Understanding Active-Active Disaster Recovery Architecture: Challenges and Implementation Strategies

This article discusses disaster recovery solutions and high availability architecture for distributed systems. The author argues that cold backup and active-passive modes are not ideal solutions and often provide false security.

The article explains the key concepts of active-active (双活) architecture, which involves two sites simultaneously carrying business traffic with minute-level failover capability. The author identifies three critical technical requirements for successful active-active deployment:

First, local datacenter calls: Distributed requests must not cross datacenters; all calls must be completed within the local datacenter. This requires support from service routing policies, service frameworks, data access layers, and messaging components.

Second, data sharding and consistency: To prevent conflicting updates across sites, data must be partitioned based on business attributes like user ID or region. This ensures that a single data shard is only modified within one datacenter, enabling unidirectional synchronization.

Third, data synchronization: The author emphasizes that this is not just a technical challenge but a physical one - network latency across datacenters (especially cross-region) can increase from sub-millisecond to seconds, which significantly impacts business operations. Even with dedicated network lines, latency can increase dozens or hundreds of times due to network equipment, protocol conversions, and cross-carrier routing.

The author concludes with key recommendations: systems must support unit-based architecture before implementing active-active; the proper construction sequence should be: city-level active-active → cross-region active-active → two-city three-center architecture; all these concepts are interconnected and should be viewed holistically based on business scenarios; and ultimately it's about ROI - higher availability means higher costs.