Failure Scenarios
This section describes various possible production VM failure scenarios and their handling using AROVA.
- AROVA supports the following protected VM fault tolerance scenarios:
- Protected VM failover from any single failure (e.g., No single point of failure).
- Protected VM failover from a double-failure (e.g., Regional VM two zone failure – VMs are failed over to the secondary region).
- Protected VMs may not be recoverable after some types of double-failure (e.g., A zonal VM losing both its primary and secondary disks).
AROVA always guarantees data consistency on failover or failback. AROVA stops protection if data consistency cannot be guaranteed (i.e., data corruption is not possible).
In the following examples the following are assumed:
- AROVA is up and running.
- Production VM failure can be partial or full zonal or regional in the primary and/or secondary regions.
- A VM is considered "zonal" if all its disks are zonal. Otherwise, the VM will be considered "regional."
- Some partial and full zonal failures may impact some VMs randomly.
- The AROVA is a managed disk state machine.
- After successful failover, the protection status of recovered VMs and disks will be "Unprotected."
- Backward replication is not started automatically because the primary region may not yet be restored.
- Even though the VM’s status is Unprotected, its VM metadata and properties contained in the CDB can be reused as needed.
Figure: "Unprotected" state.
Failure Scenario Cases:
View: Zonal VM, Primary Region, VM Zone (R1Z1) Failure
View: Zonal VM, Secondary Region, Secondary Disk Zone (R2Z1) Failure
View: Zonal VM, Asynchronous Replication Failed Temporarily then Resumed
View: Zonal VM, Secondary Region, Secondary Disk Failure
View: Regional VM, Primary Region, Primary Disk Failure
View: Regional VM, Primary Region, Primary Disk Primary Zone (R1Z1) Failure
View: Regional VM, Primary Region, Primary Disk Secondary Zone (R1Z2) Failure
View: Regional VM, Secondary Region, Secondary Disk Primary Zone (R2Z1) Failure
View: Regional VM, Secondary Region, Secondary Disk Secondary Zone (R2Z2) Failure
View: Dependent VMs, Primary Region, Partial or Full Zonal Failure (R1Z1)
View: Dependent VMs, Temporary Replication Failure
View: Dependent VMs, Secondary Region, Secondary Disk Failure
View: Dependent Regional VMs, Primary Region, Primary Disk Zone Partial or Full Failure
View: Secondary Disk Partial or Full Zone Failure for Dependent Regional VM
View: Dependent Regional VMs, Secondary Region, Secondary Disk Replica Disk Failure
View: Protected VM Single Disk Failure