JP5153310B2 - Fault tolerant computer system, resynchronization operation processing method, and program - Google Patents

Description

  The present invention relates to a fault-tolerant computer (Fault Tolerant Computer) system configured by a plurality of independent nodes interconnected via a network, and executing the same processing in parallel in each of the configured nodes. , Ensure that the services provided are non-disruptive, restart nodes that were stopped during system operation, especially for software updates, hardware updates or failure recovery, maintenance, etc. This node is not stopped, continues processing, matches the data content, program execution status, input / output, etc. with other operating nodes, and moves to the execution status to incorporate the node into the system again , Node resynchronization activation processing.

In a duplex computer system that simultaneously processes the same data sent from multiple subsystems on two host computers, synchronization of processing data when starting duplex operation, that is, copying master processing data to a slave system A slave incorporation method for a duplex computer system (Patent Document 1) characterized in that the process (hereinafter referred to as "slave incorporation process") is performed using two disk devices and an inter-system communication path. Have been proposed).
Japanese Patent Laid-Open No. 11-73278

  By the way, in the conventional slave embedding process, in order to perform resynchronization operation of the node, the process in the operating node is temporarily stopped and then the data copy process is performed. After the copy process is completed, all the processes including the embedded node are performed. By resuming the processing of the nodes all at once, the data contents between the nodes, the execution state of the program, the input / output, etc. are matched. However, if you try to perform resynchronization operation without stopping the active node, even if the data is consistent between the active node and the embedded node at a certain timing, different timing that is not synchronized When the processing of the program is executed at each node, data reading / writing occurs at different timings, and the data contents differ between the nodes. Also, if the data contents are different, the results of the processing performed by referring to them may be different even if the processing contents are the same, and there may be a mismatch in output between nodes.

  Therefore, the present invention has been made in view of the above problems, and when a node that has been stopped for software update, hardware update or failure recovery, maintenance, etc. is re-installed in the system, Without interrupting the processing, it is possible to match the processing timing of the node with the operating node, and to execute necessary processing without omission, maintaining high reliability by the fault-tolerant computer system, The main purpose is to provide a node resynchronization operation method that guarantees non-stop service provided.

  In order to solve the above problems, a fault-tolerant computer system according to the present invention includes a plurality of nodes connected to each other via a network, and the same processing is independently executed in parallel in each node of the plurality of nodes. Each node is a node that is restarted from a stopped state (hereinafter referred to as an “embedded node”) in a state in which an operating node in the system (hereinafter referred to as “active node”) is not stopped and processing is continued. The state of the node including the data contents is matched between the active node and the embedded node, and the drive management unit that performs resynchronization operation processing that re-integrates into the system at the same processing timing with the active node A data synchronization processing unit that performs data matching processing. Here, when the node is an active node, the drive management unit notifies the embedded node of the start of processing every time the processing of the user program starts, and when the node is an embedded node. Refers to the processing start notification received by the embedded node from the active node when the data matching processing between the active node and the embedded node has been completed by the data synchronization processing unit. The program processing is started.

Preferably, when the node is a built-in node, the drive management unit receives a data matching completion notification for data matching transmitted from the working node, so that the operation management unit communicates between the working node and the built-in node. Determine completion of data matching.

  Moreover, it is preferable that a drive management part contains the input drive management part which performs a resynchronization operation | movement process regarding the user program which implements a process with an input as a trigger. Here, when the node is an active node, the input drive management unit receives the input at the node, and each time the user program starts processing, the input drive management unit notifies the embedded node of processing start and input When the node is an embedded node, the processing of the user program is performed using the input transferred from the active node or the input directly received by the embedded node. .

  Preferably, when the node is a built-in node, the input drive management unit corresponds to the time when the built-in node receives the processing start notification from the active node and the transferred input or the input transferred from the active node. When the data matching processing between the active node and the embedded node by the data synchronization processing unit is not completed when the input to be directly received is received, the user program processing is not performed and the next processing start timing Wait until.

  In addition, preferably, when the node is an embedded node, the input drive management unit determines whether the input corresponding to the input received from the active node is directly received by the embedded node and receives the direct reception If it is determined that it is not, the user program is processed using the input transferred from the active node.

  More preferably, when the node is an embedded node, it is determined whether the input corresponding to the input received from the active node is directly received by the embedded node, and it is determined that the input is received directly. In this case, the active node is requested to stop the transfer of the input, and the processing of the user program is executed using the input directly received by the embedded node for the subsequent processing.

  In addition, the fault tolerant computer system preferably includes a gateway connected to the network and connected to the external system via a network different from the network. Here, the gateway transfers the input received from the external system to a plurality of nodes, receives a processing result obtained by executing the processing on the input in parallel by the plurality of nodes substantially simultaneously, performs a comparison operation, and obtains a comparison operation result. The obtained output is returned to the external system as a response.

  Moreover, it is preferable that a drive management part contains the periodic drive management part which performs a resynchronization operation | movement process regarding the user program which performs a process periodically. Here, when the node is an active node, the periodic drive management unit sends a processing start notification to the embedded node every time a timer event occurs and the processing of the user program is started. Is a built-in node, refer to the process start notification received from the active node, calculate the process start timing in the next cycle from the current time of the user program at the built-in node, and process the calculated next cycle When the start timing is reached, if the data matching process between the active node and the embedded node is completed, the process of the user program is started at the embedded node.

  Preferably, when the node is an embedded node, the periodic drive management unit measures a difference in processing start timing between the active node and the embedded node after starting the processing of the user program in the resynchronization activation process, When the difference is larger than a predetermined value, the processing start timing is synchronized by correcting the processing timing in the embedded node.

  Preferably, when the node is a built-in node, the periodic drive management unit performs data synchronization at the time when the processing start timing of the next cycle calculated with reference to the processing start notification received from the active node is reached. If the data matching process between the active node and the embedded node by the processing unit has not been completed, the process of the user program is not performed and the process waits until the process start timing of the next cycle.

  More preferably, when the node is a built-in node, the periodic drive management unit refers to the processing start notification received from the active node, and uses the periodic information included in the notification and the transmission time of the notification, The processing start timing in the next cycle of the user program in the embedded node is calculated.

  The fault-tolerant computer system resynchronization operation processing method according to the present invention includes a plurality of nodes connected to each other via a network, and the same processing is independently executed in parallel in each node of the plurality of nodes. In a computer system, a method for performing resynchronization operation processing in which an operating node is not stopped and processing is continued, and an embedded node is re-integrated into the system at the same processing timing as the operating node. It is. This fault-tolerant computer system resynchronization activation processing method includes a step of notifying the embedded node of the start of processing each time the operating node starts executing the processing of the user program, and the embedded node is operating. When the data matching process that matches the state of the node including the data contents is completed between the node and the embedded node, refer to the process start notification received from the active node and process the user program. Starting.

  The program according to the present invention causes each node computer of the fault-tolerant computer system to execute each processing step of the resynchronization activation processing method of the fault-tolerant computer system. The program according to the present invention can be installed or loaded on a computer through various recording media such as an optical disk such as a CD-ROM, a magnetic disk, and a semiconductor memory, or via a communication network.

  In this specification and the like, the “unit” does not mean only a physical means, but includes a case where the function of the unit is realized by software. Also, the functions of one unit may be realized by two or more physical means, or the functions of two or more units may be realized by one physical means.

  According to the present invention, when a node that has been stopped for software update, hardware update or failure recovery, maintenance, or the like is re-installed in the system, the node can be connected without interrupting the processing of the normally operating node. It is possible to match the processing timing with the operating node, execute the necessary processing without omission, maintain high reliability by the fault tolerant computer system, and guarantee the non-stop of the service executed or provided by the system. .

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. Basically, the same elements are denoted by the same reference numerals, and redundant description is omitted.

  FIG. 1 is a diagram showing an overview of a fault tolerant computer system according to an embodiment of the present invention. The fault-tolerant computer system is composed of a plurality of independent nodes interconnected via a network, and the same processing is executed in parallel in each of the constituting nodes.

  As shown in the figure, the fault tolerant computer system 0101 is connected to two or more independent nodes 0111 connected to each other via a LAN 0112 and a wide area network 0102 and relays communication with an external system 0103. A gateway server 0113 is provided as a main component.

  The fault-tolerant computer system 0101 receives a request from the external system 0103 that can communicate via the wide area network 0102, performs processing for the request, and returns a service result as a response to the external system 0103. provide. Here, the input message 0131 is received as a request from the external system 0103, and an output message 0141 storing the processing result for the request is transmitted to the external system 0103.

  Inside the fault tolerant computer system 0101, the gateway server 0113 that relays the input message 0131 as a request from the external system 0103 via the wide area network 0102 receives all the nodes 0111 within the system via the LAN 0112. The input message 0131 thus transferred is transferred as the input message 0132. Here, the gateway server 0113 broadcasts the input message 0132 so that all the nodes 0111 receive the message almost simultaneously and can start processing the general message. Each node 0111 that has received the input message 0132 executes processing for the input message 0132 and transmits an output message 0142 storing the processing result to the gateway server 0113 via the LAN 0112. The gateway server 0113 that has received the output message 0142 from each node 0111 creates an output message 0141 as a response to the requesting external system 0103 and transmits it to the external system 0103. Here, the gateway server 0113 performs comparison and collation of data contents of one or more output messages 0142 received from each node 0111, correctness determination, etc., and requests the most probable message data determined by majority decision as an output message 0141. Transmit to the original external system 0103.

  The hardware configuration of the node 0111 includes a processing device 0121, a storage device 0122, and a communication device 0123. The storage device 0122 stores data necessary for executing services provided to the external system 0103 by the fault-tolerant computer system 0101 and a user for executing processing for requests from the external system 0103 regarding these services. Stores a program, a software program for performing synchronization during operation and re-installation between a plurality of nodes 0111, a software program for performing communication between the node 0111 and the gateway server 0113 via the LAN 0112, and the like. And processed by the processing device 0121. Also, the communication device 0123 receives the input message 0132 from the gateway server 0113, and performs communication processing for transmitting the output message 0142 to the gateway server 0113, and is operating and being reassembled among a plurality of nodes 0111. The communication processing necessary to implement the synchronization is performed.

  A fault has occurred in one or more nodes by including two or more nodes 0111 in the fault-tolerant computer system 0101 and simultaneously executing processing for requests from the external system 0103 using these nodes. Even in this case, the remaining operating nodes execute processing, thereby enabling the system to maintain service provision by normal operation, and improving the fault tolerance and reliability of the system.

  FIG. 2 is a diagram showing an outline of resynchronization operation of the node 0111 that configures the fault-tolerant computer system 0101 and executes processing for an external request in the embodiment of the present invention, and related processing. It is a sequence diagram which shows a flow. Here, a case where a user program that executes processing with an input as a trigger is executed as an example of a user program executed at each node.

  In the example shown in FIG. 2, in the fault tolerant computer system 0101, among the nodes 0111 interconnected via the LAN 0112, the active node 0201 and the embedded node 0202 that performs resynchronization operation from the stopped state Is shown.

  In the operating node 0201, the user program 0211 performs processing with reference to data 0212 (shared memory, file, etc.) and the like. When the resynchronization operation of the embedded node is executed, the processing of the user program 0211 and the like in the operating node 0201 is executed without stopping regardless of the state of the embedded node 0202, and the copy of the data 0212 and the user are performed. The execution status of the program 0211 is notified. When the resynchronization operation of the embedded node is completed, the data 0222 of the embedded node 0202 coincides with the data 0212 of the active node 0201, and the user program 0221 in the embedded node is in the same execution state as the user program 0211 of the active node 0201. .

  As a sequence of processing related to the resynchronization operation of the embedded node 0202, the user program 0211 in the active node 0201 processes the input (0251, 0252, 0253) and outputs (0261, 0262, 0263). return. Here, when the embedded node 0202 is restarted from a state where it has been stopped for software update, hardware update or maintenance, recovery work in the event of an abnormality, etc. (0241), the active node 0201 is set to the embedded node 0202. In order to perform data matching, data 0212 is written to data 0222 (0231). When the embedded node 0202 detects the completion of data matching (0242), it matches the execution state with the user program 0211 in the active node 0201, and resumes the processing of the user program 0221 (0243). Thereafter, similarly to the user program 0211 in the active node 0201, the input (0253) is processed, and the outputs (0272, 0273) are returned. If the processing of the embedded node is normally executed here, the outputs 0272 and 0273 should match the outputs 0262 and 0263 of the active node 0201, respectively.

  FIG. 3 is a diagram showing a module configuration of the node 0111 that configures the fault-tolerant computer system 0101 and executes processing for an external request and the like in an embodiment of the present invention.

  The node 0111 includes a user program 0302 that executes a process for a request from the external system 0103 and returns a response, data 0303 such as a shared memory and a file that the user program reads and writes during the process, and a communication medium 0304 ( (Corresponding to the LAN 0112 in FIG. 1)) and other processes such as communication with other nodes 0111, gateway server 0113, etc., data matching for node resynchronization operation, and matching of user program processing timing. Middleware to perform 0301 is introduced.

  The middleware 0301 refers to / updates the input-driven user program management table 0321 and the input management table 0323 at the time of executing the resynchronization operation of the embedded node, and starts or executes the execution state of the user program that performs the processing using the input as a trigger. An input drive management unit 0311 that performs monitoring and the like, a periodic drive management unit 0312 that refers to and updates a periodic drive type user program management table 0322, and monitors a start or execution state of a user program that performs processing periodically, data An input message transmitted from the external system 0103 or the active node 0201 through the data synchronization processing unit 0313 and the data communication unit 0315 for performing processing such as writing of data of the active node 0201 to the embedded node 0202 for matching. Input message forwarded from Is stored in the input reception buffer 0331 or the transfer reception buffer 0332, the received data management unit 0314 updates the input management table 0323 according to the stored message, and other nodes 0111 and gateway servers 0113 via the communication medium 0304. A data communication unit 0315 that performs communication with the mobile phone is included as a main component.

  Here, when performing data matching between the active node 0201 and the embedded node 0202 by writing data when executing the resynchronization operation of the embedded node, the data synchronization processing unit 0313 in the active node 0201 Data is extracted from the data 0303 in the active node 0201 and transmitted to the embedded node 0202 using the data communication unit 0315. The data synchronization processing unit 0313 in the embedded node 0202 receives the write data transmitted from the active node 0201 using the data communication unit 0315 and writes the data 0303 in the embedded node 0202 with overwriting permitted.

  The input reception buffer 0331 stores the input message 0132 transmitted from the gateway server 0113 and received by the data communication unit 0315 until the user program 0302 uses the input message 0132 as a processing target. In the transfer reception buffer 0332, when the resynchronization activation of the embedded node 0202 is executed, the user program 0302 uses the input message transferred from the active node 0201 and received by the data communication unit 0315 as the processing target. Store until time. An outline of the input drive type user program management table 0321, the periodic drive type user program management table 0322, and the input management table 0323 is shown in FIG.

  FIG. 4 is a diagram showing an outline of a process timing matching method for resynchronization operation between computers, which is performed for the fault tolerant computer system 0101 according to an embodiment of the present invention.

  Here, an outline of the processing flow for matching the processing timing of the user program operating on the embedded node 0202 with the user program operating on the operating node 0201 when performing the resynchronization operation of the embedded node will be described. Show.

  In the active node 0201, the user program 0211 executes the processing (0411, 0412, 0413) using the input message or timer event as a processing start trigger (0401, 0402, 0403), and the data 0212 is processed in the process. Read and write. Here, a processing start trigger (0401, 0402, 0403) is generated for the user program 0211, and each processing (0411, 0412, 0413) is started each time the processing (0411, 0412, 0413) is performed. At this time, processing start notifications (0421, 0422, 0423) are transmitted from the active node 0201 to the embedded node 0202.

In embedded node 0202, that the data match of between the nodes by the data copy from a running node 0201 to the embedded node 0202 is completed, the data for data matching of which is transmitted to the embedded node 0202 from a running node 0201 This is determined by receiving a transmission completion notification 0431. Here, the processing start notification transmitted from the active node 0201 is received, and the next execution timing of the user program 0221 in the embedded node 0202 is calculated in advance by referring to the notification. Details of this method will be described with reference to FIGS. However, the processing of the user program 0221 is actually started at the next execution timing only when data matching is completed when the timing is reached. In the example illustrated in FIG. 4, the next execution timing 0404 calculated with reference to the process start notification 0421 is after the data matching completion data transmission completion notification 0431 is received and the data matching completion is determined. In 0404, the processing 0414 of the user program 0221 is started.

  As a result, even after the embedded node 0202 starts processing of the user program 0221 in synchronization with the operating node 0201, the processing start notification 0423 from the operating node 0201 is received and compared, and the operating node The deviation between the start timing 0403 of the process 0413 in 0201 and the process start timing 0405 of the process 0415 in the embedded node 0202 is measured. If the deviation is large, the deviation is corrected, and the user program 0211 in the active node 0201 is incorporated. It is avoided that the processing timing with the user program 0221 in the node 0202 is shifted again.

  In this way, after the embedded node 0202 is restarted, the processing timing is matched by matching with the active node 0201 (0441). After matching the processing timing, the processing timing once matched between the nodes is obtained. Synchronization is maintained (0442).

  Next, regarding the processing timing matching method for resynchronization operation between computers (node 0111), an outline in the case of targeting a user program that performs processing with an input as a trigger is shown in FIG. FIG. 6 shows an outline in the case of targeting a user program that performs processing.

  FIG. 5 shows a user program for performing processing using an input as a trigger for a processing timing matching method for resynchronization operation between computers, which is performed for a fault tolerant computer system 0101 according to an embodiment of the present invention. It is a figure which shows the outline | summary in the case of implementing for object.

  In the active node 0201, the input message 0511 (serial number # 10, # 11, # 12, # 13) from the external system 0103 passed through the reception buffer 0501 (corresponding to the input reception buffer 0331 in FIG. 3). Each process (0521, 0522, 0523, 0524) of the user program is executed with the trigger (corresponding to the input message 0132 in FIG. 1). In addition, at the timing when each process (0521, 0522, 0523, 0524) starts to be executed, the active node 0201 transmits a process start notification and an input message 0511 that triggers the process to the embedded node 0202. (0541, 0542, 0543).

Each time the embedded node 0202 receives a process start notification and an input message transfer from the active node 0201 (0551, 0552, 0553), a reception buffer 0502 (in FIG. 3) for storing the directly received message of the own node. It is determined whether or not an input message whose serial number matches the input message transferred from the active node 0201 is stored. If data matching is completed at this point (in FIG. 5, when data matching data transmission is completed by data write processing 0561, a data matching data transmission completion notification 0562 is notified), the serial number. Are not stored (input message transfer 0541 and 0542 in FIG. 5), the user program is processed using the input message transferred from the active node 0201 (process 0531 and 0532). When an input message whose serial number matches the input message transferred from the active node 0201 is stored (input message transfer 0543 in FIG. 5), the embedded node 0202 stored in the reception buffer 0502 directly receives it. The user program is processed using the input message 0512 (process 0533). At this time, the embedded node 0202 transmits a transfer stop request 0544 to the active node 0201, and stops the transfer of the input message from the active node 0201. After the transfer is stopped, the user program is processed using the input message directly received by the embedded node 0202 and stored in the reception buffer 0502 (processing 0534).

  When the embedded node 0202 receives the processing start notification and the input message transfer from the active node 0201, if the data matching is not yet completed, the user program is not processed and the next operation is not performed. It waits until it receives a processing start notification and input message transfer from the middle node 0201.

  FIG. 6 shows a user program for periodically executing a process timing matching method for resynchronization operation between computers, which is executed for a fault tolerant computer system 0101 according to an embodiment of the present invention. It is a figure which shows the outline | summary in the case of implementing as an object.

  In the active node 0201, user program processing (0611, 0612, 0613) for each cycle is performed on the periodically occurring timer events (0601, 0602, 0603). In addition, at the timing when each process (0611, 0612, 0613) is started to be executed, a process start notification (0631, 0632, 0633) is transmitted from the active node 0201 to the embedded node 0202.

  When the embedded node 0202 receives the processing start notification (# 11) 0631 from the active node 0201, the embedded node 0202 refers to information such as the cycle time included in the notification and starts the next cycle (# 12) from the reception time of the notification. The time until the start is calculated (0661). During this time, data writing from the active node 0201 to the embedded node 0202 for data matching between the active node 0201 and the embedded node 0202 is performed in parallel (0641).

If the data matching completion data transmission completion notification 0651 has been received from the active node 0201 by the time point until the calculated next cycle (# 12) starts, the processing of the user program is started ( Process (# 12) 0622). If the data matching completion data transmission completion notification 0651 has not been received from the active node 0201, the user program is not processed and the time until the next cycle (# 13) is started is calculated again. Wait until the elapsed time has elapsed.

  After the processing of the user program is resumed by the embedded node 0202, every time a processing start notification (notification (# 13) 0633 in FIG. 6) is received from the active node 0201, the corresponding processing in the embedded node 0202 (in FIG. 6). The difference with the start timing of the process (# 13) 0623) is compared. A correction process is performed every time a timing shift is detected.

  FIG. 7 is a diagram illustrating a configuration of a management table that is configured in the fault tolerant computer system 0101 according to an embodiment of the present invention and that is managed in the node 0111 that executes processing for a request from the outside. FIG. 7A is a diagram showing an input-driven user program management table 0321 that manages the execution state of a user program that performs processing using an input as a trigger. FIG. 7B is a diagram showing an input management table 0323 for managing external input messages received by the node. FIG. 7C is a diagram showing a period-driven user program management table 0322 that manages the execution state of user programs that periodically execute processing.

  As shown in FIG. 7A, the input-driven user program management table 0321 includes a processing target 0711, a status 0712, a message reception source 0713, and an update time 0714 as main components.

  The processing target 0711 stores information related to the latest input message to be processed by the user program that performs processing using an input as a trigger, and a serial number 0741 in which a serial number assigned to the message is stored, and reception of the message And reception time 0742 in which the time is stored. The status 0712 stores the execution state of the user program executed for the latest input message corresponding to the content stored in the processing target 0711. The status values stored here include “waiting”, “processing”, “processing completed”, and the like. The message reception source 0713 stores information on the reception source node that directly received the latest input message corresponding to the content stored in the processing target 0711. What is stored here is either “active node” or “built-in node”. The update time 0714 stores the latest update time of each row of this table. Each item of the input-driven user program management table 0321 is updated every time an input message is received by the embedded node and each time a process is executed on the message.

  As shown in FIG. 7B, the input management table 0323 includes a node 0721, a serial number 0722, and a reception time 0723 as main components.

  Node 0721 stores information of a node that directly receives an input message. Two items, “active node” and “built-in node”, are stored here. The serial number 0722 stores the serial number assigned to the input message received by the active node or the embedded node. The reception time 0723 stores the reception time of the input message received by the active node or the embedded node. Each item of the input management table 0323 is updated every time the embedded node receives the input message transferred from the active node and every time the input message is directly received by the embedded node.

  As shown in FIG. 7C, the periodic drive type user program management table 0322 includes a user program name 0731, a period counter 0732, a period interval 0733, a standby time 0734, and a status 0735 as main components.

  The user program name 0731 stores the name of a user program that performs processing periodically. The cycle counter 0732 stores a cycle counter that is a serial number that is added and given each time a timer event occurs with respect to the user program corresponding to the name stored in the user program name 0731. The period interval 0733 stores a time interval at which a timer event for performing processing is generated for the user program corresponding to the name stored in the user program name 0731. In the waiting time 0734, a waiting time until the start of the next cycle is stored after the processing related to the user program corresponding to the name stored in the user program name 0731 is stored. The status 0735 stores the execution state of the user program corresponding to the name stored in the user program name 0731. The status values stored here include “waiting”, “processing”, “processing completed”, and the like. Each item of the periodic drive type user program management table 0322 is updated every time a timer event occurs in the embedded node, and every time a process is executed and terminated for the timer event.

  FIG. 8 shows the operation of the fault-tolerant computer system 0101 according to the embodiment of the present invention when the resynchronization operation of a node that has been stopped for software update, hardware update or failure recovery, maintenance, etc. is performed. It is a flowchart which shows the flow of a process in an active node at the time of performing matching of a process timing between a middle node and an embedded node.

  Here, FIG. 8A shows the active node 0201 when the processing timing is matched between the active node 0201 and the embedded node 0202 for the user program that executes the process using the input as a trigger. It is a flowchart which shows the flow of the process in. FIG. 8B shows the flow of processing in the active node 0201 when matching the processing timing between the active node 0201 and the embedded node 0202 for a user program that periodically executes processing. It is a flowchart which shows.

  As shown in FIG. 8A, when the process is performed using an input as a trigger, first, the restart of the embedded node 0202 is detected (0811). This detection process is, for example, a process in which the active node 0201 receives a notification of restart of the embedded node from the master node that directly detects the restart of the embedded node 0202, or receives an inquiry from the embedded node 0202. by. Next, an input message from an external system is received (0812), and a process start notification for the input message is sent to the embedded node 0202 and the input message data is transferred (0813). Then, the input message is delivered to the user program in the own node (active node 0201) (0814), and the process by the user program for the input message is executed (0815). Thereafter, it is determined whether or not a transfer stop request notification from the embedded node 0202 has been received (0816). If a transfer stop request notification from the embedded node 0202 has not been received (0816; NO), steps 0812 to 0815 are performed. Repeat the process. If a transfer stop request notification from the embedded node is received in step 0816 (0816; YES), the process ends.

  Further, as shown in FIG. 8B, when processing is periodically performed, first, occurrence of a timer event in the active node 0201 is detected (0821). Here, a timer event is an event that is monitored by using a timer or the like of an OS installed in a node for a specified period or time, and occurs at a specified time or at a specified time. . Next, a notification of periodic processing start is transmitted to the embedded node 0202 (0822). Then, the processing of the user program in the own node (active node 0201) in this cycle is executed (0823). Thereafter, the processing from steps 0821 to 0823 is repeated.

  FIG. 9 is a diagram showing an example of input when the resynchronization operation of a node that has been stopped for software update, hardware update or failure recovery, maintenance, etc. in the fault tolerant computer system 0101 according to an embodiment of the present invention. 11 is a flowchart showing the flow of processing in the embedded node 0202 when the processing timing is matched between the active node 0201 and the embedded node 0202 for a user program that executes processing using the above as a trigger.

First, a process start notification and a transferred input message are received from the active node 0201 (0901). Next, with reference to the transfer message received in step 0901, the item of the active node in the input management table 0323 managed by the embedded node 0202 is updated (0902). Thereafter, it is determined whether or not a data matching completion data transmission notification has been received from the active node 0201 (0903). If the data matching data transmission completion notification has not been received (0903; NO), the processing is performed. finish. On the other hand, if the data matching completion data transmission notification from the active node 0201 has already been received in Step 0903 (0903; YES), the item of the active node in the input management table 0323 managed by the embedded node 0202 And the item related to the own node (embedded node) (0904). As a result, the serial number of the transfer message from the active node 0201 is directly received by the built-in node 0202 and the message stored in the reception buffer 0502 is stored. When it is smaller than the serial number of the oldest message (0905; YES), the transfer message from the active node 0201 received in step 0901 is delivered to the user program of the own node (embedded node 0202) (0906). Then, the user program is executed with respect to the message delivered in step 0906 (0907). Thereafter, the processing from steps 0901 to 0907 is repeated. On the other hand, when the serial number of the transfer message from the active node 0201 is the same as the serial number of one of the messages received directly by the embedded node 0202 and stored in the reception buffer 0502 in step 0905 (0905; NO), the corresponding serial number among the messages directly received by the embedded node 0202 and stored in the reception buffer 0502 is delivered to the user program of the own node (embedded node 0202) (0908). Then, the user program is executed for the message delivered in Step 0908 (0909), a message transfer stop request notification 0544 is transmitted to the active node 0201 (0910), and the process is terminated.

  FIG. 10 is a schematic diagram of a fault-tolerant computer system according to an embodiment of the present invention when a node that has been stopped for software update, hardware update or failure recovery, maintenance, etc. is re-synchronized. 10 is a flowchart showing the flow of processing in the embedded node 0202 when the processing timing is matched between the active node 0201 and the embedded node 0202 for the user program that executes the process in FIG.

First, a process start notification is received from the active node 0201 (1001). Next, with reference to the information about the period included in the process start notification received in step 1001, the time from the reception of the notification to the start of the next period is calculated (1002). Here, the time until the start of the next cycle is determined based on the interval between the active node 0201 and the embedded node 0202 based on one of the cycle intervals included in the processing start notification from the active node 0201 received in Step 1002. It is calculated by subtracting the communication time between. Thereafter, the items of the cycle counter, cycle interval, and standby time for the corresponding user program in the cycle drive type user program management table 0322 are updated (1003), and the remaining time until the start of the next cycle is calculated based on the result of step 1002. Measure (1004). When data update occurs in the active node 0201, the difference data resulting from the data update is written to the embedded node 0202 (1005). At this time, if the result of step 1004 indicates that the time until the next cycle has not elapsed (1006; NO), the processing of steps 1004 and 1005 is repeated. Further, in step 1006, when the time until the start of the next cycle has passed as a result of step 1004 (1006; YES), it is determined whether or not the data matching data transmission completion notification has been received from the active node 0201 ( 1007) If the data matching completion data transmission notification has not been received (1007; NO), the processing from steps 1001 to 1006 is repeated. On the other hand, in step 1007, when the data matching completion data transmission notification from the active node 0201 has been received (1007; YES), the processing of the user program in the own node (embedded node 0202) is started (1008). . Then, the items of the cycle counter, cycle interval, standby time, and status relating to the user program started in step 1008 in the cycle-driven user program management table 0322 are updated (1009). Then, a process start notification is received from the active node 0201 (1010). This notification is a notification transmitted from the active node 0201 next to the processing start notification received in step 1001 and should correspond to the periodic processing of the user program started in step 1008. Thereafter, the value of the periodic counter of the periodic processing of the user program started in step 1008 is compared with the value of the periodic counter included in the processing start notification received from the active node 0201 received in step 1010 (1011). If they match (1011; YES), the process is terminated. On the other hand, in step 1011, the value of the period counter of the periodic process of the user program started in step 1008 does not match the value of the period counter included in the process start notification received from the active node 0201 received in step 1010. In the case (1011; NO), the user program started in step 1008 is forcibly terminated, the data in the embedded node 0202 is returned to the state before the user program started processing in step 1008 (1012), and thereafter , Steps 1002 to 1011 are repeated.

  FIG. 11 is a block diagram of a fault-tolerant computer system 0101 according to an embodiment of the present invention, after performing resynchronization operation of a node that has been stopped for software update, hardware update or failure recovery, maintenance, and the like. 10 is a flowchart showing the flow of processing in the embedded node 0202 for maintaining the processing timing matched between the active node 0201 and the embedded node 0202 for the user program that executes the process in FIG.

  First, a process start notification is received from the active node 0201 (1101). Next, the period counter extracted from the notification received in step 1101 is referred to (1102). Then, it is determined whether or not the processing of the cycle corresponding to the cycle counter referred to in step 1102 has been started in the embedded node 0202 (1103). If the processing has been started (1103; NO), the processing from step 1101 is performed. Return to. On the other hand, in step 1103, when the processing of the cycle corresponding to the cycle counter referred to in step 1102 has not started in the embedded node 0202 (1103; YES), the processing of the cycle corresponding to this cycle counter is started. Wait (1104). When the process corresponding to the period counter is started (1104; YES), the delay time until the start of the period is calculated (1105). Here, the delay time is the difference time from the time when the processing start notification is received from the active node 0201 in step 1101 to the time when the processing of the corresponding cycle is started in step 1104, and the active node 0201 and Calculated as the sum of the communication time between the embedded nodes 0202. Then, after completion of the processing of the cycle, the waiting time from the end of processing of the cycle to the start of the next cycle is corrected based on the delay time calculated in step 1105 (1106). Here, the correction of the waiting time is performed by subtracting the delay time calculated in step 1105 from the original waiting time (calculated by subtracting the actual processing time in the cycle from the cycle interval of the user program).

  FIG. 12 shows that the processing timing coincides between the active node 0201 and the embedded node among the nodes constituting the fault-tolerant computer system in the embodiment of the present invention when the embedded node is resynchronized. It is a figure which shows the format of the message transmitted / received in order to carry out.

  FIG. 12 (A) is transmitted from the active node 0201 to the embedded node 0202. Regarding the user program that performs processing using the input as a trigger, the processing start notification and the input that triggers the user program processing start. A message format 1201 including message data is shown.

  This message format 1201 includes header information 1211, identification information 1212, serial number 1213, reception time 1214, status 1215, and input data 1216 as main components.

The header information 1211 stores information related to the message protocol and the like. The identification information 1212 stores identification information indicating that this message is a processing start notification related to a user program that performs processing using an input as a trigger from the active node 0201. The serial number 1213 stores the serial number assigned to the input message that is directly received by the active node 0201 and transferred to the embedded node 0202. The reception time 1214 stores the time when the active node 0201 directly receives the input message. The status 1215 stores the execution state of the processing for the input message in the active node 0201. Since this notification is transmitted when processing by the user program is started in the active node 0201, the status 1215 normally stores a value indicating “in execution”. The input data 1216 stores the data body of the input message that is directly received by the active node 0201 and transferred to the embedded node 0202.

  FIG. 12B shows a message format 1202 of a process start notification regarding a user program which is transmitted from the active node 0201 to the embedded node 0202 and periodically executes the process.

  This message format 1202 includes header information 1221, identification information 1222, UP name 1223, period counter 1224, and period interval 1225 as main components.

  The header information 1221 stores information related to the message protocol and the like. The identification information 1222 stores identification information indicating that this message is a processing start notification from the active node 0201 regarding a user program that periodically performs processing. The UP name 1223 stores the name of the user program that executes the processing periodically. The period counter 1224 stores a period counter that is a serial number that is added every time a timer event of the user program corresponding to the name stored in the UP name 1223 occurs. The period interval 1225 stores a time interval at which a timer event for executing the processing of the user program corresponding to the name stored in the UP name 1223 occurs.

FIG. 12C shows a data matching completion data transmission notification sent from the active node 0201 to the embedded node 0202, or a transfer stop request notification sent from the embedded node 0202 to the active node 0201. A message format 1203 is shown.

  This message format 1203 includes header information 1231 and identification information 1232 as main components.

  The header information 1231 stores information related to the message protocol and the like. In the identification information 1232, identification information indicating that this message is a data matching completion notification or a transfer stop request notification from the active node 0201 is stored.

  As mentioned above, although embodiment of this invention was described concretely based on the embodiment, it is not limited to this and can be variously changed in the range which does not deviate from the summary. For this reason, the said embodiment is only a mere illustration in all points, and is not interpreted limitedly. For example, the above-mentioned processing steps can be executed in any order or in parallel as long as the processing contents do not contradict each other.

1 is a diagram showing an overview of a fault tolerant computer system according to an embodiment of the present invention. FIG. FIG. 2 is a diagram illustrating an outline of resynchronization operation of a node that configures a fault-tolerant computer system and executes processing for a request from the outside, and a sequence diagram illustrating a flow of related processing in an embodiment of the present invention. is there. It is a figure which shows the module structure of the node which comprises the fault tolerant computer system in one Embodiment of this invention, and performs the process with respect to the request | requirement from the outside. It is a figure which shows the outline | summary of the processing timing matching method for the resynchronization operation | movement between computers implemented with respect to the fault tolerant computer system by one Embodiment of this invention. A processing timing matching method for resynchronization operation between computers, which is performed for a fault tolerant computer system according to an embodiment of the present invention, is performed for a user program that performs processing using an input as a trigger. It is a figure which shows the outline | summary in the case. In the case where the processing timing matching method for resynchronization operation between computers, which is executed for a fault-tolerant computer system according to an embodiment of the present invention, is executed for a user program that performs processing periodically It is a figure which shows the outline | summary. It is a figure which shows the structure of the management table which comprises the fault tolerant computer system 0101 in one Embodiment of this invention, and is managed in the node 0111 which performs the process with respect to the request | requirement from the outside. In a fault-tolerant computer system according to an embodiment of the present invention, when executing resynchronization operation of a node that has been stopped for software update, hardware update or failure recovery, maintenance, etc., an active node and an embedded node 5 is a flowchart showing a flow of processing in an active node when matching processing timings between the nodes and. In a fault-tolerant computer system according to an embodiment of the present invention, processing is triggered by an input when performing resynchronization operation of a node that has been stopped for software update, hardware update or failure recovery, maintenance, etc. It is a flowchart which shows the flow of a process in an embedded node at the time of performing matching of a process timing between an active node and an embedded node for the user program to implement. In a fault-tolerant computer system according to an embodiment of the present invention, processing is periodically performed at the time of resynchronization operation of a node that has been stopped for software update, hardware update or failure recovery, maintenance, etc. It is a flowchart which shows the flow of a process in a built-in node at the time of performing matching of a process timing between an active node and a built-in node for the user program to do. In a fault-tolerant computer system according to an embodiment of the present invention, processing is periodically performed after re-synchronization operation of a node that has been stopped for software update, hardware update or failure recovery, maintenance, etc. It is a flowchart which shows the flow of the process in an embedded node for maintaining the process timing matched between the active node and the embedded node for the user program. In the embodiment of the present invention, among the nodes constituting the fault tolerant computer system, in order to make the processing timings coincide between the active node and the embedded node when performing the resynchronization operation of the embedded node. It is a figure which shows the format of the message transmitted / received.

Explanation of symbols

0101 Fault tolerant computer system 0102 Wide area network 0103 External system 0111 node (0201 working node)
(0202 embedded node)
0112, 0304 Network (LAN, communication medium)
0131 Gateway server 0121 Processing device 0122 Storage device 0123 Communication device 0211, 0221, 0302 User program 0212, 0222, 0303 Data 0301 Middleware 0311 Input drive management unit 0312 Periodic drive management unit 0313 Data synchronization processing unit 0314 Received data management unit 0315 Data communication Unit 0321 Input-driven user program management table 0322 Periodic-driven user program management table 0323 Input management table 0331 Input reception buffer 0332 Transfer reception buffer 0421, 0422, 0423 Processing start notification (0541, 0542, 0543 Transfer of input message)
(0631, 0632, 0633 Periodic processing start notification)
0431, 0562, 0651 Data matching completion data transmission notification 0544 Transfer stop request notification

Claims (14)

A fault tolerant computer system comprising a plurality of nodes connected to each other via a network, wherein the same processing is independently executed in parallel in each node of the plurality of nodes,
Each of the nodes
An active node in the system (hereinafter referred to as “active node”) is in a state where processing is continued without stopping, and a node restarted from a stopped state (hereinafter referred to as “built-in node”) is defined as an active node. A drive management unit that performs resynchronization operation processing that is re-integrated into the system in accordance with the processing timing between,
A data synchronization processing unit that performs data matching processing for matching the state of the node including the data contents between the operating node and the embedded node,
The drive management unit
If the node is an active node, it will notify the embedded node of the process start every time it starts executing the user program process.
If the node is a built-in node, a data transmission completion notification for data matching from the working node to the built-in node is received from the working node, and after receiving the completion notice, the built-in node A fault tolerant computer system characterized in that, when a processing start notification is received from a middle node, the processing of the user program is started with reference to the processing start notification received from the active node by the embedded node. If the node is a built-in node,
Calculate the next execution timing of the user program by referring to the processing start notification of the user program received from the active node,
When the data matching completion data transmission notification from the operating node to the embedded node is received from the operating node, the processing of the user program is started at the next execution timing after the completion notification. The fault tolerant computer system according to claim 1. The drive management unit
For a user program that performs processing with an input as a trigger, including an input drive management unit that performs the resynchronization activation processing,
The input drive manager is
When a node is an active node, each time it receives input at the node and starts processing of the user program, it notifies the embedded node of the start of processing and transfers the input,
When the node is an embedded node, the processing of the user program is performed using the input transferred from the active node or the input directly received by the embedded node. Or the fault tolerant computer system according to 2; The input drive manager is
When the node is a built-in node, when the built-in node receives a process start notification from the active node and the transferred input or when the input corresponding to the input transferred from the active node is directly received, When the data matching processing between the active node and the embedded node by the data synchronization processing unit is not completed, the processing of the user program is not performed and the process waits for the next processing start timing. The fault tolerant computer system according to claim 3. The input drive manager is
When the node is a built-in node, it is determined whether or not the input corresponding to the input received from the active node is directly received by the built-in node. The fault tolerant computer system according to claim 3 or 4, wherein a user program is processed using the input transferred from a middle node. When the node is a built-in node, it is determined whether or not the input corresponding to the input received from the active node is directly received by the built-in node. 6. The user program is requested to stop transfer of input to the middle node, and the processing of the user program is executed using the input directly received by the embedded node. The fault tolerant computer system as described in any one of Claims. The fault tolerant computer system is:
A gateway connected to the network and connected to an external system via a network different from the network;
The gateway is
The input received from the external system is transferred to the plurality of nodes, the processing result of the plurality of nodes simultaneously executed in parallel is received and compared, and the output obtained as a result of the comparison operation The fault-tolerant computer system according to any one of claims 1 to 6, wherein a fault response is returned to the external system as a response. The drive management unit
For a user program that periodically performs processing, including a periodic drive management unit that performs the resynchronization activation processing,
The periodic drive management unit includes:
When the node is an active node, every time a timer event occurs and user program processing is started, a processing start notification is sent to the embedded node,
If the node is a built-in node, refer to the process start notification received from the active node, calculate the process start timing in the next cycle from the current time of the user program at the built-in node, and calculate the next cycle The processing of the user program is started in the embedded node when the data matching processing between the active node and the embedded node is completed when the processing start timing of the above is reached. The fault tolerant computer system according to any one of 1 to 7. The periodic drive management unit includes:
If the node is a built-in node, measure the difference in processing start timing between the active node and the built-in node after starting the user program process in the resynchronization activation process, and if the difference is greater than a predetermined value The fault tolerant computer system according to claim 8, wherein the processing start timing is synchronized by correcting the processing timing in the embedded node. The periodic drive management unit includes:
When the node is an embedded node, when the processing start timing of the next cycle calculated by referring to the process start notification received from the operating node is reached, the data synchronization processing unit determines whether the node is in operation 10. The fault tolerant computer system according to claim 8, wherein when the data matching process is not completed, the user program process is not performed and the process waits until the process start timing of the next cycle. . The periodic drive management unit includes:
When the node is an embedded node, the process start notification received from the active node is referred to, and the period information included in the notification and the transmission time of the notification are used to perform processing in the next period of the user program in the embedded node. The fault-tolerant computer system according to any one of claims 8 to 10, wherein a start timing is calculated. 2. Description of the Related Art In a fault tolerant computer system comprising a plurality of nodes connected to each other via a network and executing the same processing independently in parallel in each node of the plurality of nodes, an active node (hereinafter referred to as “active node”) in the system )) Without stopping and continuing the process, re-install the node restarted from the stopped state (hereinafter referred to as “embedded node”) into the system at the same processing timing as the operating node. It is a method for performing the resynchronization operation processing,
A step of notifying the embedded node of the start of processing each time the operating node starts executing the processing of the user program;
The embedded node receives a data matching completion notification for data matching from the active node to the embedded node from the active node, and the embedded node receives a process start notification from the active node after receiving the completion notification. And a step of starting processing of the user program with reference to the processing start notification received from the active node when receiving the process.   A program for causing each node of the fault-tolerant computer system to execute the resynchronization activation processing method for a fault-tolerant computer system according to claim 12. A fault tolerant computer system comprising a plurality of nodes connected to each other via a network and executing the same processing in each node of the plurality of nodes,
Each of the nodes
A drive management unit that incorporates a node to be incorporated into the system (hereinafter referred to as an “embedded node”) into the system at the same processing timing as a node operating in the system (hereinafter referred to as an “active node”); ,
A data synchronization processing unit that associates the state of the node including the data contents between the operating node and the embedded node,
The drive management unit
When the own node is an active node, every time the process of the own node is started, the process start is notified to the embedded node.
If the own node is a built-in node, it receives a data matching completion notification from the working node to the built-in node from the working node, and after receiving the completion notice, the built-in node A fault tolerant computer system characterized in that, when a process start notification is received from an operating node, the embedded node refers to the process start notification received from the operating node and starts processing of the own node.

Images