What are ESP failover strategies?

Failover strategies determine how ESPs respond when infrastructure components fail. Different approaches balance complexity, cost, and recovery speed.

Active-passive (hot standby):

Primary systems handle all traffic

Standby systems remain ready but idle

Failure triggers switchover to standby

Simpler but potentially slower recovery

Active-active:

Multiple systems actively handle traffic simultaneously

Failure redistributes load to surviving systems

No switchover delay; immediate capacity absorption

More complex but faster and more resilient

Geographic failover:

Data centers in multiple regions

Regional failures route to other regions

Protects against natural disasters, network partitions

May involve latency tradeoffs

Component-level failover:

Individual components (databases, MTAs, queues) have their own redundancy

Failures isolated to affected component

Layered protection throughout the stack

DNS-based failover:

DNS changes route traffic away from failed infrastructure

Relatively slow (DNS TTL delays) but simple

Often combined with other faster methods

Well-designed ESPs combine multiple strategies: active-active within a data center, geographic failover across regions, component-level redundancy throughout. The goal is invisible failures: things break, but customers never notice.