MULTIPLE-REGION RESILIENT DATA LAKE IN ACTIVE-ACTIVE MODE CONTROLLED FROM A THIRD REGION*

IT by javier mugueta

(*) BY AN OPERATIONAL AMPLIFIER-TYPE CONTROLLER WITH POSITIVE FEEDBACK

CONTEXT

The design principles of this solution re:

  • Ingestion is made only in streaming (serial) mode by means of a an Y that sends data to all regions
  • Messages queued are serialised to object storage by this S2C pattern explained here
  • The controller logic implemented in a single server-less, managed, autonomous, dr-enabled component in other region than A and B. The implementation of the controller is a cross-region dataguard-enabled autonomous database

HIGH LEVEL VIEW

Two identically architectured A and B regions for the datalake plus other region isolated from A and B for the controller.

IMPLEMENTATION DETAILS

Regions A and B are identical data lakes operating independently with no replication mechanism between them.

Ingestion is made by producers in real time to incoming ports in A and B by means of a “Y”

Controller reads sensor metrics collected in A and B and evaluates the output based on the logic we’ll explain later on. Sensor metrics evaluates signals like input ratios, processing ratios, number of entities existing, compute usage, storage usage, network usage, and the like.

CONTROLLER DETAILS

The controller operates signals coming form region A and B. If signals are not equal, that means something is going wrong. The positive feedback loop in the controller provides the logic to decide which is the region that is the source of truth, if any.

A and B switches (kind of electromechanical contactors not like network switches) are normally open, should the controller is not sending any signal, all the outgoing ports are closed hence no data can be accessed by consumers.

CONTROLLER SWITCHING LOGIC

The switching logic for the outgoing ports exposed to consumers is as depicted in the following table:

Explanation: if error is not zero, it may be positive or negative. If positive, the load balancer in region B is switched off, otherwise load balancer in region A is switched off. If error is virtually zero, regions A and B are both switched on.

If error is infinite, no region is operating well or the controller is fooling around, hence all outgoing ports are put offline.

šŸ™‚

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.