Logical replication slot failover keeps logical replication slots in sync from the primary node to the standby node, so that a failover does not disrupt your logical subscriptions.
Background
By default, PostgreSQL's streaming replication protocol does not sync logical replication slots from the primary node to the read-only node that serves as the standby. When a failover occurs, the logical replication slot is lost and logical subscriptions are interrupted.
PolarDB for PostgreSQL (Compatible with Oracle) resolves this by syncing logical replication slots to the standby node before a failover, so subscriptions resume after failover.
Physical replication slot failover is not supported. For more information, see the Replication slots section of PostgreSQL's Logical decoding concepts.
Configure logical replication slot failover
Set the polar_failover_slot_mode parameter to enable or disable logical replication slot failover.
| Value | Mode | Behavior |
|---|---|---|
async (default) | Asynchronous | Enables failover. No data loss during an HA cluster failover, but the logical replication client may receive duplicate data. If the client holds data ahead of the new primary at failover time, the client may have retained lost data, if any, during failover. Use synchronous mode if duplicate or inconsistent data affects your workload. |
sync | Synchronous | Enables failover. The primary does not send changes to the logical replication client until the standby has received them, ensuring no data is lost in logical replication during failover. |
off | Disabled | Disables logical replication slot failover. Logical replication slots are not synced to the standby node. |
Synchronous mode: edge case during standby disconnection
In synchronous mode, the primary holds changes until the standby acknowledges them. This prevents the logical replication client from receiving changes before the standby does—ensuring no data is lost in logical replication during failover.
However, if the standby disconnects for an extended period (for example, due to a network partition or a standby rebuild), the sync gap widens. During this window, the primary-standby latency can grow large enough that the logical replication client may advance past the standby. If a failover occurs during this window, some changes may not have reached the new primary, causing data loss.
To prevent this, contact Alibaba Cloud support to set polar_priority_replication_force_wait to on. With this setting, the primary stops sending changes to the logical replication client whenever the standby is disconnected, and resumes only after the standby reconnects or is rebuilt.
Setting polar_priority_replication_force_wait to on reduces the availability of logical replication. Proceed with caution.