Needs suggestion for redundant Storage

Peter Jeremy peterjeremy at
Tue Apr 11 19:16:50 UTC 2006

On Tue, 2006-Apr-11 13:15:48 +0200, Michael Schuh wrote:
>> You probably can't replace defective hardware so fast that the users
>> don't notice.  They will probably also notice when a system crash
>> garbles the filesystem.
>that was the reason why i would make a mirrored system with CARP
>and ggated.......

CARP can let you failover an IP address and ggated provides remote
access to a physical disk device but the combination will not give you
a fault tolerant server.  One major problem is that you will lose the
content of the cache when a system fails - this amounts to roughly the
last 30 seconds of data written (though the write-through behaviour of
NFS may mitigate this).  Other potential problems are:  Loss of
connection state - NFS is stateless but lockd and mountd retain client
state information so you will lose any client locks and the server may
object to being presented with filehandles that were issued by a
different host.  Handling the failure of the inactive host - you will
need to identify the behaviour when the remote part of your mirror
becomes inaccessible.

And none of the above protects against filesystem corruption.  Cheap
hardware presumably means that you won't be using ECC RAM and there
will me minimal (if any) protection against data corruption on the
various busses.  The odd bit-flip will be virtually undetectable
until someone notices that their data is corrupt.

>> Based on your comments of low cost and massive size, I presume you
>> can't afford a proper backup solution either.  This is a recipe for
>> disaster if the data is valuable.
>yes, i can't backup this amount of data at this moment, but this was
>not the focus...yet

Without backups, you can't recover from any problems - user errors or
system errors.  I'm certain the lack of backups _will_ become the
focus as soon as something valuable is lost.  And given the sort of
dodgy setup you want to construct, that may not take long.

>> Read the mailing lists - they are full of problems with them.  If
>> you value your data you will not use Sil controller.
>yes, this do i also know, but if i have a lot of them, and 2 falls out,
>so what happens if i had another box with my data?

The data is just as likely to be garbled on the remote system as well.
I don't think people are saying that the Sil controllers stop working,
they just don't work reliably so you can't rely on any data that has
been handled by a Sil controller.

>Oh that was fist not my idea, the management has questioned these features,
>in have said "OMG you aore not serious", but  is it...... :-((
>so that is better for me and my job to make what management wishes,
>later i can say.....i have you warned......

You need to write a memo to your management that clearly points out the
risks.  Keep a notarised copy for yourself and make sure yout CV is up
to date.  You can rest assured that you will be the scaegoat when it
all goes wrong.

Peter Jeremy

More information about the freebsd-stable mailing list