Quorum Consensus — How Distributed Databases Agree on Reads and Writes
What is quorum consensus?#
A quorum is the minimum number of nodes that must participate in a read or write operation for the system to consider it successful. Instead of requiring every replica to respond, quorum-based systems only need a majority — making them resilient to individual node failures while still maintaining consistency guarantees.
The core idea: if enough writers and readers overlap, at least one reader will see the latest write.
The W + R > N rule#
In a system with N replicas, you configure two values:
- W — the number of nodes that must acknowledge a write
- R — the number of nodes that must respond to a read
When W + R > N, the write set and the read set always overlap. This guarantees that at least one node in every read has the most recent value.
Common configurations#
| Config | W | R | Trade-off |
|---|---|---|---|
| Strong consistency | N/2+1 | N/2+1 | Balanced latency, strong guarantees |
| Write-heavy | 1 | N | Fast writes, slow reads |
| Read-heavy | N | 1 | Slow writes, fast reads |
| Weak consistency | 1 | 1 | Fastest, but no overlap guarantee |
How quorum writes work#
- The coordinator receives a write request from the client
- It forwards the write to all N replicas in parallel
- Once W replicas acknowledge the write, the coordinator responds to the client with success
- Remaining replicas may still be processing the write in the background
The coordinator does not wait for all replicas — only the quorum threshold. This means some replicas may temporarily have stale data.
How quorum reads work#
- The coordinator sends read requests to all N replicas (or at least R)
- It waits for R responses
- If responses disagree, the coordinator picks the value with the highest version number or timestamp
- The coordinator returns the most recent value to the client
Because W + R > N, at least one of the R respondents participated in the latest write and carries the newest version.
Version tracking#
Quorum systems need a way to determine which value is "newest." Common approaches include:
- Timestamps — simple but vulnerable to clock skew
- Logical clocks — Lamport timestamps provide causal ordering
- Vector clocks — track per-node counters for precise conflict detection
- Version vectors — similar to vector clocks but attached to data items rather than events
Without reliable version tracking, the coordinator cannot resolve conflicting responses correctly.
Sloppy quorum#
A strict quorum requires that reads and writes go to the designated N replicas for a given key. But what happens when some of those replicas are unreachable?
A sloppy quorum relaxes this requirement. When a designated node is down, the system temporarily routes the request to a different healthy node — one that does not normally hold that data. This keeps the system available at the cost of weaker consistency.
Sloppy quorum means W + R > N no longer guarantees overlap with the latest write, because some writes may have landed on non-designated nodes.
Hinted handoff#
When a sloppy quorum writes to a substitute node, that node stores the data with a hint — metadata indicating which node should actually own it. Once the original node recovers:
- The substitute node detects the recovery
- It forwards the hinted data to the rightful owner
- The hint is deleted from the substitute
Hinted handoff is a temporary measure. It improves availability during failures but does not replace full anti-entropy repair.
Read repair#
During a quorum read, if the coordinator detects that some replicas returned stale values, it can push the latest value back to those stale replicas. This is read repair.
Read repair happens passively — only when a key is actually read. Keys that are rarely accessed may remain inconsistent across replicas for a long time.
How read repair works#
- Coordinator reads from R replicas
- It identifies which replicas have outdated versions
- It sends the newest value to those stale replicas
- Stale replicas update their local copy
This is an opportunistic consistency mechanism — it fixes inconsistencies as they are discovered.
Anti-entropy with Merkle trees#
Read repair only fixes keys that get read. For everything else, systems run a background anti-entropy process that continuously compares replicas and synchronizes differences.
The standard approach uses Merkle trees (hash trees):
- Each replica builds a tree where leaf nodes are hashes of individual key-value pairs
- Parent nodes are hashes of their children
- Two replicas compare their root hashes — if they match, the replicas are identical
- If they differ, the replicas walk down the tree to find exactly which keys diverge
- Only the divergent keys are transferred
This makes synchronization efficient — replicas exchange hashes instead of full datasets.
Dynamo-style architecture#
Amazon Dynamo popularized the combination of these techniques into a cohesive system:
- Consistent hashing to distribute keys across nodes
- Sloppy quorum for high availability
- Hinted handoff for temporary failure recovery
- Vector clocks for conflict detection
- Read repair for passive consistency
- Anti-entropy for background synchronization
- Tunable consistency via configurable W, R, and N
Systems inspired by Dynamo include Cassandra, Riak, and Voldemort.
Tunable consistency#
Dynamo-style systems let operators choose consistency levels per operation. For example, in Cassandra:
ONE— only one replica must respondQUORUM— a majority must respondALL— every replica must respondLOCAL_QUORUM— a majority within the local datacenter
This means different parts of your application can make different trade-offs. A shopping cart might accept eventual consistency for availability, while an inventory check might require quorum reads.
Failure scenarios#
Node failure during write#
If fewer than W replicas acknowledge, the write fails. The client must retry. Meanwhile, replicas that did receive the write may have divergent state — anti-entropy will eventually reconcile.
Network partition#
During a partition, nodes on one side may form a quorum while nodes on the other cannot. Sloppy quorum allows writes to proceed even when the "correct" nodes are unreachable, prioritizing availability over strict consistency.
Split-brain#
If a network partition divides the cluster into two groups that both believe they have a quorum, conflicting writes can occur. Vector clocks and conflict resolution strategies (last-writer-wins, application-level merge) handle this after the partition heals.
Quorum vs. consensus protocols#
Quorum-based systems (Dynamo-style) and consensus protocols (Raft, Paxos) both use majorities, but they solve different problems:
| Quorum (Dynamo) | Consensus (Raft/Paxos) | |
|---|---|---|
| Goal | Data availability and replication | Total ordering of operations |
| Conflict handling | Detect and resolve after the fact | Prevent conflicts via leader election |
| Availability | High (sloppy quorum) | Lower during leader election |
| Use case | Key-value stores, shopping carts | Metadata, config, leader election |
When to use quorum consensus#
Quorum systems work well when:
- High availability matters more than strict consistency
- Latency is critical — you cannot wait for all replicas
- Tunable consistency lets you adjust per operation
- Multi-datacenter deployments need local quorum reads
They are less suitable when you need strict ordering or transactions across keys.
Visualize quorum consensus#
On Codelit, generate a Dynamo-style replication cluster to see how quorum writes propagate across replicas. Click on a node to explore hinted handoff, read repair, and anti-entropy flows.
This is article #237 in the Codelit engineering blog series.
Build and explore distributed system architectures visually at codelit.io.
Try it on Codelit
Chaos Mode
Simulate node failures and watch cascading impact across your architecture
Related articles
Try these templates
Build this architecture
Generate an interactive architecture for Quorum Consensus in seconds.
Try it in Codelit →
Comments