Re: Wondering about raid5
From: Kasper Dupont (kasperd_at_daimi.au.dk)
Date: 04/13/04
- Next message: Kasper Dupont: "Re: IKBOCS - Object Oriented Operating System"
- Previous message: Luca T.: "Re: Questions about file-locking"
- In reply to: P.T. Breuer: "Re: Wondering about raid5"
- Next in thread: P.T. Breuer: "Re: Wondering about raid5"
- Reply: P.T. Breuer: "Re: Wondering about raid5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 13 Apr 2004 23:19:22 +0200
"P.T. Breuer" wrote:
>
> It will happen. Silent corruption, silent data creep - those are all
> terms known in the data storage business. To fix it you will need to
> have extra redundancy :-).
Actually I have considered writing a program to
periodically compute checksums of every single
file on my filesystems. If a checksum then
changes without the timestamp changing you know
there is reason to worry.
> >
> > The order of the writes cannot make a difference. I don't
> > care what is in the last sector written (or the last few
> > sectors even). A journaling filesystem could take care of
>
> Journalling does not do any magic either - it cannot guarantee
> that something is written after it leaves the journal cache, it
> can only send it out.
Of course all security here relies on the
assumption, that if a write is send to the disk
and the power stays on for another few seconds,
then the data will be written. If you lose
power right after a sector from the journal is
written, it will be written again at next bootup.
>
> > that. I worry about the rest of the stripe.
>
> There are raid systems that reread the written data after writing it,
> just to be sure, but generally you will also be liable to data
> corruption at the disk level. For journalling too - if you tell the
> disk to write 45 and it really writes 44, nobody will know until next
> time ...
But those are not the problems I'm considering.
The possibility of differences between the bytes
written in a sector and the bytes later read
back from that sector exists, but then you might
as well have the same corruption going on in RAM.
What I'm worrying about is perfectly functional
hardware, but damage happening because of the
nonatomicity of writes to the different disks.
But from the explanations I got it seems there
is a dirty bit to take care of that, so I guess
I have no need to worry.
>
> Possibly. There's much worse -I don't believe write order is presrved
> in any sense through the kernel raid layers, so journalling file
> systems would corrupt on their own, even working perfectly (I may be
> wrong, but I have examined the code and not seen anything that maintains
> ordering - remember that requests to the raid device are marshalled and
> copied to slave devices before being acked, but this is at an
> individual level, and there is nothing to say that the requests cannot
> arrive at the slaves out of order).
There have also been talk about reordering happening
in the disks themselves. How about hardware RAID
boxes, how do they handle this stuff?
>
> >
> > If power was lost at the wrong time, there will be an
> > inconsistency. But of course if the raid is marked dirty
> > and an unclean shutdown results in a recalculation of all
> > parity sectors, the inconsistency would be fixed. So what
> > does the system do? Doesn't trust any parity sectors until
> > recalculation have completed? That means any read/write
> > would have to be done the hard way. Or does it keep track
> > of how far it have recalculated and just avoid parities
> > above that?
>
> If you break a raid system before parity recalculation is complete, it
> is very nicely broken indeed. At that point what to do is largely up to
> you, the admin.
What do you mean by breaking? I'm just considering
normal use of the system within the first hour of
restoring happening after a powerfailure.
>
> Well, you mean raid creating a confusion, because it has two sources of
> data? Yes, you can now corrupt the corroboratative data as well as the
> data.
I'm not talking about corruption of data on the
physical disks. I'm only talking about corruption
of logical sectors happening without being caused
by corruption of a physical sector.
> But that's only 50% more danger over the danger of data corruption
> alone (3 disks), and you can now expect to lose a whole disk without data
> loss if you don't hit that one unlucky moment.
Yes I know.
> The unlucky moment is
> 50% more likely, but it was only a 1000:1 chance anyway!
The situation I described is not unlikely. But it
seems to have been taken care of. Inefficient, but
shouldn't happen too often.
If you lose power in the midle of sequence of small
writes, the situation I describe would happen with
a 50% chance.
> And the risk
> of losing one of two disks is something like 50% per year!
I don't think it is *that* high, but it is too high
to ignore.
-- Kasper Dupont -- der bruger for meget tid paa usenet. For sending spam use mailto:aaarep@daimi.au.dk /* Would you like fries with that? */
- Next message: Kasper Dupont: "Re: IKBOCS - Object Oriented Operating System"
- Previous message: Luca T.: "Re: Questions about file-locking"
- In reply to: P.T. Breuer: "Re: Wondering about raid5"
- Next in thread: P.T. Breuer: "Re: Wondering about raid5"
- Reply: P.T. Breuer: "Re: Wondering about raid5"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
