Possible recovery strategies to handle transient COMM_FAILURE (was Re: problem with dying server)

[Hans Huebner]

On Thu, 10 Jul 1997, Sai-Lai Lo wrote:
> Therefore, I'm thinking of enhancing the implementation to allow the
> application to install a handler for TRANSIENT exception. The ORB let the 
> handler decides when to perform a retry.

The mechanism described looks quite reasonable to me.  Retries can't be
transparently controlled by the ORB, because it can not decide whether the
call was actually completed by the server in the first run.  The
application program should be forced to implement proper transaction
handling, which, for now, means that the application must have some
control over the retry strategy used.  For some applications it is
preferable not to retry a failed call at all and fall back to a recovery
mechanism whenever a COMM_FAILURE is detected.

Just to mention it again:  A mechanism to properly shut down a server ORB
(and orderly disconnecting all clients) is also badly needed.  This will
help to avoid many COMM_FAILURE exceptions, thus greatly simplifying
real-world systems where server processes need to be independently
restartable.

-Hans

Hans.Huebner@berlin.snafu.de

+49-177-512 1024