Basescu, CristinaFord, Bryan Alexander2023-04-032023-04-032023-04-032021-11-1010.1145/3484266.3487387https://infoscience.epfl.ch/handle/20.500.14299/196702Failures far away from a user should intuitively be less likely to affect that user. Today's ecosystem miserably fails this test, however, despite high-availability best practices. Correlated and cascading failures – triggered by misconfigurations, bugs, and network partitions – often invalidate assumptions of failure independence. We propose that distributed services need not and should not expose local activities to distant failures or partitions, no matter how severe. Limix is an exposure-limiting architecture, guaranteeing that neither the availability nor the performance of strongly-consistent accesses within a local area may be impacted by distant failures. Preliminary results suggest that infrastructures today could use Limix to limit exposure at a manageable cost.availabilitylocalitydistributed servicesconsistencytext::conference output::conference proceedings::conference paper