What are ESP failover strategies?

Failover strategies determine how ESPs respond when infrastructure components fail. Different approaches balance complexity, cost, and recovery speed.

Active-passive (hot standby):

• Primary systems handle all traffic
• Standby systems remain ready but idle
• Failure triggers switchover to standby
• Simpler but potentially slower recovery

Active-active:

• Multiple systems actively handle traffic simultaneously
• Failure redistributes load to surviving systems
• No switchover delay; immediate capacity absorption
• More complex but faster and more resilient

Geographic failover:

• Data centers in multiple regions
• Regional failures route to other regions
• Protects against natural disasters, network partitions
• May involve latency tradeoffs

Component-level failover:

• Individual components (databases, MTAs, queues) have their own redundancy
• Failures isolated to affected component
• Layered protection throughout the stack

DNS-based failover:

• DNS changes route traffic away from failed infrastructure
• Relatively slow (DNS TTL delays) but simple
• Often combined with other faster methods

Well-designed ESPs combine multiple strategies: active-active within a data center, geographic failover across regions, component-level redundancy throughout. The goal is invisible failures: things break, but customers never notice.