In theoretical computer science the CAP theorem, also known as Brewer's theorem, states that it is impossible for a distributed computer system to simultaneously provide all three of the following guarantees:[1][2]
According to the theorem, a distributed system can satisfy any two of these guarantees at the same time, but not all three.[3]
Contents |
The theorem began as a conjecture made by University of California, Berkeley computer scientist Eric Brewer at the 2000 Symposium on Principles of Distributed Computing (PODC).[4] In 2002, Seth Gilbert and Nancy Lynch of MIT published a formal proof of Brewer's conjecture, establishing it as a theorem.[1]
The CAP theorem as proved by Gilbert and Lynch is somewhat narrower than what Brewer had in mind. The theorem sets up a scenario in which a replicated service is presented with two conflicting requests that arrive at distinct locations at a time when a link between them is failed. The obligation to provide availability despite partitioning failures leads the services to respond; at least one of these responses will necessarily be inconsistent with what a service implementing a true one-copy replication semantic would have done. The researchers then go on to show that other forms of consistency are achievable, including a property they call t-eventual consistency. Thus the theorem doesn't rule out achieving consistency in a distributed system, and says nothing about the cloud per-se or about scalability.
In contrast, as Eric Brewer posed the question, CAP is often taken to preclude consistency for services running in the highly elastic first-tier of a modern cloud computing system. These services are typically required to be stateless or to maintain only soft-state (cached data), and must be responsive even if inner-tier services are temporarily inaccessible. CAP, in this sense, uses "A" to mean immediately responsive, and "P" to mean "even if a failure prevents the first-tier service from connecting to some needed resource". In effect, we sacrifice consistency to gain faster responses in a more scalable manner.
Notice that partitioning, per-se, doesn't really enter into this broader interpretation of CAP. Indeed, there is no CAP theorem for the scenario actually seen where symmetric availability during partitioning failures is not normally required. There are two reasons for this: first, cloud platforms have redundant, highly available networks and normally don't experience such failures. Second, if one of these very rare partitioning events were to occur, it would very likely cut some small set of replicas off not just from other components of the cloud, but also from their external clients, obviating the need for availability.
CAP is often cited as a justification for using weaker consistency models. Popular among these is BASE, an acronym for Basically Available Soft-State services with Eventual Consistency. Amazon's Dynamo key-value store is often cited as the best example of how BASE looks in practice. In summary, the BASE methodology is characterized by high availability for first-tier services, leaving some kind of background cleanup mechanism to resolve any problems created by optimistic actions that later turn out to have violated consistency.