Method for upgrading running software processes without compromising fault-tolerance
First Claim
1. A method for upgrading a software process, running in a fault-tolerant computer system that comprises of at least one processing unit, with a replacement version of said software process without compromising the fault-tolerance coverage provided for said software process during the upgrade operation, said method comprisinga. a first step of synchronizing the internal state of primary copy and a plurality of backup copies of said software process, each of which may be running on any of a subset of said processing units in said computer system b. a second step of storing at least the current version and said replacement version of said software process in at least one storage medium in said computer system c. a third step of controlling the version of said software process that is loaded when starting a copy of said software process and the processing unit on which said copy is to be started d. a fourth step of starting an additional backup copy of said software process in order to ensure that fault-tolerance coverage at least as good as that currently provided for said software process continues to be provided during said upgrade, said additional backup copy being started using said replacement version of said software process e. a fifth step of detecting when said additional backup copy of said software process has synchronized with the current primary copy of said software process f. a sixth step of forcing a change of state to make said additional backup copy the new primary copy of said software process g. a seventh step of upgrading each running backup copy of said software process with said replacement version thereof.
2 Assignments
0 Petitions
Accused Products
Abstract
When updating a running program in a system that uses a one-to-one backup program, fault-tolerance is lost while the backup program is itself being updated. To overcome this temporary loss of an available backup program, the number of backup copies of a software process is temporarily and dynamically increased during the software upgrade. The extra backup software processes may run on an unused processing unit or may run as an extra software process on a processing unit which is already performing a task. The technique may be applied to communication line cards.
93 Citations
20 Claims
-
1. A method for upgrading a software process, running in a fault-tolerant computer system that comprises of at least one processing unit, with a replacement version of said software process without compromising the fault-tolerance coverage provided for said software process during the upgrade operation, said method comprising
a. a first step of synchronizing the internal state of primary copy and a plurality of backup copies of said software process, each of which may be running on any of a subset of said processing units in said computer system b. a second step of storing at least the current version and said replacement version of said software process in at least one storage medium in said computer system c. a third step of controlling the version of said software process that is loaded when starting a copy of said software process and the processing unit on which said copy is to be started d. a fourth step of starting an additional backup copy of said software process in order to ensure that fault-tolerance coverage at least as good as that currently provided for said software process continues to be provided during said upgrade, said additional backup copy being started using said replacement version of said software process e. a fifth step of detecting when said additional backup copy of said software process has synchronized with the current primary copy of said software process f. a sixth step of forcing a change of state to make said additional backup copy the new primary copy of said software process g. a seventh step of upgrading each running backup copy of said software process with said replacement version thereof.
Specification