Understanding Redis Sentinel: How It Ensures High Availability and Automatic Failover

1. Introduction to Sentinel

Sentinel (Chinese: 哨兵) is a vital component of the Redis cluster architecture.

Its main functions are:

(1) Cluster monitoring: monitors whether Redis master and slave processes are operating normally.

(2) Message notification: sends alerts to administrators when a Redis instance fails.

(3) Automatic failover: when a master node goes down, it automatically promotes a slave to master.

(4) Configuration center: notifies client applications of the new master address after a failover.

Sentinel itself runs as a distributed sentinel cluster, cooperating with other sentinel instances.

(1) During failover, a majority of sentinels must agree that a master node is down, involving distributed election.

(2) Even if some sentinel nodes fail, the sentinel cluster continues to work; otherwise the high‑availability mechanism would become a single point of failure. Sentinel 2 rewrote much of the code from Sentinel 1 to make the failover mechanism more robust and simpler.

2. Core Knowledge of Sentinel

(1) At least three sentinel instances are required to ensure robustness.

(2) The sentinel + Redis master‑slave deployment does not guarantee zero data loss; it only ensures high availability of the Redis cluster.

(3) Both testing and failover drills should be performed thoroughly in test and production environments.

3. Why a Two‑Node Sentinel Cluster Cannot Work Properly

A sentinel cluster must have more than two nodes. With only two sentinel instances, the quorum is set to 1.

Configuration example:

master M1  R1 sentinel S1  S2 Configuration: quorum = 1 (only one sentinel needs to deem the master down to trigger a switch).

If the master fails, either S1 or S2 can trigger a failover, but a majority (both sentinels) must be running for the failover to be allowed. If one machine hosting M1 and S2 crashes, only one sentinel remains, lacking a majority, so failover will not occur.

4. Classic Three‑Node Sentinel Cluster

Setup example:

M1 S1 R2  R3 S2  S3 Configuration: quorum = 2 (majority).

If the machine running M1 crashes, the remaining two sentinels (S2 and S3) can agree that the master is down, elect one to perform the failover, and because the majority (2 out of 2) is satisfied, the failover proceeds.