Fencing (computing)

Fencing may thus either disable the node, or disallow shared storage access, thus ensuring data integrity.

If the backup crosses the fence and, for example, tries to control the same disk array as the primary, a data hazard may occur.

[3] Fencing is required because it is impossible to distinguish between a real failure and a temporary hang.

If the malfunctioning node is really down, then it cannot do any damage, so theoretically no action would be required (it could simply be brought back into the cluster with the usual join process).

There are two classes of fencing methods, one which disables a node itself, the other disallows access to resources such as shared disks.

Multi-node error-prone contention in a cluster can have catastrophic results, such as if both nodes try writing to a shared storage resource.

Single node systems use a comparable mechanism called a watchdog timer.

An NEC Nehalem cluster