Fencing protects your data from being corrupted by malfunctioning nodes or unintentional concurrent access to shared resources.

Fencing protects against the "split brain" failure scenario, where cluster nodes have lost the ability to reliably communicate with each other but are still able to run resources. If the cluster just assumed that uncommunicative nodes were down, then multiple instances of a resource could be started on different nodes.

The effect of split brain depends on the resource type. For example, an IP address brought up on two hosts on a network will cause packets to randomly be sent to one or the other host, rendering the IP useless. For a database or clustered file system, the effect could be much more severe, causing data corruption or divergence.

Fencing also is used when a resource cannot otherwise be stopped. If a failed resource fails to stop, it cannot be recovered elsewhere. Fencing the resource’s node is the only way to ensure the resource is recoverable.

Users may also configure the on-fail property of any resource operation to fencing, in which case the cluster will fence the resource’s node if the operation fails.