Failure Handling
Secondary failure - nothing to do till it recovers
- At recovery, apply the updates it missed while down
- Needs to determine which updates it missed, just like log-based recovery
- If down for too long, it may be faster to get a whole copy
Primary failure – Products just wait till it recovers
- Can get higher availability by electing a new primary
- A secondary that detects primary’s failure announces a new election by broadcasting its unique replica identifier
- Other secondaries reply with their replica identifier
- The largest replica identifier wins