSIX ←━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━→ No POSIX
    |                |                |              |
   GPFS            NFS             HDFS            S3
  Lustre        (relaxed)      (append-only)   (object API)
  CephFS

When multiple clients write concurrently, especially under eventual consistency, conflicts can arise. How a system resolves these conflicts determines the final state of data.

Conflict scenarios:

Conflict Example:

T=0:    File version: v1, content: "Hello"

T=100:  Client A (US-West): write(content="Hello World")
T=100:  Client B (US-East): write(content="Hello Universe")
        (concurrent writes, neither sees the other)

T=200:  Updates propagate... what's the final content?
        • "Hello World"?  (A wins)
        • "Hello Universe"?  (B wins)
        • Both preserved somehow?  (conflict preserved)
        • Error/rejected?  (conflict avoided)

Resolution strategies:

Selecting an appropriate consistency model requires understanding your application's requirements and the tradeoffs you can accept.

Decision framework:

Questions to ask when choosing:

1. What's the cost of stale data? If a user sees an old value, what happens? Minor inconvenience or system failure?

2. What's the cost of coordination? Adding synchronization increases latency. Can your application tolerate 100ms more per operation?

3. How concurrent are accesses? Single-writer workloads often work fine with weaker consistency. Multi-writer concurrent access needs stronger guarantees or conflict resolution.

4. What are your availability requirements? Stronger consistency often means operations fail during partitions. Can you tolerate unavailability?

5. Can application logic handle inconsistency? Some applications can check for conflicts and retry. Others assume consistent views.

Hybrid approach:

Many systems use different consistency models for different operations:

Example: E-commerce platform

- Product catalog: Eventual consistency (reads don't need to be perfect)
- Shopping cart: Session consistency (user sees own cart accurately)
- Inventory decrements: Serializable/Strong (prevent overselling)
- Order placement: Linearizable (order creation is critical)
- Recommendation cache: Eventual (stale recommendations OK)

We've explored the consistency models that define the behavior of distributed file systems. Let's consolidate the key insights:

Module complete:

You've now explored the complete architecture of distributed file systems:

1. DFS Architecture — Components, design patterns, and fundamental tradeoffs
2. Naming and Location — How files are named and located across distributed nodes
3. Caching Strategies — How caching bridges the latency gap while managing coherence
4. Replication — How data is duplicated for fault tolerance and performance
5. Consistency Models — The guarantees systems provide about data visibility and ordering

These concepts form the foundation for understanding how modern distributed storage systems—from enterprise NAS to cloud object storage to big data platforms—actually work under the hood.