On Fri, 21 Aug 2009, Richard Elling wrote:
magnitude for HDDs). Depending on the repair policy, the probability
of losing a SAS controller is expected to be less than the
probability of losing 3 disks in a raidz2. Since SAS is relatively
easy to make redundant, a really paranoid person would have two SAS
controllers and the probability of losing two highly-reliable SAS
controllers at the same time is way small :-)
This is a reason to prefer mirroring, with devices in the mirror
carefully split across controllers. This approach makes failures
easier to understand and helps avoid propagation of errors. Complex
system designs lead to complex problems. Some of the world's largest
and most successful 5-9s class systems are built using simple duplex
redundancy.
It is possible to build raidz and raidz2 systems so that their devices
are accessed via unique paths, but such systems rapidly become quite
large and expensive.
As the Kinks sing, "paranoia will destroy ya!" :-)
There's a time device inside of me, I'm a self-destructin disk!
When anything goes wrong in a system, the human factor becomes quite
large. It dramatically increases the probability that human error
(the primary cause of data loss) will occur. The system should be
designed to accommodate the attendant humans.
Solaris is still much too complicated for people to understand in
times of crisis.
Bob
--
Bob Friesenhahn
bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
