This invention relates to the field of device control in computer systems, and more particularly to the control of devices shared by computer processor nodes in a network.
In computer systems, device adapters are used to control communication between the computer processor and the various peripheral devices. In the past, device adapters were typically dedicated to the control of a single device by a single computer. In more modern systems, device adapters often form part of a network structure having multiple devices and multiple computers. In the field of device control, while it is desirable to improve the processing capacity and speed of the system, it is often more important to improve the failure-tolerance of the system. This is especially important in the control of shared resources in the modern network of computers, device adapters and devices, which presents a complex set of problems relating to integrity, robustness and recoverability over failures within the system. In solving any of these problems, cost constraints also inevitably play a part in determining the best solution.
Modern computer systems provide for the ability for multiple compute nodes to share access to resources, such as disks or disk controllers. Sometimes, the goal is simply to provide for increased computing capacity, but frequently, the system is also required to be tolerant of a failure of one of the compute nodes. The goal is to provide a system with greater reliability than a system with a single compute node, by removing a single point of failure.
Almost always, to provide meaningful service, a compute node must be capable of updating the shared resource, such as by issuing a write to a disk or disk controller. In order to maintain integrity of the data stored on the shared resource, the compute nodes sharing access must communicate by some means, to ensure they are each aware of the updates that are being performed. The protocols are varied, but can include:
1. Protocols where the resource is understood to be xe2x80x98ownedxe2x80x99 by a single node, which is the only node that can perform updates. The other nodes do not access the resource, except in the event that they detect a failure of the xe2x80x98owningxe2x80x99 node.
2. Protocols where the compute nodes maintain a fine degree of locking control: they negotiate on every update (write) access for exclusive access to a small region of the resource affected to be updated.
Whatever the protocol, there is a fundamental problem when handling a failure of a node, or when a new node appears. When a node fails, the other compute nodes might become aware of the failure when an attempt to communicate with that node fails. At that point, the working nodes wish to continue operation of the shared resource, in the absence of the failed node. This is sometimes known as failover. But the other nodes must be able to ensure that the failed node can no longer access the shared resource, perhaps in the belief that it is the working node, and the other nodes have failed. This problem is particularly difficult, considering that compute nodes typically have multiple paths to a resource (again to provide for greater availability), and that the paths usually contain buffering, to reduce the latency of communications, which mean that access commands can be held at many points between a compute node and the shared resource.
International patent application PCT/US96/17603 further discusses the problems involved here.
An equivalent problem also arises when a previously failed node re-enters the configuration, newly acquiring access to the resource. Here, the arriving compute node must be made to be aware of the fact that it had lost access to the resource, to ensure that it is aware of the loss of access, and that it might need to re-communicate with the working nodes, to ensure that its intended updates are still valid.
The previously mentioned international patent application discloses a scheme which requires the managing compute nodes to maintain knowledge of the set of nodes that have access to a resource at any point in time. The knowledge is used to generate a xe2x80x98keyxe2x80x99 which is used to tag every command that is sent to the disk controller (or other shared resource). The device controller is also aware of the current key, and rejects commands which contain out-of-date keys.
This scheme solves the problem, but introduces a requirement for a new command set, which makes it excessively costly in systems in which it would be preferable to use widely-available, industry-standard components, such as SCSI disks.
In order to address the limitations of the prior art described above, the present invention provides a device adapter for controlling devices in a network comprising computer processor nodes and one or more devices, the device adapter having means for determining whether or not a device state has changed after a failure. Accordingly, in a first aspect, the present invention provides a device adapter in a network having a plurality of device adapters, comprising: means for determining if a device state is changed or unchanged after a failure; means, responsive to a determination that said device state is unchanged, for reestablishing permissions; means, further responsive to a determination that said device state is unchanged, for resubmitting I/O requests; and means, responsive to a determination that said device state is changed, for reintegrating said device adapter with said plurality of device controllers. A preferred feature of the device adapter of the first aspect of the present invention is that said device adapter is operable to control a device using Serial Storage Architecture (SSA) protocols. A further preferred feature of the first aspect is that said device adapter is operable to control a device using Fiber Channel Arbitrated Loop (FC-AL) protocols. A further preferred feature of the first aspect is that said device adapter is operable to control a device using Small Computer Systems Interface (SCSI) disk control means.
In a second aspect, the present invention provides a computer system having one or more devices accessible via a network by one or more computer processing nodes, comprising device adapters of the first aspect.
In a third aspect, the present invention provides a method of controlling one or more devices by a plurality of device adapters in a computer system having a plurality of computer processing nodes, wherein said devices are accessible by said computer processing nodes via a network, said method comprising the steps of: determining if a device state is changed or unchanged after a failure; and responsive to a determination that said device state is unchanged, carrying out the steps of: reestablishing permissions; and re-submitting I/O requests; or responsive to a determination that said device state is changed, reintegrating a device adapter into said plurality of device adapters.
In a fourth aspect, the present invention provides a computer program product, stored on a computer-readable storage medium, for executing computer program instructions to carry out the steps of a method of the third aspect.