Introduction

Your three-node Elasticsearch cluster just survived a network blip. Thirty seconds of packet loss between your primary datacenter and a secondary AZ. When connectivity restored, you discovered two nodes had independently accepted writes during the partition. Both believe they are the authoritative master. Both have diverged. This is split-brain — and the next 60 seconds will determine whether your data converges gracefully or you spend the next six hours manually reconciling indexes.

What Split-Brain Actually Is

Split-brain occurs when a distributed cluster partitions into two or more segments that each achieve quorum independently, or when quorum rules are misconfigured to allow it. Each segment continues operating as if it were the whole cluster. Writes flow into both sides. Neither segment knows it is operating on a stale view of the world.

The core problem is divergent state: two leaders, two write paths, two versions of truth. When the partition heals, the cluster must decide which side’s state wins — or whether a merge is even possible.

Why quorum isn’t always enough. Strict majority quorum (N/2 + 1 nodes required) prevents split-brain in theory. In practice, operators often lower quorum thresholds under operational pressure (”we only have 2 of 3 nodes, let’s keep serving”), or they run even-numbered clusters, or they misconfigure minimum_master_nodes (Elasticsearch’s historical footgun). The gap between theoretical safety and deployed reality is where split-brain lives.

Three failure modes:

1. Network partition with symmetric quorum loss — a 2-node cluster loses its tiebreaker. Both nodes independently promote themselves.

2. GC pause masquerading as a failure — a node pauses for 8 seconds (JVM GC, system call blocking), the cluster assumes it’s dead and elects a replacement, then the original node wakes up believing it still holds the lease.

3. Asymmetric network failures — Node A can reach Node B, Node B can reach Node C, but A cannot reach C. Quorum calculations become topology-dependent.