1) Field of the Invention
The present invention relates to a technology for ensuring validity of data in an external storage apparatus.
2) Description of the Related Art
In recent years, with various types of data being converted into electronic form and handled on computers, a disk array apparatus serving as an external storage apparatus capable of efficiently storing a large amount of data independently from the computers has become more important. By the adoption of redundant arrays of inexpensive disks (RAID) technologies, such a disk array apparatus is able to provide increased reliability over that of a simple disk apparatus. Also, with a cache being generally incorporated, the disk array apparatus allows data access time to be shortened.
In the RAID technologies, reliability is increased by using a scheme of storing the same data on a plurality of disks (RAID-1), a scheme of storing parity information in disks on a decentralized manner (RAID-5), or other schemes. Most of the current disk array apparatuses have adopted a scheme of ensuring reliability by adding check code to data.
This is done by adding, to a data block of 512 bytes, cyclic redundancy check (CRC) code calculated from the data and a block ID indicative of data position information. Such CRC code and block ID may be collectively referred to as block check code (BCC), acting as check code for the data block. The CRC is obtained by performing a predetermined calculation on the data of 512 bytes and a predetermined value called a “seed”. Also, the block ID is defined for a byte data block of first 512 bytes. For a data block of the next 512 bytes, the block ID is incremented by “1” (+1). The BCC is standardized also in American National Standards Institute (ANSI) such that check code including CRC code of two bytes and a block ID of six bytes (check code including Meta Tag of two bytes and Reference Tag of four bytes) is known as T10 code.
Such a conventional disk array apparatus is described below with reference to FIG. 14. FIG. 14 is a block diagram of the structure of a disk array system using a conventional disk array apparatus. As shown in FIG. 14, a disk array apparatus 100 is connected to two host computers, that is, a host computer A 102A and a host computer B 102B, via fiber-channel links 104A and 104B, respectively. The disk array apparatus 100 includes a host adaptor A 106A and a host adaptor B 106B each in charge of a host I/F; a cache memory A 108A and a cache memory B 108B; a cache controller A 110A and a cache controller B 110B each managing a cache; a disk adaptor A 112A and a disk adaptor B 112B each in charge of a disk I/F; a switch A 114A and a switch B 114B each providing a connection to a plurality of disks; and a plurality of disk drives A 116A disk drives B 116B.
The cache controller A 110A provides a data transfer route between the host adaptor A 106A and the disk adaptor A 112A, while the cache controller B 110B provides a data transfer route between the host adaptor B 106B and the disk adaptor B 112B. Also between the cache controller A 110A and the cache controller B 110B, a data transfer route (cache-to-cache link) 118 is provided for use in data mirroring between the cache memory A 108A and the cache memory B 108B. The cache memory A 108A and the cache memory B 108B are each implemented by a volatile memory, such as a dynamic random access memory (DRAM). Therefore, a copy of data stored in one cache memory is always stored in the other cache memory, thereby providing a control so as to prevent the data from being lost when a failure occurs. This is called cache mirroring.
FIG. 14 is a block diagram of a conventional disk array system. Here, the case of storing data transmitted from the host computer A 102A in the disk array apparatus is described. The data to be stored in the disk drives A 116A is first transmitted from the host computer A 102A to the host adaptor A 106A. The host adaptor A 106A adds a BCC to the received data, and then transfers the data to the cache controller A 110A.
The cache controller A 110A temporarily stores the received data with the BCC in the cache memory A 108A, and also transfers the received data with the BCC to the cache controller B 110B for storage in the cache memory B 108B, thereby performing a mirroring process. With this, in the cache memory B 108B, the same data as the data stored in the cache memory A 108A is stored. Then, upon completion of mirroring, the cache controller A 110A notifies the host adaptor A 106A that the mirroring process has ended. The host adaptor A 106A then notifies the host computer A that data storing has ended normally.
Furthermore, the data stored in the cache memory A 108A is stored at a predetermined timing in the disk drives A 116A and the disk drives B 116B. At this time, the disk adaptor A 112A checks the BCC added to the data, thereby checking data validity, determining, for example, whether data has been corrupted.
Still further, another technology has been suggested, in which, upon mirroring the data, further mirroring is performed to ensure reliability of the data at the mirroring destination by transmitting a copy of the data not only to the mirroring destination but also to another controlling unit, in which data is checked (see, for example, Japanese Patent Laid-Open Publication No. 2001-175582).
In the conventional technologies described above, mirroring of cache memories is performed to improve reliability. However, if erroneous data, such as data corrupted due to a hardware failure, is written in the cache memory of the mirroring source or if data has been written in an erroneous address of the cache memory, the data stored through mirroring in the cache memory of the mirroring destination loses its reliability accordingly. Therefore, without correct data being stored in the disk array apparatus, the host computer is erroneously notified that the data has been normally stored, thereby causing a problem in data reliability. Moreover, also in the technology disclosed in the Japanese patent publication described above, since data checking is performed after mirroring itself is performed, a process of deleting the mirrored data, a process of re-mirroring, and the like are required even if a failure is found in the data, thereby making the entire process complex.