Hi, We have in our company thousands of clusters and use VCS a lot, and at least in 2 out of 3 regions there is no I/O fencing happening at all. We rely solely and so far quite successfully on heartbeat links.
We had recently an issue which would have been handled better if we had I/O fencing implemented: in one cluster the CPU got too busy so no network replies were received, the rest of the cluster thought it's dead, brought online all resources of the service groups running on the busy node, et voila: 2 nodes mounting the same filesystem. The busy node was not too busy to not write some stuff to disk. Once it was less busy, the expected concurrency violation appeared and all was restored, but not until the filesystem for corrupted. Restore from tape fixed it, but that was not fun and very time intensive. That sounds like I/O fencing is THE way to go, except this is the very first time this was seen, and I wonder if adding I/O fencing to all clusters makes sense: while it reduces the (small) risk of this happening, it add a (small) complexity to a cluster design, which potentially causes a lot of unnecessary reboots. What is the general recommendation for I/O fencing via SCSI reservations (which I understand is what VCS implements)? Recommended to do? Optional? Obsolete with sufficient heartbeat links? Dangerous and not recommended? Harald ---------------------------------------------------------------------- This message w/attachments (message) is intended solely for the use of the intended recipient(s) and may contain information that is privileged, confidential or proprietary. If you are not an intended recipient, please notify the sender, and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this message is prohibited. Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Sender. Subject to applicable law, Sender may intercept, monitor, review and retain e-communications (EC) traveling through its networks/systems and may produce any such EC to regulators, law enforcement, in litigation and as required by law. The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or free of errors or viruses. References to "Sender" are references to any subsidiary of Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Attachments that are part of this EC may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link: http://www.bankofamerica.com/emaildisclaimer. By messaging with Sender you consent to the foregoing.
_______________________________________________ Veritas-ha maillist - Veritas-ha@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-ha
