| From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, jd(at)commandprompt(dot)com, Thom Brown <thom(at)linux(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Dave Page <dpage(at)pgadmin(dot)org>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Configuring synchronous replication |
| Date: | 2010-09-24 10:57:31 |
| Message-ID: | 1285325851.21874.1524.camel@ebony |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
On Fri, 2010-09-24 at 11:08 +0300, Heikki Linnakangas wrote:
> On 24/09/10 01:11, Simon Riggs wrote:
> >> But that's not what I call synchronous replication, it doesn't give
> >> you the guarantees that
> >> textbook synchronous replication does.
> >
> > Which textbook?
>
> I was using that word metaphorically, but for example:
>
> Wikipedia
> http://en.wikipedia.org/wiki/Replication_%28computer_science%29
> (includes a caveat that many commercial systems skimp on it)
Yes, I read that. The example it uses shows only one standby, which does
suffer from the problem/caveat it describes. Two standbys resolves that
problem, yet there is no mention of multiple standbys in Wikipedia.
> Oracle docs
>
> http://download.oracle.com/docs/cd/B10500_01/server.920/a96567/repoverview.htm
> Scroll to "Synchronous Replication"
That document refers to sync rep *only* in the context of multimaster
replication. We aren't discussing that here and so that link is not
relevant at all.
Oracle Data Guard in Maximum availability mode is roughly where I think
we should be aiming
http://download.oracle.com/docs/cd/B10500_01/server.920/a96653/concepts.htm#1033871
But I disagree with consulting other companies' copyrighted material,
and I definitely don't like their overcomplicated configuration. And
they have not yet thought of per-transaction controls. So I believe we
should learn many lessons from them, but actually ignore and surpass
them. Easily.
> Googling for "synchronous replication textbook" also turns up this
> actual textbook:
> Database Management Systems by R. Ramakrishnan & others
> which uses synchronous replication with this meaning, although in the
> context of multi-master replication.
>
> Interestingly, "Transaction Processing: Concepts and techniques" by
> Grey, Reuter, chapter 12.6.3, defines three levels:
>
> 1-safe - what we call asynchronous
> 2-safe - commit is acknowledged after the slave acknowledges it, but if
> the slave is down, fall back to asynchronous mode.
> 3-safe - commit is acknowledged only after slave acknowledges it. If it
> is down, refuse to commit
Which again is a one-standby viewpoint on the problem. Wikipedia is
right that there is a problem when using just one server.
"3-safe" mode is not more safe than "2-safe" mode when you have 2
standbys.
If you want high availability you need N+1 redundancy. If you want a
standby server that is N=1. If you want a highly available standby
configuration then N+1 = 2.
Show me the textbook that describes what happens with 2 standbys. If one
exists, I'm certain it would agree with my analysis.
(I'll read and comment on your other points later today.)
--
Simon Riggs www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Training and Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2010-09-24 10:59:42 | Re: Configuring synchronous replication |
| Previous Message | Dimitri Fontaine | 2010-09-24 10:53:45 | Re: Configuring synchronous replication |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2010-09-24 10:59:42 | Re: Configuring synchronous replication |
| Previous Message | Dimitri Fontaine | 2010-09-24 10:53:45 | Re: Configuring synchronous replication |