7th USENIX Conference on File and Storage Technologies
Smoke and Mirrors: Reﬂecting Files at a Geographically Remote Location
Without Loss of Performance
Hakim Weatherspoon, Lakshmi Ganesh, Tudor Marian,
Mahesh Balakrishnan, and Ken Birman
Cornell University, Computer Science Department, Ithaca, NY 14853
Microsoft Research, Silicon Valley
The Smoke and Mirrors File System (SMFS) mirrors
ﬁles at geographically remote datacenter locations with
negligible impact on ﬁle system performance at the pri-
mary site, and minimal degradation as a function of
link latency. It accomplishes this goal using wide-area
links that run at extremely high speeds, but have long
round-trip-time latencies—a combination of properties
that poses problems for traditional mirroring solutions.
In addition to its raw speed, SMFS maintains good syn-
chronization: should the primary site become completely
unavailable, the system minimizes loss of work, even for
applications that simultaneously update groups of ﬁles.
We present the SMFS design, then evaluate the system
on Emulab and the Cornell National Lambda Rail (NLR)
Ring testbed. Intended applications include wide-area
ﬁle sharing and remote backup for disaster recovery.
Securing data from large-scale disasters is important, es-
pecially for critical enterprises such as major banks, bro-
kerages, and other service providers. Data loss can be
catastrophic for any company — Gartner estimates that
40% of enterprises that experience a disaster (e.g. loss
of a site) go out of business within ﬁve years . Data
loss failure in a large bank can have much greater conse-
quences with potentially global implications.
Accordingly, many organizations are looking at dedi-
cated high-speed optical links as a disaster tolerance op-
tion: they hope to continuously mirror vital data at re-
mote locations, ensuring safety from geographically lo-
calized failures such as those caused by natural disas-
ters or other calamities. However, taking advantage of
this new capability in the wide-area has been a chal-
lenge; existing mirroring solutions are highly latency
sensitive . As a result, many critical enterprises op-
erate at risk of catastrophic data loss .
The central trade-off involves balancing safety against
So-called synchronous mirroring solu-
tions [6, 12] block applications until data is safely mir-
rored at the remote location: the primary site waits for
an acknowledgment from the remote site before allow-
ing the application to continue executing.
very safe, but extremely sensitive to link latency. Semi-
synchronous mirroring solutions [12, 42] allow the ap-
plication to continue executing once data has been writ-
ten to a local disk; the updates are transmitted as soon
as possible, but data can still be lost if disaster strikes.
The end of the spectrum is fully asynchronous: not only