Cascading failure

From Wikipedia, the free encyclopedia
Jump to: navigation, search
An animation demonstrating how a single failure may result in other failures throughout a network.

A cascading failure is a failure in a system of interconnected parts in which the failure of a part can trigger the failure of successive parts. Such a failure may happen in many types of systems, including power transmission, computer networking, finance, human bodily systems, and bridges.

Cascading failures usually begin when one part of the system fails. When this happens, nearby nodes must then take up the slack for the failed component. This in turn overloads these nodes, causing them to fail as well, prompting additional nodes to fail one after another in a vicious circle.

Cascading failure in power transmission[edit]

Cascading failure is common in power grids when one of the elements fails (completely or partially) and shifts its load to nearby elements in the system. Those nearby elements are then pushed beyond their capacity so they become overloaded and shift their load onto other elements. Cascading failure is a common effect seen in high voltage systems, where a single point of failure (SPF) on a fully loaded or slightly overloaded system results in a sudden spike across all nodes of the system. This surge current can induce the already overloaded nodes into failure, setting off more overloads and thereby taking down the entire system in a very short time.

This failure process cascades through the elements of the system like a ripple on a pond and continues until substantially all of the elements in the system are compromised and/or the system becomes functionally disconnected from the source of its load. For example, under certain conditions a large power grid can collapse after the failure of a single transformer.

Monitoring the operation of a system, in real-time, and judicious disconnection of parts can help stop a cascade. Another common technique is to calculate a safety margin for the system by computer simulation of possible failures, to establish safe operating levels below which none of the calculated scenarios is predicted to cause cascading failure, and to identify the parts of the network which are most likely to cause cascading failures.[citation needed]

One of the primary problems with preventing electrical grid failures is that the speed of the control signal is no faster than the speed of the propagating power overload, i.e. since both the control signal and the electrical power are moving at the same speed, it is not possible to isolate the outage by sending a warning ahead to isolate the element. To ameliorate this systemic defect, superconducting magnetic energy storage units at critical junctions can store or release power for a few seconds to allow control systems to catch up and actuate isolating procedures.

Examples[edit]

Cascading failure caused the following power outages:

Cascading failure in computer networks[edit]

Cascading failures can also occur in computer networks (such as the Internet) in which network traffic is severely impaired or halted to or between larger sections of the network, caused by failing or disconnected hardware or software. In this context, the cascading failure is known by the term cascade failure. A cascade failure can affect large groups of people and systems.

The cause of a cascade failure is usually the overloading of a single, crucial router or node, which causes the node to go down, even briefly. It can also be caused by taking a node down for maintenance or upgrades. In either case, traffic is routed to or through another (alternative) path. This alternative path, as a result, becomes overloaded, causing it to go down, and so on. It will also affect systems which depend on the node for regular operation.

Symptoms[edit]

The symptoms of a cascade failure are easy to see: packet loss and high network latency, not just to single systems, but to whole sections of a network or the internet. The high latency and packet loss is caused by the nodes that fail to operate due to congestion collapse, which causes them to still be present in the network but without much or any useful communication going through them. As a result, routes can still be considered valid, without them actually providing communication.

If enough routes go down because of a cascade failure, a complete section of the network or internet can become unreachable. Although undesired, this can help speed up the recovery from this failure as connections will time out, and other nodes will give up trying to establish connections to the section(s) that have become cut off, decreasing load on the involved nodes.

A common occurrence during a cascade failure is a walking failure, where sections go down, causing the next section to fail, after which the first section comes back up. This ripple can make several passes through the same sections or connecting nodes before stability is restored.

History[edit]

Cascade failures are a relatively recent development, with the massive increase in traffic and the high interconnectivity between systems and networks. The term was first applied in this context in the late 1990s by a Dutch IT professional and has slowly become a relatively common term for this kind of large-scale failure.[citation needed]

Example[edit]

Network failures typically start when a single network node fails. Initially, the traffic that would normally go through the node is stopped. Systems and users get errors about not being able to reach hosts. Usually, the redundant systems of an ISP respond very quickly, choosing another path through a different backbone. The routing path through this alternative route is longer, with more hops and subsequently going through more systems that normally do not process the amount of traffic suddenly offered.

This can cause one or more systems along the alternative route to go down, creating similar problems of their own.

Also, related systems are affected in this case. As an example, DNS resolution might fail and what would normally cause systems to be interconnected, might break connections that are not even directly involved in the actual systems that went down. This, in turn, may cause seemingly unrelated nodes to develop problems, that can cause another cascade failure all on its own.

In December 2012, a partial loss (40%) of GMail service occurred globally, for 18 minutes. This loss of service was caused by a routine update of load balancing software which contained faulty logic—in this case, the error was caused by logic using an inappropriate all instead of the more appropriate some. The cascading error was fixed by fully updating a single node in the network instead of partially updating all nodes at one time.

Mechanical structural failure[edit]

Certain load-bearing structures with discrete structural components can be subject to the "zipper effect", where the failure of a single structural member increases the load on adjacent members. In the case of the Hyatt Regency walkway collapse, a suspended walkway (which was already overstressed due to an error in construction) failed when a single vertical suspension rod failed, overloading the neighboring rods which failed sequentially (i.e. like a zipper). A bridge that can have such a failure is called fracture critical, and numerous bridge collapses have been caused by the failure of a single part. Properly designed structures use an adequate factor of safety and/or alternate load paths to prevent this type of mechanical cascade failure.[1]

Other examples of cascading failure[edit]

Biology[edit]

Biochemical cascades exist in biology, where a small reaction can have system-wide implications. One negative example is ischemic cascade, in which a small ischemic attack releases toxins which kill off far more cells than the initial damage, resulting in more toxins being released. Current research is to find a way to block this cascade in stroke patients to minimize the damage.

In the study of extinction, sometimes the extinction of one species will cause many other extinctions to happen. Such a species is known as a keystone species.

Electronics[edit]

Another example is the Cockcroft–Walton generator, which can also experience cascade failures wherein one failed diode can result in all the diodes failing in a fraction of a second.

Yet another example of this effect in a scientific experiment was the implosion in 2001 of several thousand fragile glass photomultiplier tubes used in the Super-Kamiokande experiment, where the shock wave caused by the failure of a single detector appears to have triggered the implosion of the other detectors in a chain reaction.

Finance[edit]

Main article: Systemic risk

In finance, the risk of cascading failures of financial institutions is referred to as systemic risk: the failure of one financial institution may cause other financial institutions (its counterparties) to fail, cascading throughout the system. Institutions that are believed to pose systemic risk are deemed either "too big to fail" (TBTF) or "too interconnected to fail" (TICTF), depending on why they appear to pose a threat.

Note however that systemic risk is not due to individual institutions per se, but due to the interconnections.

Infrastructures[edit]

Today’s networks are becoming increasingly dependent on one another. Diverse infrastructures such as water supply, transportation, fuel and power stations are coupled together. Owing to this coupling, interdependent networks are extremely sensitive to random failure, and in particular to targeted attacks, such that a failure of a small fraction of nodes from one network can produce an iterative cascade of failures in several interdependent networks.[2] Electrical blackouts frequently result from a cascade of failures between interdependent networks, and the problem has been dramatically exemplified by the several large-scale blackouts that have occurred in recent years. Blackouts are a fascinating demonstration of the important role played by the dependencies between networks. For example, the September 28, 2003 blackout in Italy resulted in a widespread failure of the railway network, health care systems, and financial services and, in addition, severely influenced communication networks. The partial failure of the communication system in turn further impaired the power grid management system, thus producing a negative feedback on the power grid.[3] This example emphasizes how inter-dependence can significantly magnify the damage in an interacting network system. A framework to study the cascading failures between coupled networks based on percolation theory was developed recently.[4] Cascading failures in spatially embedded systems have been shown to lead to extreme vulnerability.[5]

See also[edit]

References[edit]

  1. ^ Petroski, Henry (1992). To Engineer Is Human: The Role of Failure in Structural Design. Vintage. ISBN 978-0-679-73416-1. 
  2. ^ "Report of the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack". 
  3. ^ V. Rosato, Issacharoff, L., Tiriticco, F., Meloni, S., Porcellinis, S.D., & Setola, R. (2008). "Modelling interdependent infrastructures using interacting dynamical models". International Journal of Critical Infrastructures 4: 63–79. doi:10.1504/IJCIS.2008.016092. 
  4. ^ S. V. Buldyrev, R. Parshani, G. Paul, H. E. Stanley, S. Havlin (2010). "Catastrophic cascade of failures in interdependent networks". Nature 464 (7291): 1025–8. doi:10.1038/nature08932. PMID 20393559. 
  5. ^ Bashan, Amir; Berezin, Yehiel; Buldyrev, Sergey V.; Havlin, Shlomo (2013). "The extreme vulnerability of interdependent spatially embedded networks". Nature Physics. doi:10.1038/nphys2727. ISSN 1745-2473. 

Further reading[edit]

External links[edit]