Failback after failover
After a Failover with target server The immediately upstream server for replica servers, edge servers, standby servers, proxies and brokers. See also 'upstream server' and 'central server'. participation, the failback procedure restores the previous role of that server. Optionally, the pre-failover standby server is restored to its original role.
In what follows, "server" refers to an instance of P4D, the P4 Server software, and "machine" refers to the physical hardware on which an instance of P4 Server runs.
Prerequisites for using the failback command
-
Both the target server and the standby servers must be version 2022.1 or later.
-
The original p4 failover command must have been performed with the participation of the target server.
-
The p4 failback command must be performed with the participation of the target server.
-
When the target server is an edge server with a standby (or forwarding standby) server, the failback command requires the participation of the commit server that is the target for that edge server.
-
The server ID for the failed-over server must not be manually altered prior to performing the Procedure for using the failback command.
-
Journals created after failover or failback must still exist in their expected location before the standby-to-be is started as a standby. In other words, keep the journal locations and journals from failover through completion of all intended failback operations.
In addition, we recommend using two DNS aliases:
-
One DNS alias points to the IP address of the target server. This allows the same DNS alias to point the new target server (former standby server).
-
A second DNS alias points to the IP address of the standby server.
Scenario for this example
The commit server and its standby go down as part of the failover and failback to take them out of use and prevent data divergence.
|
![]() |
Procedure for using the failback command
Step | Description | ||||
1.
|
On the MachineA, where commit-uk was running prior to failover, convert commit-uk to a restricted standby, which causes commit-uk to ignore configuration settings that would otherwise interfere with failback.
|
||||
2. |
Start standby1 on MachineA and wait for its replication to catch up with commit-uk on MachineB. |
||||
3. |
On MachineA:
|
||||
4.
|
After the completion of a successful failback,
|
||||
5. |
(Optional) On MachineB, restore the P4 Server to its former status of being a standby server for commit-uk.
This command changes standby1 to a restricted standby. When standby1 discovers from replication that |
||||
6.
|
(Optional) Change the standby server spec of standby1 to a mandatory standby by setting mandatory for the Options field. A mandatory standby persists journalcopy'ed metadata before that metadata is replicated to other replicas, which can adversely affect replication performance. To learn more, see "mandatory standby" at Standby and forwarding-standby
|
If p4 failback cannot be used
Failback might still be possible even if the Prerequisites for using the failback command are not fully met.
Prerequisites if p4 failback cannot be used
Ensure that commit-uk on MachineB is reconfigured as a standby server before starting standby1 on MachineA, which must be configured as the target server for commit-uk.
Reseeding the original commit or central server
If p4 failback cannot be used, it is a best practice to reseed standby1 now running on MachineA before performing the failback steps.
Why you might want to reseed
Reason 1:
If commit-uk running on MachineA did not participate in the failover, the metadata for that server might contain transactions that had not been replicated to standby1 on MachineB at the time of failover. Those transactions could reappear at failback, so the safest option is to reseed.
Reason 2:
If commit-uk on Machine A did participate in the failover, reseeding might not be necessary. However, if you have any doubts about metadata integrity, the safest option is to reseed.
How to reseed
-
From a checkpoint of the commit server commit running on MachineB, reseed the server running on Machine A as standby1. For a detailed walkthrough, see Replica server metadata recovery.
-
Proceed with failback steps.
Failback steps if p4 failback cannot be used
Current status is after failover of commit-uk, such that commit-uk is running on Machine B and standby1 is running on MachineA.
At standby1 on MachineA
- Verify that commit-uk on MachineB is pulling from standby1 on MachineA by issuing p4 servers -J
- Check the result, which might be something like:
commit-uk '2025/07/09 16:41:36' commit-server 40/13642 40/13642 wadL/1 1
standby1 '2025/07/09 16:41:31' standby 40/10000 40/10000 wAdl/4 1
where 10000 is lower than 13642, which indicates that the standby is not yet fully caught up with the target server.
- Wait a moment, then reissue p4 servers -J to verify that standby is fully caught up with the target server. For example:
commit-uk '2025/07/09 16:41:36' commit-server 40/13642 40/13642 wadL/1 1standby1 '2025/07/09 16:41:36' standby 40/13642 40/13642 wAdl/4 1
At the commit-uk on MachineB
- Issue the failover command: p4 failover
- Follow the steps at Failover.