Pair of DS5400's with cross-mounted RA90's in AB mode

[Alan's Home for Wayward Notes File.]

In article <1990Aug23.021922.13346 at watcgl.waterloo.edu>, idallen at watcgl.waterloo.edu (Ian! D. Allen [CGL]) writes:
} Is what I'm doing here safe?
} 
} [ A long description of how two RA90s are dual ported between
}   between two different ULTRIX systems. ]
} 
} My question is: is giving each 5400 access simultaneously to a disk going
} to cause problems, even though I don't actually mount any disk on more
} than one CPU?  That is, should I be running with both AB switches
} enabled, or should I really only enable access to one cpu at a time?

	First, a standard semi-official comment.  This is probably
	an untested and therefore unsupported configuration.  If it
	breaks or doesn't work as expected don't be surprised when
	a DEC support person say, "Sorry, not our problem".

	Now for a more useful answer.  One of the nice things about
	the RA series disk is that the A and B ports appear to be
	mutually exclusive.  If you have a disk mounted through one
	you CAN'T get at from the other.  I say "appear" because I
	can't quote chapter and verse from some specification that
	this is the way it will ALWAYS work.  It's probably a feature
	of the hardware electronics, but it may be possible for it to
	break.

	If you pay a great deal of attention to which system has a
	disk mounted and only try touching it when the other doesn't
	see it, then you'll probably be safe.  There will come a point
	when both systems will be able to see the drives, but neither
	has it mounted.  For example:

	System A crashes at some obnoxious hour of the morning and upon
	releasing the port (probably via a controller timeout) system
	B sees the drives.  Nobody is around to do the manual failover
	procedure though and in a few minutes A reboots and sees the
	drives...  Now have both systems able to access the drives.

	System A should via it's reboot fsck the file systems (assuming 
	you have file systems on them) and will remount them when it 
	finishes coming up.  There is though a period of time when both 
	systems have equal access to the drives without either having 
	them mounted.  If the procedure is manual and the operators knows 
	what to expect when part of it fails, then you might not have
	too much of a problem.

	I haven't had the opportunity to spend a lot of time which
	such a configuration so I don't know all the problems that
	might occur.  My personal inclination is that without a lot
	of testing (at each new release of ULTRIX) I'd ensure access
	from only one port at a time, by using the port buttons.
} 
} Having both AB enabled is a great convenience, since I don't have to
} be physically at the machine to push buttons and switch disks over if one
} cpu fails; I just mount the other disks.  But is letting both kernels
} know about the disks at the same time safe?

	"How safe" is the real question?  Having two systems that can get
	to a disk doubles the chance that something can go wrong.  What
	if the hardware that makes A and B exclusive breaks at the same
	time one of the controllers also breaks and starts writting random
	bits?  Not very likely, but it could happen.  Actually you don't
	even have to have the disk break.  If both controllers break at
	about the same, one allows the disk to go offline letting the other
	have access to it you get the same result.

	Have I been negitive enough?  I suspect it's probably safe
	enough, compared to other supported configurations.  I have
	two systems with access to a common HSC.  There is very little
	to prevent me from accidently mounting a file system on a disk
	while the other already has it mounted.  V4.0 has hooks in radisk(8)
	for making this safer.

} -IAN! (Ian! D. Allen) idallen at watcgl.uwaterloo.ca idallen at watcgl.waterloo.edu
}  [129.97.128.64]  Computer Graphics Lab/University of Waterloo/Ontario/Canada


-- 
Alan Rollow				alan at nabeth.enet.dec.com