Reliability and Failure Impact Analysis of Distributed Storage Systems with Dynamic Refuging

Hiroaki AKUTSU  Kazunori UEDA  Takeru CHIBA  Tomohiro KAWAGUCHI  Norio SHIMOZONO  

IEICE TRANSACTIONS on Information and Systems   Vol.E99-D   No.9   pp.2259-2268
Publication Date: 2016/09/01
Publicized: 2016/06/17
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2016EDP7139
Type of Manuscript: PAPER
Category: Data Engineering, Web Information Systems
erasure coding,  highly redundant storage systems,  reliability,  rebuild,  Monte Carlo simulation,  

Full Text: PDF(1.6MB)>>
Buy this Article

In recent data centers, large-scale storage systems storing big data comprise thousands of large-capacity drives. Our goal is to establish a method for building highly reliable storage systems using more than a thousand low-cost large-capacity drives. Some large-scale storage systems protect data by erasure coding to prevent data loss. As the redundancy level of erasure coding is increased, the probability of data loss will decrease, but the increase in normal data write operation and additional storage for coding will be incurred. We therefore need to achieve high reliability at the lowest possible redundancy level. There are two concerns regarding reliability in large-scale storage systems: (i) as the number of drives increases, systems are more subject to multiple drive failures and (ii) distributing stripes among many drives can speed up the rebuild time but increase the risk of data loss due to multiple drive failures. If data loss occurs by multiple drive failure, it affects many users using a storage system. These concerns were not addressed in prior quantitative reliability studies based on realistic settings. In this work, we analyze the reliability of large-scale storage systems with distributed stripes, focusing on an effective rebuild method which we call Dynamic Refuging. Dynamic Refuging rebuilds failed blocks from those with the lowest redundancy and strategically selects blocks to read for repairing lost data. We modeled the dynamic change of amount of storage at each redundancy level caused by multiple drive failures, and performed reliability analysis with Monte Carlo simulation using realistic drive failure characteristics. We showed a failure impact model and a method for localizing the failure. When stripes with redundancy level 3 were sufficiently distributed and rebuilt by Dynamic Refuging, the proposed technique turned out to scale well, and the probability of data loss decreased by two orders of magnitude for systems with a thousand drives compared to normal RAID. The appropriate setting of a stripe distribution level could localize the failure.