The present invention relates to the field of data storage. More particularly, the present invention relates to a data redundancy technique for data storage.
Remote mirroring is a data redundancy technique for coping with storage system failures. A copy of data, sometimes referred to as a ‘primary’ or ‘local’ copy, is updated, for example, as it is accessed by an application program. A redundant copy of the data, sometimes referred to as a ‘secondary’ or ‘slave’ copy of the data, usually at a remote site, is updated as well. When a failure occurs that renders the primary copy unusable or inaccessible, the data can be restored from the secondary copy, or accessed directly from there.
Conventional schemes for remote mirroring tend to maintain the primary and secondary copies of the data synchronized. Thus, when a failure occurs at the primary site, data loss is minimized because the secondary copy matches the data that was stored at the primary site. However, when an error occurs that results in data corruption at the primary site, such as a software error, these schemes tend to quickly propagate the error. This results in corrupted data at the secondary site.
U.S. Pat. No. 6,260,125 discloses an asynchronous disk mirroring system in which a first-in, first-out (FIFO) write queue receives write requests directed to a first storage volume. Write transactions received from the write queue are directed over a network to the secondary mirrored volume. Because overwrites are allowed before queued transactions have been forwarded to the secondary mirrored volume, certain failures can be unrecoverable. For example, assume a network failure occurs between the sites but the primary site continues operation, including performing overwrites for queued transactions. Then, the network becomes available again and the secondary mirrored volume is updated. While the secondary copy is being updated, but before the updating is complete, the primary site becomes inoperable. At this point, because the write-ordering of transactions has not been preserved, the secondary site can be left with a partially-updated copy that is not recoverable.
Therefore, what is needed is an improved technique for redundant data storage. It is to this end that the present invention is directed.