A Fault Management Protocol for TTP/C

A new fault management protocol that makes use of native fault tolerant features of TTP/C has been developed. It can tolerate multiple nodes failures no matter how close in time and in minimum time. The time it takes to detect a node failure and to reconfigure the system is minimum and it is fixed by the TTP/C protocol. The protocol tolerates that several nodes, including the active management node, may fail at the same time and let the spare nodes reconfigure themselves in order to substitute the failed nodes. The protocol permits that a replicate node can belong to several FTUs at the same time. This allows a higher level of dependability of the system keeping the same number of replicated nodes. Because all nodes of the system have to send a message at least once during a cluster cycle, the active management node knows the state (active, failed) of each node (regular application nodes, backup management nodes and spare application nodes).