Database system configured for automatic failover with no data loss

US 7,627,584 B2
Filed: 11/22/2006
Issued: 12/01/2009
Est. Priority Date: 11/30/2005
Status: Active Grant

First Claim

Patent Images

1. An automatic failover configuration comprising:

configuration participants includinga primary database system that produces redo data,a standby database system that receives the redo data, andan observer;

each participant including processor that has access to memory,a messaging system for sending and receiving messages among the participants, andin each participant, a copy in the memory of configuration state of the automatic failover configuration that specifies one of a plurality of configuration states, the messages being used to propagate a most recent configuration state among the participants and each configuration state including a monotonically increasing version number, a more recent configuration state being a configuration state that has a higher version number,a message from a participant to another participant including the most recent configuration state known to the participant andif the other participant knows of a more recent configuration state, a reply by the other participant to the message, the reply containing the more recent configuration state; and

a participant responding to a message or a reply with a more recent configuration state by setting its copy of the configuration state to the more recent configuration state.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques used in an automatic failover configuration having a primary database system, a standby database system, and an observer for preventing divergence among the primary and standby database systems while increasing the availability of the primary database system. In the automatic failover configuration, the primary database system remains available even in the absence of both the standby and the observer as long as the standby and the observer become absent sequentially. The failover configuration further permits automatic failover only when the observer is present and the standby and the primary are synchronized and inhibits state changes during failover. The database systems and the observer have copies of failover configuration state and the techniques include techniques for propagating the most recent version of the state among the databases and the observer and techniques for using carefully-ordered writes to ensure that state changes are propagated in a fashion which prevents divergence.

37 Citations

View as Search Results

15 Claims

1. An automatic failover configuration comprising:
- configuration participants includinga primary database system that produces redo data,a standby database system that receives the redo data, andan observer;
  
  each participant including processor that has access to memory,a messaging system for sending and receiving messages among the participants, andin each participant, a copy in the memory of configuration state of the automatic failover configuration that specifies one of a plurality of configuration states, the messages being used to propagate a most recent configuration state among the participants and each configuration state including a monotonically increasing version number, a more recent configuration state being a configuration state that has a higher version number,a message from a participant to another participant including the most recent configuration state known to the participant andif the other participant knows of a more recent configuration state, a reply by the other participant to the message, the reply containing the more recent configuration state; and
  
  a participant responding to a message or a reply with a more recent configuration state by setting its copy of the configuration state to the more recent configuration state.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The automatic failover configuration set forth in claim 1 wherein:
    - the participants further use the messages to determine whether a participant is present.
  - 3. The automatic failover configuration set forth in claim 1 wherein:
    - the configuration state includes failover state that indicates whether a failover is taking place; and
      
      when the failover state indicates that the failover is taking place, propagation of configuration state by a message from a returning participant is inhibited.
  - 4. The automatic failover configuration set forth in claim 3 wherein:
    - the messages further include state transition coordination messages; and
      
      the standby database system and the observer employ the state transition coordination messages to coordinate transitions to and from the failover pending state.
  - 5. The automatic failover configuration set forth in claim 4 wherein:
    - the standby database system and the observer employ the state transition coordination messages before entering the failover pending state to agree that the primary database system is absent and to determine that the configuration state for both the standby database system and the observer indicates the failover pending state before the standby becomes the primary.
  - 6. The automatic failover configuration set forth in claim 5 wherein:
    - after the standby database system becomes the primary, the standby database system changes its copy of the configuration state to terminate the failover pending state and employs the state transition coordination messages to indicate termination of the failover pending state to the observer, the observer responding thereto by changing its copy of the configuration state to terminate the failover pending state.
  - 7. The automatic failover configuration set forth in claim 3 wherein:
    - the failover is an automatic failover; and
      
      the standby database system enters the failover pending state only when the standby database system'"'"'s copy of the configuration state indicates that the standby database system is synchronized with the primary database system and the observer is present.
  - 8. The automatic failover configuration set forth in claim 3 wherein:
    - the failover is an automatic failover andthe second database system will not enter the failover pending state if the second database system'"'"'s copy of the configuration state value indicates that the second database system is not synchronized with the first database system.
  - 9. The automatic failover configuration set forth in claim 3 wherein:
    - the failover is an automatic failover andthe second database system will not enter the failover pending state if the second database system'"'"'s copy of the configuration state value indicates that the observer is absent.
  - 10. The automatic failover configuration set forth in claim 3 wherein:
    - the failover is an automatic failover and the second database system will not enter the failover pending state if the second database system'"'"'s copy of the configuration state value indicates that the second database system is suspended.
  - 11. A data storage device characterized in that:
    - the data storage device contains code which, when executed in the participants, implements the automatic failover configuration set forth in claim 1.

12. A method of preventing automatic failover from resulting in divergence among database systems in an automatic failover configuration, the automatic failover configuration havingparticipants includinga first database system,a second database system, andan observer,each participant including a processor that has access to memory including persistent memory,in each participant, a copy of a configuration state value that specifies one of a plurality of configuration states of the automatic failover configuration, each configuration state value including a monotonically increasing version number, a more recent configuration state value being a configuration state value that has a higher version number, anda messaging system for sending and receiving messages among the participants, the method comprising the steps performed in a participant of the participants of:
- on receiving a first message from another participant that includes the most recent configuration state value known to the other participant at the time the received message was sent, comparing the received most recent configuration state value with the most recent configuration state value then known to the participant and thereuponif the known most recent configuration state value is less recent than the received most recent configuration state value, copying the received most recent configuration state value as the known most recent configuration state value andif the known most recent configuration state value is more recent than the received most recent configuration state value, sending a second message with the known most recent configuration state to the other participant andthe method further comprising the steps performed in the participant during a transition from one of the plurality of configuration states to another configuration state thereof in which divergence among the database systems is possible ofdetermining that another participant has saved the configuration state value for the other configuration state in its persistent memory; and
  
  thereuponsaving the configuration state value for the other configuration state in the participant'"'"'s persistent memory.
- View Dependent Claims (13, 14, 15)
- - 13. The method set forth in claim 12 wherein the step of determining comprises the step of:
    - receiving a configuration state value persisted message of the messages indicating that the other participant has stored the configuration state value in the other participant'"'"'s persistent memory.
  - 14. The method set forth in claim 13 further comprising the step performed in the participant of:
    - sending a state transition initiation message of the messages to the other participant indicating that the participant is initiating the transition, the configuration state value persisted message being sent by the other participant in response to the state transition initiation message when the other participant agrees that the transition should be made.
  - 15. The method set forth in claim 14 wherein:
    - a participant'"'"'s copy of the configuration state value in the participant'"'"'s persistent memory together with the first and second messages and configuration state value persisted messages permit a participant to leave the automatic failover configuration at any time and to return at any time without disrupting the automatic failover configuration.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
McGuirk, Robert R., Girkar, Mahesh Baburao, Vivian, Stephen John, Claborn, George H., Voss, Douglas, Garin, Benedito Elmo Jr., Guzman, Raymond
Primary Examiner(s)
Fleurantin; Jean B.
Assistant Examiner(s)
Ly; Anh

Application Number

US11/603,504
Publication Number

US 20070124348A1
Time in Patent Office

1,105 Days
Field of Search

707/10, 707100-102, 707/104.1, 707/200, 707/204, 714/4, 714/712, 714/718
US Class Current

707/782
CPC Class Codes

G06F 11/2025   using centralised failover ...

G06F 11/2028   eliminating a faulty proces...

G06F 11/2074   Asynchronous techniques

G06F 11/2076   Synchronous techniques

G06F 11/2082   Data synchronisation

Database system configured for automatic failover with no data loss

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Database system configured for automatic failover with no data loss

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links