Veritas Storage Foundation 5.1 SP1 Cluster File System Administrator"s Guide (5900-1738, April 2011)

To provide high availability, the cluster must be capable of taking corrective action

when a node fails. In this situation, SFCFS configures its components to reflect

symptoms appear identical to those of a failed node. For example, if a system in

and causes each node to determine its peer has departed. This situation typically

results in data corruption because both nodes try to take control of data storage

in an uncoordinated manner.

situation. If a system is so busy that it appears to stop responding or "hang," the

other nodes could declare it as dead. This declaration may also occur for the nodes

that use the hardware that supports a "break" and "resume" function. When a

node drops to PROM level with a break and subsequently resumes operations, the

other nodes may declare the system dead. They can declare it dead even if the

system later returns and begins write operations.

SFCFS uses I/O fencing to remove the risk that is associated with split-brain. I/O

SCSI-3 Persistent Reservations (SCSI-3 PR) are required for I/O fencing and resolve

the issues of using SCSI reservations in a clustered SAN environment. SCSI-3 PR

concerns, only one host and one path remain active. The requirements for larger

clusters, with multiple nodes reading and writing to storage in a controlled manner,

make SCSI-2 reservations obsolete.

SCSI-3 PR uses a concept of registration and reservation. Each system registers

its own "key" with a SCSI-3 device. Multiple systems registering keys form a

membership and establish a reservation, typically set to "Write Exclusive

Registrants Only." The WERO setting enables only registered systems to perform

write operations. For a given disk, only one reservation can exist amidst numerous

registrations.