The Phoenix Recovery System: Rebuilding from the ashes of an Internet catastrophe

Flavio Junqueira, Ranjita Bhagwan, Keith Marzullo, Stefan Savage and Geoffrey M. Voelker
January 13, 2003

The Internet today is highly vulnerable to \emph{Internet catastrophes}: events in which an exceptionally successful Internet pathogen, like a worm or email virus, causes data loss on a significant percentage of the computers connected to the Internet. In this paper, we explore the feasibility of using data redundancy, a model of dependent host vulnerabilities, and distributed storage to ensure data survives such events. In particular, we motivate the design of a cooperative, peer-to-peer remote backup system called the \Phoenix\ recovery system, and we argue that \Phoenix\ is a compelling architecture for providing a convenient and effective approach for tolerating Internet catastrophes. Our key observation that makes \Phoenix\ both feasible and practical is that an Internet catastrophe, like any large-scale Internet attack, exploits shared vulnerabilities. Hence, the replication mechanism should take the dependencies of host failures---in this case, host diversity---into account. Using a simulation model we show that, by doing informed placement of replicas, \Phoenix\ provide highly reliable and available cooperative backup and recovery with low overhead: with as few as 2 replicas, the system can backup and recover at least the equivalent of 20\% of storage contributed by each host in the system.

How to view this document

The authors of these documents have submitted their reports to this technical report series for the purpose of non-commercial dissemination of scientific work. The reports are copyrighted by the authors, and their existence in electronic format does not imply that the authors have relinquished any rights. You may copy a report for scholarly, non-commercial purposes, such as research or instruction, provided that you agree to respect the author's copyright. For information concerning the use of this document for other than research or instructional purposes, contact the authors. Other information concerning this technical report series can be obtained from the Computer Science and Engineering Department at the University of California at San Diego,

[ Search ]

This server operates at UCSD Computer Science and Engineering.
Send email to