FAULT TOLERANT SYSTEMS

Similar documents
Fault Tolerance & Reliability CDA Chapter 3 RAID & Sample Commercial FT Systems

Domains. Seminar on High Availability and Timeliness in Linux. Zhao, Xiaodong March 2003 Department of Computer Science University of Helsinki

Fault Tolerant Servers: The Choice for Continuous Availability on Microsoft Windows Server Platform

Embedded Systems Lecture 9: Reliability & Fault Tolerance. Björn Franke University of Edinburgh

Fault Tolerant Servers: The Choice for Continuous Availability

Comparing TCO for Mission Critical Linux and NonStop

HRG Assessment: Stratus everrun Enterprise

White paper PRIMEQUEST THE BEST COST-EFFICIENCY IN MISSION CRITICAL OPERATION

A SURVEY OF POPULAR CLUSTERING TECHNOLOGIES

NEC Corporation of America Intro to High Availability / Fault Tolerant Solutions

SAN TECHNICAL - DETAILS/ SPECIFICATIONS

OVERVIEW. CEP Cluster Server is Ideal For: First-time users who want to make applications highly available

FAULT TOLERANCE FOR MULTIPROCESSOR SYSTEMS VIA TIME REDUNDANT TASK SCHEDULING

Spacecraft Computer Systems. Colonel John E. Keesee

Fault Tolerance in the Internet: Servers and Routers

Module 14: Scalability and High Availability

Dependable Systems. 9. Redundant arrays of. Prof. Dr. Miroslaw Malek. Wintersemester 2004/05

SAN Conceptual and Design Basics

Eloquence Training What s new in Eloquence B.08.00

Intel RAID Controllers

Data Storage - II: Efficient Usage & Errors

Virtual machine interface. Operating system. Physical machine interface

Module: Business Continuity

Embedded Real-Time Systems (TI-IRTS) Safety and Reliability Patterns B.D. Chapter

Distribution One Server Requirements

Availability Digest. Stratus Avance Brings Availability to the Edge February 2009

Avid ISIS

Blackboard Managed Hosting SM Disaster Recovery Planning Document

Microsoft SQL Server on Stratus ftserver Systems

Remote Copy Technology of ETERNUS6000 and ETERNUS3000 Disk Arrays

CS 6290 I/O and Storage. Milos Prvulovic

<Insert Picture Here> Oracle In-Memory Database Cache Overview

Chapter 10 Troubleshooting

Promise of Low-Latency Stable Storage for Enterprise Solutions

Chapter 11 I/O Management and Disk Scheduling

White paper. ATCA Compute Platforms (ACP) Use ACP to Accelerate Private Cloud Deployments for Mission Critical Workloads. Rev 01

Integrated Application and Data Protection. NEC ExpressCluster White Paper

RAID Technology Overview

Solution Brief Availability and Recovery Options: Microsoft Exchange Solutions on VMware

Technical Note. Dell PowerVault Solutions for Microsoft SQL Server 2005 Always On Technologies. Abstract

IncidentMonitor Server Specification Datasheet

The functionality and advantages of a high-availability file server system

Cloud Storage. Parallels. Performance Benchmark Results. White Paper.

How To Improve Performance On A Single Chip Computer

DELL RAID PRIMER DELL PERC RAID CONTROLLERS. Joe H. Trickey III. Dell Storage RAID Product Marketing. John Seward. Dell Storage RAID Engineering

Price/performance Modern Memory Hierarchy

Westek Technology Snapshot and HA iscsi Replication Suite

Availability Digest. MySQL Clusters Go Active/Active. December 2006

Intel N440BX Server System Event Log (SEL) Error Messages

Architectures and Platforms

C440GX+ System Event Log (SEL) Messages

PSAM, NEC PCIe SSD Appliance for Microsoft SQL Server (Reference Architecture) September 11 th, 2014 NEC Corporation

Input / Ouput devices. I/O Chapter 8. Goals & Constraints. Measures of Performance. Anatomy of a Disk Drive. Introduction - 8.1

Install Instructions and Deployment Options

IBM ^ xseries ServeRAID Technology

How To Create A Multi Disk Raid

SUN SPARC ENTERPRISE M4000 SERVER

Microsoft SQL Server Always On Technologies

Outline. Failure Types

RAID Utility User s Guide Instructions for setting up RAID volumes on a computer with a MacPro RAID Card or Xserve RAID Card.

Business Continuity with the. Concerto 7000 All Flash Array. Layers of Protection for Here, Near and Anywhere Data Availability

SanDisk ION Accelerator High Availability

Disaster Recovery for Oracle Database

Highly Available Mobile Services Infrastructure Using Oracle Berkeley DB

Distributed Architecture of Oracle Database In-memory

HP Proliant BL460c G7

EMC VPLEX FAMILY. Continuous Availability and data Mobility Within and Across Data Centers

An Oracle White Paper January A Technical Overview of New Features for Automatic Storage Management in Oracle Database 12c

EMC MID-RANGE STORAGE AND THE MICROSOFT SQL SERVER I/O RELIABILITY PROGRAM

The Benefits of Virtualizing

760 Veterans Circle, Warminster, PA Technical Proposal. Submitted by: ACT/Technico 760 Veterans Circle Warminster, PA

LSI SAS inside 60% of servers. 21 million LSI SAS & MegaRAID solutions shipped over last 3 years. 9 out of 10 top server vendors use MegaRAID

MultiPARTES. Virtualization on Heterogeneous Multicore Platforms. 2012/7/18 Slides by TU Wien, UPV, fentiss, UPM

Technical White Paper ETERNUS DX8700 S2 Hardware Architecture

Virtuoso and Database Scalability

TECHNOLOGY BRIEF. Compaq RAID on a Chip Technology EXECUTIVE SUMMARY CONTENTS

Chapter 14: Recovery System

Models Smart Array 6402A/128 Controller 3X-KZPEC-BF Smart Array 6404A/256 two 2 channel Controllers

HA / DR Jargon Buster High Availability / Disaster Recovery

High Availability Databases based on Oracle 10g RAC on Linux

Centralized Systems. A Centralized Computer System. Chapter 18: Database System Architectures

Oracle on System z Linux- High Availability Options Session ID 252

CS 61C: Great Ideas in Computer Architecture. Dependability: Parity, RAID, ECC

An Oracle White Paper November Oracle Real Application Clusters One Node: The Always On Single-Instance Database

RAID Utility User Guide. Instructions for setting up RAID volumes on a computer with a Mac Pro RAID Card or Xserve RAID Card

PARALLELS CLOUD STORAGE

Operating Systems 4 th Class

Enhancing IBM Netfinity Server Reliability

MEDIAROOM. Products Hosting Infrastructure Documentation. Introduction. Hosting Facility Overview

High Availability Solutions for the MariaDB and MySQL Database

IBM System Storage DS5020 Express

The Advantages of Multi-Port Network Adapters in an SWsoft Virtual Environment

QuickSpecs. HP Smart Array 5312 Controller. Overview

RAID technology and IBM TotalStorage NAS products

Transcription:

FAULT TOLERANT SYSTEMS http://www.ecs.umass.edu/ece/koren/faulttolerantsystems Part 18 Chapter 7 Case Studies Part.18.1 Introduction Illustrate practical use of methods described previously Highlight fault-tolerance aspects of six different computer systems NonStop Tandem/HP Stratus IBM G5 IBM Sysplex Intel's Itanium Intel s Xeon Oracle s and Fujitsu s SPARC All have various fault-tolerance techniques implemented in their design High-level description - no comprehensive low-level details Part.18.2 Page 1

NonStop Systems - Principles Goal: online transaction processing reliable real-time operation Design principles Modularity: HW & SW modules of failure, diagnosis, service and repair Fail-fast operation: modules works properly or stops» Self-checking HW Single-failure tolerance Online Maintenance: disconnect/connect with no disruption Part.18.3 NonStop Systems Architecture (1) Cluster of computers up to 16 per cluster Computer: CPU, memory (own OS copy), bus, IO Extensive error checking CPU for fail-safe» parity check & prediction» Serial-scan registers for testing Hamming code in memory SEC/DED» Parity on address» Cache retry for transient errors» Spare module for permanent errors Parity checking in datapath» Parity prediction for simple arithmetic operations, e.g, add» Multiply redo with operands exchanged and one shifted Recomputing with shifted operands also detects permanent faults Part.18.4 Page 2

NonStop Systems Original Architecture Part.18.5 NonStop Systems Architecture (2) CPUs communicate through dual Dynabuses Disks dual ported controller connected to 2 CPUs Dual ported IO devices & dual ported controllers 4 paths Data parity checked + watchdog timer detects controller stops Two power supplies + battery backups Disk mirroring 8 paths for read/write Data checksum for error detection mirroring for recovery Part.18.6 Page 3

NonStop - Maintenance and Repair Aids Automatically detect errors, analyze and report to remote support centers Maintenance processor Collects failure info and report to remote center Reconfigure system in response to failures Capable of fault diagnosis using a knowledge database Monitors sensors for voltage, temperature, fans etc Diagnostic unit in each CPU Monitors & reports to Maintenance processor Can force CPU to single-step and can access scan paths Can generate pseudo-random tests and run them Part.18.7 NonStop Systems - Software Process pairs primary fault-tolerance scheme OS generates a backup process for each new primary process Checkpoints taken during execution sent to backup process If primary fails, OS orders backup to start Disk access also through primary/backup process pair CPUs check on each other "I am Alive" messages/second to all including itself If missing CPU declared faulty & communication stopped Transaction monitoring module to guarantee ACID Atomic all or none database (DB) updates executed Consistent successful transaction preserves DB consistency Isolated events within a transaction isolated from other transactions Durable once transaction commits, its result survives failures Software failures consistency tests in each module, upon a failure detection processor halted and the backup started Part.18.8 Page 4

NonStop Systems Modified Architecture Part.18.9 NonStop Architecture Modifications COTS µproc instead of custom-designed No self-checking circuits to support fast-fail Lockstep operation of pairs memory op executed only if both requests identical Packet-switched ServerNet 2 independent fabrics High bandwidth and low latency Better support for detection & isolation of errors» CRC per packet checked by each router flagged if error Lockstep no longer practical Multiple clocks on chip & asynchronous interfaces Variable voltage/frequency for power management Soft error handling Multiple cores failure in one will disrupt all Loose lockstep only compare outputs of IO operations Allow TMR configurations Part.18.10 Page 5

Stratus Systems Similarities to NonStop Units replication avoid single points of failure Mainly relies on hardware redundancy Use pair-and-spare (2 CPUs in lockstep) Upon pair mismatch it declares itself faulty Only IO outputs compared Part.18.11 Stratus Systems - Details TMR configurations allowed Memories also duplicated (unlike NonStop) Device drivers hardened Sanity checks on inputs to IO devices Upon system crash automatic reboot Dump memory to disk for analysis Report faults to remote support center If permanent fault detected ship hot swappable parts. Part.18.12 Page 6

IBM G5 Processor Fault tolerance in CPU, memory and IO to recover from transient faults CPU and IO replication Hardware support for rollback recovery Memory error detection and correction codes (ECCs) CPU: I and E units duplicated & lockstep; R unit stores checkpointed state to allow rollback registers use ECC Write to L1 cache also written to L2 serves as backup Memory and L2 use (72,64) SEC/DED Hamming code Address bus uses one parity bit per 24 bits Memory scrubbing to prevent accumulation of transients Spare DRAM to replace mulfunctioning memory chip L1 uses simple parity Responses to errors Local errors in registers and L2 corrected using ECC Errors in L1 detected (parity) and line replaced from L2 Errors in processor instruction retry If recovery fails checkpoint data transferred to spare processor Part.18.13 IBM Sysplex Up to 32 nodes Each node single or multi-processor Shared storage multiple disk systems Redundant connections to disks Storage uses coding or replication Node send periodically "I am alive" Upon a node failure try to restart node & restart applications executed on that node Part.18.14 Page 7

IBM Sysplex Automatic Restart Manager (ARM) When a node fails ARM takes charge Balance the load when migrating processes Check whether failed nodes are down avoid duplicates Not allow node that lost access to global state restart disallow duplicates ARM support hot standby mode Primary and secondary for given application When primary fails, secondary takes over immediately Part.18.15 Intel's Itanium 64-bit Explicitly Parallel Instruction Computer (EPIC) VLIW Extensive use of ECCs L1 (I & D): byte-parity. Upon error cache invalidated L2: (72,64) SEC/DED Hamming for data, parity for tag Same for L3 If an error is not hardware-correctable If error containment required bus reset If not Machine Check Abort Error handling done layer by layer Hardware layer Processor abstraction layer System abstraction layer Uncorrectable erroneous data marked as such (data poisoning) At the L2 level Itanium used in recent designs of NonStop and other faulttolerant systems Part.18.16 Page 8

Part.18.17 Intel's Xeon E7 (servers) Up to 10 cores and 20 threads Support for self-monitoring and self-healing The HW FT features communicate with the SW/OS Inform OS after error correction for logging and analysis (e.g., identify failing memory chips that should be replaced) OS may abort a task upon an uncorrectable error Main emphasis on memory - claimed to be responsible for most errors ECC in memory, caches and registers Memory scrubbing correct or tag as poisoned to prevent spreading of error Memory thermal throttling reduce access rate when overheating Selective memory mirroring Spare memory unit failing unit s contents copied to spare System interconnect (cores and I/O): CRC detecting burst errors of up to 8 bits retry if error detected Can reduce the width to half if error persists Migrating workload to a spare core if a CPU or its memory fail Oracle s SPARC M6 (2013) Parity Registers & Busses CRC external links (retry) Cache units ECC for data Parity for address Memory ECC Scrubbing to prevent accumulation of soft errors Word line failure OS retires page Bit line failure use spare column Part.18.18 Page 9

INT/FP registers ECC Other registers - parity Cache units ECC for data Parity for address Dynamic degradation ALU Residue Instruction retry Core dynamic degradation Fujitsu s SPARC X+ (2013) Part.18.19 Page 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information