Docs Home → Develop Applications → MongoDB Manual

Replica Set Arbiter

On this page

Release Version Considerations

Example
Performance Issues with PSA replica sets
Replica Set Protocol Version and Arbiter
Security

In some circumstances (such as you have a primary and a secondary but cost constraints prohibit adding another secondary), you may choose to add an arbiter to your replica set. An arbiter does not have a copy of the data set and cannot become a primary. However, an arbiter participates in elections for primary. By default an arbiter has priority 0. An arbiter has exactly 1 election vote.

Important

Do not run an arbiter on systems that also host the primary or the secondary members of the replica set.

To add an arbiter, see Add an Arbiter to Replica Set.

Release Version Considerations

Arbiters are not supported with quarterly rapid releases releases. If your deployment includes arbiters, only use LTS releases.

Example

For example, in the following replica set with a 2 data bearing members (the primary and a secondary), an arbiter allows the set to have an odd number of votes to break a tie:

Diagram of a replica set that consists of a primary, a secondary, and an arbiter.

Performance Issues with PSA replica sets

If you are using a three-member primary-secondary-arbiter (PSA) architecture, the write concern "majority" can cause performance issues if a secondary is unavailable or lagging. See Mitigate Performance Issues with PSA Replica Set for advice on how to mitigate these issues.

Replica Set Protocol Version and Arbiter

For the following MongoDB versions, pv1 increases the likelihood of w:1 rollbacks compared to pv0 (no longer supported in MongoDB 4.0+) for replica sets with arbiters:

MongoDB 3.4.1
MongoDB 3.4.0
MongoDB 3.2.11 or earlier

See Replica Set Protocol Version.

Security

Authentication

When running with authorization, arbiters exchange credentials with other members of the set to authenticate. MongoDB encrypts the authentication process, and the MongoDB authentication exchange is cryptographically secure.

Because arbiters do not store data, they do not possess the internal table of user and role mappings used for authentication. Thus, the only way to log on to an arbiter with authorization active is to use the localhost exception.

Communication

The only communication between arbiters and other set members are: votes during elections, heartbeats, and configuration data. These exchanges are not encrypted.

However, if your MongoDB deployment uses TLS/SSL, MongoDB will encrypt all communication between replica set members. See Configure mongod and mongos for TLS/SSL for more information.

As with all MongoDB components, run arbiters in trusted network environments.

← Delayed Replica Set Members Replica Set Oplog →

Replica Set Arbiter.css-134mg1q{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;padding:0 10px;visibility:hidden;}.css-6vrlzm{border-radius:0!important;display:initial!important;margin:initial!important;}.css-1l4s55v{margin-top:-175px;position:absolute;padding-bottom:2px;}