Automatic failover configuration with lightweight observer
First Claim
1. An automatic failover configuration comprising:
- participants includinga primary database system that processes transactions and produces redo data therefor;
a standby database system that receives the redo data via a redo communications link; and
an active observer that exchanges first control messages with the primary database system and the standby database system via one or more non-redo communications links that are not redo communications links.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques used in an automatic failover configuration having a primary database system, a standby database system, and an observer for preventing divergence among the primary and standby database systems while increasing the availability of the primary database system. In the automatic failover configuration, the primary database system remains available even in the absence of both the standby and the observer as long as the standby and the observer become absent sequentially. The failover configuration further permits automatic failover only when the observer is present and the standby and the primary are synchronized and inhibits state changes during failover. The database systems and the observer have copies of failover configuration state and the techniques include techniques for propagating the most recent version of the state among the databases and the observer and techniques for using carefully-ordered writes to ensure that state changes are propagated in a fashion which prevents divergence.
54 Citations
21 Claims
-
1. An automatic failover configuration comprising:
participants including a primary database system that processes transactions and produces redo data therefor; a standby database system that receives the redo data via a redo communications link; and an active observer that exchanges first control messages with the primary database system and the standby database system via one or more non-redo communications links that are not redo communications links. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. A method practiced in an automatic failover configuration which has participants including a primary database system, a standby database system, and an active observer and a communications link for communicating automatic failover configuration state among the participants,
the method preventing divergence of the database systems resulting from an automatic failover and comprising the steps performed in the active observer of: -
sending a first message to the standby database system indicating that the active observer has determined that a failover condition has occurred; receiving a second message from the standby database system indicating that the standby database system has entered a failover pending state indicating that the automatic failover configuration is ready to failover; responding thereto by entering the failover pending state; and responding to a third message from the standby database system indicating that the standby database system has completed the failover and is currently the primary database system by leaving the failover pending state and receiving current automatic failover configuration state from the current primary database system. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method practiced in an automatic failover configuration which has participants including a primary database system, a standby database system, and an active observer and a communications link for communicating automatic failover configuration state among the participants, the active observer having a unique active observer identifier and the automatic failover configuration state including the current active observer identifier and the method ensuring that there is only one active observer in the automatic failover configuration and comprising the steps performed in an observer of:
-
on starting up, requesting an active observer identifier from the primary database system, and if no active observer identifier is received, terminating; and
on receiving automatic failover configuration state,comparing the observer'"'"'s active observer identifier with the current active observer identifier, and if the observer'"'"'s active observer identifier is different from the current active observer identifier, terminating. - View Dependent Claims (20, 21)
when the observer'"'"'s current automatic failover configuration state indicates that an automatic failover is occurring, the method includes the steps performed prior to altering the current automatic failover configuration state to indicate that no automatic failover is occurring of: requesting an active observer identifier from the primary database system, and if no active observer identifier is received, terminating.
-
21. Data storage apparatus characterized in that:
the data storage apparatus contains code which, when executed by an observer, implements the method set forth in claim 19.
-
Specification