HP Brocade 8/12c Fabric OS Encryption Administrator's Guide v6.4.0 (53-1001864 - Page 210
A member node lost connection to all other nodes in the encryption group
View all HP Brocade 8/12c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 210 highlights
6 Encryption group and HA cluster maintenance A member node lost connection to all other nodes in the encryption group Assumptions N1, N2 and N3 form an encryption group and N2 is the group leader node. N3 and N1 are part of an HA cluster. Assume that N3 lost connection with all other nodes in the group. Node N3 finds itself isolated from the encryption group and, following the group leader succession protocol, elects itself as group leader. This action splits the encryption group into two encryption group islands. EG1 includes the original encryption group minus the member node N3 that lost connection to the encryption group. EG2 consists of a single node N3, which functions as the group leader. Impact • The two encryption group islands keep functioning independently of each other as far as host I/O encryption traffic is concerned. • Each encryption group registers the missing members as "offline". • The isolation of N3 from the group leader breaks the HA cluster and failover capability between N3 and N1. • You cannot configure any CryptoTargets, LUN policies, tape pools, or security parameters on any of the group leaders. This would require communication with the "offline" member nodes. You cannot start any re-key operations (auto or manual) on any of the nodes. Refer to the section "Configuration impact of encryption group split or node isolation" on page 194 for more information on which configuration changes are allowed. Recovery 1. Restore connectivity between the two separate encryption group islands. When the lost connection is restored, an automatic split recovery process begins. The current group leader and the former group leader (N3 and N2 in this example) arbitrate the recovery, and the group leader with the majority number of members (N2) becomes group leader. If the number of member nodes is the same, the group leader node with the highest WWN becomes group leader. 2. After the encryption group enters the converged state, execute the cryptocfg --commit command on the group leader node to distribute the crypto-device configuration from the group leader to all member nodes. Should you decide to remove the isolated node N3, follow the procedures described in the section "Removing a node from an encryption group" on page 181. Several member nodes split off from an encryption group Assumptions N1, N2, N3, and N4 form an encryption group and N2 is the group leader node. N3 and N1 are part of an HA cluster. Assume that both N3 and N4 lost connection with the encryption group but can still communicate with each other. Following the group leader succession protocol, N3 elects itself as group leader to form a second encryption group with itself and N4 as group members. We now have two encryption groups, EG1 (group leader N2 + N1), and EG2 (group leader N3 + N4). Impact • The two encryption groups continue to function independently of each other as far as host I/O encryption traffic is concerned. 192 Fabric OS Encryption Administrator's Guide 53-1001864-01