Failover Process

Planned failover: During a failure or planned failover, the client must reconnect to the database. A planned failover is signaled to the client by the closing of the TCP connection on the server. The client must also close the connection and reconnect.

In the event of a failure, the connection might not be closed correctly. The new leader will send a gratuitous ARP packet to update the MAC address in the client's ARP table. Open TCP connections will be reset once the client sends a TCP packet. We recommend re-establishing a connection to the database by using an exponential back-off retry with an initial immediate retry.

Uncontrolled disconnection: As we do not allow read connections to standby nodes, only primary disconnections are possible. However, uncontrolled disconnections may occur during maintenance, cluster configuration changes, or during unexpected events such as storage exhaustion. These interruptions terminate ongoing transactions; therefore, you should configure your clients to reconnect automatically.

If a node disconnects from the cluster, the system automatically creates and provisions a replacement node. If the primary node is lost, the client reconnects automatically. If a replica node is lost, there is no visible impact.