o Backup router testing
- - test all resume error cases for backup router
- - test all resume error cases for normal server
- - test all resume error cases for primary router
+ - Switching tests
+ - (1) primary goes down (works)
+ - (2) server(s) looses primary, but backup doesn't
+ - Works, if the primary sends SERVER_SIGNOFF to backup for the
+ the signoffed servers it will disconnect them. The servers
+ will reconnect to primary, no desync. If primary sends ping
+ back (before SERVER_SIGNOFF) the backup returns failure to
+ server. Server resends START_USE, and same repeats. Either
+ the SERVER_SIGNOFF is received or the server disconnects from
+ backup, and reconnects to primary.
+ - (3) server looses primary, but backup doesn't, but ping timeouts
+ (no crash in primary)
+ - Works, the backup will be primary, server will notice it and
+ network works. When the backup gets connection back to primary,
+ primary will reject resuming. Backup switches back to backup
+ router. Server timeouts, disconnects and reconnects to primary
+ to avoid desync.
+ - (4) backup looses primary, but server(s) doesn't
+ - Works, the backup is in desync. When backup connects back to
+ primary it attempts to execute the resuming. The primary will
+ reject this. The backup accepts it and resumes as backup
+ router, no desync. Servers get the backup resuming protocol
+ but it will timeout, and no other action is taken. No desync in
+ servers.
+ - (5) server looses primary, backup crashes
+ - Works, the server will attempt to reconnect to the primary
+ and backup. Server will be cut from rest of the network.
+ - (6) server looses primary, backup doesn't, rejects server's use,
+ then backup looses primary
+ - Same as (3), if primary crashed, normal resuming occurs.
+
+ - Resuming tests
+ - (1) normal resuming (works)
+ - (2) backup crashes during resuming
+ - Works, no desync in router or server. Server reconnects to
+ the router to avoid desync in server.
+ - (3) primary crashes during resuming
+ - Works, no desync in backup or server. Backup handles crash
+ during first contact, during resuming and immediately after.
+ Server handle crash during first contact, after contact and
+ immediately after. In case of error server fallbacks to the
+ backup router. If backup rejects fallback, server disconnects
+ and reconnects to both backup and primary.
+ - (4) a server crashes during resuming (multiple servers present)
+ - Works, no desync in backup or servers. The backup restarts the
+ protocol after timeout. After that the protocol executes
+ quickly since all other servers are already connected to the
+ primary. While waiting restart servers fallback to the
+ backup.
+ - (5) server can connect to primary but cannot communicate
+ - Works, no desync in server. The server notices that the
+ protocol did not succeed, and verifies from backup whether it
+ can be used still. If backup refuses the server reconnects
+ to the primary router.
+ - (6) backup can connect to primary but cannot communicate
+ - Same as (9).
+ - (7) primary won't communicate with server
+ - Same as (5).
+ - (8) primary won't communicate with backup
+ - Same as (6), (9).
+ - (9) backup cannot communicate with server
+ - Works, no desync in backup or servers. The backup restarts the
+ protocol after timeout. This happens as long as the protocol
+ is executed successfully. Primary can communicate through the
+ backup during this. Servers fallback to backup after timeout
+ occurs and waits for new resuming. If the server never answers
+ anything to backup (but is up) then resuming lasts for ever,
+ until the server is either removed from network or starts
+ communicating. However, this does not cause network desync.
+ - (10) server cannot communicate with backup
+ - Same as (5), (9).
- Notifys (works)
JOIN, TOPIC_SET, CMODE_CHANGE, CUMODE_CHANGE, CHANNEL_CHANGE,
projects / silc.git / blobdiff