1. Field of the Invention
The present invention relates to networked storage systems, and more particularly to allocating spare disks in networked storage systems.
2. Background Information
A file server is a computer that provides file service relating to the organization of information on storage devices, such as disks. The file server orfiler includes a storage operating system that implements a file system to logically organize the information as a hierarchical structure of directories and files on the disks. Each “on-disk” file may be implemented as a set of data structures, e.g., disk blocks, configured to store information. A directory, conversely, may be implemented as a specially formatted file in which information about other files and directories are stored.
A filer may be further configured to operate according to a client/server model of information delivery to thereby allow many clients to access files stored on a server. In this model, the client may comprise an application, such as a database application, executing on a computer that connects to the filer over a computer network. This computer network could be a point to point link, a shared local area network (LAN), a wide area network (WAN) or a virtual private network (VPN) implemented over a public network such as the Internet. Each client may request the services of the file system on the filer by issuing file system protocol messages (typically in the form of packets) to the filer over the network.
The disk storage typically implemented has one or more storage “volumes” comprised of a cluster of physical storage disks, defining an overall logical arrangement of storage space. Currently available filer implementations can serve a large number of discrete volumes (150 or more, for example). Each volume is generally associated with its own file system. The disks within a volume/file system are typically organized as one or more groups of Redundant Array of Independent (or Inexpensive) Disks (RAID). RAID implementations enhance the reliability and integrity of data storage through the redundant writing of data stripes across a given number of physical disks in the RAID group, and the appropriate caching of parity information with respect to the striped data. In the example of a known file system and process, a RAID 4 implementation is advantageously employed. This implementation specifically entails the striping of data across a group of disks, and separate parity caching within a selected disk of the RAID 4 group.
Each filer “owns” the disks that comprise the volumes that the filer services. This ownership means that the filer is responsible for servicing the data contained on the disks. If the disks are connected to a switching network, for example, a Fibre Channel switch, all of the filers connected to the switch are typically able to see, and read from, all of the disks connected to the switching network. However, only the filer that owns the disks can write to the disks. In effect, there is a “hard” partition between disks that are owned by separate filers that prevents a non-owner from writing to a disk.
This ownership information is stored in two locations. In the example of a known file system, each disk has a predetermined sector named sector S that contains the definitive ownership information. In one embodiment, sector S is sector zero of the disk. The second source of this ownership information is through the use of Small Computer System Interface (SCSI) level 3 reservations. These SCSI-3 reservations are described in SCSI Primary Commands-3, by T10 of the National Committee for Information Technology Standards, which is incorporated fully herein by reference. This method for implementing disk ownership is described in commonly owned U.S. patent application, Ser. No. [Atty. Docket No. 112056-0007], by Sue Coatney, et al., which is hereby incorporated by reference.
The combination of sector S and SCSI-3 reservation ownership information is often shown in the following format <SECTORS, SCSI>, where SECTORS denotes the ownership information stored in sector S and SCSI is the current holder of the SCSI-3 reservation on that disk. Thus, as an example, if sector S and the SCSI-3 reservation of a disk both show that the disk is owned by a filer, arbitrarily termed “Green,” that disks' ownership information could be denoted <G,G>, where “G” denotes green. If one of the ownership attributes shows that the disk is unowned, a U is (arbitrarily) used, i.e. <G,U>for a disk whose SCSI-3 reservations do not show any ownership.
Many networked storage systems include a plurality of disks that are not currently being utilized by any filer in a volume. For example, if these non-utilized disks are designated as “spare” disks that can be allocated by any filer in the event of a disk failure in a volume, a new volume is to be created, or an existing volume is to be expanded. In prior storage system implementations, each filer had its own group of spare disks attached directly to each filer. This resulted in a noted disadvantage in that spares were only available on a filer by filer basis. If a disk failed, the filer would choose a spare disk available to the filer to replace the failed disk. This case would arise where a particular filer would run out of spare disks, but other filers in the system still have excess spare disks.
Accordingly, it is an object of the present invention to provide a system and method for allocating spare disks in a network storage system such that multiple filers can access spares across various switches and switching networks. The system and method should work to select the “best” spare disk according one or more rules and a set of policies that can be prioritized by desirability according to the user.
This invention overcomes the disadvantages of the prior art by providing a system and method for allocating spare disks in a networked storage system such that each filer in a networked storage system can access and utilize any spare disk attached to the networked system. In the event of a disk failure, a storage operating system will utilize the novel method of choosing the “best” spare disk within the storage system. The spare disks are selected based upon one or more rules and a plurality of policies.
The spare disks that satisfy the one or more rules are first selected from the entire spare disk pool. Then these spare disks are sorted and ranked according to an ordered set of policies. The policies can be user-ordered to satisfy various desires of the user. Once the disks are sorted, the highest-ranked spare disk is selected as the disk to allocate to replace the failed or malfunctioning disk. In the event that multiple disks are evenly ranked after all of the sorting has occurred, one of the highest-ranked disks is randomly selected to be allocated.
The system and method may also be utilized by a process or program running within a storage operating system to analyze a volume on a file server to determine if the disks which comprise the volume are optimally arranged. In an alternative embodiment, the disks are then rearranged into the optimal configuration.
The above and further advantages of the invention may be better understood by referring to the following description in conjunction with the accompanying drawings in which like reference numerals indicate identical or functionally similar elements:
A. Network Environment
Exemplary filers, including green, red, blue and yellow filers 120, 122, 124 and 126 respectively, are connected to the LAN 102. These filers, described further below, are file servers configured to control storage of, and access to, data in a set of interconnected storage volumes. As described further below, each volume is typically organized to include one or more RAID groups of physical storage disks for increased data storage integrity and reliability. Each of the devices attach to the LAN include an appropriate conventional network interface arrangement (not shown) for communicating over the LAN using desired communication protocols such as the well-known Transport Control Protocol/Internet Protocol (TCP/IP), User Datagram Protocol (UDP), Hypertext Transfer Protocol (HTTP), or Simple Network Management Protocol (SNMP).
The filers are also connected to a plurality of switches S1, S2, S3. The switches are preferably fibre channel switches each connected to one or more fibre channel loops 130, 132, 134 and 136. The physical disks 140 that comprise the volume served by the filers are attached to the loops. An exemplary switch S3 is shown as being 10 kilometers from switch S2. This distance should not be taken as absolute, but rather as an illustrative long distance to signify that switches may be located in locations remote from each other.
B. File Servers
In the illustrative embodiment, the memory 204 may have storage locations that are addressable by the processor and adapters for storing software program code where data structures associated with the present invention. The processor and adapters, may in turn, comprise processing elements and/or logic circuitry configured to execute the software code and manipulate the data structures. The storage operating system 212, portions of which are typically resident in memory and executed by the processing elements, functionally organize a filer by invoking storage operations in support of a file service implemented by the filer. It will be apparent to those skilled in the art that other processing and memory implementations, including various computer-readable media, may be used for storing and executing program instructions pertaining to the inventive technique described herein.
The network adapter 206 comprises the mechanical, electrical and signaling circuitry needed to connect the filer to a client over the computer network, which as described generally above, can comprise a point-to-point connection or a shared medium such as a LAN. A client can be a general-purpose computer configured to execute applications including file system protocols, such as the Common Internet File System (CIFS) protocol. Moreover, the client can interact with the filer in accordance with the client/server model of information delivery. The storage adapter cooperates with the storage operating system 212 executing in the filer to access information requested by the client. The information may be stored in a number of storage volumes (Volume 0 and Volume 1), each constructed from an array of physical disks that are organized as RAID groups (RAID GROUPs 1, 2 and 3). The RAID groups include independent physical disks including those storing a striped data and those storing separate parity data (RAID 4). In accordance with a preferred embodiment RAID 4 is used. However, other configurations (e.g., RAID 5) are also contemplated.
The storage adapter 208 includes input/output (I/O) interface circuitry that couples to the disks over an I/O interconnect arrangement such as a conventional highspeed/high-performance fibre channel serial link topology. The information is retrieved by the storage adapter, and if necessary, processed by the processor (or the adapter itself) prior to being forwarded over the system bus to the network adapter, where the information is formatted into a packet and returned to the client.
To facilitate access to the disks, the storage operating system 212 implements a file system that logically organizes the information as a hierarchical structure of directories in files on the disks. Each on-disk file may be implemented as a set of disk blocks configured to store information such as text, whereas the directory may be implemented as a specially formatted file in which other files and directories are stored. In the illustrative embodiment described herein, the storage operating system associated with each volume is preferably the NetApp® Data ONTAP operating system available from Network Appliance Inc. of Sunnyvale, California that implements a Write Anywhere File Layout (WAFL) file system. The preferred operating system for the exemplary filer is now described briefly. However, it is expressly contemplated that the principles of this invention can be implemented using a variety of alternate operating system architectures.
C. Storage Operating System
As shown in
In addition, the storage operating system 212 includes a disk storage layer 316 that implements a disk storage protocol such as a RAID protocol, and a disk driver layer 318 that implements a disk access protocol such as e.g., a Small Computer System Interface (SCSI) protocol. Included within the disk storage layer 316 is a disk ownership layer 320, which manages the ownership of the disks to their related volumes.
As used herein, the term “storage operating system” generally refers to the computer-executable code operable on a storage system that implements file system semantics (such as the above-referenced WAFL) and manages data access. In this sense, ONTAP software is an example of such a storage operating system implemented as a microkernel. The storage operating system can also be implemented as an application program operating over a general-purpose operating system, such as UNIX® or Windows NT®, or as a general-purpose operating system with configurable functionality, which is configured for storage applications as described herein.
Bridging the disk software layers with the network and file system protocol layers is a file system layer 324 of the storage operating system. Generally, the file system layer 324 implements the file system having an on-disk file format representation that is block-based. The file system generates operations to load/retrieve the requested data of volumes if it is not resident “in-core”, i.e., in the filer's memory. If the information is not in memory, the file system layer indexes into the inode file using the inode number to access an appropriate entry and retrieve a logical block number. The file system layer then passes the logical volume block number to the disk storage/RAID layer, which maps out logical number to a disk block number and sends the later to an appropriate driver of a disk driver layer. The disk driver accesses the disk block number from volumes and loads the requested data into memory for processing by the filer. Upon completion of the request, the filer and operating system return a reply, e.g., a conventional acknowledgement packet defined by the CIFS specification, to the client over the network. It should be noted that the software “path” 350 through the storage operating system layers described above, needed to perform data storage access for the client received the filer, may ultimately be implemented in hardware, software or a combination of hardware and software.
Within the ownership layer 320 is a spare disk layer 322. Notably, the spare disk layer 322 operates to efficiently allocate spare disks accessible by the filer to replace a failed disk according to one or more rules and a set of policies.
D. Spare Disk Allocation
Volume 1, comprised of three disks D1, D2 and D4, all of which are connected to fibre channel loops connected to switch one S1. Volume 1′, a mirror of Volume 1, comprises disks D10, D11 and D13, all of which are connected to fibre channel loops connecting to switch two S2.
If in the event of a disk failure, for example, the failure of disk D1, the spare allocation layer of the disk ownership layer 320 allocates one of the unowned and spare disks attached to the system. This allocation will occur to permit the storage operating system to then reconstruct the data onto the spare disk using the processes defined within the RAID standards. These disks are selected according to a novel procedure employing one or more rules and a set of policies. In an illustrative embodiment, all of the spare disks attached to the network storage system are a common resource. Any filer may allocate any spare disk.
The process for selecting spare disks should not override the significant desire to reconstruct the volume containing the failed disk as soon as possible, thereby avoiding the possibility of another disk failure and causing an undesirable double disk failure. Thus, if there are no spare disks available which match the desired constraints, the spare allocation layer will use any available spare, even one that violates one of the rules. The allocation layer, if it uses a spare disk that does not match the desired constraints, alerts the administrator to enable the administrator to take action to provide a more suitable disk at a later time.
In an exemplary embodiment, one or more rules for selecting spare disks are defined. The rules are preferably hard-coded and not user adjustable. In this embodiment, the rules are designed for ensuring data integrity by providing redundancies within the data transfer path. Conversely, the policies are not hard-coded and can be user ordered so to configure the spare selection procedure according to the user's desires.
In an illustrative embodiment, there is a rule that is designed to work with volumes that are mirrored, for example Volume 1 and Volume 1′. Mirroring is intended to deal with catastrophic failures of disk subsystems. The two halves of the mirror are required to be within different fault domains, i.e., they do not share disks, shelves, ports, switches or adapters, and can therefore be tolerant of a failure of any or all of these. Thus, if disk one D1 fails, the rule would not permit any of the disks connected to switch S2, where the disks for Volume 1′ are located, from being utilized
The policies can be user prioritize on a per volume basis. In an embodiment, the user specifies options via a command line using an exemplary command:
vol options vol1 SPAREPOLICY policy1, policy2, . . .
This command would set policyl as the first policy to filter disks based upon, with policy2 being the second. The policies can be ordered in any way. If the user does not order all of the policies, the process only utilizes those that have been ordered. Alternately, the non-user ordered policies are utilized after the user-ordered policies.
It should be noted that other user interfaces are expressly contemplated, including a graphical user interface that permits the user to order the policies.
In an illustrative embodiment, the policies that can be ordered include proximity, size, and speed performance. It should be noted that additional policies could be utilized in accordance with the teaching of the present invention.
The proximity policy deals with having the spare disk be physically closer to other disks in the volume. Proximity is defined by a four-level hierarchy:
1. The shelf on which the failed disk is located;
2. Another shelf on the same loop on which the failed disk is located;
3. A loop/shelf/disk on the switch which the disk is located; and
4. A disk in the same location.
A “location” is a set of switches that the user specifies as being in the same physical place. For example, switches S1 and S2 could be identified as being in the same location. The third switch S3 could be defined as being in a different location, as it is illustratively shown to be 10 kilometers away from switches S1 and S2.
The size policy allows the user to control the size of any chosen spare disk. The size policy chooses a spare disk which is large enough to replace the dead disk, but no larger. For example, if the disk that fails is 9 gigabytes (GB) in storage size, and the spare disks attach to the filer include ones of 15 GB, 30 GB and 50 GB in storage size, the size policy would prefer the 15 GB disk. This size policy is to help eliminate wasted space on disks. For example, if a 10 GB disk is used to replace a 5 GB disk, the file server would not typically utilize the “extra” 5 GB. Thus, it is often desirable to minimize this unutilized space.
The speed policy allows a user to select between disks having different speeds (e.g., spin speeds and/or data read/write speeds). Thus, for example if a volume is composed of a number of disks having a high speed, and two otherwise equal disks are available, one having a high speed and the other a low speed the speed policy would prefer the higher speed disk. Similarly, if a volume is composed of lower speed disks the speed policy would prefer lower speed disks over faster speed disks to avoid wasting the high-speed disk.
It is expressly contemplated that other policies can be utilized in accordance with the teachings of the present invention.
In an illustrative embodiment, the default ordering of the policies is proximity, size, speed, and other policies.
If there are disks that satisfy the rules, the spare disks are sorted by the first ranked policy in step 720. This first ranked policy is either the default first policy (i.e. proximity), or if the user has modified the ordering, the user-selected first policy. Next, in step 725, the spare disks are checked to determine if there are multiple disks that are equally good, i.e. there is more than one disk that is equally ranked after sorting. If there are no equally ranked disks, the spare allocation layer 322 chooses the best disk (step 730). Otherwise, the equally ranked disks are sorted by the second policy in step 735. This second policy default is size in one embodiment if the user has not modified the ordering of the policies. Again, in step 740 a determination is made if there are still equally ranked disks. If there is only one “best” disk, it is selected in step 745. Otherwise, the equally ranked disks are sorted by the third ranked policy in step 750. In one embodiment, this third policy defaults to speed unless the user has modified the ordering of the policies.
The disks are then checked to determine if there are equally ranked disks (step 755). If there are no equally ranked disks after the sort, the best disk is selected in step 760. If there are still equally ranked disks, the disks are sorted by any additional polices in step 765. This sort is equivalent to the previous three sorts. If, after the disks have been sorted by all of the policies, there are still disks that are equally ranked as the best disk, one of the equally ranked disks is randomly selected to be allocated in step 770.
In a preferred embodiment, a background process within the ownership layer 320 runs a periodic check of all volumes served by that particular filer to determine if the disks associated with a volume are optimal. If the background process finds non-optimal arrangements, notification is sent to the system administrator. A further extension of this background process alerts the system administrator of the most-optimal configuration of the disks available. It should be noted that it is expressly contemplated according to an alternate embodiment that this background process automatically rearranges the disks comprising the volumes to produce the most-optimal configuration in accordance with the rules and policies. Optimal is used herein to mean that the disks comprising the volume are configured in such a way to satisfy the policies.
The foregoing has been a detailed description of the invention. Various modifications and additions can be made without departing from the spirit and scope of this invention. Furthermore, it is expressly contemplated but the process is shown and described according to this invention can be implemented as a software, consisting of a computer-readable medium including program instructions executing on a computer, as hardware or firmware using state machines and the a like, or as a combination of hardware, software and firmware. Additionally, it is expressly contemplated that additional rules and/or policies may be implemented in accordance with this invention. Accordingly, this description is meant to be taken only by way of example and not to otherwise limit the scope of this invention.
This application is a Continuation of U.S. Ser. No. 10/027,013, filed on Dec. 21, 2001 by Alan L. Rowe et al.
Number | Date | Country | |
---|---|---|---|
Parent | 10027013 | Dec 2001 | US |
Child | 11633382 | Dec 2006 | US |