<p><a href="https://www.veritas.com/support/en_US/article.HOWTO45767">https://www.veritas.com/support/en_US/article.HOWTO45767</a></p><p><br></p><p><a href="https://www.veritas.com/support/en_US/article.000085514">https://www.veritas.com/support/en_US/article.000085514</a><br></p><h3 class="section-title">Description</h3><p><br></p><p> </p><p><span>This document attempts to explain the chain of events performed in relation to Veritas DMP and the related Solaris SCSI drivers (sd/ssd).<br><br><br>The I/O failover process has many layers in Solaris. Each layer has time out values and/or retry counts which have to be exceeded for the layer above to be notified of a problem.</span></p><p><span><br></span></p><p><u><b><span>Solaris SCSI Disk Driver (sd or ssd)<br><br></span></b></u></p><p><span>The I/O retry values for sd and ssd are different. They are determined by the following sets of parameters:</span></p><p><span><br></span><u><span>sd:</span></u></p><p><span>SD_RETRY_COUNT default value 5</span><br><span>SD_IO_TIME default value 60<br><br></span></p><p><span>Please note <span>SD_RETRY_COUNT is not for Solaris 10.</span></span></p><p><u><span><br>ssd:</span></u></p><p><span>SSD_RETRY_COUNT default value 3</span><br><span>SSD_IO_TIME default value 60</span></p><p><span> </span><span><br></span></p><p><span>The initial request will be followed by the SCSI disk driver number of retries.</span></p><p><span> </span></p><p><span>By default, in order to complete an I/O, the sd driver will perform the initial request, followed by a further 5 retries for sd devices and 3 retries for ssd devices for the I/O operation, each with a default timeout value of 60 seconds for all retries. </span></p><p><span>In the event that the I/O request does not complete due to a problem at the LUN/disk layer, this leads to a total delay of 360 seconds, broken down this is 60 seconds for the initial SCSI device timeout, followed by an additional 300 seconds, the number of tries combined (5*60) .</span></p><p><span><br></span><span>The above is also true for the ssd driver in regards to the I/O operation. The only major difference is the number of retries which is lower, with a value of 3 retries. </span></p><p><span><br>Therefore, it would take just 240 seconds (60 seconds for the initial SCSI device timeout, followed by an additional 180 seconds) before a failure is signaled to the VxDMP layer.</span></p><p><span><br></span></p><p><b><u><span>Recommendations:</span></u></b></p><p><span><br>In order to reduce the potential time delay for an I/O operation failure, reduce the applicable “sd_io_time/ssd_io_time” attributes from 60 to 30 seconds related to the disk driver in question.</span><span><br></span><span>It is important that the value defined in HEX, and is correctly populated in the /etc/system file to make the attribute setting persistent across a system restart:</span></p><p><span> </span></p><p><span>60 seconds would be:</span></p><p><b><span>set sd:sd_io_time=0x3C </span></b><br><b><span>set ssd:ssd_io_time=0x3C<br><br></span></b></p><p><span>30 seconds would be:</span></p><p><b><span>set sd:sd_io_time=0x1E</span></b><br><b><span>set ssd:ssd_io_time=0x1E</span></b></p><p><span> </span><span><br></span></p><p><b><u><span>Host Bus Adaptor (HBA)</span></u></b></p><p><span> </span></p><p><span>The number of retries and the wait between such retries is Vendor dependent. </span><br><span>Vendor specifications may contain particulars for their device. The maximum delay before an application is notified of an I/O failure will be as follows:</span></p><p><span> </span></p><p><span>HBA delay *<br>[sd/ssd]_RETRY_COUNT *</span><br><span>[sd/ssd]_IO_TIME *</span><br><span>dmp_retry_count *</span><br><span>number of DMP paths *</span><br><span>number of pending I/O's</span><br><span> </span></p><p><span>NOTE: The timeout values are set and passed from the target drivers (sd/ssd) to the HBA layer. HBA layer implements the timeout mechanism for the IO subsystem.</span></p><p><span>The newer HBA drivers leave the IO retry mechanism to the target drivers (sd/ssd).</span><br><span>The overhead is due to the HBA driver retry which is very minimal.</span></p><p><br><span>With the implementation of flag B_FAILFAST, the time taken to fail a submirror has been drastically reduced.</span></p><p><span> </span><span> </span></p><p><b><u><span>Loss of Fabric (Leadville stack)</span></u></b></p><p><span> </span></p><p><span>In the event that the HBA driver reports a true path failure or loss of fabric up the I/O stack to the SCSI disk driver, the Leadville stack will potentiallly wait a minimum SCSI service overall I/O timeout of 110 seconds.</span></p><p><span><br>The 110 second timeframe is a combination of two default timeouts for the leadville drivers, fp and fcp:</span></p><p><span> </span><span> SSFCP_OFFLINE_DELAY (default 20)</span><br> <span>FP_OFFLINE_TIMEOUT (default 90)</span></p><p> </p><p><span>After the 110 seconds, the targets would “disappear" and the luns will be offlined and a clean failure is reported.<br><br></span><span><br></span><span>In the event that a path failure or loss of fabric is not detected/reported up the I/O stack to the SCSI disk driver, the Leadville stack will entertain an initial delay of 110 seconds, plus the sd or ssd total delay timeout.</span></p><p><br></p><p> </p><p>In the case that no offline/fabric problems are reported, the 110 second is not triggered, as the fp and fcp protocols are unaware there is any problem, so they won't introduce any delay (after all, they can still submit I/O successfully, so they think all is well ), so the operation awaits the outcome from the sd/ssd delays (only).</p><p>FP_OFFLINE_TIMEOUT can be tuned by adding 'fp_offline_ticker' entry to /kernel/drv/fp.conf. <br><br><u><strong>For example</strong></u><br><br>fp_offline_ticker=50;</p><p>SSFCP_OFFLINE_DELAY can be tuned by adding 'fcp_offline_delay' entry to /kernel/drv/fcp.conf. <br><br><strong><u>For example</u></strong><u><br></u><br>fcp_offline_delay=10;</p><div>The minimum value is 10 seconds for each.</div><p><span> </span></p><p><strong><u><span>Examples</span></u></strong></p><p><span><br>The Fibre Channel protocol notifies server of any major fabric changes by issuing a <strong>registered state change notification </strong>(<strong>RSCN</strong>). This allows nodes to immediately gain knowledge about the fabric and react accordingly.<br><br></span></p><p>1) If the fabric detects/reports link offline messages, the RSCN suggest that the target has gone away:</p><p> 110 second delay -> followed by offline of lun -> return failed IO status ( no waiting for 'timeouts' )</p><p> <br>2) No fabric offline related messages, and no RSCN notifications suggests that the device has gone away, and the storage is not responding, although it can accept commands</p><p> No 110 second delay, just the ssd timeout/retry mechanism described.<br> </p><p><span>Therefore, reducing the timeout values from the default 60 seconds to just 30 seconds, could dramatically improve the overall timeout times.</span></p><p><span> </span></p><p><span><br><b><u>DMP tunable “dmp_scsi_timeout”<br><br></u></b></span></p><p><span>NOTE: The DMP tunable “dmp_scsi_timeout” is set to 30 seconds by default with Veritas Volume Manager (VxVM) 5.0 MP3. The value determines the timeout value for any SCSI command that is sent via DMP when using the SCSI bypass logic “dmp_fast_recovery”.<br><br>This DMP timeout value is used when DMP sends a SCSI inquiry probe to validate the health of a suspect path.<br><br>The “dmp_fast_recovery” activity is only performed once the SCSI disk drivers have timed out, whereby notifying DMP.<br><br>If the HBA does not receive a response for a SCSI command that it has sent to the device within the timeout period (in this case 30 seconds for DMP), the SCSI command is returned with a failure error code.</span></p><p><span> </span></p><p><span> </span></p><p><b><u><span>How DMP parameters respond to a HBA IO error (Solaris)</span></u></b></p><p><span><br></span><span>In the first stage, we need the lower layers, i.e. the sd/ssd driver to update Veritas DMP, before DMP can attempt to respond to the response returned by the SCSI layer.<br></span></p><p><span> </span><span><br></span><span>DMP will always use the scsi driver interface for regular I/O. If the scsi bypass functionality is enabled, then it only uses it in the case of I/O error analysis for a faster response, and not for regular I/Os. </span></p><p><span><br>When the DMP “dmp_fast_recovery” tunable is “on”, DMP will attempt to obtain SCSI error information directly from the HBA interface. <br><br>DMP uses the HBA interface, if supported, to obtain SCSI error information. This can potentially provide faster error recovery where DMP bypasses the SCSI disk driver (sd/ssd). <br><br></span></p><p><span>The default setting is on.</span></p><p><span><br><br><b><u>DMP ENCLOSURES</u></b></span></p><p><span> </span></p><p><span>With DMP it is possible to define specific recovery options.<br><br></span></p><p><span>To limit the number of times that DMP attempts to retry sending an I/O request down a specific path for a given enclosure, it is possible to customize the “retrycount” for that enclosure.<br><br><br><strong># vxdmpadm setattr enclosure <enclosure-name> recoveryoption=fixedretry retrycount=3<br></strong><br><br>Pre 5.1 SP1 Design:</span></p><p><span><br>The enclosure based “retrycount” local to that enclosure, specifies the number of retries to be attempted before DMP reschedules the I/O request on another available path, or fails the request altogether.<br><br><br>This value overrides the default DMP tunable “dmp_retry_count”, which is a global attribute for all remaining enclosures.<br><br></span></p><p><b><span># vxdmpadm gettune dmp_retry_count</span></b></p><p><span> Tunable Current Value Default Value</span><br> <span>------------------------------ ------------- -------------</span><br><span>dmp_retry_count 5 5</span></p><p> </p><p><span><strong><span>Post 5.1 SP1 Design:</span><br></strong></span></p><p><span><br>The enclosure based “retrycount” local to that enclosure, specifies the number of retries to be attempted by DMP for rescheduling the I/O request against alternate available path (not a specific path), or fails the request altogether.</span></p><p><span><br><br>In some cases, it may make sense to reduce the global “dmp_retry_count” to “3”, as the ssd disk driver maybe controlling all the attached storage.<br>In the event, that a mix of sd and ssd drivers are controlling a specific set of enclosures, the “retrycount” per enclosure could be defined.<br><br><br><b><u>DMP TIMEBOUND “IOTIMEOUT”</u></b><br><br></span></p><p><span>The DMP timebount iotimeout value should always be greater than the I/O service time of the underlying operating system layers.</span></p><p><span><br>As an alternative to the enclosure based “retrycount”, it is possible to specify the overall amount of time DMP allows for handling an I/O request. If an I/O request does not succeed with the defined time, DMP fails the I/O request regardless of the number of retry attempts.<br></span><span><br>To specify an iotimeout for a given enclosure, type</span>:<br><span><br></span></p><p><strong><span># vxdmpadm setattr enclosure <enclosure-name> recoveryoption=timebound iotimeout=160</span></strong></p><p><span> </span></p><p><span>The default value for the “iotimeout” is 300 seconds (5 minutes). For some applications such as Oracle, it may be desirable to set the “iotimeout” to a larger value. <br><br>By defining the “iotimeout” with a value of <strong>160</strong> seconds, this allows the initial SCSI device timeout of 30 seconds, followed by “3” SCSI retry attempts each of 30 seconds (90 seconds), plus a HBA reset to be performed.</span></p><p> </p><p>30 + 90 + 10 + (4 seconds) = 134 seconds<br> </p><p>NOTE: DMP will have to wait for the lower layers to respond each time before retrying I/O down an alternate (enabled) path.</p><p><br>The first I/O attempt is completed after 134 seconds, as DMP still has 26 seconds left, the I/O is retried down an alternate path, this also fails although after the DMP timeout of 180 seconds. <br>DMP cannot fail the I/O until after 268 seconds due to the time required by the lower layers.<br> </p><p><br><u><strong>KEY POINTS:</strong></u><br><br>DMP will fail the I/O only when the returned I/O reaches DMP. <br><br>Once the SCSI layer failure updates DMP, only then will DMP attempt to re-issue the failed I/O against an alternate available path, as long as time still permits before the defined iotimeout is reached or when the number of fixedretries has not been exhausted.<br><br>DMP cannot react to a hung I/O in the lower layers unless a response is given back to DMP.<br></p>
<!-- -->
