Data Loss Model:

We consider data to be lost if an update has been acknowledged to the client, but the corresponding data no longer exists in the system. Today's remote mirroring regimes all experience data loss, but the degree of disaster needed to trigger loss varies:

• Synchronous mirroring only sends acknowledgments to the client after receiving a response from the mirror. Data cannot be lost unless both primary and mirror sites fail.
• Semi-synchronous mirroring sends acknowledgments to the client after data written is locally stored at the primary site and an update is sent to the mirror. This scheme does not lose data unless the primary site fails and sent packets do not make it to the mirror. For example, packets may be lost while resident in local buffers and before being sent on the wire, the network may experience packet loss, partition, or components may fail at the mirror.
• Asynchronous mirroring sends acknowledgments to the client immediately after data is written locally. Data loss can occur even if just the primary site fails. Many products form snapshots periodically, for example, every twenty minutes [19,31]. Twenty minutes of data could thus be lost if a failure disrupts snapshot transmission.