Skip to main content

Module flow_control

reddb_server::replication

Module flow_control 

Source
Expand description

Write-admission flow control keyed on in-quorum replica lag (issue #826).

The primary streams WAL to every connected replica, but only some of those replicas count toward the configured commit quorum. When a quorum member falls behind, the primary should slow incoming writes so the lagging member can catch up — otherwise sync/quorum commits stall and the lag compounds. Replicas that are pure read scale-out (async, not in the quorum) must never exert this back-pressure: read fan-out should not be able to throttle write throughput.

FlowController implements that policy as a ticket-based admission gate. It watches the max lag across in-quorum replicas against a soft target (in LSN records):

  • lag <= soft target → tickets flow, writes admitted.
  • lag > soft target → throttle engaged, admission tickets denied until the quorum member recovers below the target.

A soft target of 0 disables the feature entirely (the default), so standalone and async-commit deployments are unaffected. The decision mirrors the engine-managed graceful-pause precedent in crate::runtime::write_gate (issue #519 archive-lag auto-pause): an independent, automatically-engaging/releasing gate that the operator’s manual read-only pin never stomps.

In-quorum membership is derived from the active QuorumConfig:

  • QuorumMode::Async — no replica is synchronous, so nothing is in-quorum and the controller never throttles.
  • QuorumMode::Sync — every connected replica is a candidate for the synchronous quorum and counts toward the lag signal.
  • QuorumMode::Regions — only replicas whose declared region is in the required set count; replicas in other regions (or with no region) are async read-replicas and are excluded.

Structs§

FlowController
Ticket-based write-admission flow controller.

Enums§

Admission
Outcome of a write-admission attempt.

Functions§

in_quorum_max_lag_lsn
Max lag in LSN records across the in-quorum replicas, measured as the distance from the primary’s current LSN to each replica’s last acked LSN. Async read-replicas are excluded. Returns 0 when no replica is in-quorum (so the controller never throttles on read scale-out alone).
is_in_quorum
Is replica a member of the commit quorum under quorum?