Storage system and control method of storage system

US 7,958,391 B2
Filed: 09/13/2010
Issued: 06/07/2011
Est. Priority Date: 06/26/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A storage system for providing data storage service to a host apparatus, comprising:

a host interface unit configured to be connectable to the host apparatus;

a disk interface unit configured to be connectable to a disk array unit having a volume storing data formed therein;

a cache memory unit connected to the host interface unit and the disk interface unit, the cache memory unit configured to cache user data;

a switch LSI connected respectively to the host interface unit, the disk interface unit, and the cache memory unit;

a controller having a plurality of processors and connected to the switch LSI,wherein the switch LSI cuts off an I/O path with the controller based on an error signal output when an error occurs in one component in the controller;

one or more signal lines configured to report an error, each of the signal lines providing an additional path to report the error, other than the I/O path;

a non-volatile memory configured to store information indicating a failed component, wherein the stored information is referred to when determining whether the controller is operable, wherein the controller is operable if a component includes a plurality of elements and one or more of the elements are operable or if a component includes one element and the one element is operable; and

wherein the controller, after performing error handling under control of one of the plurality of processors, commands the switch LSI to cancel the cutoff.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A fault-tolerant storage system is provided. The storage system is composed of a controller having a plurality of processors and other units. When an error occurs in any one of the components in the controller, the storage system cuts off an I/O path of the controller, specifies the failed component in the cutoff status, and invalidates the failed component. After invalidating the failed component, the storage system determines whether it is operable only with the normal components, cancels (releases) the cutoff of the I/O path when it determines that it is operable, and resumes operation by rebooting.

16 Citations

View as Search Results

20 Claims

1. A storage system for providing data storage service to a host apparatus, comprising:
- a host interface unit configured to be connectable to the host apparatus;
  
  a disk interface unit configured to be connectable to a disk array unit having a volume storing data formed therein;
  
  a cache memory unit connected to the host interface unit and the disk interface unit, the cache memory unit configured to cache user data;
  
  a switch LSI connected respectively to the host interface unit, the disk interface unit, and the cache memory unit;
  
  a controller having a plurality of processors and connected to the switch LSI,wherein the switch LSI cuts off an I/O path with the controller based on an error signal output when an error occurs in one component in the controller;
  
  one or more signal lines configured to report an error, each of the signal lines providing an additional path to report the error, other than the I/O path;
  
  a non-volatile memory configured to store information indicating a failed component, wherein the stored information is referred to when determining whether the controller is operable, wherein the controller is operable if a component includes a plurality of elements and one or more of the elements are operable or if a component includes one element and the one element is operable; and
  
  wherein the controller, after performing error handling under control of one of the plurality of processors, commands the switch LSI to cancel the cutoff.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The storage system according to claim 1,wherein each of the plurality of processors determines whether the processor is operable in response to the error signal, and one processor among the plurality of processors that is determined to be operable performs the error handling.
  - 3. The storage system according to claim 2,wherein at least one of the components in the controller has an error status register for recording an error source.
  - 4. The storage system according to claim 3,wherein the controller specifies the failed component based on the error status register under the control of the one processor.
  - 5. The storage system according to claim 4,wherein the controller sets the specified failed component to an inactive status disabling the use of the specified failed component.
  - 6. The storage system according to claim 5,wherein the controller determines whether the controller is operable based on a component other than the component set to the inactive status, and, when the controller is determined to be operable, the controller is controlled to resume operation in a component other than the component set to the inactive status.
  - 7. The storage system according to claim 1,wherein the storage system includes a plurality of controllers that take control of I/O processing to each of a plurality of volumes formed in the disk array unit;
    - andwhen an error occurs in a component in a first controller, a second controller takes control of the I/O processing from the first controller.
  - 8. The storage system according to claim 7,wherein the first controller, after performing the error handling, resumes the I/O processing from the second controller.
  - 9. The storage system according to claim 7,wherein, when the second controller determines that its load is higher than a prescribed threshold value as a result of controlling the I/O processing, the second controller performs control so that a part of the I/O processing performed by the second controller is performed by a third controller.
  - 10. The storage system according to claim 7,wherein the cache memory unit retains backup data of control data retained by each of the plurality of controllers.

11. A method of controlling a storage system for providing data storage service to a host apparatus, comprising:
- performing the data storage service under control of one of a plurality of processors of at least one controller;
  
  detecting an error signal output when an error occurs in one component in the controller, the determining performed under control of a switch LSI;
  
  providing one or more signal lines configured to report an error, each of the signal lines providing an additional path to report the error, other than the I/O path;
  
  cutting off, an I/O path with the controller based on the detected error, the cutting off performed under control of the switch LSI;
  
  performing error handling while the I/O path is being cut off, the error handling performed under control of the controller;
  
  commanding the switch LSI to cancel the cutoff, the commanding performed under control of the controller;
  
  storing information indicating a failed component in a non-volatile memory; and
  
  referring to the stored information to determine whether the controller is operable, wherein the controller is operable if a component includes a plurality of elements and one or more of the elements are operable or if a component includes one element and the one element is operable.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method according to claim 11,wherein each of the plurality of processors determines whether the processor is operable based on the error signal, and one processor among the plurality of processors that is determined to be operable performs the error handling.
  - 13. The method according to claim 12,wherein at least one of the components in the controller has an error status register for recording an error status.
  - 14. The method according to claim 13,wherein the controller specifies the failed component based on the error status register under the control of the one processor.
  - 15. The method according to claim 14,wherein the controller sets the specified failed component to an inactive status disabling the use of the specified failed component.
  - 16. The method according to claim 15,wherein the controller determines whether the controller is operable based on a component other than the component set to the inactive status, and, when the controller is determined to be operable, the controller is controlled to resume operation in a component other than the component set to the inactive status.
  - 17. The method according to claim 11, further comprising the step of:
    - when an error occurs in a component in a first controller, a second controller taking control of the I/O processing from the first controller.
  - 18. The method according to claim 17, further comprising the step of:
    - the first controller, after performing the error handling, resuming the I/O processing from the second controller.
  - 19. The method according to claim 17,wherein, when the second controller determines that its load is higher than a prescribed threshold value as a result of controlling the I/O processing, the second controller performs control so that a part of the I/O processing performed by the second controller is performed by a third controller.

20. A unit having a plurality of components composing a storage system for providing data storage service to a host apparatus, comprising:
- an error detection unit configured to detect an occurrence of an error in any one of the plurality of components;
  
  a cutoff processing unit configured to cut off an I/O path with an external unit based on the detected occurrence of an error;
  
  an error specification unit configured to specify the failed component while the I/O path is being cut off;
  
  one or more signal lines configured to report an error, each of the signal lines providing an additional path to report the error, other than the I/O path;
  
  a non-volatile memory configured to store information indicating a failed component, wherein the stored information is referred to when determining whether the controller is operable, wherein the controller is operable if a component includes a plurality of elements and one or more of the elements are operable or if a component includes one element and the one element is operable;
  
  an inactive status setting unit configured to set the specified failed component to an inactive status; and
  
  wherein the cutoff processing unit cancels the cutoff after the inactive status is set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Takada, Masanori, Nakamura, Shuji, Shimada, Kentaro
Primary Examiner(s)
Iqbal; Nadeem

Application Number

US12/880,639
Publication Number

US 20110004785A1
Time in Patent Office

267 Days
Field of Search

714 2- 13, 714/15, 714/16, 714 23- 27, 714 37- 39, 714 42- 44, 714/47, 714/54
US Class Current

714/5.11
CPC Class Codes

G06F 11/0724   in a multiprocessor or a mu...

G06F 11/0727   in a storage system, e.g. i...

G06F 11/0772   Means for error signaling, ...

G06F 11/079   Root cause analysis, i.e. e...

G06F 11/0793   Remedial or corrective acti...

G06F 11/2007   using redundant communicati...

G06F 11/2092   Techniques of failing over ...

Storage system and control method of storage system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Storage system and control method of storage system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links