Eg split possibilities requiring manual recovery, Eg split manual recovery steps – Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 276
258
Fabric OS Encryption Administrator’s Guide (KMIP)
53-1002747-02
Encryption group merge and split use cases
6
NOTE
The collective time allowed (the heartbeat time-out value multiplied by the heartbeat misses) cannot
exceed 30 seconds (enforced by Fabric OS). The relationship between
-
hbmisses and
-
hbtimeout
determines the total amount of time allowed before a node is declared unreachable. If a switch does
not sense a heartbeat within the heartbeat timeout value, it is counted as a heartbeat miss. The
default values result in a total time of 6 seconds (timeout value of 2 seconds x 3 misses). A total
time of 6-10 seconds is recommended. A smaller value might cause a node to be declared
unreachable prematurely, while a larger value might result in inefficiency.
EG split possibilities requiring manual recovery
In the event the encryption group (EG) splits and is unable to auto-recover, manual intervention is
required to get your encryption group re-converged. It is important to note that while the encryption
group is in a split condition, data traffic is NOT impacted in any way. However, EG splits do impact
the control plane which means that during an EG split, modification to your encryption group
configuration will not be possible.
When an EG split occurs, communications between one or more members of the encryption group
is lost, and EG islands form. An EG island is simply a grouping of EG nodes that still have the ability
to communicate with one another. As part of the normal recovery procedure, each EG island will
select a group leader (GL) node.
Given that you may have up to four nodes per encryption group, an EG split may leave you with any
of the following possible EG split combinations:
•
Two node EG split, resulting in two single node encryption groups. Each node is a group leader
node.
•
Three node EG split, resulting in one of two outcomes:
-
A two node encryption group with a single group leader node, and one single node
encryption group where the node is a group leader.
-
Three single Node EGs, each of which is a group leader.
•
Four node EG split, resulting in one of three outcomes:
-
One three node encryption group with a single group leader, and one single node
encryption group where the node is a group leader.
-
A pair of two node encryption groups, with each encryption group having its own group
leader.
-
Four single node encryption groups. Each node is a group leader.
EG split manual recovery steps
Regardless of which particular EG Split combination occurs, the recovery procedure is the same.
The following recovery procedures make the following assumptions:
•
The networking issues that caused the EG split have been resolved.
•
The output of the cryptocfg
--
show
-
groupcfg command on every EG island shows the EG
status as being DEGRADED.