FIELD OF THE INVENTION

The present disclosure relates to databases, and more specifically, to multi-instance redo apply for databases.

BACKGROUND

For many database configurations, it is desirable to have a physical replica or a physical standby that replicates the data from one or more primary or production databases. By maintaining a standby database as a replicated copy of a primary database, the physical standby can provide data protection and redundancy through features such as database recovery, database failover, and test databases. Moreover, since many database workloads are biased towards a higher ratio of read queries compared to writes, the physical standby can also offload database read queries from the primary database, reducing processing burdens on production servers.

To address big data processing demands in the modern enterprise, many databases have migrated to multi-instance or multi-node database configurations. As a result, a significant volume of change records or redo records is generated for the primary database. The speed by which these redo records are applied on the standby database has a direct impact on key database performance metrics such as mean time to recovery and replication lag time.

On the other hand, the physical standby is often configured to apply redo as a single-node process, even when the physical standby is multi-node. The redo apply is thus unable to efficiently utilize all available hardware resources to keep pace with the large volume of redo records generated from the multi-node primary database. Accordingly, a single-node redo apply may become a serious performance bottleneck for the physical standby, negatively impacting database availability and query response times.

Based on the foregoing, there is a need for a method to provide an efficient and high performance redo apply for a physical standby.

The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:

FIG. 1A is a block diagram that depicts an example database system with a physical standby using multi-instance redo apply, according to an embodiment;

FIG. 1B is a block diagram that depicts example standby instances for multi-instance redo apply, according to an embodiment;

FIG. 1C is a block diagram that depicts an example memory of a standby instance within a physical standby using multi-instance redo apply, according to an embodiment;

FIG. 2 is a flow diagram that depicts a process for providing multi-instance redo apply for a standby database, according to an embodiment;

FIG. 3 is a block diagram of a computer system on which embodiments may be implemented.

DETAILED DESCRIPTION

In the following description, for the purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, that the present invention may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to avoid unnecessarily obscuring the present invention.

General Overview

In an embodiment, multi-instance redo apply is provided for standby databases. A multi-instance primary database generates a plurality of redo records, which are received and applied by a physical standby running a multi-instance standby database. Each standby instance runs a set of processes that utilize non-blocking, single-task threads, providing a high degree of parallelism for optimal resource utilization during the redo apply. The standby instance that initiates the redo apply may be specified as the master coordinator instance to enforce any required synchronization tasks, which may be marked using metadata markers embedded in the plurality of redo records. The multi-instance redo apply may also dynamically load-adjust in response to changes to the number of standby instances or the number of primary databases.

At each standby instance or apply instance for the multi-instance redo, the plurality of redo records are merged into a stream from one or more redo strands in logical time order, distributed to standby instances according to determined apply slave processes, reemerged after receiving updates from remote instances, and applied in logical time order by the apply slave processes. Redo apply progress is tracked at each instance locally and also globally, allowing a consistent query logical time to be maintained and published. Accordingly, the physical standby can remain open to service database read query requests concurrently with the redo apply.

By using an intelligent workload distribution function when determining the apply slave processes for the redo records, communication overhead between standby instances can be minimized. As a result, the multi-instance redo apply can provide high performance to keep pace with the large workload of redo records generated by one or more multi-instance primary databases.

Database Systems

Embodiments of the present invention are used in the context of DBMSs. Therefore, a description of a DBMS is useful.

A DBMS manages one or more databases. A DBMS may comprise one or more database servers. A database comprises database data and a database dictionary that are stored on a persistent memory mechanism, such as a set of hard disks. Database data may be stored in one or more data containers. Each container contains records. The data within each record is organized into one or more fields. In relational DBMSs, the data containers are referred to as tables, the records are referred to as rows, and the fields are referred to as columns. In object-oriented databases, the data containers are referred to as object classes, the records are referred to as objects, and the fields are referred to as attributes. Other database architectures may use other terminology.

A database block, also referred to as a data block, is a unit of persistent storage. A database block is used by a database server to store database records (e.g. to store rows of a table, to store column values of a column). When records are read from persistent storage, a database block containing the record is copied into a database block buffer in volatile memory of a database server. A database block usually contains multiple rows, and control and formatting information, (e.g. offsets to sequences of bytes representing rows or other data structures, list of transactions affecting a row). A database block may be referenced by a database block address (DBA).

A database block is referred to as being atomic because, at least in part, a database block is the smallest unit of database data a database server may request from a persistent storage device. For example, when a database server seeks a row that is stored in a database block, the database server may only read the row from persistent storage by reading in the entire database block.

Users interact with a database server of a DBMS by submitting to the database server commands that cause the database server to perform operations on data stored in a database. A user may be one or more applications running on a client computer that interact with a database server. Multiple users may also be referred to herein collectively as a user.

A database command may be in the form of a database statement that conforms to a database language. A database language for expressing the database commands is the Structured Query Language (SQL). There are many different versions of SQL, some versions are standard and some proprietary, and there are a variety of extensions. Data definition language (“DDL”) commands are issued to a database server to create or configure database objects, such as tables, views, or complex data types. SQL/XML is a common extension of SQL used when manipulating XML data in an object-relational database.

A multi-node database management system is made up of interconnected nodes that share access to the same database or databases. Typically, the nodes are interconnected via a network and share access, in varying degrees, to shared storage, e.g. shared access to a set of disk drives and data blocks stored thereon. The varying degrees of shared access between the nodes may include shared nothing, shared everything, exclusive access to database partitions by node, or some combination thereof. The nodes in a multi-node database system may be in the form of a group of computers (e.g. work stations, personal computers) that are interconnected via a network. Alternately, the nodes may be the nodes of a grid, which is composed of nodes in the form of server blades interconnected with other server blades on a rack.

Each node in a multi-node database system hosts a database server. A server, such as a database server, is a combination of integrated software components and an allocation of computational resources, such as memory, a node, and processes on the node for executing the integrated software components on a processor, the combination of the software and computational resources being dedicated to performing a particular function on behalf of one or more clients.

Resources from multiple nodes in a multi-node database system can be allocated to running a particular database server's software. Each combination of the software and allocation of resources from a node is a server that is referred to herein as a “server instance” or “instance”. A database server may comprise multiple database instances, some or all of which are running on separate computers, including separate server blades.

System Overview

FIG. 1A is a block diagram that depicts an example database system with a physical standby using multi-instance redo apply, according to an embodiment. System 100 of FIG. 1A includes primary database management system (DBMS) 110, client 116, network 140, and physical standby 150. Primary DBMS 110 includes primary database 112, primary instance 120A, primary instance 120B, primary instance 120C, and primary instance 120D. Primary instance 120A includes redo strand 122A, primary instance 120B includes redo strand 122B, primary instance 120C includes redo strand 122C, and primary instance 120D includes redo strand 122D. Client 116 includes application 118. Physical standby 150 includes standby database 152, standby instance 160A, standby instance 160B, and standby instance 160C.

It should be noted that FIG. 1A only shows one specific embodiment with a single primary DBMS 110, a single physical standby 150, a single network 140, and a single client 116. In other embodiments, any number of primary DBMSs, physical standbys, networks, and clients may be supported. Additionally, while network 140 is shown outside of primary DBMS 110 and physical standby 150, network 140 may also encompass private intranets or other communications links within primary DBMS 110 and/or physical standby 150. Further, each primary DBMS may have any number of primary instances, and each physical standby may have any number of standby instances, which may also be dynamically added and removed during redo apply.

As shown in FIG. 1A, primary DBMS 110 is a multi-instance or multi-node DBMS, where multiple primary instances 120A-120D are concurrently applying changes to data in primary database 112. Thus, a particular data block or block address of primary database 112 may be modified at different times by different primary instances. For the purposes of an example, primary DBMS 110 utilizes a shared everything primary database 112. Changes applied by primary instances 120A-120D are logged as redo records within respective redo strands 122A-122D. In some embodiments, a primary instance may log multiple redo strands.

As discussed above, a physical standby may be configured to only utilize a single standby instance for redo apply, which may provide insufficient performance to keep pace with the volume of redo records from redo strands 122A-122D. Physical standby 150 therefore utilizes multiple standby instances 160A-160C to replicate the contents of primary database 112 into standby database 152. Since the redo records are received, processed, and applied across multiple standby instances 160A-160C, the redo apply is not bottlenecked at any one particular instance.

Other approaches for multi-instance redo apply may also require exclusive access to standby database 152, precluding any concurrent opening of standby database 152 to offload database read queries from primary database 112. Thus, database clients such as client 116 are forced to either wait for the redo apply to reach and stop at a checkpoint, or to query primary database 112 directly, placing a heavier burden on production servers.

Additionally, physical standby 150 may utilize an intelligent workload distribution function to minimize such communications overhead. For example, the distribution function may assign redo records according to affinity to a particular instance, according to grouping of contiguous block addresses, or according to whether the changes in the redo records are independent of any existing database contents. These and other optimizing criteria can be combined with a hash function to provide an intelligent workload distribution function that approximates an even distribution of the workload while reducing communications overhead. Accordingly, the performance of the multi-instance redo apply can keep pace with the large volume of redo records generated by a multi-node primary DBMSs such as primary DBMS 110, accelerating recovery operations and helping to minimize database replication lag time.

Physical standby 150 further tracks the ongoing global progress of the redo apply, and can therefore determine a consistent state or a current logical time of standby database 152 at any requested query time. Accordingly, standby database 152 can remain open to service database read query requests from database clients, such as from application 118 of client 116, even during redo apply. In this manner, physical standby 150 can provide efficient replication while concurrently offloading database read queries, thereby helping to reduce the read workload on the production servers of primary DBMS 110.

Multi-Instance Redo Apply Process

With a basic outline of system 100 now in place, it may be instructive to review a high level overview of the processing steps to provide multi-instance redo apply for a standby database. Turning to FIG. 2, FIG. 2 is a flow diagram that depicts a process 200 for providing multi-instance redo apply for a standby database, according to an embodiment. Prior to process 200, it is assumed that the standby database includes a plurality of standby instances, each running at least 1) an apply process of a plurality of apply processes to apply change records to the standby database, 2) a sender process of a plurality of sender processes to transmit change records to a least one receiver process of a plurality of receiver processes, and 3) a receiver process of said plurality of receiver processes to receive change records transmitted by at least one sender process of said plurality of sender processes to said receiver process.

Storing Change Records

At block 202 of process 200, referring to FIG. 1A, physical standby 150 stores a plurality of change records received from primary instances 120A-120D for primary DBMS 110. Block 202 may begin in response to a recovery request issued on standby instance 160A, which may be manually invoked by a database administrator or automatically invoked to provide standby replication for primary DBMS 110. In the example shown in FIG. 1A, the plurality of change records comprise multiple sets of redo records that are stored in logical time order within respective redo strands 122A-122D, which are transferred to and received by physical standby 150. In an embodiment, the logical time may correspond to a logical timestamp, a non-limiting example of which is a System Commit Number (SCN).

Physical standby 150 may use various methods to distribute the redo strands to the available standby instances 160A-160C. One method is to assign redo strands to standby instances in a round robin fashion. In the case where the number of standby instances matches the number of primary instances, then each standby instance will receive exactly one redo strand. However, as shown in the example of FIG. 1A, there are only three (3) standby instances for four (4) primary instances having four (4) redo strands. In this case, the round robin distribution will attempt to assign the redo strands as evenly as possible, but some standby instances may be assigned a larger number of redo strands than other standby instances.

Further, since physical standby 150 may support multiple primary DBMSs, existing redo strands from other primary databases may already be assigned to some standby instances. The assigning of redo strands 122A-122D may therefore attempt to load balance the workload for each standby instance. For example, new redo strands may be assigned to balance the count of redo strands for each standby instance, preferring standby instances that have smaller numbers of existing assigned redo strands. While balancing redo strand counts assumes that the redo strands present approximately equal workloads, some embodiments may load balance by estimating the actual workloads of each redo strand, for example by estimating the rate of generated changes.

Once a distribution for the redo strands to the standby instances is decided, the redo strands may be transferred and stored in memory, disk, or other storage of each of the standby instances. In some embodiments, the storage may be shared between multiple standby instances. The transferring of the redo strands 122A-122D from primary DBMS 110 to physical standby 150 over network 140 may be by streaming redo records as they are created, by pushing periodic batch updates, by pulling updates via periodic polling, or by any another method.

In some embodiments, the redo strands may not be individually accessible and primary DBMS 110 may merge redo strands 122A-122D into a single consolidated log. In this case, physical standby 150 may receive and split the single consolidated log back into separate redo strands according to primary instances. In embodiments where primary instances may record multiple redo strands, the redo strands may be merged and consolidated per primary instance, either by primary DBMS 110 or by physical standby 150.

Reading and Validating Redo Strands

At block 204 of process 200, referring to FIG. 1A, physical standby 150 makes determinations of how to assign the change records stored in block 202 to said plurality of apply processes. More specifically, standby instances 160A-160C make determinations on how to assign the change records from redo strands 122A-122D to a plurality of apply processes. Before these determinations take place, the change records provided by block 202 may be divided into fixed sized log buffers for parallel processing and also combined into merged change record streams to accommodate processing of multiple redo strands for each standby instance.

Referring to FIG. 1B, FIG. 1B is a block diagram that depicts example standby instances for multi-instance redo apply, according to an embodiment. System 102 of FIG. 1B includes standby instances 160A-160C and redo strands 122A-122D, which may correspond to the same numbered elements from FIG. 1A. Standby instance 160A includes memory 161A, coordinator 162, logmerger 164A, sender 166A, sender 166B, sender 166C, receiver 168A, receiver 168B, receiver 168C, instance merger 170A, apply slave 172A, apply slave 172B, apply slave 172C, and DB writer 174A. Standby instance 160B includes memory 161B, logmerger 164B, sender 166D, sender 166E, sender 166F, receiver 168D, receiver 168E, receiver 168F, instance merger 170B, apply slave 172D, apply slave 172E, apply slave 172F, and DB writer 174B. Standby instance 160C includes memory 161C, logmerger 164C, sender 166G, sender 166H, sender 166I, receiver 168G, receiver 168H, receiver 168I, instance merger 170C, apply slave 172G, apply slave 172H, apply slave 172I, and DB writer 174C. With respect to FIG. 1B, like numbered elements may correspond to the same elements from FIG. 1A.

In FIG. 1B, redo strands 122A, 122B, 122C and 122D are shown as being received and stored directly into memory 161A, 161B, 161C and 161A, respectively. However, in some embodiments, redo strands 122A-122D may first be placed in intermediate storage, such as a disk volume. Thus, each standby instance may include an independent storage volume to receive the redo strands assigned for each respective standby instance. In some embodiments, a single shared volume may receive multiple redo strands that are accessible by multiple standby instances.

Logmergers 164A-164C are processes that are responsible for reading and combining the redo strands into merged streams for each standby instance. These merged streams can then be processed to generate change vector maps directing the change records to specific apply slaves. Focusing on standby instance 160A in particular, logmerger 164A reads redo strands 122A and 122D into memory 161A.

To provide details for exemplary in-memory data structures, FIG. 1C is a block diagram that depicts an example memory of a standby instance within a physical standby using multi-instance redo apply, according to an embodiment. System 104 of FIG. 1C includes redo strand 122A, redo strand 122D, and memory 161A. Memory 161A includes log buffers 180A, change record stream 184A, change vector map 186A to 186I, send buffers 187A, receive buffers 188A, local influx logical time 189A, global influx logical time 190A, instance change record stream 192A, redo cache 193A, pending work queue 194A, pending work queue 194B, pending work queue 194C, checkpoint queue 196A, checkpoint queue 196B, and checkpoint queue 196C. Log buffers 180A include log buffer 182A, log buffer 182B, log buffer 182C, log buffer 182D, log buffer 182E, and log buffer 182F. With respect to FIG. 1C, like numbered elements may correspond to the same elements from FIG. 1B.

In an embodiment, each logmerger 164A-164C may be a multi-threaded process. Accordingly, to segment the workload for parallel processing, redo strands 122A-122D may be loaded into fixed size log buffers. The size of the log buffers may be configured such that each thread of the logmergers can complete a processing step for an entire log buffer within a certain quantum of processing time, for example 1 megabyte for 1 quantum. Thus, referring to FIG. 1C, log buffers 182A-182C may each correspond to 1 megabyte log buffers for redo strand 122A, whereas log buffers 182D-182F may each correspond to 1 megabyte log buffers for redo strand 122D. While three log buffers are shown for each redo strand in FIG. 1C, the number of log buffers can be configured to any value according to buffer sizes and desired parallelism. Thus, the number of log buffers is not necessarily related to the number of standby instances. Processing steps for log buffers 180A may include 1) reading redo strands 122A and 122D from storage into memory 161A, and 2) validating log buffers 180A by calculating and verifying checksums or other embedded integrity checks. By running these steps on separate threads, non-blocking asynchronous I/O can be achieved.

The number of buffers that can be reserved for a redo strand may be unbounded, allowing all available redo records to be loaded into memory. However, to avoid wasteful reads beyond the end of redo applied on the physical standby, some embodiments may employ limits on the number of buffers available to allocate for a particular redo strand. Thus, if it is determined that the end of a standby online log has been reached, for example by examining the logical time of the last redo record in the last read buffer, then any reading into additional buffers for that redo strand may be prevented until a full buffer can be read. Some embodiments may also limit the number of available buffers for memory management purposes.

To reclaim memory from buffers that are no longer needed, the apply slave dependencies for each buffer in log buffers 180A may be tracked. When all change records within a particular log buffer are no longer needed by any apply slaves, then that particular log buffer may be freed from memory or marked as available (“unused”), allowing logmerger 164A to read and validate new change records from the redo strands into the newly available buffer.

Merging Redo Strands

After the buffers are read and validated, the buffers are ready to be parsed and merged together by a merge thread of each logmerger. Since each of the redo strands is already in ascending logical time order, logmerger 164A only needs to merge the log buffers in logical time order across redo strands 122A and 122D, rather than conducting a full re-sort operation. As a result, a single merged stream of change records may be provided, or change record stream 184A. In the case where there is only one redo strand, such as with standby instances 160B and 160C, no merge operation is necessary and the stream can be provided by sequencing the change records directly from the log buffers.

Determining the Distribution Function

Once logmerger 164A-164C of respective standby instances 160A-160C provide the stream of change records, determinations of how to assign the change records in the streams to apply slaves 172A-172I are made. For logmerger 164A of standby instance 160A, the change records in change record stream 184A are each assigned to one of apply slaves 172A-172I based on a distribution function. To avoid communications overhead, all standby instances may be configured to utilize the same distribution function that deterministically assigns a particular change record to a particular apply slave. Thus, each standby instance 160A-160C can independently determine how to distribute their respective change record streams. Note that the determinations happen dynamically during run-time and not at the beginning of process 200.

Change records that modify the same data in a database may be restricted to be assigned to the same apply slave. Such change records may be identified by the change records modifying the same database block address (DBA), for example. By enforcing this restriction on the distribution function, each apply slave can independently guarantee correct apply ordering, since change records for a particular DBA will always be assigned to the same apply slave.

If the sole consideration for the distribution function is an even distribution of change records to N apply slaves, wherein N=9 for FIG. 1B, then a hash function will suffice for the distribution function, for example “DBA modulo N”. However, as the number of instances or nodes increases, a simple hash function will tend to favor apply slaves on remote instances. Since the change record must then be sent to the remote instance for processing, increased communications overhead between instances may negatively impact performance.

Accordingly, the distribution function may be based on a hash function, but with further modifications to consider data access locality. Thus, the distribution function may distribute to apply slaves based on an affinity to a standby instance that runs the apply slave. For example, in some embodiments, each standby instance may maintain a separate undo tablespace. In this case, it would be advantageous to have redo records processed according to undo tablespace affinity to a particular standby instance. Thus, the distribution function may send change records to a standby instance according to the DBA and/or the database file containing the DBA having affinity to an undo tablespace for that standby instance. Affinity to particular standby instances may also use any other criteria besides undo tablespaces.

Additionally, since data modifications may tend to exhibit spatial locality in many applications, it would be advantageous to have contiguous ranges of data assigned to particular standby instances. A hash function applied to each individual DBA would tend to distribute adjacent DBAs to different standby instances. Accordingly, rather than applying the distribution function to each individual DBA, the distribution function may be applied to send contiguous DBA ranges of redo records to each standby instance. As a result, each standby instance is provided with more opportunities to coalesce writes for greater I/O performance.

Yet further, direct loads or bulk loads that include the complete contents for updating a database block may be applied only by the local instance where it is encountered, preventing wasteful sending of change records. Typically, a change record might only modify a portion of a database block, whereas change records for direct loads replace the entire contents of the database block. Since the change records for direct loads are independent of any existing database contents or prior changes, the changes can be written directly without reading the existing database block or integrating any prior changes. However, to ensure that future changes are ordered correctly with respect to the direct load, the start of a direct load may be accompanied by a metadata marker for synchronization, forcing all standby instances to apply only up to the logical time of the direct load before the direct load is applied. The metadata markers may also be used to maintain undo tablespace information for determining standby instance affinity. A more detailed description of such metadata markers is provided below under the heading “METADATA MARKERS”.

Accordingly, by determining a distribution function based on a hash function that further integrates any number of optimization factors including the factors described above, an intelligent distribution function can be provided for an even distribution of change records while optimizing for data access locality. As a result, unnecessary communications overhead can be minimized for greater parallel processing performance. Once the distribution function is determined, it can be applied to the change record stream of each standby instance.

Focusing on standby instance 160A in particular and referring to FIG. 1C, the distribution function may be applied to map change record stream 184A to a set of change vector maps or “CVMaps”. In one embodiment, each change vector map may be implemented as a circular buffer, with logmerger processes appending change vectors to the head and sender/instance merger processes consuming from the tail, with appending and consuming performed in a latchless fashion.

Each change vector map may also have a one-to-one correspondence with a particular apply slave. Thus, change vector map 186A may correspond to changes that will be applied by apply slave 172A, change vector map 186B may correspond to changes that will be applied by apply slave 172B, change vector map 186C may correspond to changes that will be applied by apply slave 172C, and so forth. As change record stream 184A is processed by logmerger 164A, the distribution function is applied to each change record to determine the appropriate change vector map for appending a change vector.

To avoid consuming additional memory, the change records may not be copied but instead referenced to their in-memory locations when creating the change vector maps. For example, if the distribution function assigns a particular change record to apply slave 172I, then a new change vector may be appended to change vector map 186I, wherein the new change vector points to the location of the particular change record within log buffers 180A.

Additionally, global control messages may also be inserted into change vector maps 186A-186I at the time of certain events. One such event is completing the processing of a particular log buffer. For example, during the processing of change record stream 184A, if a particular change vector points to the last change record in a particular log buffer, then a log buffer completion event may be triggered for that particular log buffer. This event causes each and every change vector map 186A-186I to write a global control message indicating that the particular log buffer is done with logmerger processing.

These global control messages can then be used to track apply slave dependencies for log buffers. For example, each log buffer may be initialized with a use count equal to the number of apply slaves (9 for FIG. 1B), wherein the use count is decremented each time a particular apply slave encounters the global control message. Once the use count reaches zero, the log buffer may be marked as available (“unused”) or freed, since all of the apply slaves no longer need access to any of the change records from the log buffer.

Other global control messages that may be embedded include an end of all redo strands for a particular standby instance, or a metadata marker as discussed further below.

Accordingly, by processing change record stream 184A using a distribution function, logmerger 164A of standby instance 160A may populate change vector maps 186A-186I. Similarly, by processing a respective change record stream of each instance with the same distribution function, logmerger 164B of standby instance 160B may populate a second set of change vector maps, and logmerger 164C of standby instance 160C may populate a third set of change vector maps.

Sending Change Records

At block 206 of process 200, referring to FIG. 1B, according to the determinations made in block 204, the respective sender process of senders 166A-166I running on standby instances 160A-160C dispatch each change record of at least a portion of the change records stored in block 202 to a standby instance on which the apply process assigned to each change record runs. As discussed above, these change records may be read into buffers and referenced by sets of change vector maps for each standby instance 160A-160C. Focusing specifically on standby instance 160A and referring to FIG. 1C, standby instance 160A may dispatch the portion corresponding to change record stream 184A, which is mapped into change vector maps 186A-186I corresponding to apply slaves 172A-172I respectively. Thus, the change vector maps can be considered as “outboxes” for particular apply slaves.

For change vector maps 186A-186C, dispatching change records to a remote instance is not necessary since apply slaves 172A-172C are already local to standby instance 160A. Thus, as an optimization, the change records can be read directly from log buffers 180A. In this embodiment, there is no need for a local sender and receiver pair for each standby instance, allowing sender 166A and corresponding receiver 168A to be omitted. On the other hand, the change records referenced by change vector maps 186D-186F need to be sent to remote standby instance 160B, and the change records referenced by change vector maps 186G-186I need to be sent to remote standby instance 160C.

Sender processes may consume and dispatch the change vectors to the remote standby instances by moving the change vectors to send buffers 187A and also by copying the referenced change records from log buffers 180A to send buffers 187A. As with log buffers 180A, each buffer within send buffers 187A may be set to a fixed size. Once a buffer is full within send buffers 187A, an appropriate sender process may transfer the full buffer to a corresponding receiver process on a remote standby instance, over network 140 or another communications link. In some cases, a partially filled buffer may also be sent, for example if no more change vector maps are available for the associated standby instance.

To distribute the workload, each sender process may be responsible for dispatching change vectors and change records to one or more specified apply slaves. A corresponding receiver process may be responsible for receiving the dispatched change vectors and change records from each sender process. Based on these responsibilities, each sender process consumes change vectors from corresponding change vector maps of the local standby instance. Each sender and receiver pair may be assigned the responsibility of all or a subset of the apply slaves for a particular instance. An example of such an assignment is summarized in Table 1 below:

TABLE 1

Example Sender to Receiver Assignment

Responsible for Apply

Sender Process:

Slaves:

Sends to Receiver Process:

Sender 166A

Apply Slaves 172A-172C

Receiver 168A (local)

Sender 166B

Apply Slaves 172D-172F

Receiver 168D (remote)

Sender 166C

Apply Slaves 172G-172I

Receiver 168G (remote)

Sender 166D

Apply Slaves 172A-172C

Receiver 168B (remote)

Sender 166E

Apply Slaves 172D-172F

Receiver 168E (local)

Sender 166F

Apply Slaves 172G-172I

Receiver 168H (remote)

Sender 166G

Apply Slaves 172A-172C

Receiver 168C (remote)

Sender 166H

Apply Slaves 172D-172F

Receiver 168F (remote)

Sender 166I

Apply Slaves 172G-172I

Receiver 168I (local)

Thus, focusing on sender 166B for example, sender 166B consumes change vectors from change vector maps 186D, 186E, and 186F, which correspond to apply slaves 172D, 172E, and 172F respectively on standby instance 160B. The consumed change vectors and the referenced change records within log buffers 180A are placed together in a send buffer of send buffers 187A. Once the send buffer is full, then sender 166B can forward the send buffer from standby instance 160A to standby instance 160B over network 140, to be received by receiver 168D. In a similar manner, sender 166D may forward filled send buffers from standby instance 160B to standby instance 160A over network 140, to be received by receiver 168B.

Receiving Change Records

At block 208 of process 200, referring to FIG. 1B, each of receivers 168-168D and 168F-168H receive change records dispatched to said each receiver process by a sender process running on a standby instance different than the standby instance on which said receiver process runs. Referring to Table 1 above, since receivers 168A, 168E, and 168I may receive change vectors from a sender on the same local standby instance, only receivers 168B-168D and 168F-168H may receive change records that are dispatched from sender processes running on a remote standby instance that is different than the standby instance on which each receiver process runs.

Focusing on the example where sender 166D sends a send buffer to receiver 168B, referring to FIG. 1C, receiver 168B may receive change vectors with change records that are contained within a receive buffer of receiver buffers 188A. Since memory 161B of standby instance 160B may be structured similarly to memory 161A of standby instance 160A, memory 161B may also include send buffers 187B (not specifically shown in the Figures). A network communications API may be provided that allows sender 166D to queue a full send buffer from send buffers 187B for sending over network 140, whereby the send buffer is deposited as a corresponding receive buffer within receive buffers 188A, to be received by receiver 168B.

Merging Change Records by Instance

At block 210 of process 200, referring to FIG. 1B, each of standby instances 160A-160C orders a respective plurality of assigned change records assigned to an apply process running on each standby instance, said ordering made according to a logical time associated with each assigned change record of said plurality of assigned change records, wherein each of the respective plurality of assigned change records includes the dispatched change records received in block 208. In other words, the change records received from remote standby instances are merged with the local change records at each standby instance in logical time order. Block 210 may be carried out by each instance merger 170A-170C for respective standby instances 160A-160C.

Focusing on standby instance 160A in particular, instance merger 170A may merge the change records that are received by receivers 168A-168C. In the case of receiver 168A, since the corresponding sender 166A is local to standby instance 160A, the local change records can be directly accessed from log buffers 180A by examining the change vectors within change vector maps 186A-186C. For receivers 168B and 168C, since the corresponding sender 166D and sender 166G are remote to standby instance 160A, the remote change records may found with change vectors that are within receiver buffers 188A, as discussed above with respect to block 208. Instance merger 170A may thus merge together these local and remote change records in logical time order as instance change record stream 192A.

Applying Changes

At block 212 of process 200, referring to FIG. 1B, instance merger 170A-170C on each respective standby instance 160A-160C distributes each assigned change record ordered in block 210 to the assigned apply process of each assigned change record. Since each change vector and referenced change record is known to be retrieved from a particular change vector map, each change record can be routed to the correct apply slave, as defined in the example assignment of Table 1 above.

Focusing again on standby instance 160A, for a given first change vector from instance change record stream 192A, the assigned apply slave checks whether the referenced database block already exists in a buffer cache of memory 161A, for example in a recovery buffer of redo cache 193A. If the referenced database block is in memory, then the changes can be applied immediately to the recovery buffer. After applying, the recovery buffer is linked to the tail of one of checkpoint queues 196A-196C for respective apply slaves 172A-172C.

If the referenced database block is not in memory, then the assigned apply slave issues an asynchronous read request to retrieve the referenced database block from standby database 152 into a new recovery buffer within redo cache 193A of memory 161A. The new recovery buffer is also linked to the tail of one of checkpoint queues 196A-196C for respective apply slaves 172A-172C, the same as with the when the recovery buffer is already in memory. However, the first and future change vectors for the new recovery buffer are stored into redo cache 193A and linked to the tail of pending work queues 194A-194C for respective apply slaves 172A-172C.

In this manner, apply slaves 172A-172C can continue processing instance change record stream 192A without blocking on database I/O, and the pending work queues 194A-194C can be processed in any order since the recovery buffers are already ordered in checkpoint queues 196A-196C. Accordingly, a recovery buffer that has completed asynchronous I/O from standby database 152 may be unlinked from the head of a respective pending work queue 194A-194C after all of the change vectors in redo cache 193A that are pending for the recovery buffer are applied.

Metadata Markers

To accommodate actions that may need a synchronization point, metadata markers (also referred to as “recovery markers”) may be embedded within the redo strands. Such actions may include modifications to database storage, for example creating a new tablespace, dropping a tablespace, adding a new data file, deleting a data file, or changing affinities for undo tablespaces. To ensure storage consistency, all changes up to the metadata marker should be processed before processing any changes after the metadata marker. Otherwise, problems such as attempting to apply changes to a non-existing file may occur. Accordingly, when such actions occur on a particular primary instance 120A-120D of primary DBMS 110, they may be written as special metadata markers within the respective redo strand 122A-122D. When any of the logmergers 164A-164C encounters such a metadata marker, the metadata marker may be forwarded to coordinator 162, which in turn sorts the metadata markers from all standby instances in logical time order for processing.

As discussed above, database storage modifications may require a synchronization point to ensure storage consistency. To enforce the synchronization point, the logmerger that encountered the metadata marker may immediately halt merging new change records to its associated change record stream. By extension, senders 166A-166C are also necessarily halted. Note that the logmerger can still continue to read and validate log buffers, but simply does not merge them. Since the instance merger 170A-170C of each standby instance 160A-160C merges the change records received from all instances, this halting naturally results in all standby instances only applying up to the metadata marker point.

Dynamic changes to the redo strands may also embed metadata markers within the redo strands. For example, a new primary instance and corresponding redo strand may be added dynamically to primary DBMS 110. In this case, all changes up to the metadata marker should be processed before the new redo strand is assigned to a logmerger of a particular standby instance, for example by round-robin or load-balancing as discussed above. Otherwise, the change records may not be applied in the correct order.

A failover metadata marker may be embedded if primary DBMS 110 crashes or encounters a serious error. In this case, since physical standby 150 will be acting as a failover for the primary, it should not proceed ahead of the primary by applying change records beyond the crash point. Thus, the failover metadata marker may indicate a synchronization point after which change records should not be applied.

Besides metadata markers, dynamic changes to physical standby 150 may also necessitate a synchronization point. For example, if a new standby instance joins or an existing standby instance drops from physical standby 150, the distribution function may need to be adjusted for the new number of standby instances and apply slaves. Accordingly, a synchronization point may be requested and identified, all changes may be applied until the synchronization point, and the distribution function may be modified, with standby instance processes spawned or removed as necessary. Similarly, changes to undo tablespaces may be propagated using a metadata marker that requests a synchronization point, since changes to the undo tablespaces may correspondingly modify the determination of standby instance affinities in the distribution function.

Not all metadata markers may require synchronization as with the above examples. For example, a crash recovery marker may be used by coordinator 162 to update logical times in file headers, and may not require any synchronization at all. A library cache invalidation marker may be used by coordinator 162 to direct all standby instances to purge their respective library caches. For example, if a table is dropped, then all cached database blocks for that table can be purged. Moreover, because the timing of the purge causes no correctness issues for the redo apply, a synchronization point is not necessary. However, as discussed above, a database storage modification marker may be issued at the time that the table is dropped. Thus, a metadata marker does not necessarily indicate a full synchronization, but more broadly indicates that some special action is to be taken when the metadata marker is encountered.

Tracking Progress

Each standby instance independently tracks the redo apply progress for a particular recovery session at three scope levels: at each apply slave, locally at the standby instance, and globally for all standby instances. The tracked progress metrics are referred to as “influx logical times”, which indicate that all change records prior to and up to (but not including) that influx logical time have been applied for a given scope, with the apply state of change records at or after the influx logical time unknown or “influx” for that scope.

At the apply slave level, the slave influx logical time corresponds to the head of the associated pending work queue, or the head of pending work queues 194A-194C for respective apply slaves 172A-172C. If a pending work queue is empty, then the slave influx logical time corresponds to the last logical time seen by that apply slave.

At the local standby instance level, the local influx logical time is maintained as the least of the slave influx logical times for the local standby instance, and is shown as local influx logical time 189A for standby instance 160A.

At the global standby instance level, the global influx logical time corresponds to the least of the local influx logical times for each standby instance, and is shown as global influx logical time 190A for standby instance 160A. Each standby instance may broadcast its own local influx logical time to all other standby instances, allowing each standby instance to independently calculate the same global influx logical time. Alternatively, the global influx logical time may be calculated and broadcast from coordinator 162.

Each standby instance 160A-160C may include any number of database writers, or DB writers 174A-174C, which are each responsible for one or more checkpoint queues. Thus, DB writer 174A may be responsible for checkpoint queues 196A-196C. DB writer 174A consumes from the head of each checkpoint queue 196A-196C, writing recovery buffers to standby database 152. However, DB writer 174A only writes a recovery buffer if it is prior to global influx logical time 190A and not referenced in any of pending work queues 194A-194C. In other words, a recovery buffer is only written to disk after all possible changes have been applied.

Coordinator 162 may broadcast a query logical time to database clients for offloading read-only database queries from primary DBMS 110. If the query logical time is set too aggressively, then excessive waits may result since in-flight transactions may not be committed yet, and undo blocks to roll back the in-flight transactions may not be generated yet, causing the query to wait until the undo is applied and available. Accordingly, the query logical time is set to be no greater than the global influx logical time, which guarantees that all of the changes have already been applied for any query. While this means that data retrieved from the standby may be slightly out of date, this approach may be preferable to avoid high query latencies on the standby.

Recoverable Recovery

To provide recovery from a failure of the recovery process, for example if a particular logmerger crashes, a process monitor (PMON) may run in the background for each standby instance that can detect a hung or crashed process and examine the process memory to ascertain the crash logical time or the local influx logical time at the time of the crash. This crash logical time may be written to a special control file, and coordinator 162 may be notified that a crash has occurred. Coordinator 162 may then direct all standby instances to halt recovery and to recover to a clean logical time before resuming normal recovery. More specifically, the clean logical time may be set to the current global influx logical time, excluding the crashed instance. If the standby instance with the coordinator crashes, then the other standby instances may periodically attempt to access the special control file to confirm that a crash occurred and act accordingly.

Thus, each of the standby instances may restart recovery, applying a recovery subset of changes to standby database 152 that includes change records from the crash logical time until the clean logical time. Note that the recovery subset of changes excludes any change records at or beyond the clean logical time. After the recovery subset of change records is applied and written to disk, standby database 152 is in a clean state, and normal recovery or redo apply may resume with the pending change records.

Hardware Summary

According to one embodiment, the techniques described herein are implemented by one or more special-purpose computing devices. The special-purpose computing devices may be hard-wired to perform the techniques, or may include digital electronic devices such as one or more application-specific integrated circuits (ASICs) or field programmable gate arrays (FPGAs) that are persistently programmed to perform the techniques, or may include one or more general purpose hardware processors programmed to perform the techniques pursuant to program instructions in firmware, memory, other storage, or a combination. Such special-purpose computing devices may also combine custom hard-wired logic, ASICs, or FPGAs with custom programming to accomplish the techniques. The special-purpose computing devices may be desktop computer systems, portable computer systems, handheld devices, networking devices or any other device that incorporates hard-wired and/or program logic to implement the techniques.

For example, FIG. 3 is a block diagram that illustrates a computer system 300 upon which an embodiment of the invention may be implemented. Computer system 300 includes a bus 302 or other communication mechanism for communicating information, and a hardware processor 304 coupled with bus 302 for processing information. Hardware processor 304 may be, for example, a general purpose microprocessor.

Computer system 300 also includes a main memory 306, such as a random access memory (RAM) or other dynamic storage device, coupled to bus 302 for storing information and instructions to be executed by processor 304. Main memory 306 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed by processor 304. Such instructions, when stored in storage media accessible to processor 304, render computer system 300 into a special-purpose machine that is customized to perform the operations specified in the instructions.

Computer system 300 further includes a read only memory (ROM) 308 or other static storage device coupled to bus 302 for storing static information and instructions for processor 304. A storage device 310, such as a magnetic disk or optical disk, is provided and coupled to bus 302 for storing information and instructions.

Computer system 300 may be coupled via bus 302 to a display 312, such as a cathode ray tube (CRT), for displaying information to a computer user. An input device 314, including alphanumeric and other keys, is coupled to bus 302 for communicating information and command selections to processor 304. Another type of user input device is cursor control 316, such as a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to processor 304 and for controlling cursor movement on display 312. This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane.

Computer system 300 may implement the techniques described herein using customized hard-wired logic, one or more ASICs or FPGAs, firmware and/or program logic which in combination with the computer system causes or programs computer system 300 to be a special-purpose machine. According to one embodiment, the techniques herein are performed by computer system 300 in response to processor 304 executing one or more sequences of one or more instructions contained in main memory 306. Such instructions may be read into main memory 306 from another storage medium, such as storage device 310. Execution of the sequences of instructions contained in main memory 306 causes processor 304 to perform the process steps described herein. In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions.

The term “storage media” as used herein refers to any media that store data and/or instructions that cause a machine to operation in a specific fashion. Such storage media may comprise non-volatile media and/or volatile media. Non-volatile media includes, for example, optical or magnetic disks, such as storage device 310. Volatile media includes dynamic memory, such as main memory 306. Common forms of storage media include, for example, a floppy disk, a flexible disk, hard disk, solid state drive, magnetic tape, or any other magnetic data storage medium, a CD-ROM, any other optical data storage medium, any physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, NVRAM, any other memory chip or cartridge.

Storage media is distinct from but may be used in conjunction with transmission media. Transmission media participates in transferring information between storage media. For example, transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise bus 302. Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and infra-red data communications.

Various forms of media may be involved in carrying one or more sequences of one or more instructions to processor 304 for execution. For example, the instructions may initially be carried on a magnetic disk or solid state drive of a remote computer. The remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem. A modem local to computer system 300 can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal. An infra-red detector can receive the data carried in the infra-red signal and appropriate circuitry can place the data on bus 302. Bus 302 carries the data to main memory 306, from which processor 304 retrieves and executes the instructions. The instructions received by main memory 306 may optionally be stored on storage device 310 either before or after execution by processor 304.

Computer system 300 also includes a communication interface 318 coupled to bus 302. Communication interface 318 provides a two-way data communication coupling to a network link 320 that is connected to a local network 322. For example, communication interface 318 may be an integrated services digital network (ISDN) card, cable modem, satellite modem, or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, communication interface 318 may be a local area network (LAN) card to provide a data communication connection to a compatible LAN. Wireless links may also be implemented. In any such implementation, communication interface 318 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.

Network link 320 typically provides data communication through one or more networks to other data devices. For example, network link 320 may provide a connection through local network 322 to a host computer 324 or to data equipment operated by an Internet Service Provider (ISP) 326. ISP 326 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the “Internet” 328. Local network 322 and Internet 328 both use electrical, electromagnetic or optical signals that carry digital data streams. The signals through the various networks and the signals on network link 320 and through communication interface 318, which carry the digital data to and from computer system 300, are example forms of transmission media.

Computer system 300 can send messages and receive data, including program code, through the network(s), network link 320 and communication interface 318. In the Internet example, a server 330 might transmit a requested code for an application program through Internet 328, ISP 326, local network 322 and communication interface 318.

The received code may be executed by processor 304 as it is received, and/or stored in storage device 310, or other non-volatile storage for later execution.

In the foregoing specification, embodiments of the invention have been described with reference to numerous specific details that may vary from implementation to implementation. Thus, the sole and exclusive indicator of what is the invention, and is intended by the applicants to be the invention, is the set of claims that issue from this application, in the specific form in which such claims issue, including any subsequent correction. Any definitions expressly set forth herein for terms contained in such claims shall govern the meaning of such terms as used in the claims. Hence, no limitation, element, property, feature, advantage or attribute that is not expressly recited in a claim should limit the scope of such claim in any way. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.