Push server and redirector failover design
Push server failover
When a problem occurs that disrupts the connection between a push redirector and a push server, the push server removes the push redirector from the list of available redirectors and stops redirecting clients to it.
If other redirectors are still available, the server will continue to redirect clients to only those redirectors that are still connected to it. Otherwise, the push server responds to the client with an HTTP 500 error.
The unavailable push redirector can re-establish the connection to the push server when it recovers from the problem that caused it to disconnect.
Push redirector failover
When the push redirector loses its connection to the push server, the redirector begins to disconnect clients that are currently connected to it. This allows the clients to authenticate for push notifications with the push server again. The push server can then redirect the clients to another push redirector.
To prevent the push server from receiving too many client authentication requests at once, the push redirector disconnects clients in 50 millisecond intervals.
If the push redirector establishes a connection to the push sever during this process, it stops disconnecting clients. Clients still connected to the push redirector will continue to function normally, and the push redirector can begin to receive new client requests again.