Automatic failover configuration with lightweight observer
First Claim
1. An automatic failover configuration comprising:
- a primary database system operating in a first database server that processes transactions and produces redo data as a primary database system participant;
a standby database system operating in a second database server that receives the redo data from the primary database system as a standby database participant, wherein the redo data is applied physically or logically against the standby database system;
an active observer operating in an entity other than the first and second database servers that executes independently of the primary database system and the standby database system, wherein the active observer provides a quorum for a failover operation in which the standby database system participant becomes the primary database system participant;
the active observer exchanging first control messages with the primary database system and the standby database system;
the primary database system and the standby database system exchanging second control messages;
wherein the first and second control messages propagate a current state of the automatic failover configuration among participants; and
wherein the current state of the automatic failover configuration indicates when the active observer is to request further state information from the primary or standby database system; and
the active observer responds thereto by requesting the further state information from the primary or standby database system;
wherein the first control messages are status checks from the observer to the other participants; and
wherein the second control messages are status checks from the primary database system to the standby database system and responses to status checks from the standby database system.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques used in an automatic failover configuration having a primary database system, a standby database system, and an observer for preventing divergence among the primary and standby database systems while increasing the availability of the primary database system. In the automatic failover configuration, the primary database system remains available even in the absence of both the standby and the observer as long as the standby and the observer become absent sequentially. The failover configuration further permits automatic failover only when the observer is present and the standby and the primary are synchronized and inhibits state changes during failover. The database systems and the observer have copies of failover configuration state and the techniques include techniques for propagating the most recent version of the state among the databases and the observer and techniques for using carefully-ordered writes to ensure that state changes are propagated in a fashion which prevents divergence.
35 Citations
9 Claims
-
1. An automatic failover configuration comprising:
-
a primary database system operating in a first database server that processes transactions and produces redo data as a primary database system participant; a standby database system operating in a second database server that receives the redo data from the primary database system as a standby database participant, wherein the redo data is applied physically or logically against the standby database system; an active observer operating in an entity other than the first and second database servers that executes independently of the primary database system and the standby database system, wherein the active observer provides a quorum for a failover operation in which the standby database system participant becomes the primary database system participant; the active observer exchanging first control messages with the primary database system and the standby database system; the primary database system and the standby database system exchanging second control messages; wherein the first and second control messages propagate a current state of the automatic failover configuration among participants; and wherein the current state of the automatic failover configuration indicates when the active observer is to request further state information from the primary or standby database system; and the active observer responds thereto by requesting the further state information from the primary or standby database system; wherein the first control messages are status checks from the observer to the other participants; and wherein the second control messages are status checks from the primary database system to the standby database system and responses to status checks from the standby database system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product comprising a non-transitory computer-usable storage medium having executable code which, when executed by a processor, causes the processor to implement an automatic failover configuration, comprising:
-
a primary database system operating in a first database server that processes transactions and produces redo data as a primary database system participant; a standby database system operating in a second database server that receives the redo data from the primary database system as a standby database participant, wherein the redo data is applied physically or logically against the standby database system; an active observer operating in an entity other than the first and second database servers that executes independently of the primary database system and the standby database system, wherein the active observer provides a quorum for a failover operation in which the standby database system participant becomes the primary database system participant; the active observer exchanging first control messages with the primary database system and the standby database system; the primary database system and the standby database system exchanging second control messages; wherein the first and second control messages propagate a current state of the automatic failover configuration among participants; and wherein the current state of the automatic failover configuration indicates when the active observer is to request further state information from the primary or standby database system; and the active observer responds thereto by requesting the further state information from the primary or standby database system; wherein the first control messages are status checks from the observer to the other participants; and wherein the second control messages are status checks from the primary database system to the standby database system and responses to status checks from the standby database system.
-
-
9. An automatic failover configuration comprising:
-
a primary database system operating in a first database server that processes transactions and produces redo data as a primary database system participant; a standby database system operating in a second database server that receives the redo data from the primary database system as a standby database participant, wherein the redo data is applied physically or logically against the standby database system; an active observer operating in an entity other than the first and second database servers that executes independently of the primary database system and the standby database system, wherein the active observer provides a quorum for a failover operation in which the standby database system participant becomes the primary database system participant; the active observer exchanging first control messages with the primary database system and the standby database system; the primary database system and the standby database system exchanging second control messages; wherein an observer requests further state information upon startup;
the primary database system responds to the request for further state information by providing an identifier to the observer only if there are currently no active observers in the configuration; and
the observer terminates if it does not receive the identifier;wherein the first control messages are status checks from the observer to the other participants; and wherein the second control messages are status checks from the primary database system to the standby database system and responses to status checks from the standby database system.
-
Specification