Network tiebreaker

The network tiebreaker provides an alternative to the disk and operator-based tie breakers. It uses an external IP (network instance) to resolve a tie situation.

There are several situations in which the use of a network tiebreaker is most appropriate, for example:
  • A shared disk to be used as a disk tiebreaker is not available.
  • The ability to communicate with instances outside the cluster has the highest priority.
Example: The primary function of a web server is to deliver web pages to clients outside of the cluster. To make this service highly available, the tiebreaker must not grant access to a node, which is not able to communicate to instances outside of the cluster.

Use the network tiebreaker only for domains where all nodes are in the same IP sub net. Having the nodes in different IP sub nets makes it more likely that both nodes can ping the network tiebreaker, while they cannot communicate with each other. Additionally, the default gateway IP address must not be used if it is virtualized by the network infrastructure. Choose an IP address, which can be reached only through a single path from each node in the domain.

In the default setting, the network tiebreaker makes two attempts to ping the network tie breaker IP address. This default number of pings can be too low in virtualized environments or environments with a slow or unreliable network connection. For those environments, you can increase the number of pings that are executed by the network tie breaker up to a maximum of nine. Then, you can ensure a correct result of the tie breaker reserve operation.

Requirements for the network tiebreaker

To ensure the network tiebreaker function, the external IP instance must be reachable from all nodes within the highly available cluster. Also, the external IP instance must be able to reply to ICMP echo requests (ping). If you install a firewall rule, which blocks ICMP traffic between the cluster nodes and the external IP instance, the network tiebreaker does not work. In this situation, the cluster nodes might not communicate to their peers (cluster split), but both sub clusters are able to reach the external IP instance. Usually, IP ensures that if both sub clusters can reach the external gateway, they are also able to communicate with their peers. If this rule cannot be ensured, for example due to firewall settings, you cannot use the network tiebreaker.

The following table shows the advantages and disadvantages of network and disk tie breakers:
Table 1. Comparison of network-based and disk-based tie breakers
Network-based tiebreaker Disk-based tiebreaker
  • +: No hardware dependency.
  • +: Evaluates the availability of communication.
  • +: Most secure tiebreaker. Hardware ensures that only one instance (node) is able to get the tiebreaker.
  • -: If the external IP instance is not available in case of a cluster split, no sub-cluster gets quorum.
  • -: There can be error conditions in which a tie situation occurs, but more than one node is able to communicate. In this case, both sub-clusters are able to get the tiebreaker.
  • -: If there is a loss in communication, this tiebreaker can grant access to a node, which is not able to communicate to instances outside the cluster.