HP serviceguard t2808-90006 manual 81

Configuring your Environment for Software RAID

Configuring the Package Control Script and RAID Configuration File

Now consider an XDC configuration such as that shown in Figure 1-3(DWDM links between data centers). If DC1 fails such that links A and B both fail simultaneously, and DC1's connection to the Quorum Server fails at the same time, Serviceguard ensures that DC2 survives and the package fails over and runs with DC2 local storage.

But if DC1's links A and B fail, and later DC1's link to the Quorum Server fails, then both sets of nodes (DC1 and DC2) will try to obtain the cluster lock from the Quorum Server. If the Quorum server chooses DC1 (which is about to experience complete site failure), then the entire cluster will go down.

But if the Quorum Server chooses DC2 instead, then the application running on DC1 will not be able to write to the remote storage but will continue to write to its local (DC1) storage until site failure occurs (at t3). If the network is set up in such a way that the application cannot communicate with its clients under these circumstances, the clients will not receive any acknowledgement of these writes. HP recommends you configure the network such that when links between the sites fail, the communication links to the application clients also go down.

If the network is configured to prevent the application from communicating with its clients under these circumstances, the clients will not receive any acknowledgement of these writes and after the failover will re-transmit them, and the writes will be committed and acknowledged at DC2. This is the desired outcome; HP recommends you configure the network such that when links between the sites fail, the communication links to the application clients are also shut down.

In the case of an XDC configuration such as that shown in Figure

1-4, there is an additional variable in the possible failure scenarios. Instead of a DWDM link, in this configuration there are two separate LAN and FC links which can experience failure independent of each other. If the network links between the sites fail within a very short period (on the order of 1 second) after t1 (after the storage links had failed), the XDC software on DC1 will not have time to inform the XDC on DC2 of the failure. So DC2 assumes that there were no updates after t1, but there may have been.

When this scenario occurs, disk writes continue on DC1 until t3. In this case, the effective value of the RPO_TARGET parameter is greater than the expected value of 0.