Data centers failure proof with CARP.

[Chuck Swiger]

Hi--

On Sep 26, 2011, at 9:53 AM, Martin Wilke wrote:
> Any other Idea what we can do to get a failover between both servers?

Multi datacenter failover is *hard*.  You have to evaluate which parts are static systems-- ie, display the same web images from all DCs, provide a current UTC timestamp from NTP, or whatever-- and which parts are transactional: ie, people's email, or placing orders on an online store, etc.

Failover of static systems is relatively easier, as they don't need to change from one DC to another, and you can just use short DNS TTLs or outsource to a content distribution network like the various CDN / cloud providers (Akamai, Amazon, Level3, Azure, whatever).

Failover of the transactional portion requires extensive effort to understand the transactional model-- are you active/standby, with write-through to the primary and cacheable read-back elsewhere, with a planned transition in the event of failure of the active to promote a standby to active; or are multiple DCs active with some form of load-balancing in place to distribute transactions (geolocation by client IP towards closer DCs, perhaps), etc.

And you also have to consider what happens after a failure, and how you reintegrate DCs once a failure is resolved and reassemble your transactional data to be coherent.

Regards,
-- 
-Chuck