The third issue is that removed servers (those not in Cnew) can disrupt the cluster. These servers will not receive heartbeats, so they will time out and start new elections. They will then send RequestVote RPCs with new term numbers, and this will cause the current leader to revert to follower state. A new leader will eventually be elected, but the removed servers will time out again and the process will repeat, resulting in poor availability.
To prevent this problem, servers disregard RequestVote RPCs when they believe a current leader exists. Specifically, if a server receives a RequestVote RPC within the minimum election timeout of hearing from a current leader, it does not update its term or grant its vote. This does not affect normal elections, where each server waits at least a minimum election timeout before starting an election. However, it helps avoid disruptions from removed servers: if a leader is able to get heartbeats to its cluster, then it will not be deposed by larger term numbers.
- A is leader and B and C are followers- C because of some network problems misses enough of the heartbeats to start an election and starts sending RequestVote RPCs to A and B- These RequestVote RPCs requests reach A and B, but they ignore them because A is leader- Heartbeats and AppendEntries RPC's from A are still being sent to C, but C ignores them because they are from an older term
- This state continues until the connection between A and B is disrupted and they accept C's RequestVote RPCs.Although this does not cause downtime or service disruption it does carry some problems:- C will get behind indefinitely and probably has to restore from a snapshot when it rejoins the cluster.- The performance of the raft cluster is degraded, because if B is slow the commit is slow as opposed to being limited by the fastest of B and C.I think I found a simple solution to the issue mentioned in the paper which does not add these nasty side effects:Nodes should not disregard all RequestVote RPCs when a leader is believed to exist. Instead they should disregard RequestVote RPCs from servers that are not part of their configuration.This way a server that doesn't itself know that it is removed from the cluster cannot disrupt the cluster by sending RequestVote RPCs, but a member of the cluster that is trying to start an election is not ignored indefinitely.I'm currently working on a pull request to the Hashicorp implementation to fix this issue and some others https://github.com/hashicorp/raft/pull/256. Any feedback on my proposed solution is very welcome, especially ones that see problems with my solution. I think it would be a good idea to update the paper, if this is deemed a good solution or a better one is proposed.
--
You received this message because you are subscribed to the Google Groups "raft-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to raft-dev+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Hibernating Rhinos Ltd
Oren Eini l CEO l Mobile: + 972-52-548-6969
Office: +972-4-622-7811 l Fax: +972-153-4-622-7811
--
You received this message because you are subscribed to the Google Groups "raft-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to raft-dev+unsubscribe@googlegroups.com.