Chapter 8. Tibero Standby Cluster

8.1. Overview

Tibero Standby Cluster provides high availability, data protection, and disaster recovery as a core function of Tibero.

A Tibero standby server maintains copies of source data with a transaction unit in a physically independent location. The database that has the source data is called the Primary DB (hereafter Primary) and a database where the copied data is saved is called a Standby DB (hereafter Standby).

A background process transmits the Redo logs created by Primary to Standby databases, and each Standby uses the Redo logs to apply all changes of Primary to itself.

The following figure shows how Tibero Standby Cluster operates:

[Figure 8.1] Tibero Standby Cluster's Operation

When the Primary fails to handle data that was requested by a service, Tibero uses Standby databases to quickly restart the service. Even if one of the Primary's disks is damaged and it is difficult to recover, Tibero protects the corrupted data with Standby databases.

8.2. Processes

Tibero Standby Cluster has the following processes:

LNW (Log Network Writer)

Transmits Redo logs from Primary to Standby databases.

Regardless of the log transmission method, the actual sending of logs is always executed in LNW.

One instance of LNW exists for each Standby. There can be up to nine Standby databases.

LNR (Log Network Reader)

Records Redo logs that were transmitted from Primary to Standby databases in the online Redo log file.

Standby databases operate in RECOVERY boot mode, not in MOUNT or NORMAL. While Standby databases are operating, LNR is used instead of a log writer (LGWR). LNR works as a thread of the RCWP process.

SMR (Standby Managed Recovery)

Performs the recovery process by reading the online redo log and applying it to Standby databases. SMR works as a thread of the RCWP process.

8.3. Log Transmission Methods

Log transmission from Primary to Standby databases is performed as follows:

Log Transmission Method	Description
LGWR SYNC	When LGWR records a Redo log to disk, it also sends the Redo log to Standby databases through LNW.
LGWR ASYNC	LNW reads the online Redo log file and sends it to Standby databases.
ARCH ASYNC	After ARCH creates an archive log when switching logs, it notifies LNW. LNW reads the archived log file and sends it to Standby databases.

8.4. Primary Settings and Operations

Primary's operation modes are as follows:

Operation Mode	Description
PROTECTION Mode	Primary must connect to one or more Standby databases which receive Redo log files with LGWR SYNC. When Primary sends a Redo log file to Standby databases, LGWR needs to receive at least one successful reply from a Standby database. If LGWR does not receive a successful reply from any Standby, Primary will terminate.
AVAILABILITY Mode	Primary must connect to one or more Standby databases which receive Redo log files with LGWR SYNC. If LGWR does not receive a successful reply from any Standby database, the Primary will not try to send a Redo log file, but it will not terminate.
PERFORMANCE Mode	Primary can use any log transmission method. Even if LGWR does not receive a successful reply from any Standby database, the Primary will not terminate.

Operation Mode

Description

PROTECTION Mode

Primary must connect to one or more Standby databases which receive Redo log files with LGWR SYNC.

When Primary sends a Redo log file to Standby databases, LGWR needs to receive at least one successful reply from a Standby database. If LGWR does not receive a successful reply from any Standby, Primary will terminate.

AVAILABILITY Mode

Primary must connect to one or more Standby databases which receive Redo log files with LGWR SYNC.

If LGWR does not receive a successful reply from any Standby database, the Primary will not try to send a Redo log file, but it will not terminate.

PERFORMANCE Mode

Primary can use any log transmission method. Even if LGWR does not receive a successful reply from any Standby database, the Primary will not terminate.

Primary's operation mode, Standby databases that will connect to Primary, and the log transmission method for each Standby can be specified with the following file:

<$TB_SID.tip>

LOG_REPLICATION_MODE   = {PROTECTION|AVAILABILITY|PERFORMANCE}
LOG_REPLICATION_DEST_1 = "hostname_1:port_1 {LGWR SYNC|LGWR ASYNC|ARCH ASYNC}"
LOG_REPLICATION_DEST_2 = "hostname_2:port_2 {LGWR SYNC|LGWR ASYNC|ARCH ASYNC}"
...
LOG_REPLICATION_DEST_N = "hostname_N:port_N {LGWR SYNC|LGWR ASYNC|ARCH ASYNC}"

The initialization parameters specified in the above file are as follows:

LOG_REPLICATION_MODE

This determines if the focus is on protecting data or on maximizing efficiency. It only needs to be specified once.

The values that can be specified in this parameter are as follows:

Value	Description
PROTECTION	If there are no Standby databases to receive Redo log files with LGWR SYNC, an initialization error will occur. To solve this error, connect to one or more Standby databases with LGWR SYNC and restart Primary.
AVAILABILITY	If there are no Standby databases to receive Redo log files with LGWR SYNC, an initialization error will occur. To solve this error, connect to one or more Standby databases with LGWR SYNC and restart Primary.
PERFORMANCE	This does not guarantee synchronization between the Primary and Standby databases, but can improve system performance.

LOG_REPLICATION_DEST_N

This determines the log transmission method and connection information (hostname:port) for each Standby. The maximum number (N) of Standby databases that can be specified is nine. Specify this parameter as many times as is needed, starting with LOG_REPLICATION_DEST_1.
The port number in the connection information is set to LISTENER_PORT + 4 by default and can be modified using a relevant parameter.

The values that can be specified in this parameter are as follows:

Value	Description
LGWR SYNC	Standby databases which receive Redo log files with this method operate by receiving information from the Redo buffer of Primary. Because they receive Redo log files most frequently with this method, this method provides the most data protection but lowers Primary's performance. Building the Primary and Standby databases with similar hardware specifications is recommended. This method can be used in PERFORMANCE mode. In this mode, Primary continues to operate even if data is not protected. Therefore, it is recommended to operate Primary in ARCHIVELOG mode if a Standby has low performance because Redo logs in an online Redo log file or an archive log file can be read and transferred in this mode.
LGWR ASYNC	Standby databases receive Redo log files with this method more frequently than with ARCH ASYNC but less frequently than with LGWR SYNC. It is recommended to operate Primary in ARCHIVELOG mode if a Standby has low performance because archive log files can instead be read and transferred.
ARCH ASYNC	If one or more Standby databases which receive Redo log files with this method exist, Primary must operate in ARCHIVELOG mode. If not, a corresponding server normally starts, but corresponding Standby databases does not operate.

Value

Description

LGWR SYNC

Standby databases which receive Redo log files with this method operate by receiving information from the Redo buffer of Primary. Because they receive Redo log files most frequently with this method, this method provides the most data protection but lowers Primary's performance. Building the Primary and Standby databases with similar hardware specifications is recommended.

This method can be used in PERFORMANCE mode. In this mode, Primary continues to operate even if data is not protected. Therefore, it is recommended to operate Primary in ARCHIVELOG mode if a Standby has low performance because Redo logs in an online Redo log file or an archive log file can be read and transferred in this mode.

LGWR ASYNC

Standby databases receive Redo log files with this method more frequently than with ARCH ASYNC but less frequently than with LGWR SYNC.

It is recommended to operate Primary in ARCHIVELOG mode if a Standby has low performance because archive log files can instead be read and transferred.

ARCH ASYNC

If one or more Standby databases which receive Redo log files with this method exist, Primary must operate in ARCHIVELOG mode. If not, a corresponding server normally starts, but corresponding Standby databases does not operate.

LOG_REPLICATION_N_ENABLE
- Dynamically add a standby database while a primary database operates. Use the following SQL statements.
```
sql> alter system set LOG_RELICATION_MODE={PROTECTION|AVAILABILITY|PERFORMANCE}
sql> alter system set LOG_REPLICATION_DEST_1 = "hostname_1:port_1 
{LGWR SYNC|LGWR ASYNC|ARCH ASYNC}"
sql> alter system set LOG_RELICATION_1_ENABLE=Y; 
(If set to N, synchronization mode is disabled.)
```
Note

Follow the order of DEST indexes. For example, if DEST_5 is tried to be set without setting DEST_1, the DDL statement fails.

When Primary starts in NORMAL mode, it connects to each Standby specified in $TB_SID.tip, and data replication is automatically performed by a background process. For example, if Primary starts in PROTECTION or AVAILABILITY mode and no Standby that was specified with LGWR SYNC can be connected to, Standby databases must be started first because Primary cannot function. In other situations, Primary can start even though each Standby starts later as they connect automatically.

Note

1. Settings related to Standby databases in the $TB_SID.tip file is ignored when a database is created in Primary. Therefore, the DBA should manually copy the created DB files to Standby databases.

2. To use Standby databases, it is recommended to operate a Primary in ARCHIVELOG mode.

8.5. Configuring and Operating Standby Databases

The followings tasks should be completed to operate a Standby:

Copy the backup files from Primary and configure Standby.

Copy all data files, including control files, online log files, and password files. The password file is necessary because Primary has SYS authority for Standby so their SYS passwords must match.
Open Standby's $TB_SID.tip file and modify DB_NAME to be the same as Primary.
Check that the control file path in the $TB_SID.tip file is the same as the path where the Primary files were copied.

DB_BLOCK_SIZE should also be the same as Primary to be able to open the copied data files.

If the Standby directory path to the backup is different, change the information for the path in Standby's $TB_SID.tip file as shown below:
[Example 8.1] Changing the $TB_SID.tip File Path in Standby
```
STANDBY_FILE_NAME_CONVERT="Primary's abosolute path, Standby's absolute path"
```
The absolute paths of the Primary and Standby databases are the absolute paths of the Primary and Standby instance directories.
After starting up Standby in MOUNT mode and executing the following DDL, the database is set to the Standby mode and the changed path will be set in the control file.
[Example 8.2] Standby Control File Configuration
```
SQL> ALTER DATABASE Standby controlfile;
```
If this step is not performed when the path has been changed, an error that the data file cannot be opened at the path specified in the control file will occur at startup.
After preparation is complete, use the following command to boot the database as Standby.
[Example 8.3] Starting Up Standby
```
$ tbboot -t RECOVERY
```
Note that if Standby is used in NORMAL mode even once, the database will not be able to function as a Standby. To prepare it to act as a Standby, repeat the steps above.

Before Standby boots, database files can be used without issue even if the versions are older than those in Primary as long as the files are consistent. The files are consistent because Primary accesses a Standby and adjusts the log gap.

However, this procedure depends on the redo log. If the gap between the two databases is too large and Primary is not using archivelog mode, it might be impossible to use because the required redo log doesn't exist. Therefore, Primary should operate in archivelog mode. Alternatively, before using Primary, the latest backup should be copied to Standby databases so that the two database files are the same.

8.5.1. Standby Read-Only Mode

Users cannot access a Standby because the server runs in the RECOVERY mode, which writes redo logs received from the Primary and recovers and applies them to the data file.

To continue to read from the Standby while it is applying redo logs as for a Standby in read only cluster, execute the following DDL statement to allow the Standby to continue to perform recovery while allowing read only session requests.

[Example 8.4] Standby Read-Only Continue Recovery

SQL> alter database open read only continue recovery;

If the Standby is synchronized with the Primary in LGWR SYNC mode, recently committed changes can be seen in Standby as in the Primary. Note that data can be changed even though the database is in read-only mode.

Execute the following DDL to change back from Standby to RECOVERY mode.

[Example 8.5] Changing Back to RECOVERY Mode

SQL> ALTER DATABASE Standby;

8.6. Configuring TAC-TSC

The Standby is operable even when the Primary is TAC, not single. The following is the procedure for configuring TAC-TSC.

To configure TAC-TSC, the Standby also requires TAC configuration. In Standby, however, recovery is performed on only one node, the Standby side is configured with 1-node TAC.

For more information about TAC configuration, refer to “9.5. TAC Configuration”.
Set the LOG_REPLICATION_MODE and LOG_REPLICATION_DEST_N parameters in the $TB_SID.tip file of all primary nodes.
Tibero recommends the same settings for all nodes whenever possible.
Configure the Standby with the database backed up from the Primary as in “8.5. Configuring and Operating Standby Databases”, modify DB_NAME and convert the file path, and then start it.

In TAC-TSC configuration, if there is a node stopped on the Primary side, the Standby node will not receive the node's redo log and will not be able to recover normally.

By enabling below parameter on the Primary, another node of the Primary sends the redo log on behalf of the stopped node and perform the recovery normally. These parameters are required to continue synchronization even if part of the Primary node is down.

<$TB_SID.tip>

STANDBY_ENABLE_LOG_RECOVERY=Y

The method of sending logs from shut-down nodes instead is called LGWR PROXY. If the Primary is activated by applying the above parameters, LNWs will be allocated as many nodes as LGWR PROXY LNW, excluding its own node. Up to 9 LNWs can be used in a single node. In 2-node TAC-TSC configuration, 8 LGWR PROXY LNWs are created and one of them are allocated. If one of the nodes is shut down, the other node changes the status of the LGWR PROXY LNW for the shut-down node to CONNECTED, and sends the log of the shut-down node instead.

SQL> select * from v$standby_dest;
STANDBY_ADDR
--------------------------------------------------------------------------------
TYPE                THREAD# FLAGS                              SENT_SEQ
---------------- ---------- -------------------------------- ----------
SENT_BLKNO  ACKED_SEQ ACKED_BLKNO      DELAY
---------- ---------- ----------- ----------
127.0.0.1:11004
LGWR ASYNC                0 CONNECTED                                11
       894         11         894          0

127.0.0.1:11004
LGWR PROXY                1 CONNECTED                                 7
       880          7         880          0

Not Assigned:0
LGWR PROXY            65535 NOT CONNECTED                            -1
        -1         -1          -1          0

(omitted)

Not Assigned:0
LGWR PROXY            65535 NOT CONNECTED                            -1
        -1         -1          -1          0


9 rows selected.

When using the above parameter, if the log transmission method is ASYNC mode, it may be necessary to read the archive log of the shut-down node instead. To do this, LOG_ARCHIVE_DEST on each primary node must be identical, which is impossible in a typical shared disk environment. TAS-TAC-TSC configuration options; cold backup with TASCMD's cptolocal and cpfromlocal commands, hot backup with tbrmgr's --for-standby option.

8.7. Database Role Switchover

There are two scenarios in which a Standby can become Primary.

8.7.1. Switchover

To change a Standby into Primary, do the following after shutting down the Primary in SWITCHOVER mode:

Execute the following command on the Primary:
[Example 8.6] Switchover Command Execution
```
$ tbdown -t SWITCHOVER
```
All Redo logs that have been created in the Primary are transmitted to Standby, and then the Primary is shut down like in NORMAL mode.
After shutting down a Standby, boot using FAILOVER mode to make the Standby the new Primary server.

To use the previous Primary as a new Standby, configure the initialization parameters LOG_REPLICATION_MODE and LOG_REPLICATION_DEST_n in the $TB_SID.tip file of the new Primary database. Boot the previous Primary in RECOVERY mode, and then boot the new Primary in FAILOVER mode to switch their roles.

The two databases are already in a synchronized state, so the copying of the database files from the new Primary that was required when originally configuring the Standby and the executing of the ALTER DATABASE Standby control file are not necessary. Also, even though the previous Standby-related configuration remains in the $TB_SID.tip file of the new Standby, it is only used when the database operates in NORMAL mode.

8.7.2. Failover

If Primary terminates abnormally or is inaccessible, one of the Standby databases can be used as Primary. To use a Standby as Primary, reboot the Standby in FAILOVER mode.

To start a Standby database that uses _USE_STANDBY_REDO_LOG in FAILOVER mode, start it without changing the _USE_STANDBY_REDO_LOG parameter.

Note

The existing Primary cannot be included in a Tibero Standby Cluster as a Primary or as a Standby after a new Primary is operating.

8.8. Client Configuration

To access both Primary and Standby, specify the access information of each DB in the tbdsn.tbr file as shown below:

<tbdsn.tbr>

PrimaryDB_SID=(
               (INSTANCE=(HOST=primaryDB_hostname)
                         (PORT=primaryDB_port)
                         (DB_NAME=cluster_DB_NAME)
               )
)

StandbyDB_SID=(
               (INSTANCE=(HOST=StandbyDB_hostname)
                         (PORT=StandbyDB_port)
                         (DB_NAME=cluster_DB_NAME)
               )
)

For each SID, write the DB_NAME that was used when configuring the $TB_SID.tip file for Primary and each Standby.

Note

If an error occurs in Primary, a method to automatically connect to Standby can be used. For information about this method, refer to “Appendix A. tbdsn.tbr”.

8.9. Standby Redo Log Group

A standby Redo log group is an online log group that can be used only for standby databases. When log switch occurs, checkpoints of logs to reuse are not checked, and only whether to archive the logs is checked.

Restore a backup set, and then perform the following to use standby Redo log groups.

Set the following in a tip file.
```
_USE_STANDBY_REDO_LOG=Y   
```

Execute the following statements.

sql> alter database standby controlfile;
sql> alter database add standby logfile group 1 '$DEST_DIR/0001.slf' size 100M; 
(The size must be the same as the online log file size in the Primary database.)
sql> alter database add standby logfile group 2 '$DEST_DIR/0002.slf' size 100M;
sql> alter database add standby logfile group 3 '$DEST_DIR/0003.slf' size 100M;
sql> alter database add standby logfile group 4 '$DEST_DIR/0004.slf' size 100M;
sql> alter database add standby logfile group 5 '$DEST_DIR/0005.slf' size 100M;
sql> alter database add standby logfile group 6 '$DEST_DIR/0006.slf' size 100M;
(The group count can be arbitrary, but 2 times of online log count in the Primary 
database is recommended.)
sql> alter database enable public standby redo thread 0;
sql> alter database recover automatic for standby;

Ends the database and reboots it in Recovery mode.

8.10. Viewing Tibero Standby Cluster Data

Tibero provides the dynamic views shown below to view the data about a Tibero Standby Cluster's status.

Dynamic View	Description
V$STANDBY_DEST	Connection information for each Standby set in Primary and the transfer status of Redo logs. Only Primary can use this view.
V$STANDBY	Connection information for each Primary set in Standby databases and the status of transferred Redo logs and previously reflected Redo logs. Only Standby databases can use this view.
V$STANDBY_LOG	Standby Redo log information when _USE_STANDBY_REDO_LOG is used in Standby databases.
V$STANDBY_LOGFILE	Standby Redo log file information when _USE_STANDBY_REDO_LOG is used in Standby databases.

Note

For more information about dynamic views, refer to Tibero Reference Guide.

8.11. Constraints

Because Tibero Standby Cluster transfers Redo logs created by Primary to Standby databases without any changes, the system environment, such as the CPU bus size, endianness, OS, and the size of database blocks in the $TB_SID.tip files in Primary and the Standby must be the same.

As a property of a Standby Cluster that applies Redo logs, some DDL that modify the state of a tablespace or database file are not allowed. These operations must be performed without Standby. In other words, a database must be backed up before applying it to Standby.

The following operations are not supported by Standby clusters. DPL and DPI are not supported in previous versions because they do not leave logs, but now they are supported because they leave logs when connecting to Standby.

DDL that modifies portions of a tablespace

ALTER TABLESPACE READ ONLY
ALTER TABLESPACE READ WRITE

DDL that modifies portions of a database

ALTER DATABASE ADD LOGFILE
ALTER DATABASE DROP LOGFILE
ALTER DATABASE TEMPFILE
ALTER DATABASE RENAME FILE

Creates GLOBAL TEMP TABLE
```
CREATE GLOBAL TEMPORARY TABLE
```
Note

1. Cannot use DB links when Standby is in read-only.

2. Cannot create encrypted tablespaces when using standby clusters.

Prev		Next
Chapter 7. Distributed Transactions	Home	Chapter 9. Tibero Cluster Manager