How to Enable Fast-Start Failover in Oracle Data Guard – The Geek Diary

Fast-Start Failover is a technique used in Oracle Data Guard, where data is copied from one Oracle VM on a primary/standby pair to another Oracle VM on the same primary/standby pair, but without requiring waiting for the failover process to complete.

Fast-start failover (FSO) is an Oracle technology that allows you to fail over a database from one node to another quickly. It’s usually done for disaster recovery purposes, but it can also be used to improve performance during normal business hours.

The ability to fail over from a primary node to a standby node is one of the most requested features by database users. Oracle has added the ability to do this for Data Guard, and in this post I will explain how to enable it.

Fast-start feature in Oracle Data Guard offers the ability to start certain services of a cluster by using the Fast-start option, which involves an Oracle RMAN backup job and a physical standby server. Fast-start is not a new feature, but only recently it is enabled by default for new deployments. Fast start is a significant feature that can be used to prevent the entire site from losing all of its data in case of any failure, e.g. if a host or the whole DC fails.

Quick start safety: Overview

With Fast Failover, the Data Guard Broker can quickly and automatically switch to a previously selected backup database without the need for manual intervention. This feature increases database availability in the event of a failure and reduces the need for a manual failover operation.

Fast start failover can only be used in a broker configuration and can only be configured through DGMGRL or Enterprise Manager. An Observer is an Oracle Call Interface (OCI) client component that typically runs on a separate computer and monitors the availability of the main database.

It is integrated into the DGMGRL component on the client side. You must use DGMGRL version 12.1 to monitor Oracle databases with version 12.1. Only one observer can monitor the broker’s configuration.

When is switching to quick start?

The quick-start switchover takes effect when one of the following conditions is met:

• Loss of communication between the primary database and the observer, and between the primary database and the target backup database for fast failover – exceeds the threshold for fast failover.
• The database health check engine determines one of the following (at the discretion of the configuration):
  • The data file is offline due to a writing error.
  • The dictionary of the critical database object is corrupted.
  • The control file is damaged beyond repair due to a disk error.
  • LGWR cannot write to a member of the log group due to an I/O error.
  • The archiver cannot archive the redo log because the device is full or unavailable.
• An instance error occurs with a single instance database.
• All instances of the Real Application Clusters (RAC) master database fail.
• The shutdown of the main database has been interrupted.
• The application initiates a fast failover The application initiates a fast failover by calling the DBMS_DG.INITIATE_FS_FAILOVER function.

Installing the Observer software

To use Accelerated Failover, you must install the DGMGRL program (which contains the Observer software) on a computer system that is separate from the primary and backup database systems. To install DGMGRL on the monitor computer, use one of the following methods:

• Install the full Oracle client administrator by selecting the Administrator option in the Oracle Universal Installer. This installation includes DGMGRL, but not the Oracle Enterprise Manager agent. With this type of installation, you can manage the observer with DGMGRL commands, but you cannot manage Oracle Enterprise Manager.
• Install the full Oracle Database software suite. This facility includes the DGMGRL.

Message: To manage the monitor via Oracle Enterprise Manager Cloud Control, the Enterprise Manager Cloud Control agent must be installed on the monitor machine in addition to DGMGRL. The monitoring host must be on the client’s network or at a location where most client activity or the highest priority activity occurs. This method may cause false failures, i.e., a fast failure occurs even if the primary system is operational and locally available; however, if clients cannot reach the primary system, it may also be disabled.

Conditions for fast start of failover

The following conditions must be met to activate the accelerated tilt function:

• The broker configuration must operate at maximum availability or performance.
• The primary database must be configured with backup redo log files.
• For the backup database that is the target of a fast failover, the LogXptMode property must be set to SYNC or FASTSYNC to enable a fast failover in maximum availability mode, or to ASYNC to enable a fast failover in maximum performance mode. To use a Far Sync instance with fast failover, the primary database must use SYNC or FASTSYNC for the Far Sync instance. The Far Sync instance must use ASYNC for the target backup database. The RedoRoutes property should be set when Far Sync forwards redo information to the failover target for fast start.
• Flashback Database must be enabled on the primary database and the standby target database.
• The primary database and the target backup database must be connected.
• Configure the tnsnames.ora file on the observer’s system to allow the observer to connect to the primary database and the pre-selected target backup database.
• Create a static service name so the observer can automatically restart the database on a rebuild.

Quick-start Failover Configuration

1. Specify the target backup database.
2. Set the security mode.
3. Set the FastStartFailoverThreshold property.
4. Define additional database properties Define additional database properties.
5. Define additional conditions for fast switching.
6. Activate the switchover with Quickstart.
7. Start the observer.
8. Check the configuration

The manual steps for configuring fast failover are described in the following sections. Configuring fast failover with Enterprise Manager Cloud Control is described later in this article.

Step 1: Specifying the purpose of the backup database

You do not need to set the FastStartFailoverTarget property in a single backup database configuration: The Data Guard Broker automatically sets them accordingly for primary and backup databases when Fast Failover is enabled. DGMGRL> DATABASE boston SET PROPERTY FastStartFailoverTarget = london ; In a Data Guard configuration with multiple redundant databases, you must set the FastStartFailoverTarget database property for the current primary database before enabling FastStart Failover.

The broker automatically sets the FastStartFailoverTarget database property to the standby database when Fast Failover is enabled. Run the command when connecting to the master database or any standby databases in the configuration that have a connection to the master database.

The syntax of the command is as follows: DATABASE [primary-database-name] SET PROPERTY FastStartFailoverTarget = [standby-database-name] ; To change the FastStartFailoverTarget property to point to a different backup database, disable FastStartFailover, set the FastStartFailoverTarget property, and re-enable FastStartFailover.

Step 2: Define protection class

You can enable fast-start failover when the configuration is in maximum availability or maximum performance mode. In Maximum Performance mode, set the FastStartFailoverLagLimit configuration property to an acceptable limit (in seconds) that allows the backup database to lag behind the primary database in the number of new records created, while still allowing automatic failover during rapid startup.

This helps to reduce data loss. DGMGRL> EDIT DATABASE boston SET PROPERTY LogXptMode=SYNC; DGMGRL> EDIT DATABASE london SET PROPERTY LogXptMode=SYNC; DGMGRL> EDIT CONFIGURATION SET PROTECTION MODE AS MaxAvailability DGMGRL> EDIT DATABASE boston SET PROPERTY LogXptMode=ASYNC; DGMGRL> EDIT DATABASE london SET PROPERTY LogXptMode=ASYNC; DGMGRL> EDIT CONFIGURATION SET PROTECTION MODE AS MaxPerformance; DGMGRL> EDIT CONFIGURATION SET PROPERTY FastStartFailoverLagLimit=45 ; Message: The RedoRoutes property should be used instead of the LogXptMode property when Far Sync sends a redo to a fast-failover destination.

Fast Startup Failover cannot be enabled when Maximum Performance mode is used with Far Sync.

Step 3: Setting the fast-start switchover threshold

The fast failover threshold determines how long the observer and the target standby database must simultaneously wait for a message from the primary database before the fast failover takes effect. The threshold is defined as a positive number of seconds different from zero.

The default value for the FastStartFailoverThreshold property is 30 seconds. When choosing a value for this property, you should weigh the increased risk of unnecessary failover (for example, when a network connection is temporarily interrupted for a few seconds) against the benefits of faster failover and reduced downtime in the event of a critical failure. Recommended settings for the FastStartFailoverThreshold property:

• Single, primary, reliable, low-latency network = 10-15 seconds
• Single element primary network with high WAN latency = 30-45 seconds
• Primary RAC = (number of CSS passes + reconfiguration time) + (24-40 seconds)

Run the EDIT CONFIGURATION SET PROPERTY FastStartFailoverThreshold=threshold trap command while connected to the primary database or a backup database in the Data Guard broker configuration connected to the primary database. DGMGRL> EDIT CONFIGURATION SET PROPERTY FastStartFailoverThreshold = 15 ; Message: You can change this property whether or not Quick Reject is enabled.

Step 4: (Optional) Specify additional features for accelerated failover

You can set additional properties to determine how fast switching works. If not explicitly specified, default values are used for optional failover properties. The default values are as follows:

Real estate	Default value
FastStartFailoverLagLimit	Thirty seconds.
FastStartFailoverPmyShutdown	The Truth
FastStartFailoverAutoReinstate	The Truth
ObserverConnectIdentifier	Value of DGConnectIdentifier
ObserverOverride	Lies
ObserverConnect	0 (zero)

Set delay time

In the previous version of Oracle Database, fast failover could only be used in maximum availability configurations using the redo SYNC AFFIRM transport settings. When the Data Guard is operating in Maximum Performance mode, retransmissions are performed using the ASYNC link to the backup location.

The primary database can send transactions even if those transactions were not received on the backup host or written to the backup’s redo logs. Therefore, transactions performed in the primary database may not be available in the backup database. Switching to a backup database at this time will result in data loss. The ability to quickly switch to automatic failover and experience data loss can be controlled by defining an acceptable amount of data loss.

Use the FastStartFailoverLagLimit property to specify an acceptable delay time limit in seconds. If the applied backup database replay point is within the specified number of seconds of the main database replay creation point, a fast-start failover is allowed. If the applied backup database point is behind this limit, fast failover is not allowed. The resistance limit is ignored in SYNC control. This applies only to configurations where Faststart Failover is enabled in Maximum Performance mode.

The real-time application must be enabled on the target file’s standby database for the delay to be calculated correctly. Set the FastStartFailoverLagLimit property as follows: EDIT CONFIGURATION SET PROPERTY FastStartFailoverLagLimit = {n} ; The minimum value of n is 10. The default value is 30. You can perform a manual failover to the failover target with maximum performance.

The maximum performance must be within the specified latency limit of the primary database to allow failover. If the failover target lags the primary database by more than the specified time limit, an error is returned because the backup database lags the primary database by more than the specified time limit.

Configuring automatic disconnection of the primary database

If you do not want the old primary database to automatically shut down after a Fast Startup failover is triggered by stopping the generation of repeated entries in the primary database and losing communication between the primary database and the pending target database for more than the number of seconds specified in the FastStartFailoverThreshold configuration property, set the FastStartFailoverPmyShutdown property to FALSE.

If this property is set to FALSE, the old primary database freezes while waiting for the condition that caused the fast failover to be diagnosed. DGMGRL> edit configuration set property FastStartFailoverPmyShutdown = false; Update property faststartfailoverpmyshutdown. A value of TRUE causes the primary database to be closed with the ABORT option after the number of seconds specified in the FastStartFailoverThreshold property and when the primary database is no longer in contact with the fast failover partners.

The default value is TRUE. Message: The primary database is always shut down when a user-configurable fast failover condition is detected or when the application has initiated a fast failover by calling the DBMS_DG.INITIATE_FS_FAILOVER function, even if FastStartFailoverPmyShutdown is set to FALSE.

Automatic recovery from a fast-start error

Restoring the original primary database is essential to restore high availability after a rapid failover. If you do not reconfigure the fast failover environment, you cannot perform another fast failover until the original database is restored. Automatic restoration of the original primary database occurs when all of the following conditions are met:

• FastStartFailoverAutoReinstate is TRUE.
• The original primary database and the new primary database form the same fast failover configuration before failover and after the original primary database is restarted.
• In a multi-backup database configuration, you did not perform a successive failover or switchover before restarting the original primary database.
• The observer can connect to the original primary database.
• The original primary database must be able to connect to the new primary database to perform the restore operation.

If all conditions are not met, the original primary database is not automatically restored and the associated errors are recorded. You can then request a manual restore of the original primary database using DGMGRL or Enterprise Manager.

Configuring automatic recovery of the primary database

You can use the FastStartFailoverAutoReinstate property to specify whether the observer should automatically restore the old primary database after a quick failover. In some fast failover situations, you may want to diagnose the cause of a fast failover before restoring the primary database; you should set this property to FALSE.

The default value is TRUE. DGMGRL> change configuration set property FastStartFailoverAutoReinstate = false ; property faststartfailoverautoreinstate updated DGMGRL> show fast_start failover Fast-Start Failover : ENABLED Threshold: 90 seconds Target: pc01sby1 Observer: host04 Delay limit: 60 seconds Primary stop: TRUE Auto Repair : FALSE

Set the connection ID for the observer

Use the ObserverConnectIdentifier custom database property to specify how the observer should connect to and monitor the primary and backup databases.

Set this property for the primary and destination backup databases if you want the observer to use a different connection ID than the one used to send the redo data (that is, the connection ID specified by the DGConnectIdentifier property). DGMGRL> DATABASE boston EDIT SET PROPERTY ObserverConnectIdentifier=boston.example.com ;

Observer suppression setting

The ObserverOverride configuration property, when set to TRUE, allows automatic failover if an observer has lost connection to the primary system, even if the backup has a healthy connection to the primary system. DGMGRL> EDIT CONFIGURATION SET PROPERTY ObserverOverride = TRUE ; By default, the ObserverOverride property is set to false.

Observer reconnects frequency setting

The ObserverReconnect configuration property determines how often an observer reconnects to the underlying database. If this property is set to 0 by default, it does not allow the observer to periodically reconnect to the master database.

While this eliminates the processing overhead associated with periodically establishing a new connection between the observer and the primary database, it also prevents the observer from detecting that no new connections can be established to the primary database.

Oracle recommends setting this property to a value small enough to quickly detect errors in the underlying database, but large enough to keep the overhead associated with periodic observer bindings at an acceptable level. DGMGRL> EDIT CONFIGURATION SET PROPERTY ObserverReconnect = 15 ;

Step 5: Configure additional failover conditions for fast startup

Use the broker commands ENABLE/DISABLE FAST_START FAILOVER to specify the conditions under which fast failover should occur. ENABLE FAST_START FAILOVER CONDITION The archiver is locked; The Oracle database server detects when the specified condition occurs and reports it to the observer.

The observer initiates a fast failover without waiting for the FastStartFailoverThreshold to expire (if the standby server is in an acceptable fast failover state to accept the failover). Use the SHOW FAST_START FAILOVER command to get a list of valid conditions and confirm your changes.

These include the following: Configurable failover conditions Health conditions : Control file corrupted YES Dictionary corrupted YES Log file inaccessible NO Archiver locked NO Data file not on network YES Oracle error condition (no) For a given Oracle ORA failure condition, the primary database notifies the observer when an error occurs, and the observer immediately initiates a fast failover, provided that the backup database is in an acceptable fast failover state (observed and synchronized or within the time limit) to accept the failover.

If z. B. a large number of damaged blocks (ORA-1578) occurs. you can specify the following syntax: INCLUDE THE FAST_START FAILOVER CONDITION 1578. In this case, a quick error occurs when the ORA-1578 error occurs. This does not work for ORA-7445 or ORA-600 errors.

Configuring accelerated failover conditions

The additional requirements for running the database during a fast failover are listed in the following table:

Health status	Default value	Description
Offline database	FREE	Data file is disabled due to a write error
Corrupt control file	FREE	Corrupt control file
Dictionary of Indulgence	FREE	Damage to the critical object directory of the database
The log file is not available	DISABLED	LGWR cannot write to a member of the log group due to an I/O error.
Block the archiver	DISABLED	The archiver cannot archive the redo log because the device is full or unavailable.

The Datafile Offline, Corrupted Controlfile and Corrupted Dictionary conditions are enabled by default. If the value you specify is not recognized, an error is returned.

If the condition is already set, the error is not displayed. Example: Activate database status to quickly initiate failover: DGMGRL> enable fast_start failover condition Unreachable log file DGMGRL> show fast_start failover … Configurable failover conditions Health conditions : Operation file corrupted YES Dictionary corrupted YES Log file inaccessible YES Archiver locked NO Data file not on network YES

Step 6: Enable fast start protection

You can activate fast switching with DGMGRL. Running the ENABLE FAST_START FAILOVER command allows the Observer to monitor the primary and backup databases and initiate a fast failover if necessary. In addition to enabling Fast Failover, the Observer must be started. DGMGRL> ACTIVATE FAST_START FAILOVER ;

Step 7: Departure observation

Execute the START OBSERVER command, which instructs the broker to begin monitoring the Data Guard configuration to which the DGMGRL is connected. You must run this command on the computer where the monitor will be located. When you run the START OBSERVER command, the monitor retrieves the connection IDs of the primary database and the backup database of the failover target and begins monitoring.

It sends the name of its host computer to the Data Guard Broker. The primary database must be available for the START OBSERVER command to be executed successfully. In the Data Guard configuration, there can only be one observer at a time. If you try to run the second observer for the configuration, you get an error message. If you disable fast-start failover while the observer is monitoring the configuration, then the observer is idle and waiting for fast-start failover to be enabled.

The observer maintains a small configuration file to continuously capture important information about the Data Guard configuration it is monitoring. The file contains a description of the primary and target backup databases, including connection descriptors.

Use the FILE qualifier with the START OBSERVER command to specify an explicit directory path and name of the configuration file on the monitor computer: DGMGRL> START OBSERVER FILE=$ORACLE_HOME/dbs/Boston.dat ; If you do not specify the qualifier FILE, a file named FSFO.dat is found in the current working directory. If the file does not exist, a new file is created. If a configuration file exists, the monitor checks to see if that file describes a valid fast failover environment for the Data Guard configuration to which the monitor is connected. Message: You can run the START OBSERVER command regardless of whether Quick Start Failover is enabled.

Control is not returned when the observer is successfully launched. The watcher is a continuous foreground process; therefore, the prompt on the watcher’s computer does not return until you run the STOP OBSERVER command from another DGMGRL session. To execute commands and interact with the broker’s configuration, you must log in through another DGMGRL client session. Stopping the observer with the STOP OBSERVER command terminates the DGMGRL observer process.

Step 8: Configuration control

You can also use the SHOW FAST_START FAILOVER command to display all information about fast failover. DGMGRL> show fast_start failover ; Fast-Start Failover : FREE Threshold: 30 seconds, target : London Observer: host04 Delay limit: 30 seconds Main stop: TRUE Auto Repair : TRUE Observer priority: (none) Observer priority: FALSE Configurable failover conditions Health conditions : Invalid control file YES Invalid dictionary YES Invalid log file NO Locked archiver NO Invalid data file YES Oracle error conditions: (none)

Executing a quick-start error from the application

The application can initiate a fast failover by calling the DBMS_DG.INITIATE_FS_FAILOVER function. This feature is used to tell the primary database server that the application wants an immediate fast failover. The primary database server notifies the observer of this request, which immediately initiates a rapid failover. To accept a failover, the standby database must be in a valid failover fast-start state – observed and synchronized or within the timeout of the primary database.

Executing a quick-start error from the application

The PL/SQL package DBMS_DG contains a function INITIATE_FS_FAILOVER that allows the application to request a fast execution of the failover. FUNCTION dbms dg.initiate_fs_failover (condstr IN VARCHAR2) RETURN BINARY_INTEGER ; The application-initiated failover is a call to the FAILOVER command and requires SYSDBA privileges.

The DBMS_DG package is defined as the calling user’s privilege package to resolve privilege issues. If the configuration is not in a valid fast failover state, the INITIATE_FS_FAILOVER function returns an ORA error informing the caller that a fast failover operation cannot be performed.

Display quick-start switchover information

SQL> SELECT fs_failover_status as STATUS, fs_failover_current_target as CURR_TGET, fs_failover_threshold as THRESHOLD, fs_failover_observer_present as OBS_PRES, fs_failover_observer_host as OBS_HOST FROM v$database ; STATUS CURR_TGET THRESHOLD OBS_PRES OBS_HOST ———————- ——— ——– ———————– TARGET UNDER LAG LIMIT london 30 YES Host04.example.com V$DATABASE contains the following columns that provide detailed information about fast switching. These include:

• FAULT TOLERANCE STATUS OF FS :
  • ASSISTANT: Fast Startup Failover is enabled, but this backup database is not the target of Fast Startup Failover.
  • DISABLED : The quick start protection is disabled.
  • THE DICTIONARY OF COSTS : This status is displayed only for a logical backup database that has not yet finished loading a copy of the primary database data dictionary.
  • MOSTLY UNOBSERVABLE: This condition occurs in the target standby database only when it is synchronized with the primary database or is in TARGET UNDER LAG LIMIT and has a connection to the observer, but the primary database has no connection to the observer.
  • RECOVERY HAS FAILED: Restoring the failed primary database if a new backup database has failed. For more information, see the Data Guard drc* broker log files.
  • ASSISTANT: Fast Startup Failover is enabled, but this backup database is not the target of Fast Startup Failover.
  • DISABLED : The quick start protection is disabled.
  • THE DICTIONARY OF COSTS : This status is displayed only for a logical backup database that has not yet finished loading a copy of the primary database data dictionary.
  • MOSTLY UNOBSERVABLE: This condition occurs in the target standby database only when it is synchronized with the primary database or is in TARGET UNDER LAG LIMIT and has a connection to the observer, but the primary database has no connection to the observer.
  • RECOVERY HAS FAILED: Restoring the failed primary database if a new backup database has failed. For more information, see the Data Guard drc* broker log files.
  • A RESTORATION IS NECESSARY: A failed master database must be restored as a new backup database for the new master database. The observer automatically starts the recovery process.
  • RECOMMENDED: This state is displayed on the primary database when redo generation has stopped because the primary database cannot continue without violating the data loss guarantee.
  • EXHIBIT: This status is displayed on the target standby database when the primary or target standby database is closed in a controlled manner.
  • SYNCHRONIZED: The primary database and the backup database of the fast-start target failover are synchronized and the configuration runs in maximum availability mode.
  • THE GOAL IS TO EXCEED THE TIME LIMIT: (In Maximum Performance mode only) The generation time of the new backup database record is shifted more than the number of seconds from the generation time of the new master database record specified in the FastStartFailoverLagLimit configuration property.
  • TARGET BELOW THE DEPRIVATION LIMIT : (Maximum performance mode only) The backup database readback generation point is no more than the number of seconds behind the primary database readback generation point specified in the FastStartFailoverLagLimit configuration property.
  • UNSYNCHRONIZED : The target standby database does not have all the re-entries of the primary database and the configuration is running in maximum availability mode. It is not possible to switch during the fast start.
• FS_FAILOVER_CURRENT_TARGET : DB_UNIQUE_NAME of the backup database that is the current target fast failover backup database for the Data Guard configuration.
• FS_FAILOVER_THRESHOLD : The time (in seconds) that the observer attempts to reconnect to the disconnected primary database before attempting a rapid failover to the target standby database.
• FS_FAILOVER_OBSERVER_PRESENT :
  • YES: The observer is connected to the local database.
  • NO: The observer is not connected to the local database.
• FS_FAILOVER_OBSERVER_HOST : Name of the computer running the observer process

Message: If the value of FS_FAILOVER_STATUS is DISABLED, the values of the FS_FAILOVER_CURRENT_TARGET, FS_FAILOVER_THRESHOLD, FS_FAILOVER_OBSERVER_PRESENT, and FS_FAILOVER_OBSERVER_HOST columns in this table have no meaning.

Determine reason for fast failover start

You can query the V$FS_FAILOVER_STATS view on the primary database to see why a fast failover event occurred. The display shows the time of the last quick change and the reason for the action. SQL> SELECT last_failover_time, last_failover_reason FROM v$fs failover stats; FROM v$fs_failover_stats ; LAST_FAILOVER_TIME LAST_FAILOVER_REASON ——————– —————————— 10/17/2013 10:30:12 PM Head off

Prohibited actions after a quick-start error

Once you have enabled Fast Failover, you cannot perform the following operations (which compromise the Fast Failover environment):

• Change the security mode of the configuration.
• Change the LogXptMode property for the primary database or the target standby database.
• Change the RedoRoutes property to the primary, Far Sync, or destination backup database.
• Perform a failover or switch to a standby database that is not the target of a quick failover.
• Disable the configuration of the Data Guard broker.
• Delete the Data Guard Broker configuration.
• Deactivate or delete the backup database that is being accelerated.
• Disable or remove the Far Sync instance when it sends a redo to the failover quickstart target.
• Change the FastStartFailoverTarget property to the primary or backup database level.
• Transition to a non-synchronized failover target with a fast start.

Disable accelerated switching

You can disable fast failover to prevent the observer from initiating a failover to the target standby database. When you run the DISABLE FAST_START FAILOVER command, the Data Guard broker disables fast failover on the target standby database and then disables fast failover on the primary database. The Data Guard Broker permanently records this change in the Data Guard Broker metadata and propagates the change to all backup databases in the Data Guard Broker configuration.

DGMGRL> DISABLE FAST_START FAILOVER [FORCE] ; If the primary database and the target fast failover backup database are not communicating with each other, you can use the FORCE setting to disable fast failover. If this command is executed on the primary database or on a standby bystander database that has a connection to the primary database, the Data Guard broker disables the standby bystander locally.

The Data Guard Broker then writes this change to the Data Guard Broker metadata and propagates the change to all databases in the Data Guard Broker configuration to which the underlying database is connected. If the backup database has no connection to the primary database when you run the DISABLE FAST_START FAILOVER command with the FORCE option on the Faststart failover target database, Faststart failover is disabled only on that backup target database.

When the standby target database reconnects to the primary database, the primary database disables fast failover (as described earlier). If the backup database has no connection to the primary database, the primary database ignores it when you run the DISABLE FAST_START FAILOVER command with the FORCE option on the backup database. Failover with Quick Start automatically resumes on the backup database when communication with the primary database is restored.

You must run the DISABLE FAST_START FAILOVER command on the primary database or on a standby database that has a link to the primary database, or on a standby database that has a link to the primary database (or the target standby database itself) if you want to permanently disable fast failover. Message: Disabling Fast Failover does not stop the observer.

Disabling fast switching states

Use the DISABLE FAST_START FAILOVER CONDITION command to disable fast failover for the specified conditions. For example: DGMGRL> DISABLE FAST_START FAILOVER CONDITION Data file Offline ;

Use of FORCE option

 

Use the FORCE option when :

• You want to disable a fast failover run when the environment is synchronized and the primary database has lost communication with the observer and the target standby database. The FORCE option allows you to perform a quick failover run without needing to connect to the standby database or target observer.
• You want to prevent a fast failover run on the target standby database because you know that the primary database will resume operations before the threshold for fast failover run expires.
• You want to perform a manual failover to the target standby database or a third-party standby database when the failover fast-start environment becomes out of sync. In that case, you should be prepared to accept a rejection with data loss.

Observer coverage

If you want to stop using fast failover or move the watcher to another host computer, use the STOP OBSERVER command to stop the watcher. Message: The STOP OBSERVER command does not disable fast shifting. This command can be executed regardless of whether Fast Failover is enabled. You must run this command on the primary database or on a backup database in a configuration that has a link to the primary database.

If you run this command with fast failover enabled, the target standby fast failover database must have a link to the primary database. The observer is not stopped immediately when you execute the STOP OBSERVER command. The broker informs the observer the next time he is contacted. After the STOP OBSERVER command is executed, the Data Guard Broker can accept a new observer regardless of whether the stopped observer has completed its work.

Making manual role changes

You can perform manual role changes in an accelerated failover configuration if the role change is directed to the accelerated failover standby target database and the configuration is synchronized. The following conditions must be met:

• If the configuration is running in maximum availability mode, the target backup database must be synchronized with the primary database.
• When configuring in Maximum Performance mode, the target state database must be within the specified latency limit of the primary database.
• Manual failover requires the Observer to run and interact with the target standby database.

Restoring the database manually

Use the REINSTATE DATABASE command to restore the database. DGMGRL> DATABASE boston REINSTATE ; If the recovery conditions are not met, the query is not executed and the specified database remains disabled. If the specified database name is the original primary database and Fast Failover is enabled, the original primary database is restored as the backup database for the new primary database. The Fast Failover configuration is updated to reflect the availability of the new standby database.

It takes over the archived redo log files of the new master database and serves as a failover target in case the new master database fails. Run this command while connected to the primary database or a backup database in a configuration that has a different relationship to the primary database than the original primary database you want to restore. Message: The REINSTATE DATABASE command does not require you to enable fast failover.

It can also be used to restore the original primary database after a failover from a normal node loss. Enable quick start failover with Enterprise ManagerFast-Start fails over a standby instance in Oracle Data Guard.. Read more about fast-start failover: enabled in potential data loss mode and let us know what you think.

Frequently Asked Questions

How do I enable fast-start on failover?

In Oracle Database 11g, Oracle introduced Fast-Start for failover, a feature which allows Oracle to begin the process of failover and recovery very quickly after the main Oracle instance fails. Fast-Start was inspired by the need for DBA’s and business managers to quickly recover from failures and to ease the burden of having to “rebuild” a new primary database instance when the failure occurs in the middle of a database transaction.

Fast-start is a feature in Oracle Data Guard that is used to speed up backup and restore of Oracle databases. Fast-start is a good idea when it is not feasible to wait for a restore to take place; part of the problem is that the time lag between updates of data in the database and the time it takes to complete a backup and restore is too long.

This is a risk since if a restore takes place while the updates are still in progress, the database can become inconsistent. Fast-start can be configured to start a backup after the updates have completed, and later restore the data if the backup completes successfully.

How do you failover in Oracle Data Guard?

A Oracle Data Guard solution is a great way to protect your Oracle database from failures, but it can be slow to start up and slow to stop. In particular, the lockTimeout parameter has been known to cause issues for users who want to move databases between two nodes. The default setting of 30 seconds is a decent compromise, but it can sometimes be difficult to set to the ideal value without blocking other users.

If you are running Oracle Data Guard, you are probably familiar with the concept of a backup node. The backup nodes are the data protection points in your environment that you use to store your backups. You can think of a backup node as a small Oracle VM that runs your database and stores your backups. When you run Oracle Data Guard with Fast-Start enabled, the backup node is the first node in the Redo Log shipping group, and it is the only node that has the ability to receive Redo Logs from the source.

Which three are prerequisites for enabling fast-start failover?

Exadata is Oracle’s high-performance database appliance with an advanced architecture that allows for high-speed data access. Oracle Exadata is engineered with an architecture that enables fast-start failover, which is the ability of the appliance to quickly restart a database instance to ensure that there is no loss of mission-critical functionality. This feature greatly increases the ease of managing Oracle Exadata and provides a robust failover feature that is essential for mission-critical applications that store sensitive data or need to access data from multiple databases.

Fast-Start Failover was introduced in Oracle Database 11g release 2, and is enabled by default in 12c. In many places, it’s enabled for automatic failover, which is great if you aren’t manually involved in the failover process. But what if you are? How can you make sure that, if something goes wrong, failover will happen without a delay? Here are the prerequisites: