RDB backup scheduling, AOF log shipping to cold storage, BGSAVE + BGREWRITEAOF interaction, DEBUG RELOAD for in-memory consistency checks, and a documented recovery runbook for the three most common failure scenarios.
A-13 — Disaster Recovery, Backup, and Point-in-Time Restore
Who this module is for: Redis is holding data that matters — sessions, job queues, rate limit state, coordination locks. If the server dies, you need to recover. This module covers RDB backup scheduling, AOF log shipping, recovery runbooks for the three most common failure scenarios, and the one practice most teams skip: testing restore procedures before they need them.
The Backup Strategy Pyramid
Not all Redis data needs the same protection:
| Data Type | Recovery Strategy | RTO | RPO |
|---|---|---|---|
| Pure cache | Regenerate from DB on miss | Seconds | Any (cache is disposable) |
| Session store | Restore from RDB + accept some logouts | Minutes | Last snapshot |
| Job queue | Restore from RDB + reprocess in-flight jobs | Minutes | Last snapshot |
| Rate limit state | Restore from RDB + accept burst on restart | Minutes | Last snapshot |
| Event log / audit trail | AOF log shipping + S3 | < 30 min | < 1 minute |
RPO (Recovery Point Objective): Maximum acceptable data loss (time).
RTO (Recovery Time Objective): Maximum acceptable downtime (time to recover).
Design your persistence configuration to meet the RPO; design your restore procedure to meet the RTO.
RDB Backup Scheduling
Automated Periodic Snapshots
Add to cron:
Backup Retention Policy
Implement with S3 Lifecycle policies:
AOF Log Shipping
For near-real-time backup (RPO < 1 minute), ship the AOF file to durable storage continuously:
For Redis 7.0+ multi-part AOF (RDB base + incremental AOF files):
Recovery Runbooks
Scenario 1: Single Node Crash (Data Loss ≤ Last Snapshot)
Symptoms: Redis process crashed or OOM killed. No failover configured.
Data loss: Everything since last successful BGSAVE.
RTO: ~2–10 minutes (time to start Redis + load RDB).
RPO: Time since last BGSAVE (up to your snapshot interval).
Scenario 2: Data File Corruption
Symptoms: Redis refuses to start; logs show "Bad file format" or checksum error.
Scenario 3: Accidental FLUSHALL (Data Loss: Complete)
Symptoms: Someone ran FLUSHALL. All keys are gone.
Urgency: Every write since FLUSHALL makes recovery harder (overwrites restored data).
Alternative (faster for large datasets): Use the --pipe mode of redis-cli to migrate keys using the RDB protocol.
Testing Your Restore Procedure
This is the step most teams skip. A backup you have never restored is not a backup — it is a file that might be a backup.
Monthly Restore Drill
What to Validate
- RDB file integrity:
redis-check-rdb dump.rdbreturns clean - Key count: approximately matches production DBSIZE
- Sample key existence: spot-check 10–20 known keys that should exist
- Data correctness: verify a few known values match expected values
- Restore time: measure end-to-end RTO — does it meet your SLA?
Managed Redis Backup
For AWS ElastiCache, GCP Memorystore, and Redis Cloud:
AWS ElastiCache:
- Enable automatic daily backups (snapshot window configuration)
- Snapshots stored in S3 with configurable retention (1–35 days)
- Manual snapshots:
aws elasticache create-snapshot --cache-cluster-id my-cluster --snapshot-name manual-backup - Restore by creating a new cluster from a snapshot
GCP Memorystore:
- Persistence (RDB) enabled per instance
- Manual exports to GCS:
gcloud redis instances export my-instance gs://my-bucket/dump.rdb - Restore by importing from GCS
Redis Cloud:
- Automatic backup to S3/GCS/Azure Blob, configurable frequency (every hour to daily)
- Point-in-time restore via the console or API
For managed services: use the platform's backup mechanisms rather than running custom scripts. They handle the coordination with the managed service's storage layer.
Summary
- Match backup strategy to data criticality: pure caches need no backup; audit logs need AOF shipping
- RDB backup script: BGSAVE → wait for completion → copy dump.rdb → upload to S3 → prune old backups
- AOF log shipping: ship incremental AOF files to S3 continuously (RPO < 1 minute)
- Recovery runbooks for three scenarios: node crash (restore RDB), corruption (restore from backup), FLUSHALL (restore to test instance, migrate keys)
- Test your restore procedure monthly — a backup you have never restored is not a backup
- For managed services (ElastiCache, Memorystore, Redis Cloud): use the platform's backup mechanisms
- RTO measurement: include it in monthly restore drills to verify you can recover within your SLA
Next: A-14 — Performance Benchmarking and Production Tuning — redis-benchmark, OS-level tuning, slowlog analysis, and the configuration changes that meaningfully improve throughput.
You are designing the backup strategy for a Redis instance that acts exclusively as an in-memory session store. A server crash resulting in the loss of the last 5 minutes of session data (forcing those users to log in again) is acceptable, but losing all sessions is not. Which backup strategy offers the best balance of performance and recovery capability for this specific workload?
During a disaster recovery drill, you notice that your automated RDB backup script occasionally uploads corrupted or incomplete .rdb files to S3. Looking at the script, you see it runs BGSAVE and then immediately copies the /var/lib/redis/dump.rdb file. What is the fatal flaw in this script?
A junior developer accidentally runs FLUSHALL on production Redis, instantly deleting all keys. You have an automated RDB backup from 1 hour ago stored in S3. What is the safest and most reliable recovery procedure?
Test your knowledge with more question sets
Sign in to access a wider variety of questions and get notified when new practice sets are added to this module.
Sign in & RegisterDiscussion
0Join the discussion