3.3. Fault Tolerance
Overview
If planned for, disaster scenarios that result in the loss of a message broker need not obstruct message delivery. Making a messaging system fault tolerant involves:
- deploying multiple brokers into a topology that allows one broker to pick up the duties of a failed broker
- configuring clients to fail over to a new broker in the event that its current broker fails
Red Hat AMQ provides mechanisms that make building fault tolerant messaging systems easy.
Master/Slave topologies
A master/slave topology defines a master broker that actively processes messages and one or more slave brokers that replicate the master broker's state. When the master broker fails, one of the slave brokers takes over, becoming the new master broker. Client applications can reconnect to the new master broker and resume processing as normal.
AMQ supports two types of master/slave clusters:
- Shared file system—the brokers in the cluster use the same file system to maintain their state. The master broker maintains a lock to the file system. Brokers polling for the lock or attempting to connect to the message store after the master is established automatically become slaves.
- Shared database—the brokers in the cluster share the same database. The broker that gets the lock to the database becomes the master. Brokers polling for the lock after the master is established automatically become slaves.
For details, see the Fault Tolerant Messaging guide on the Red Hat Customer Portal.
Failover protocol
The failover protocol allows you to configure a client with a list of brokers to which it can connect. When one broker fails, a client using the failover protocol will automatically reconnect to a new broker from its list. As long as one of the brokers on the list is running, the client can continue to function uninterrupted.
When combined with brokers deployed in a master/slave topology, the failover protocol is a key part of a fault-tolerant messaging system. The clients will automatically fail over to the slave broker if the master fails. The clients will remain functional and continue working as if nothing had happened.
For more information, see Client Failover in the Fault Tolerant Messaging guide on the Red Hat Customer Portal.