Manualshelf

Veritas Storage Foundation 5.1 SP1 for Oracle RAC Administrator"s Guide (5900-1512, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Volume Management (LVM/VxVM) Software
31323334353637383940
About preventing data corruption with I/O fencing
I/O fencing is a feature that prevents data corruption in the event of a
communication breakdown in a cluster.
To provide high availability, the cluster must be capable of taking corrective action
when a node fails. In this situation, SF Oracle RAC configures its components to
reflect the altered membership.
Problems arise when the mechanism that detects the failure breaks down because
symptoms appear identical to those of a failed node. For example, if a system in
a two-node cluster fails, the system stops sending heartbeats over the private
interconnects. The remaining node then takes corrective action. The failure of
the private interconnects, instead of the actual nodes, presents identical symptoms
and causes each node to determine its peer has departed. This situation typically
results in data corruption because both nodes try to take control of data storage
in an uncoordinated manner.
In addition to a broken set of private networks, other scenarios can generate this
situation. If a system is so busy that it appears to stop responding or "hang," the
other nodes could declare it as dead. This declaration may also occur for the nodes
that use the hardware that supports a "break" and "resume" function. When a
node drops to PROM level with a break and subsequently resumes operations, the
other nodes may declare the system dead. They can declare it dead even if the
system later returns and begins write operations.
SF Oracle RAC uses I/O fencing to remove the risk that is associated with
split-brain. I/O fencing allows write access for members of the active cluster. It
blocks access to storage from non-members.
Figure 1-8 displays a schematic of a four node cluster, each node writing order
entries to the connected disk array. When the private network connection between
the four nodes is disrupted (between Node A and the other 3 nodes in the figure
below), a split-brain situation occurs with the possibility of data corruption to the
disk array. The I/O fencing process prevents split-brain and any data corruption
by fencing off Node A from the cluster.
43Overview of Veritas Storage Foundation for Oracle RAC
About preventing data corruption with I/O fencing