cn=Directory Manager
All about Directory Server
All | Personal | Sun

« Data Distribution in... | Main | OpenDS Documentation... »
20070305 Monday March 05, 2007

Read-Only Replicas Considered Harmful

Back in the dark ages, the Netscape/iPlanet Directory Server 4.x only supported single-master replication. No matter how many directories you had, only one instance was writable and all the others had to be read-only. If you tried to write to one of those read-only directories, you'd get a referral redirecting you to the master. In simple deployments, you'd have what was basically a star topology, where each of the read-only replicas was directly updated by the masters. In more complicated environments, you might see replication hubs that accept changes from the supplier and forward them on to consumers, so that the supplier itself wasn't directly responsible for updating all of the read-only replicas. While the topology was simple, it didn't lend itself well to highly-available deployments, and it caused problems for applications that didn't handle referrals (although Directory Proxy Server was able to hide a lot of that from clients if it was installed).

When Directory Server 5.0 came out, we added the ability to have two masters (as long as they were both in the same data center). This was big step forward for high availability, and for many deployments where two servers were enough to handle all the load you didn't need to have any read-only replicas. However, if you wanted to have more than two servers, or if you wanted to have servers in multiple data centers, then you still had to have read-only replicas.

When Directory Server 5.2 was released, we added support for up to four masters, and support for masters in different data centers. This was an even bigger leap forward. For the vast majority of single data center deployments, four servers is more than enough to handle all the client load, and many two data center environments, two servers per data center was fine as well. However, you still needed those pesky read-only servers if you wanted to have more than two data centers with high availability in each one.

Now that Directory Server 6.0 is available, there's no longer any limit on the number of masters that you can have. You can make every server a master, and in the vast majority of environments that's exactly what you should do. No matter how many data centers you have or how many servers per data center, it's just plain easier if they're all masters. Note that you don't have to have them all directly connected to each other -- in larger environments spanning multiple data centers it's probably nice to have all of the local servers fully-interconnected but only a couple of cross-WAN links into other data centers -- but you can if you want. Some of the benefits of having only masters include:
  • Binary copy becomes much easier since you only have one type of server to manage. You can't use binary initialization from a master to a consumer (or vice versa), but if you have only masters then you can use binary copy between them as long as they meet the other constraints (e.g., they have the same system architecture, filesystem layout, and indexing configuration).

  • Password policy works better across the environment. If you have account lockout enabled and you try to authenticate to a read-only replica, then the failure counter will only be updated on that one replica but other servers in the environment won't know about it. But if it happens on a master, then that login failure will be replicated throughout the environment so that other servers will see it as well. The same is also true for the last login time functionality if you want to enable that.

  • If there are read-only replicas in the environment, then clients that try to modify them will need to be able to handle referrals, and in the event that they do encounter a referral and send their write somewhere else then they could still have to deal with issues around propagation delay if they immediately read the entry back from the read-only server after having to perform the write somewhere else. As I mentioned before, Directory Proxy Server can follow referrals on behalf of the client, and in fact the new release has features like server affinity that help avoid problems with propagation delay. However, if there are any clients that attempt to directly communicate with the server instead of going through a proxy, then it's a lot easier if all the servers are masters.

  • In the past, there were cases in which you were able to get higher modify performance if you constrained yourself to only sending writes to one server. That's not true anymore, and in fact you'll probably find that you get better overall write performance by spreading the writes out across multiple servers than you do if you just send them to one instance.


I have seen Directory Server 5.2 deployments that included read-only replicas just because the people who set things up thought that was just the way it was always done without thinking about whether or not it was the right approach. I have already seen a couple of cases with Directory Server 6 where people talking about how to deploy an environment were thinking about including read-only servers. Certainly it's still an option if you really do have a legitimate need for read-only servers, but don't feel like there's any need to do it that way simply because that's the way things were done in the past.

Note that with OpenDS, we're taking even more steps to help eliminate the last few potential arguments against making all servers masters. We're introducing an architecture where it's possible to separate the changelogs from the server instances (where only some of the servers need to have changelogs, or you can put the changelogs on completely separate machines ), so you can have masters without changelogs if you're concerned about the extra disk space associated with the changelog. We'll also be adding support for writable partial replicas (containing a subset of the attributes and/or a subset of the entries). If there are still other reasons that you you think might tie to into a scenario that requires read-only replicas then let us know so we can think about ways to eliminate those road blocks as well.

Posted by cn_equals_directory_manager ( Mar 05 2007, 07:43:13 PM CST ) Permalink Comments [5]

Comments:

You continue to provide us with lot of useful information. Thanks a lot for all your efforts.

Posted by R Rajesh on March 06, 2007 at 02:24 AM CST #

I don't see the 'harm', that seems to be a bit of hyperbole on the author's part. This seems like a bit of irrational exuberance to me, but maybe I'm out of line. I don't have time to address the other points in the article, but keep in mind:
* I'm sure lots of sites have a mixed sparc and x86 environment - eg. binary copy is not something that will work for everyone.
* It's common to have a star shaped network topology, multi-master mode will introduce write latency in this case.
* It's convenient to have all the changes written to a single server for log review.

Posted by 199.184.22.3 on March 06, 2007 at 02:21 PM CST #

Perhaps "harm" was a little strong, but not by that much. Using read-only replicas in an environment when it's not needed can cause problems with certain applications, especially when they expect the write to succeed and can't follow referrals. It also prevents you from taking advantage of all the password policy functionality that is available if all instances of the server are writable. If you do have a legitimate reason for keeping read-only replicas, then these cons do at least have to be taken into consideration.

With regard to the other points that you brought up:
  • It is true that binary copy cannot currently be used (with either DSEE 5.x or 6.x) on systems with mixed architectures, or different filesystem layouts, or different backend configurations, although in practice deployments that mix multiple architectures in the directory environment aren't all that common. However all of that will be going away with OpenDS. You will be able to use binary copy on OpenDS across architectures, and using different filesystem layouts. In addition, binary copy in OpenDS will also be possible at the backend level rather than having to be server-wide like it is in DSEE, so even if the servers have different sets of backends you will be able to use it on those backends that they do have in common (and correspondingly, disaster recovery in such environments could be faster because if only one backend is having problems then you just need to restore that one backend rather than all data in the server).

  • Multimaster replication does not introduce any latency over a single-master model. In small deployments with only a few servers, all masters are typically directly connected to each other, so there is no added latency. In larger deployments involving multiple data centers, not having all servers directly connected is akin to using replication hubs that would likely be necessary in a single-master model for a single deployment. Further, the latency that clients perceive when performing operations will be lower if the client is always able to talk to a writable server than the case in which they may be talking to a read-only server and then have to be referred to a master whenever they attempt a write.

  • Regardless of where a change is originally made, it will be propagated everywhere throughout the replication environment, and the operation will show up in the log files on all servers. On the other hand, read operations will only be logged on the server that processes them, so you'll have to deal with that unless you have only one server in your environment. In OpenDS, we'll also be helping with that by providing centralized logging so that all operations can be written to a single log file (or database), or potentially written to separate log files on the same network volume so while the files are still separate they are at least all in the same place.

Posted by Neil A. Wilson on March 06, 2007 at 02:47 PM CST #

Does the uiduniqueness plugin exist in OpenDS? How would a large multi-master configuration, handle multiple new native-ldap clients (added to different masters) with each client requiring a unique UID?

Posted by Jonathan G on March 09, 2007 at 12:15 PM CST #

No, OpenDS does not yet have a plugin to ensure attribute uniqueness. It's in our issue tracker as issue #258 but we haven't gotten around to implementing yet. It would be trivial to implement for local uniqueness, but global uniqueness is a little more tricky (although certainly possible and we will have a couple of different options for providing it).

Note also that OpenDS does not yet support the virtual list view (VLV) control, which is required for Native LDAP. However, we will also be implementing that in the near future. That is being tracked as issue #80.

Posted by Neil A. Wilson on March 09, 2007 at 12:39 PM CST #

Post a Comment:

Comments are closed for this entry.
Archives
« August 2008
SunMonTueWedThuFriSat
     
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
      
Today

XML


Language

Links


blogs.sun.com
Weblog
Login


Referrers

Today's Page Hits: 75