Typical scenarios|V2.2.77|OceanBase Database| docs|Distributed Database

Typical scenarios

Last Updated：2023-08-18 09:26:34 Updated

Let's look at typical primary/standby database arrangement examples that implement IDC and regional level disaster recovery.

Dual IDCs

As each IDC may become a separate disaster recovery unit, users will require disaster recovery at the IDC level. If only two IDCs are available, one IDC must be able to take over the services when the other becomes unavailable.

If the application is deployed as a single cluster across the two IDCs, one of them will host the majority of replicas. When the IDC hosting the majority of replicas goes down, the primary cluster ceases to function. Therefore, the single-cluster deployment is unable to achieve disaster recovery in the dual-IDC scenario.

Instead, a deployment model featuring one primary cluster and one standby cluster allows for disaster recovery in this situation. A primary cluster is deployed in the application's primary IDC, utilizing a multi-replica structure to achieve node-level disaster recovery. A standby cluster is deployed in the standby IDC of the application. You can deploy this cluster with a single-replica to reduce the cost or a multiple replicas to achieve IDC-level disaster recovery at the standby IDC.

The primary cluster is not affected when the standby cluster becomes unavailable. If the primary cluster fails, the standby cluster becomes the new primary cluster and takes over the services through a failover process. The IDC level disaster recovery requirement is therefore met.

Three IDCs across two regions

In this mode, three IDCs are deployed in two regions, with two deployed in one region and one in the other. In addition to IDC level disaster recovery, users will also expect geo-disaster recovery capability. When a failure occurs in one region, the other region can take over.

OceanBase Database has a proven solution that utilizes the "three IDCs across two regions" mode. It involves five replicas in three IDCs across two regions. Here is a real-world example. Assume that you have deployed your cluster in three IDCs, with two in Shanghai and one in Hangzhou. Each of these three IDCs hosts one replica. When only one IDC becomes unavailable, the availability of the entire cluster is not affected because the majority of replicas survive and are sufficient to ensure lossless disaster recovery (RTO = 0). However, if a regional failure occurs in Shanghai, the majority of replicas are unavailable, so is the cluster. Therefore, the single-cluster deployment is unable to achieve disaster recovery in the "three IDCs across two regions" mode.

To achieve geo-disaster recovery in this mode, create a standby cluster for your primary cluster. In this example, you can deploy the standby cluster of one or more replicas in the Hangzhou IDC. The primary cluster is not affected when a regional failure occurs in Hangzhou.If a regional failure occurs in Shanghai, the standby cluster becomes the new primary cluster and takes over through a failover process. The regional level disaster recovery requirement is therefore met.