The core scheme
In the primary backup protocol, one replica is the primary and the others are backups. All client writes go to the primary, which applies them in a definite order and forwards them to the backups. Backups apply the same operations in the same order.
This single ordering point is what makes the system easy to reason about: there is exactly one place that decides what happens next.
Failover
If the primary fails, a backup must be promoted to become the new primary. This requires:
- Detecting the failure, usually with heartbeats and a timeout.
- Choosing a backup that is sufficiently up to date to avoid losing committed writes.
- Ensuring the old primary does not come back and act as a second primary, a dangerous split brain.
The split brain danger
If a network partition leaves the old primary alive but isolated, and a new primary is elected, both may accept writes. Preventing this usually needs an external coordinator or a fencing token so only one primary is ever active.
Key idea
Primary backup centralizes write ordering on one node, which is simple to reason about but demands careful failover to avoid split brain.