A Semi-Radical Approach To Avoiding fsck

Dru writes: "This is an article about a hardware technology that is largely unknown in the new Unix community. In theory, with this inexpensive hardware, your BSD or Linux box could start doing guranteed reboots in under 2 minutes (no fsck required) and super fast database writes. It could leapfrog all of the journaling filesystem projects as well. Yes, I wrote the article. The article is long, detailed, and mentions FreeBSD often. However, I do believe it is relevant to any other PC Unix. If enough people learn about it, maybe they will start demanding it from their favorite hardware vendor." With RAM and hard drive space both continuing to decline, I wonder how the speed / use curve for individual PCs' storage (from L1 cache to backups) will evolve. With a similar bent, Arek urges you to "take a look at our company's Solid State Disk Drives." How'dja like 8 or so gigs of DRAM next time you edit a video or burn a CD?

Hard drive space declining!?

[jonnythan]

With RAM and hard drive space both continuing to decline

Did he mean "RAM and hard drive price both continuing to decline"?

RAM is VERY cheap now, too.

[Wakko+Warner]

With the current RAM prices, a product like this could become very feasible. Right now, you can get 1GB of PC133 SDRAM for under $350 (based on Pricewatch's best prices.) A single $70 256MB DIMM would be plenty for a device like this, and adding a few more DIMM slots for do-it-yourself upgrades would certainly strengthen its market appeal.

Just something to think about for those still skeptical...

- A.P.

--
* CmdrTaco is an idiot.

don't bet on it.

[Wakko+Warner]

UPS batteries only last a few years. What happens when yours fails a few months or (if you get a defective one) a few years before its expected lifetime is up? Never, ever count on any of your computer equipment, and always have as much protection as you can afford. This is one means toward that end.

- A.P.

--
* CmdrTaco is an idiot.

Re:don't bet on it.

[Alakaboo]

That's why you hook the UPS up to the serial port on the machine, so when it starts to die a violent death it'll signal the system to do a clean shutdown. Of course, this is assuming you bought the nice, well-engineered UPS as opposed to the dirt cheap ones you get at Best Buy for $40!

The nice UPS units do a few things to insure this doesn't happen:

1. volt-o-meter on the circuit voltage
   Doesn't just wait for the source power to go out, checks the internal power for sudden drops.
2. more than one battery
   If one dies, the next one struggles forth long enough to send the shutdown signal.
3. use batteries that don't die
   IIRC, the rechargeables they use in those bad boys don't just die when they have a problem, they slowly fade out. Plenty of time.

This doesn't take into account the messy situation that occurs when someone yanks the plug. But if this ever happens, it's time to get a new network engineer/sysadmin/intern.

One last idea: plug the UPS into a UPS into the wall. Mua!

Alakaboo

Too much work

[ericfitz]

A write-caching disk controller combined with a journaling file system would give you the same benefit. You're just reinventing the wheel..

The only really new thing here seems to be the fact that the "TRAM" is file-system aware, which is just another way of saying that you are investing in hardware which will just tie you to tired old EFS.

Windows NT has had a journaled file system forever, and the journaling doesn't cause the major performance impact that everyone seems to think it does. Maybe someday Linus will get in the mood and allow a journaling FS into Linux.

On a side note, what does the OS do in case of some sort of TRAM failure?

Re:Too much work

[LarsG]

Windows NT has had a journaled file system forever

Unless they did som heavy changes in NTFS5, it is still log-based. Think of it as a circular buffer, usually 2-4MB size, where file system transactions are logged.

It usually works just as well as a full journalled FS - 2 second "fsck" and a consistent fs. Under heavy disk activity you do however run the risk of exhausting the size of the log, and end up with an inconsistent file system if you crash.

Other features of NTFS are cool, though. The fs attributes are a superset of posix and vms', so it can emulate both. It also has several metadata files, which provided 3rd parties the hooks needed to add quotas and other features to NT4.

Re:Website unclairity

[da5id]

The website provided is nonnavigable

Yes, it is a crapy website, after about 15 min I dicovered you click on a image to get to the 'qukdrive' info page here: http://www.platypus.net/pages/products_qikdriv2.ht ml.

I havent dled the pdf, but looks like no price info. Does offer drivers tho, so probably not vaporware.


echo $email | sed s/[A-Z]//g | rot13

more to the problem....

[ndfa]

Am i mistaken or did this article feel just to warm and fuzzy. I know there is a lot of good technical info in there but its all wrapped up in a very strange manner. I dont think you are solving the whole problem, by overlooking and waving your hands over the rest. I mean so you put a few sticks of memory and power on a PCI card! You do this cause a UPS can die, well i got news for you, the PCI Card could die too! AND if you are trying to make reboots faster, dont bother, if you are serious you would have a backup system and the same should be true for a web server dying. The only time i want fast reboots is when a good game of UT croacks on me and i want to get back to fraggin..... this is not technology i would use for mission critical apps!

Hmmmmm... the more I think of it, the more it feels like a marketing team thought that a semi tech article on Slashdot would be just the ticket for killer web site traffic! Maybe its the lack of caffinne on my part...What do other ppl think ?

RAM == volatile

[pjrc]

RAM is volatile.

Sure, a battery backup sounds like it solves this, but consider that DRAM stores its charge on tiny capacitors, and requires a controller to be performing "refresh" access cycles regularily (usually every 15.26 s). This means that not only must the battery be good, but the controller accessing the DRAM must continue providing the refresh cycles without interruption. That may sound simple, but not all DRAMs are created alike.... SDRAM DIMMs have a feature called Serial Presence Detect (SPD) that is a small non-volatile 2-wire serial EEPROM memory that hold identifying data about the size and timing parameters for the memory. A typical DRAM controller would be initialized at boot time... a card like this would require a special DRAM controller that only initialized its timings when the DRAM/battery is first installed. Perhaps the controller would be designed to use relatively slow and conservative timings, always, so it'd never be able to reinitialize to other settings (that could be wrong) and/or stop providing the critical refresh at any point.

The point is that to retain memory, DRAM requires not only power but a properly operating controller to supply the refresh cycles. Magnetic media maintains its memory without either of these conditions. Compared to magnetic media, DRAM is very volatile. "Mission Critical" data, whatever that may be, would be existing at tiny charges on the very tiny capacitors, which could dissipate in only about 4-8 ms, if the DRAM controller doesn't perform perfectly.... inside a computer (designed as a reliable server) which has just crashed for some unknown reason!

Re:RAM == volatile

[spectecjr]

The point is that to retain memory, DRAM requires not only power but a properly operating controller to supply the refresh cycles

Then use Static RAM with 5ns (or lower) cycle times instead. The idea has lots of problems, but the type of memory required (which isn't specified) isn't one of them.

Simon

Re:RAM == volatile

[dbarclay10]

You raise an implementation issue.

The point is that to retain memory, DRAM requires not only power but a properly operating controller to supply the refresh cycles.

Laptops run off batteries, and their memory seems okay.

My Pilot runs okay off AAA-type batteries. Memory has been running quite well, thank you :)

This fellow wasn't talking about slapping some RAM sticks to a breadboard and running current through the wires. Of course you would need a memory controller. Duh. :) The problems you raised were solved many years ago. If they hadn't been, nobody would be using volatile memory(like SDRAM) at all - it'd be too unreliable.

I almost think you're just looking to spread some FUD.

"Mission Critical" data, whatever that may be, would be existing at tiny charges on the very tiny capacitors,

You say this like it's a bad thing! It's relied on every day. Hell, mission-critical data on its way to be written to disk is nothing but A CLUMP ELECTRONS MOVING ALONG A WIRE, in a lot of cases, those wires many times smaller than a human hair.

Don't make a mountain out of a molehill. This isn't a bad idea, and just because they'll have to put a DRAM controller on the card doesn't make it one.

Dave

Barclay family motto:
Aut agere aut mori.
(Either action or death.)

Re:RAM == volatile

[selectspec]

Absolutely correct. This idea is ludicrous. You need hard storage back-up. The parity failure rate of DRAM vs. a hard disk should be enough to mandate this.

Re:RAM == volatile

[maraist]

ECC.. Or better yet, for expensive boards, use a form of mirrored RAID (in addition to ECC). We're using incredibly inexpensive memory to work with roughly 32Meg of data (anything more is probably asking for trouble.. we're not building a caching system as was pointed out. In fact the system should stall if the buffer starts filling up). If video cards can handle twice 32Meg pipes, a "TRAM" controller should be able to as well.

-Michael

Re:RAM == volatile

[pjrc]

You say this like it's a bad thing! It's relied on every day.

DRAM (tiny charge requiring sustained refresh operations) is relied upon during normal operation of the computer. The proposal here is to also rely upon DRAM during and after the events that lead to a crash.

To respond specifically to your examples above, your battery supported laptop and palm pilot memory is reliable, but what happens if they crash? Is your laptop memory intact after something goes wrong? The microcontroller in a palm has no MMU, so if something does wrong, it'll be able to easily trash the memory.

Regarding data being sent as "a clump of electrons moving along a wire" (propagation of a change in voltage potential would be more accurate)... that just simply isn't the way it's done. Communication takes place using protocols which verify that the data has been properly received. Newer ATA transfer modes use a CRC, and even with the older modes, status bits are provided to verify that the data was properly written. It would be horribly unreliable to send a "clump of electrons" and hope that the data is received and stored properly.

Now, regarding the comment:

I almost think you're just looking to spread some FUD.

FUD, Fear, Uncertainty, and Doubt is a marketing tactic, generally used by an established vendor when their well-known product is inferior and more expensive, and the best way to convince a customer to buy the established product is to scare the customer away from the competitor.

Why would I do that? I don't have any vested interest in the current practices. I'm not participating in the development of any journaled filesystems. I do a bit of freelance hardware design and small quantity sales, so if I thought this was a really good idea, I might go after making such a card and kernel patch.

But I believe the idea is fundamentally flawed.

During the unpredictable events that will lead to a crash, and the unpredictable behavior immediately following a crash, DRAM is going to be a much less reliable way to be holding data. It doesn't matter how well DRAM works during normal operation. DRAM has proven quite reliable, as long as the computer and memory controller operate properly.

Even with a specially designed memory controller (as a standard one won't do), it is quite risky to rely upon DRAM during a crash. Call it FUD if you like, but DRAM just isn't a reliable place to have data when a machine crashes. You say FUD now, but if anyone were to actually make such a card, the term I'd use would be Snake Oil.

Simply a cache for a journaling filesystem

[elprez]

First, it is absolutely critical that the OS creates some log or structure of operations on the TRAM for filesystem operations. Basically, if the OS can mark the beginning and end of an operation and place it in this memory, you can now get a journaled meta data filesystem without a complete re-architecture of a filesystem.

Basically, if the OS can determine the beg/end of an operation (transaction) and it logs this information, then we have a journaling file system. Any persistent storage will suffice for the journal - 'TRAM' or hard disk or clay bricks. The only difference is the access time.

In general there is no magical way for the OS to know what data is the beg/end of a transaction. The OS could try to handle meta-data in this fashion. It can log the meta-data changes it would make in atomic transactions and replay un-commited transactions on a reboot. However, the file system still needs to be aware of this journaling.

Consider a power failure during a commit to the file system. The file system is in a partially modified state and the transaction has not been retired from the TRAM journal (since it did not complete). When the system boots again, the TRAM journal is replayed and the same operation begins again, except this time on an inconsistent file system. The file system needs to recognize that a partially commited transaction needs to be rolled back.

The above is based on my (very incomplete) understanding of journaling file systems. However, a TRAM card amounts to a cache for a file system journal, so in no sense is it going to replace or leap-frog journaling file systems.

Platypus Prices from CDW

[l1nuxn3rd]

Here is a link to the Solid State Hard Drive Pricing Page from CDW.
http://www.cdw.com/shop/search/results.asp?grp=HSO
Platypus products are listed as well as some from Quantum and Sandisk.
You are talking $1,969.40 US currency for the Platypus QikDRIVE8 512MB, the smallest model i saw.
CDW is the Authorized reseller I found for the US.

Already available for most RAID controllers....

[X]

Most RAID controllers will give you a battery backed-up write-back RAM cache. Depending on how you configure it, it will say that a write is committed as soon as it's in RAM. This accomplishes the same net effect without requiring all this modification of the OS.

Of course, lots of people don't like to configure their RAID controllers this way, because there is no redundancy for data in RAM, not to mention that the risk of failure is still higher than with a hard disk.

I hate to say it, but that article seems like it was written by someone who has not been out in the real world.

Re:Already available for most RAID controllers....

[maraist]

At face value I think you missed much of the point.. The OS can't know the intent of the "application". Just because I've performed a write, doesn't mean that only saving that much will have any meaning after a crash. I don't really understand how the author intends to deal with the "begin" and "end" transactions unless they're providing a journalling service (which I'm not familiar enough with). At the very minimum, however, a transaction would be the modification of an inode/directory element and then at least the initially provided data. The fsck is reduced because you'll never have a disk with only part of this info. Beyond that an explicit fsync might provide enough info to the OS to say that everything buffered up till the fsync should be part of that transaction.. I it "possible" to design in such a way that DB writes can write out everything as one piece, call fsync, and then have the OS garuntee an all or nothing write.

If you mean to say that the write-back cache can be used for application meta-data (namely the transaction support), then that's an interesting (albeit proprietary) avenue to explore.. But I can imagine that regular flat SCSI and IDE based systems could benifit as well (since there are definately web servers / DBs out there without RAID). Why not push for a product that works with all drives and fights to become ubiquitous.

-Michael

Come to the point!

[zmooc]

To the author:

Why on earth do you want to tell us things like this Unix was designed to be simple. This means, if they found that they could do certain things as libraries in user space, then it didn't belong in the kernel.? It has absolutely nothing to do with TRAM. Actually that's true for nearly everything you say in your article; you use a lot of irrelevant examples and try to mention everything you seem to know about Unix and then explain the solution in 2 lines?! Why don't you mention the real interesting things like that such cards most probably fail just as often as UPS'es, why this should be on a PCI-card and not on the disk (ok that's because you want to access the memory directly, but please explain this...) or what the consequences are concerning access-time?

Although the idea is good, I think you could have done a much better article; come to the point!

Re:Website unclairity

[Tet]

Can someone find a price on the 2 Gig HD from Platypus?

No, but I'd bet on it being lots of money. We looked at solid state drives at a previous company. Since it was for mission critical stuff, we were looking at a RAID5 array of them, and it was priced at over £200,000 for a modest sized array -- something that would cost probably a tenth of that with conventional drives.

Whats so radical...

[A+Masquerade]

This has been talked of for quite a time, and is hardly radical. Whats more it is not an alternative to journal based filesystems, but logically its an adjunct to them.

First you have your filesystem that buffers transactions in a journal that is streamed to disk. Then, for performance, by avoiding all those extra seeks, you put the filesystem journal on another device - say a small fast dedicated disk. Then you make that device a NVRAM device rather than something based on spinning rust.

Whats more, if you are interested in something like mail systems, where you get a lot of transactions that *must* committed to stable storage (although a lot of MTAs don't do that in spite of the wording of RFC821), and you use a fileystem like ext3 with a data journalling mode, then putting the journal onto NVRAM makes a huge difference - by the time it comes to the point where data would be committed to the disk from the journal, most of the data (ie e-mail messages) is now unwanted (since the messages have been delivered to final local destination or for onward transmission) and so you don't even need to do the disk ops...

All of this is pretty much available now in ext3 other than the tools to get the journal onto a NVRAM disk - and thats just detail.

So, nice idea, needs more flesh, a little more infrastructure needed round it.

[Those who came to the London UKUUG Linux Conference might well have heard these discussions before going on in various corridors :-) ]

Re:Interesting idea but..

[jmp100]

You'd have to implement a completely separate bus or you'd risk getting severely bogged down. You'd have to make a dedicated bus that went from the CPU to a dedicated slot and then to the hard-drive controller. Doing this on a PCI bus like that which exists today would not be particularly efficient. Certain IDE and SCSI drives talk at 100MHz and up; having disk I/O passing over the PCI bus TWICE (CPU -> TRAM -> HD) isn't the way to go, since your Ethernet, video, and other PCI devices are also competing for time on the bus.

Of course, implementing a separate bus will take millions in research (after all, it has to be done right), but once everything is decided on, it's probably only $20 or so in extra hardware. In theory, all you'd need is another PCI bridge chip or similar. Ever seen the inside of a NetApp? The motherboard has a CPU, space for RAM, a PCI bridge, and some slots. Nothing else. Extremely simple.

Re:Why don't you read...

[zmooc]

I meant: why use a PCI-interface instead of implementing this as a sort of cache on the disk by adding begin/end-tags to the protocol the disk uses (IDE/SCSI)? Is that explained in the article? If so; please show me where. Thank you.

What I was trying to say is that hardly anything was said about TRAM compared to the extensive description of how it currenty is done; all sorts of current solutions are covered, but when it comes to TRAM he just says `do it so and so' without mentioning WHY to do it that way or what the alternatives are. This was just an example of that, but I could have chosen a better one...

To avoid fsck and to boot in "only" 2 minutes?

[haggar]

Aside from some reliability issues of this technology, I wonder if it's worth the trouble.

Besides, BeOS boots in about 15 seconds into GUI, even if you previously turned off the PC without shutting down. So, journaled filesystems DO have advantages. Linux may never achieve such high speeds in booting up, but still, I predict that a good JFS will benefit it.

Re:To avoid fsck and to boot in "only" 2 minutes?

[Drone-X]

Besides, BeOS boots in about 15 seconds into GUI, even if you previously turned off the PC without shutting down. So, journaled filesystems DO have advantages. Linux may never achieve such high speeds in booting up, but still, I predict that a good JFS will benefit it.

Actually, it does. If you just disable services like Apache, proftpd, etc. I counted this starting at kernel boot till GDM was up and running on an Athlon 700. My P166 could do the same, but without GUI (it doesn't have X installed so I couln't test).

RIO - RAM I/O

[dugsong]

see the Rio / Vista work by Pete Chen, Dave Lowell, et al. which won best paper at SOSP several years ago...

About your punctuation: (and a comment)

[Tom7]

You should read this Bob The Angry Flower comic:

http://www.angryflower.com/bobsqu.gif

How about this TRAM stored on the disk drive, and have the OS simply tell it the dependency DAG? It can perform its own write reordering (probably more efficiently since it knows where the disk head really is and all the specifics about its geometry) and then finish off the queue when first getting power after a power loss.

Largely unknown?

[bugg]

Dru writes: "This is an article about a hardware technology that is largely unknown in the new Unix community.

Perhaps in the UNREAD (which I guess is fairly large, hurmf) portion of the community. Chapter 8, section 2 of The Design and Implementation of the 4.4BSD Operating System talks about this idea on page 284. It referrs to research done by Moran et al, 1990. The references at the back of the chapter refer to "Breaking Through the NFS Performance Barrier," Proveedings of the Spring 1990 European UNIX Users Group Conference, pages 199-206.

So there you go, there's TWO ways that we could have heard about this. I doubt anyone here got that first hand, but the 4.4BSD book is a fairly common book to have for those who are interested in the innards of an OS.

Why are solid state drives so expensive?

[Raleel]

Seriously...do they use some special proprietary ram? 8G of cdram in 512 meg chunks is only a couple of K. Hardly justifies another $24k tacked onto it. Is this another example of "charge what the market will bear"? I understand there are development costs and the like, but _geez_ $26k is _a lot_ of money. Don't give me an answer like "they are not intended for home use, so they charge more", because that's a bullshit reason (even though it's done all the damn time).

Re:Why is FS-aware TRAM a Good Thing?

[The+Monster]

Yes, but doesn't that contradict what you said about a "entirely OS-independent disk controller card"?

No. All the card has to know is that these are the first x sectors that the computer asks for when it boots. It need not (and, I submit, should not) have any knowledge whatsoever of the structure of the filesystem(s) they comprise. All you need is a way to tell the card what you wanted done: Some command that could be sent over the existing bus, but intercepted by the card, to allocate the first N sectors of boot tracks, and hard-map M cylinders for use by a particular partition...

Both boot and swap caching would be most helpful on a [lap|palm]top machine, where epic uptimes are irrelevant. Normally, low-power RAM that is most efficient for battery-backed use is slower than the RAM we're accustomed to using. But it's still orders of magnitude faster than disk access.

Exactly what NetApp does

[ansible]

This is what the Network Appliance boxen do to speed NFS writes.

All NFS write transactions are commited to NVRAM first, so that they can be acknowledged. Then the writes to disk are sorted and blasted out. Very efficient, very fast.

It is this NVRAM (as well as using a modified RAID-4 on top of the WAFL filesystem) that makes a NetApp much faster (yet still safer) than most other NFS servers. I've often thought about creating just such an NVRAM board for a PC, so that I could do the same thing with my Linux fileservers.

Note that the NetApp implementation caches NFS requests, not filesystem-level data. Say I'm changing 1 byte in a block. If I buffer filesystem data, I have to cache the whole block. If I'm buffering the NFS request, it'll be much smaller.

Buffering (in NVRAM) the log data might work well for something like ext3.

It's just a Band-Aid

[ecloud]

There are better ways to fix this problem, such as put a battery backup on system RAM, so that the OS won't need to be reloaded at all; it can pick up where it left off when power to the CPU comes back on.

And if computer power supplies were also designed for battery-backup (dual-voltage, can run on either 120VAC or say 24VDC) then the complexity of the UPS (converting DC to AC just so the computer can convert it back to DC again) would be eliminated, and the result would be more reliable. There should be a standard connector so an external lead-acid battery can be plugged into the back of every computer, and the power supply would be responsible for keeping it charged, and switching to using it when the power fails. (But there should be a switch to turn off the charging feature in case you have several computers hooked to one large battery with a separate external charger.) Then maybe when the power fails the OS would be notified, and it could finish doing any uncommitted writes before powering off the disks and CPU; the battery would continue to backup the memory for a very long time since it would be such a small load compared to the whole system. That way the two battery-backup systems could be combined. (Or not... maybe a separate memory backup would be more reliable.)

Re:Why is FS-aware TRAM a Good Thing?

[Stormgren]

I think that's what I was getting at in my prior post. If the controller can cache my commonly accessed sectors at boot-time, that's fine. But as for "M cylinders for a partition", for traditional partitions, that's fine. For things like UnixWare, Openserver and *BSD, it'd have to know about the sub-filesystem partitions they use, would they not?

"All those tubes and wires and careful notes!"

This struck me as interesting....

[iCEBaLM]

Note, no free unix today has, at least to the point of people trusting their main database on it, a production-ready journaled filesystem.

Linux+ReiserFS.

I would trust ReiserFS to keep my main DB safe, I've been using ReiserFS with Linux for some time now with no data loss. (and many power failures and some crashes due to a partitcular closed source XF86 video card driver)

-- iCEBaLM

Re:Why is FS-aware TRAM a Good Thing?

[The+Monster]

For things like UnixWare, Openserver and *BSD, it'd have to know about the sub-filesystem partitions they use, would they not?

Not that I can see. Ultimately, all of the levels of abstraction map to commands to the HD to read/write one or more LBA sectors. If I want to reserve a specific range of sectors in the cache, all I have to do is use the OS tools that determine what those sector numbers are, and communicate that to the controller. If this means that a device driver would likely be written for a TRAM-enabled controller, sure.

But it's important to keep these things straight: Drivers written for an OS (hopefully source code that can compile under any *nix) may well benefit from knowing about hardware. The controller never needs to know anything about the OS. (And let me reiterate, shouldn't know. Can you say "Win[Modem|Printer]?" Yuck.)

nothing new here

[soldack]

This sounds like a lot of standard techniques already in use in storage today. Many storage controlers (FibreChannel/SCSI, RAID/nonRAID) support battery backup power that will let them finish writes. Most use internal write and read cache and include lots of memory. Transaction support already exists in some ways. If I send a command to write 1024 bytes to a disk that does 512 byte writes, a good controller will attempt to make the 1024 byte operation atomic even though it is internally broken up into multiple 512 byte writes. File systems fragment the pieces of a file and thus have to issue multiple non-sequential commands for a given operation. This is where the problem errupts. Some controllers support combining multiple operations into one call but this is usually done without FS knowledge; it just fills a buffer of ops and then dumps it. RAID already handles the issue of non-sequential operations by hiding them. RAID may present a 1 terrabyte drive as sequential data when it is really stripped across various areas of various drives. When RAID is told to write 1 sequential GB out it is done as one operation, even though it involves many non-sequential writes to multiple locations on multiple disks. The trick is to put file system support in the storage controllers or RAID systems. With file system support, it will attempt to make sure that physically non-sequential writes that are sequential at the file level are completely written out. This doesn't happen much because for various reasons but does exist. For example, some RAID systems support running the file system on their system directly.

What does this do that is so different? At $300, it may be less expensive than similar solutions but I do not see "how it differs from everything out there".