What a lease is
A lease is a lock with an expiry. A coordinator grants a node exclusive rights, such as being leader or owning a resource, but only for a fixed time window. The holder must renew before expiry or lose the lease automatically.
Why time bounds help
Without expiry, if a lock holder crashes the lock is held forever and nobody can proceed. A lease self heals because authority lapses on its own. This lets the system recover from a crashed holder without a human or a perfect failure detector.
The clock trap
Leases depend on time, so clock skew is dangerous. If the holder thinks its lease is valid but the coordinator already expired it, two nodes may both believe they hold it. Mitigations include keeping lease durations well above expected skew and pairing leases with fencing tokens so stale holders cannot write.
Where leases appear
- Leader leases let a leader serve reads locally without quorum during the lease.
- Resource ownership in schedulers and distributed file systems.
- Service registries where a heartbeat renews a lease and a missed renew evicts the entry.
Key idea
A lease grants time bounded exclusive authority that lapses automatically on failure, but it must guard against clock skew with margins and fencing.