SlideShare une entreprise Scribd logo

The NFS Version 4 Protocol

Kelum Senanayake
Kelum Senanayake

The Network File System (NFS) Version 4 is a distributed file system similar to previous versions of NFS in its straightforward design, simplified error recovery, and independence of transport protocols and operating systems for file access in a heterogeneous network. NFS, was developed by Sun Microsystems to provide distributed transparent file access in a heterogeneous network. It achieves this by being relatively simple in design and not relying too heavily on any particular file system model. This presentation is based on the paper of “The NFS Version 4 Protocol” written by Brian Pawlowski, Spencer Shepler, Carl Beame, Brent Callaghan, Michael Eisler, David Noveck, David Robinson and Robert Thurlow.

FormationTechnologie
1  sur  38
Télécharger pour lire hors ligne
The NFS Version 4 Protocol By :- Kelum Senanayake [Based on the paper of “The NFS Version 4 Protocol”, Brian Pawlowski, Spencer Shepler, Carl Beame, Brent Callaghan, Michael Eisler, David Noveck, David Robinson, Robert Thurlow]
What is NFS 4  The Network File System (more commonly known as NFS) is a distributed file system that may be accessed via a network connection.  NFS Version 4 is similar to previous versions of NFS in its straightforward design, simplified error recovery, and independence of transport protocols and operating systems for file access in a heterogeneous network.  NFS, was developed by Sun Microsystems together with Internet Engineering Task Force (IETF).  IETF develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standards bodies.
The IETF process and NFS 1998 Sun/IETF Agreement BOF, working group forms Strawman Proposal from Sun Meetings, writing, e-mail 1999 Prototyping by 5 organizations Working Group Draft Additional prototyping Six working group drafts Working Group Last Call 2000 IETF Last Call IESG Review Assign RFC number 2001 Proposed Standard RFC 3010 2002 Proposed Standard RFC 3530 Two independent implementations 6+ months Draft Standard Internet Standard apotheosis
Requirements for NFS Version 4  Improved access and good performance on the Internet  Strong security, with security negotiation built into the protocol  Enhanced cross-platform interoperability  Extensibility of the protocol  Improvements in locking and performance for narrow data sharing applications
Overview  The NFS Version 4 protocol is stateful.  NFS is built on top of the ONC Remote Procedure Protocol.  Also uses XDR. ◦ The External Data Representation (XDR) enables heterogeneous operation by defining a canonical data encoding over the wire.
Basic NFS Architecture XDR Protocol RPC Protocol
Structural Changes  Elimination of ancillary protocols. ◦ Mount protocol, Network Lock Manager protocol. ◦ NFS 4 is a single protocol that uses a well-defined port with the use of initialized filehandles and fully integrated Locking in to the protocol.  The introduction of a COMPOUND RPC procedure ◦ Allows the client to group traditional file operations into a single request to send to the server. ◦ Reduce network round trip latency for related operations, which can be costly over a WAN  NFS 3 was designed to be easy to implement given an NFS 2 implementation. NFS 4 did not have that requirement.
Structural Changes… contd  Introduction of the stateful operations OPEN and CLOSE  The regular file CREATE procedure is replaced by the OPEN operation (with a create bit set) in NFS 4. ◦ The CREATE operation in NFS 4 is used only to create special file objects such as symbolic links, directories, and special device nodes. ◦ CREATE and REMOVE in NFS Version 4 subsumes the MKDIR and RMDIR directory functionality of prior versions of NFS.  A LOOKUP is very simple. ◦ Only sets the current filehandle to point at the file object resolved. ◦ Attributes can be obtained with a subsequent GETATTR operation in the same COMPOUND procedure.
Structural Changes… contd  Does not assign special semantics to the directory entries “.” and “..” ◦ Client should explicitly use the LOOKUPP operation.  The NFS 3 directory scanning operation READDIRPLUS procedure was dropped. ◦ Now supported by the READDIR operation.
NFS Protocol Stack NFSv4 (RFC3530) KerberosV5 (RFC1510) SPKM-3 LIPKEY (RFC2847) RPC (RFC1831) RPCSEC_GSS (RFC2203) XDR (RFC1832) TCP*
File system model  A file system is an implementation of a single file name space containing files, and provides the basis for administration and space allocation.  file system identifier, or fsid, which is a 128-bit per-server unique identifier.  A file is a single named object consisting of data and attributes, residing in a file system.  A regular file is a simple byte stream – not a directory, symbolic link or special (device) file.  A filehandle uniquely identifies a file on a server.
Exporting file systems  The export operation makes available only those file systems, or portions of file systems, desired to be shared with clients.  In all versions of NFS, a server contains one or more file systems that are exported to clients.  In NFS 4, a server presents a single seamless view of all the exported file systems to a client.  The client can notice file system transitions on the server by observing that the fsid changes.  The name space describes the set of available files arranged in a hierarchy.
Pseudo-file systems Server Local FS Pseudo FS / / A C A B C D F D E F I G H I
The COMPOUND procedure  RPC call defines a single request-response transaction between the client and server.  But client may actually be required to transmit a series of related requests.  The COMPOUND procedure groups multiple related operations into a single RPC packet.  The RPC response to a COMPOUND procedure contains the replies to all the operations.  Evaluation of the operations stops on first error.  It may be unwise to attempt grouping unrelated operations into a single COMPOUND procedure.
Properties of the COMPOUND procedure  The set of operations in a COMPOUND procedure is not atomic.  Error handling is simple on the server.  Most operations do not explicitly have a filehandle as an argument or result. ◦ The server maintains a single filehandle, the current filehandle, as the argument.
Communication Compound procedures NFS v3 NFS v4
Important data structures  Filehandles  Client ID  State ID
Filehandles  A filehandle, is a per server unique identifier for a file system object.  Filehandles that are equal refer to the same file system object. ◦ But no assumptions can be made by the client if the filehandles differ.  The current filehandle is used by subsequent operations in a single COMPOUND procedure. ◦ GETFH operation to fetch the current filehandle.
Client ID  A client first contacts the server using the SETCLIENTID operation with a verifier.  A verifier is a unique, non-repeating 64-bit object. ◦ Generated by the client.  The server will return a 64-bit clientid. ◦ The clientid is unique. ◦ Will not conflict with those previously granted. ◦ Even across server reboots.  The clientid is used in client recovery of locking state following a server reboot.  After a client reboot, the client will need to get a new clientid
State ID  A stateid is a unique 64-bit object that defines the locking state of a specific file.  Client requests a lock with clientID and a unique-per- client lock owner identification.  Server returns a unique 64-bit object, the stateid.  Client uses this in subsequent operations as a shorthand notation to the lock owner information.
Locking  NFS 4 locking is similar to the Network Lock Manager (NLM) protocol.  NLM is used with NFS Versions 2 and 3.  Locking is tightly coupled to the NFS 4 protocol. ◦ Better support different operating system semantics and error recovery.
Drawbacks of NLM  A major failing was the detection and recovery of error conditions.  The design assumed that the underlying transport was reliable and preserved order.  But an unreliable network easily resulted in orphan locks on the server.  If a client crashed and never recovered, ◦ Locks could be permanently abandoned ◦ Prevents any other client from ever acquiring the lock.
Leases  The key change in NFS 4 locking is the introduction of leases for lock management.  A lease is a time-bounded grant of control of the state of a file, through a lock, from the server to the client.  A lock granted by the server will remain valid for a fixed interval. ◦ Time interval can be renewal by the client.  Client is responsible for contacting the server to refresh the lease to maintain the lock. ◦ Client failure vs Server failure.  A client exists in two states: either all the locks held from a given server are correct or all are lost. ◦ Eliminates another drawback of a lease-based protocol
Mandatory locking & Share reservations  Mandatory locking - the ability to block I/O operations by other applications on a file that contains a lock.  Share reservation - grants a client access to open a file and the ability to deny other clients open access to the same file.
Sequence IDs  The most problematic part of network locking is dealing with lock requests that arrive out of order or are replayed.  NFS 4 adds to every lock and unlock operation a monotonically increasing sequence number.  Server maintains for each lock owner the last sequence number and the response sent. ◦ Earlier sequence number. ◦ Last sequence number. ◦ Sequence number beyond the next sequence number.
Security Model  NFS relies on the underlying security model of RPC for its security services.  In the area of security, NFS Version 4 improves over NFS Versions 2 and 3 by ◦ Mandating the use of strong RPC security flavors that depend on cryptography. ◦ Negotiating the security used via a system that is both secure and in-band. ◦ Using character strings instead of integers to represent user and group identifiers. ◦ Supporting access control that is compatible with UNIX and Windows. ◦ Removing the Mount protocol.
GSS-API framework  Generic Security Services API ◦ Several security flavors  NFS is based on RPC and a security flavor based GSS- API called RPCSEC_GSS.  RPCSEC_GSS differs from other traditional flavors in two ways ◦ RPCSEC_GSS does more than authentication such as performing integrity checksums and encryption of the entire body of the RPC request and response. ◦ RPCSEC_GSS simply encapsulates the GSS-API messaging tokens – Adding new security mechanisms (as long as they conform to GSS-API) does not require significant re-writing.
Mandated strong security  All versions of NFS are capable of using RPCSEC_GSS.  NFS 4 implementations must implement security based on Kerberos Version 5 and LIPKEY
Kerberos versus LIPKEY  Kerberos has been used on other distributed file systems. ◦ Andrew File System ◦ Open Software Foundation's Distributed File System ◦ Microsoft's CIFS  Kerberos is an excellent choice for enterprises and work groups operating within an Intranet. ◦ Provides centralized control. ◦ Single sign on to the network.  Kerberos does not work well on the Internet.
Kerberos versus LIPKEY… contd  NFS Version 4 is also designed to work outside of intranets on the global Internet.  LIPKEY - Low Infrastructure Public Key  LIPKEY uses a symmetric key cipher and server-side public key certificates.  The LIPKEY system provides an SSL-like model and equivalent security for use on the Internet.  The LIPKEY user experience is similar to that of HTTP over the Secure Sockets Layer (SSL).
Why not SSL?  NFS Version 4 does not use SSL.  SSL does not work over connectionless protocols like UDP.  RPC has its own security architecture ◦ It is unclear how to cleanly merge SSL and RPC security.
NFS v4 Secure RPC
Migration and replication  NFS Version 4 has added features to support file system migration and replication.  A file system can migrate to a new server. ◦ Clients are notified of the change by means of a special error code.  A client is informed of the new location by means of the fs_locations file attribute.
Modifications for use on the Internet  Requiring TCP as a transport.  Defining COMPOUND operation to reduce roundtrip latency  Defining a global user identifier name space  Mandating strong security based on a public key scheme  Enabling operation through firewalls
Firewall friendly Port 111 PORTMAP } Dynamic MOUNT Port 2049 Port 2049 NFSv2/v3 Dynamic NFSv4 LOCK/NLM TCP Dynamic STATUS Dynamic ACL*
Future Works  Enhanced “Sessions” based NFS (correctness)  CCM - session-based security for IPsec  Migration/replication completion ◦ Core protocol defines client/server failover behaviour ◦ Definition of the server-server file system movement ◦ Transparent reconfiguration from client viewpoint  Proxy NFS file services (NFS caches)  Uniform global name space ◦ Features exist in the core protocol to support this  Support for multi-realm security
Reference  [1] B. Pawlowski, S. Shepler, C. Beame, B. Callaghan, M. Eisler, D. Noveck, D. Robinson, and R. Thurlow. “The NFS Version 4 Protocol”. In Proceedings of the 2nd International System Administration and Networking Conference (SANE2000), page94, Maastricht, The Netherlands, May 2000.
The NFS Version 4 Protocol

Recommandé

dynamic host configuration protocol
dynamic host configuration protocoldynamic host configuration protocol
dynamic host configuration protocol
kinish kumar
 
Nfs
NfsNfs
Nfs
tmavroidis
 
Windows server
Windows serverWindows server
Windows server
Hideo Amezawa
 
Server configuration
Server configurationServer configuration
Server configuration
Aisha Talat
 
Configuration DHCP
Configuration DHCPConfiguration DHCP
Configuration DHCP
Tan Huynh Cong
 
Introduction 2 linux
Introduction 2 linuxIntroduction 2 linux
Introduction 2 linux
Papu Kumar
 
Samba server configuration
Samba server configurationSamba server configuration
Samba server configuration
Rohit Phulsunge
 
Dhcp presentation
Dhcp presentationDhcp presentation
Dhcp presentation
Saqib Malik
 

Recommandé

dynamic host configuration protocol
dynamic host configuration protocoldynamic host configuration protocol
dynamic host configuration protocol
kinish kumar
 
Nfs
NfsNfs
Nfs
tmavroidis
 
Windows server
Windows serverWindows server
Windows server
Hideo Amezawa
 
Server configuration
Server configurationServer configuration
Server configuration
Aisha Talat
 
Configuration DHCP
Configuration DHCPConfiguration DHCP
Configuration DHCP
Tan Huynh Cong
 
Introduction 2 linux
Introduction 2 linuxIntroduction 2 linux
Introduction 2 linux
Papu Kumar
 
Samba server configuration
Samba server configurationSamba server configuration
Samba server configuration
Rohit Phulsunge
 
Dhcp presentation
Dhcp presentationDhcp presentation
Dhcp presentation
Saqib Malik
 
Nfs
NfsNfs
Nfs
Waqas !!!!
 
NFS(Network File System)
NFS(Network File System)NFS(Network File System)
NFS(Network File System)
udamale
 
Dhcp presentation 01
Dhcp presentation 01Dhcp presentation 01
Dhcp presentation 01maverick4489
 
LDAP
LDAPLDAP
LDAP
Khemnath Chauhan
 
The Linux Command Cheat Sheet
The Linux Command Cheat SheetThe Linux Command Cheat Sheet
The Linux Command Cheat Sheet
Tola LENG
 
Dhcp server configuration
Dhcp server configurationDhcp server configuration
Dhcp server configuration
UttamAgarwal9
 
Linux Performance Analysis and Tools
Linux Performance Analysis and ToolsLinux Performance Analysis and Tools
Linux Performance Analysis and Tools
Brendan Gregg
 
Hypervisors
HypervisorsHypervisors
Hypervisors
SrikantMishra12
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management Protocol
Prasenjit Gayen
 
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITPresentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Md. Abdul Barek
 
Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction
Mohamed Gad
 
Protocole ARP/RARP
Protocole ARP/RARPProtocole ARP/RARP
Protocole ARP/RARP
Hayder Gallas
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
Peter R. Egli
 
Systems Administration
Systems AdministrationSystems Administration
Systems Administration
Mark John Lado, MIT
 
DHCP Server & Client Presentation
DHCP Server & Client PresentationDHCP Server & Client Presentation
DHCP Server & Client Presentation
raini
 
Red Hat Linux Certified Professional step by step guide Tech Arkit
Red Hat Linux Certified Professional step by step guide Tech ArkitRed Hat Linux Certified Professional step by step guide Tech Arkit
Red Hat Linux Certified Professional step by step guide Tech Arkit
Ravi Kumar
 
Application server
Application serverApplication server
Application server
nava rathna
 
DHCP
DHCPDHCP
DHCPKashif Latif
 
User management
User managementUser management
User management
Mufaddal Haidermota
 
FTP Client and Server | Computer Science
FTP Client and Server | Computer ScienceFTP Client and Server | Computer Science
FTP Client and Server | Computer Science
Transweb Global Inc
 
Nf Sp4
Nf Sp4Nf Sp4
Nf Sp4
Waqas !!!!
 
Nfs
NfsNfs
Nfs
shanmuga rajan
 

Contenu connexe

Tendances

Nfs
NfsNfs
Nfs
Waqas !!!!
 
NFS(Network File System)
NFS(Network File System)NFS(Network File System)
NFS(Network File System)
udamale
 
Dhcp presentation 01
Dhcp presentation 01Dhcp presentation 01
Dhcp presentation 01maverick4489
 
LDAP
LDAPLDAP
LDAP
Khemnath Chauhan
 
The Linux Command Cheat Sheet
The Linux Command Cheat SheetThe Linux Command Cheat Sheet
The Linux Command Cheat Sheet
Tola LENG
 
Dhcp server configuration
Dhcp server configurationDhcp server configuration
Dhcp server configuration
UttamAgarwal9
 
Linux Performance Analysis and Tools
Linux Performance Analysis and ToolsLinux Performance Analysis and Tools
Linux Performance Analysis and Tools
Brendan Gregg
 
Hypervisors
HypervisorsHypervisors
Hypervisors
SrikantMishra12
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management Protocol
Prasenjit Gayen
 
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITPresentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Md. Abdul Barek
 
Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction
Mohamed Gad
 
Protocole ARP/RARP
Protocole ARP/RARPProtocole ARP/RARP
Protocole ARP/RARP
Hayder Gallas
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
Peter R. Egli
 
Systems Administration
Systems AdministrationSystems Administration
Systems Administration
Mark John Lado, MIT
 
DHCP Server & Client Presentation
DHCP Server & Client PresentationDHCP Server & Client Presentation
DHCP Server & Client Presentation
raini
 
Red Hat Linux Certified Professional step by step guide Tech Arkit
Red Hat Linux Certified Professional step by step guide Tech ArkitRed Hat Linux Certified Professional step by step guide Tech Arkit
Red Hat Linux Certified Professional step by step guide Tech Arkit
Ravi Kumar
 
Application server
Application serverApplication server
Application server
nava rathna
 
User management
User managementUser management
User management
Mufaddal Haidermota
 
FTP Client and Server | Computer Science
FTP Client and Server | Computer ScienceFTP Client and Server | Computer Science
FTP Client and Server | Computer Science
Transweb Global Inc
 

Tendances (20)

Nfs
NfsNfs
Nfs
 
NFS(Network File System)
NFS(Network File System)NFS(Network File System)
NFS(Network File System)
 
Dhcp presentation 01
Dhcp presentation 01Dhcp presentation 01
Dhcp presentation 01
 
LDAP
LDAPLDAP
LDAP
 
The Linux Command Cheat Sheet
The Linux Command Cheat SheetThe Linux Command Cheat Sheet
The Linux Command Cheat Sheet
 
Dhcp server configuration
Dhcp server configurationDhcp server configuration
Dhcp server configuration
 
Linux Performance Analysis and Tools
Linux Performance Analysis and ToolsLinux Performance Analysis and Tools
Linux Performance Analysis and Tools
 
Hypervisors
HypervisorsHypervisors
Hypervisors
 
Simple Network Management Protocol
Simple Network Management ProtocolSimple Network Management Protocol
Simple Network Management Protocol
 
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-ITPresentation On Group Policy in Windows Server 2012 R2 By Barek-IT
Presentation On Group Policy in Windows Server 2012 R2 By Barek-IT
 
Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction
 
Protocole ARP/RARP
Protocole ARP/RARPProtocole ARP/RARP
Protocole ARP/RARP
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
 
Systems Administration
Systems AdministrationSystems Administration
Systems Administration
 
DHCP Server & Client Presentation
DHCP Server & Client PresentationDHCP Server & Client Presentation
DHCP Server & Client Presentation
 
Red Hat Linux Certified Professional step by step guide Tech Arkit
Red Hat Linux Certified Professional step by step guide Tech ArkitRed Hat Linux Certified Professional step by step guide Tech Arkit
Red Hat Linux Certified Professional step by step guide Tech Arkit
 
Application server
Application serverApplication server
Application server
 
DHCP
DHCPDHCP
DHCP
 
User management
User managementUser management
User management
 
FTP Client and Server | Computer Science
FTP Client and Server | Computer ScienceFTP Client and Server | Computer Science
FTP Client and Server | Computer Science
 

Similaire à The NFS Version 4 Protocol

Nf Sp4
Nf Sp4Nf Sp4
Nf Sp4
Waqas !!!!
 
Nfs
NfsNfs
Nfs
shanmuga rajan
 
NETWORK FILE SYSTEM
NETWORK FILE SYSTEMNETWORK FILE SYSTEM
NETWORK FILE SYSTEMRoshan Kumar
 
Network File System
Network File SystemNetwork File System
Network File System
Divyang Oza
 
Presentation on nfs,afs,vfs
Presentation on nfs,afs,vfsPresentation on nfs,afs,vfs
Presentation on nfs,afs,vfs
Prakriti Dubey
 
Chapter 8 distributed file systems
Chapter 8 distributed file systemsChapter 8 distributed file systems
Chapter 8 distributed file systemsAbDul ThaYyal
 
File service architecture and network file system
File service architecture and network file systemFile service architecture and network file system
File service architecture and network file system
Sukhman Kaur
 
Nfs1
Nfs1Nfs1
Nfs1
Waqas !!!!
 
Ranjitbanshpal
RanjitbanshpalRanjitbanshpal
Ranjitbanshpal
ranjit banshpal
 
pNFS Introduction
pNFS IntroductionpNFS Introduction
pNFS Introduction
Schubert Zhang
 
Network File System in Distributed Computing
Network File System in Distributed ComputingNetwork File System in Distributed Computing
Network File System in Distributed Computing
Chandan Padalkar
 
Chapter 06
Chapter 06Chapter 06
Chapter 06
cclay3
 
RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)
Sumant Garg
 
Cl116
Cl116Cl116
Cl116
Juliette Ponnet
 
SNIA Europe - DCSEurope_April2013 (AOrdoubadian)
SNIA Europe - DCSEurope_April2013 (AOrdoubadian)SNIA Europe - DCSEurope_April2013 (AOrdoubadian)
SNIA Europe - DCSEurope_April2013 (AOrdoubadian)Ali Ordoubadian
 
Chapter 05
Chapter 05Chapter 05
Chapter 05
cclay3
 
Building Linux IPv6 DNS Server (Complete Soft Copy)
Building Linux IPv6 DNS Server (Complete Soft Copy)Building Linux IPv6 DNS Server (Complete Soft Copy)
Building Linux IPv6 DNS Server (Complete Soft Copy)
Hari
 
Dfs (Distributed computing)
Dfs (Distributed computing)Dfs (Distributed computing)
Dfs (Distributed computing)Sri Prasanna
 

Similaire à The NFS Version 4 Protocol (20)

Nf Sp4
Nf Sp4Nf Sp4
Nf Sp4
 
Nfs
NfsNfs
Nfs
 
NETWORK FILE SYSTEM
NETWORK FILE SYSTEMNETWORK FILE SYSTEM
NETWORK FILE SYSTEM
 
Network File System
Network File SystemNetwork File System
Network File System
 
Presentation on nfs,afs,vfs
Presentation on nfs,afs,vfsPresentation on nfs,afs,vfs
Presentation on nfs,afs,vfs
 
Chapter 8 distributed file systems
Chapter 8 distributed file systemsChapter 8 distributed file systems
Chapter 8 distributed file systems
 
Nfs
NfsNfs
Nfs
 
Pnfs
PnfsPnfs
Pnfs
 
File service architecture and network file system
File service architecture and network file systemFile service architecture and network file system
File service architecture and network file system
 
Nfs1
Nfs1Nfs1
Nfs1
 
Ranjitbanshpal
RanjitbanshpalRanjitbanshpal
Ranjitbanshpal
 
pNFS Introduction
pNFS IntroductionpNFS Introduction
pNFS Introduction
 
Network File System in Distributed Computing
Network File System in Distributed ComputingNetwork File System in Distributed Computing
Network File System in Distributed Computing
 
Chapter 06
Chapter 06Chapter 06
Chapter 06
 
RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)
 
Cl116
Cl116Cl116
Cl116
 
SNIA Europe - DCSEurope_April2013 (AOrdoubadian)
SNIA Europe - DCSEurope_April2013 (AOrdoubadian)SNIA Europe - DCSEurope_April2013 (AOrdoubadian)
SNIA Europe - DCSEurope_April2013 (AOrdoubadian)
 
Chapter 05
Chapter 05Chapter 05
Chapter 05
 
Building Linux IPv6 DNS Server (Complete Soft Copy)
Building Linux IPv6 DNS Server (Complete Soft Copy)Building Linux IPv6 DNS Server (Complete Soft Copy)
Building Linux IPv6 DNS Server (Complete Soft Copy)
 
Dfs (Distributed computing)
Dfs (Distributed computing)Dfs (Distributed computing)
Dfs (Distributed computing)
 

Plus de Kelum Senanayake

Couchbase - Yet Another Introduction
Couchbase - Yet Another IntroductionCouchbase - Yet Another Introduction
Couchbase - Yet Another Introduction
Kelum Senanayake
 
Node.js Introduction
Node.js IntroductionNode.js Introduction
Node.js Introduction
Kelum Senanayake
 
What you need to know about GC
What you need to know about GCWhat you need to know about GC
What you need to know about GC
Kelum Senanayake
 
A Searchable Symmetric Key Cipher System
A Searchable Symmetric Key Cipher SystemA Searchable Symmetric Key Cipher System
A Searchable Symmetric Key Cipher System
Kelum Senanayake
 
Blind Signature Scheme
Blind Signature SchemeBlind Signature Scheme
Blind Signature Scheme
Kelum Senanayake
 
EJB 3.0 - Yet Another Introduction
EJB 3.0 - Yet Another IntroductionEJB 3.0 - Yet Another Introduction
EJB 3.0 - Yet Another Introduction
Kelum Senanayake
 
Security Risks & Vulnerabilities in Skype
Security Risks & Vulnerabilities in SkypeSecurity Risks & Vulnerabilities in Skype
Security Risks & Vulnerabilities in Skype
Kelum Senanayake
 
Knight's Tour
Knight's TourKnight's Tour
Knight's Tour
Kelum Senanayake
 
GPU Programming with Java
GPU Programming with JavaGPU Programming with Java
GPU Programming with Java
Kelum Senanayake
 
How to Share a Secret
How to Share a SecretHow to Share a Secret
How to Share a Secret
Kelum Senanayake
 

Plus de Kelum Senanayake (10)

Couchbase - Yet Another Introduction
Couchbase - Yet Another IntroductionCouchbase - Yet Another Introduction
Couchbase - Yet Another Introduction
 
Node.js Introduction
Node.js IntroductionNode.js Introduction
Node.js Introduction
 
What you need to know about GC
What you need to know about GCWhat you need to know about GC
What you need to know about GC
 
A Searchable Symmetric Key Cipher System
A Searchable Symmetric Key Cipher SystemA Searchable Symmetric Key Cipher System
A Searchable Symmetric Key Cipher System
 
Blind Signature Scheme
Blind Signature SchemeBlind Signature Scheme
Blind Signature Scheme
 
EJB 3.0 - Yet Another Introduction
EJB 3.0 - Yet Another IntroductionEJB 3.0 - Yet Another Introduction
EJB 3.0 - Yet Another Introduction
 
Security Risks & Vulnerabilities in Skype
Security Risks & Vulnerabilities in SkypeSecurity Risks & Vulnerabilities in Skype
Security Risks & Vulnerabilities in Skype
 
Knight's Tour
Knight's TourKnight's Tour
Knight's Tour
 
GPU Programming with Java
GPU Programming with JavaGPU Programming with Java
GPU Programming with Java
 
How to Share a Secret
How to Share a SecretHow to Share a Secret
How to Share a Secret
 

Dernier

Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
The Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptxThe Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptx
DhatriParmar
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
goswamiyash170123
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
kimdan468
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
Krisztián Száraz
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
Wasim Ak
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
chanes7
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 

Dernier (20)

Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
The Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptxThe Diamond Necklace by Guy De Maupassant.pptx
The Diamond Necklace by Guy De Maupassant.pptx
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdfMASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
MASS MEDIA STUDIES-835-CLASS XI Resource Material.pdf
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 

The NFS Version 4 Protocol

  • 1. The NFS Version 4 Protocol By :- Kelum Senanayake [Based on the paper of “The NFS Version 4 Protocol”, Brian Pawlowski, Spencer Shepler, Carl Beame, Brent Callaghan, Michael Eisler, David Noveck, David Robinson, Robert Thurlow]
  • 2. What is NFS 4  The Network File System (more commonly known as NFS) is a distributed file system that may be accessed via a network connection.  NFS Version 4 is similar to previous versions of NFS in its straightforward design, simplified error recovery, and independence of transport protocols and operating systems for file access in a heterogeneous network.  NFS, was developed by Sun Microsystems together with Internet Engineering Task Force (IETF).  IETF develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standards bodies.
  • 3. The IETF process and NFS 1998 Sun/IETF Agreement BOF, working group forms Strawman Proposal from Sun Meetings, writing, e-mail 1999 Prototyping by 5 organizations Working Group Draft Additional prototyping Six working group drafts Working Group Last Call 2000 IETF Last Call IESG Review Assign RFC number 2001 Proposed Standard RFC 3010 2002 Proposed Standard RFC 3530 Two independent implementations 6+ months Draft Standard Internet Standard apotheosis
  • 4. Requirements for NFS Version 4  Improved access and good performance on the Internet  Strong security, with security negotiation built into the protocol  Enhanced cross-platform interoperability  Extensibility of the protocol  Improvements in locking and performance for narrow data sharing applications
  • 5. Overview  The NFS Version 4 protocol is stateful.  NFS is built on top of the ONC Remote Procedure Protocol.  Also uses XDR. ◦ The External Data Representation (XDR) enables heterogeneous operation by defining a canonical data encoding over the wire.
  • 6. Basic NFS Architecture XDR Protocol RPC Protocol
  • 7. Structural Changes  Elimination of ancillary protocols. ◦ Mount protocol, Network Lock Manager protocol. ◦ NFS 4 is a single protocol that uses a well-defined port with the use of initialized filehandles and fully integrated Locking in to the protocol.  The introduction of a COMPOUND RPC procedure ◦ Allows the client to group traditional file operations into a single request to send to the server. ◦ Reduce network round trip latency for related operations, which can be costly over a WAN  NFS 3 was designed to be easy to implement given an NFS 2 implementation. NFS 4 did not have that requirement.
  • 8. Structural Changes… contd  Introduction of the stateful operations OPEN and CLOSE  The regular file CREATE procedure is replaced by the OPEN operation (with a create bit set) in NFS 4. ◦ The CREATE operation in NFS 4 is used only to create special file objects such as symbolic links, directories, and special device nodes. ◦ CREATE and REMOVE in NFS Version 4 subsumes the MKDIR and RMDIR directory functionality of prior versions of NFS.  A LOOKUP is very simple. ◦ Only sets the current filehandle to point at the file object resolved. ◦ Attributes can be obtained with a subsequent GETATTR operation in the same COMPOUND procedure.
  • 9. Structural Changes… contd  Does not assign special semantics to the directory entries “.” and “..” ◦ Client should explicitly use the LOOKUPP operation.  The NFS 3 directory scanning operation READDIRPLUS procedure was dropped. ◦ Now supported by the READDIR operation.
  • 10. NFS Protocol Stack NFSv4 (RFC3530) KerberosV5 (RFC1510) SPKM-3 LIPKEY (RFC2847) RPC (RFC1831) RPCSEC_GSS (RFC2203) XDR (RFC1832) TCP*
  • 11. File system model  A file system is an implementation of a single file name space containing files, and provides the basis for administration and space allocation.  file system identifier, or fsid, which is a 128-bit per-server unique identifier.  A file is a single named object consisting of data and attributes, residing in a file system.  A regular file is a simple byte stream – not a directory, symbolic link or special (device) file.  A filehandle uniquely identifies a file on a server.
  • 12. Exporting file systems  The export operation makes available only those file systems, or portions of file systems, desired to be shared with clients.  In all versions of NFS, a server contains one or more file systems that are exported to clients.  In NFS 4, a server presents a single seamless view of all the exported file systems to a client.  The client can notice file system transitions on the server by observing that the fsid changes.  The name space describes the set of available files arranged in a hierarchy.
  • 13. Pseudo-file systems Server Local FS Pseudo FS / / A C A B C D F D E F I G H I
  • 14. The COMPOUND procedure  RPC call defines a single request-response transaction between the client and server.  But client may actually be required to transmit a series of related requests.  The COMPOUND procedure groups multiple related operations into a single RPC packet.  The RPC response to a COMPOUND procedure contains the replies to all the operations.  Evaluation of the operations stops on first error.  It may be unwise to attempt grouping unrelated operations into a single COMPOUND procedure.
  • 15. Properties of the COMPOUND procedure  The set of operations in a COMPOUND procedure is not atomic.  Error handling is simple on the server.  Most operations do not explicitly have a filehandle as an argument or result. ◦ The server maintains a single filehandle, the current filehandle, as the argument.
  • 16. Communication Compound procedures NFS v3 NFS v4
  • 17. Important data structures  Filehandles  Client ID  State ID
  • 18. Filehandles  A filehandle, is a per server unique identifier for a file system object.  Filehandles that are equal refer to the same file system object. ◦ But no assumptions can be made by the client if the filehandles differ.  The current filehandle is used by subsequent operations in a single COMPOUND procedure. ◦ GETFH operation to fetch the current filehandle.
  • 19. Client ID  A client first contacts the server using the SETCLIENTID operation with a verifier.  A verifier is a unique, non-repeating 64-bit object. ◦ Generated by the client.  The server will return a 64-bit clientid. ◦ The clientid is unique. ◦ Will not conflict with those previously granted. ◦ Even across server reboots.  The clientid is used in client recovery of locking state following a server reboot.  After a client reboot, the client will need to get a new clientid
  • 20. State ID  A stateid is a unique 64-bit object that defines the locking state of a specific file.  Client requests a lock with clientID and a unique-per- client lock owner identification.  Server returns a unique 64-bit object, the stateid.  Client uses this in subsequent operations as a shorthand notation to the lock owner information.
  • 21. Locking  NFS 4 locking is similar to the Network Lock Manager (NLM) protocol.  NLM is used with NFS Versions 2 and 3.  Locking is tightly coupled to the NFS 4 protocol. ◦ Better support different operating system semantics and error recovery.
  • 22. Drawbacks of NLM  A major failing was the detection and recovery of error conditions.  The design assumed that the underlying transport was reliable and preserved order.  But an unreliable network easily resulted in orphan locks on the server.  If a client crashed and never recovered, ◦ Locks could be permanently abandoned ◦ Prevents any other client from ever acquiring the lock.
  • 23. Leases  The key change in NFS 4 locking is the introduction of leases for lock management.  A lease is a time-bounded grant of control of the state of a file, through a lock, from the server to the client.  A lock granted by the server will remain valid for a fixed interval. ◦ Time interval can be renewal by the client.  Client is responsible for contacting the server to refresh the lease to maintain the lock. ◦ Client failure vs Server failure.  A client exists in two states: either all the locks held from a given server are correct or all are lost. ◦ Eliminates another drawback of a lease-based protocol
  • 24. Mandatory locking & Share reservations  Mandatory locking - the ability to block I/O operations by other applications on a file that contains a lock.  Share reservation - grants a client access to open a file and the ability to deny other clients open access to the same file.
  • 25. Sequence IDs  The most problematic part of network locking is dealing with lock requests that arrive out of order or are replayed.  NFS 4 adds to every lock and unlock operation a monotonically increasing sequence number.  Server maintains for each lock owner the last sequence number and the response sent. ◦ Earlier sequence number. ◦ Last sequence number. ◦ Sequence number beyond the next sequence number.
  • 26. Security Model  NFS relies on the underlying security model of RPC for its security services.  In the area of security, NFS Version 4 improves over NFS Versions 2 and 3 by ◦ Mandating the use of strong RPC security flavors that depend on cryptography. ◦ Negotiating the security used via a system that is both secure and in-band. ◦ Using character strings instead of integers to represent user and group identifiers. ◦ Supporting access control that is compatible with UNIX and Windows. ◦ Removing the Mount protocol.
  • 27. GSS-API framework  Generic Security Services API ◦ Several security flavors  NFS is based on RPC and a security flavor based GSS- API called RPCSEC_GSS.  RPCSEC_GSS differs from other traditional flavors in two ways ◦ RPCSEC_GSS does more than authentication such as performing integrity checksums and encryption of the entire body of the RPC request and response. ◦ RPCSEC_GSS simply encapsulates the GSS-API messaging tokens – Adding new security mechanisms (as long as they conform to GSS-API) does not require significant re-writing.
  • 28. Mandated strong security  All versions of NFS are capable of using RPCSEC_GSS.  NFS 4 implementations must implement security based on Kerberos Version 5 and LIPKEY
  • 29. Kerberos versus LIPKEY  Kerberos has been used on other distributed file systems. ◦ Andrew File System ◦ Open Software Foundation's Distributed File System ◦ Microsoft's CIFS  Kerberos is an excellent choice for enterprises and work groups operating within an Intranet. ◦ Provides centralized control. ◦ Single sign on to the network.  Kerberos does not work well on the Internet.
  • 30. Kerberos versus LIPKEY… contd  NFS Version 4 is also designed to work outside of intranets on the global Internet.  LIPKEY - Low Infrastructure Public Key  LIPKEY uses a symmetric key cipher and server-side public key certificates.  The LIPKEY system provides an SSL-like model and equivalent security for use on the Internet.  The LIPKEY user experience is similar to that of HTTP over the Secure Sockets Layer (SSL).
  • 31. Why not SSL?  NFS Version 4 does not use SSL.  SSL does not work over connectionless protocols like UDP.  RPC has its own security architecture ◦ It is unclear how to cleanly merge SSL and RPC security.
  • 33. Migration and replication  NFS Version 4 has added features to support file system migration and replication.  A file system can migrate to a new server. ◦ Clients are notified of the change by means of a special error code.  A client is informed of the new location by means of the fs_locations file attribute.
  • 34. Modifications for use on the Internet  Requiring TCP as a transport.  Defining COMPOUND operation to reduce roundtrip latency  Defining a global user identifier name space  Mandating strong security based on a public key scheme  Enabling operation through firewalls
  • 35. Firewall friendly Port 111 PORTMAP } Dynamic MOUNT Port 2049 Port 2049 NFSv2/v3 Dynamic NFSv4 LOCK/NLM TCP Dynamic STATUS Dynamic ACL*
  • 36. Future Works  Enhanced “Sessions” based NFS (correctness)  CCM - session-based security for IPsec  Migration/replication completion ◦ Core protocol defines client/server failover behaviour ◦ Definition of the server-server file system movement ◦ Transparent reconfiguration from client viewpoint  Proxy NFS file services (NFS caches)  Uniform global name space ◦ Features exist in the core protocol to support this  Support for multi-realm security
  • 37. Reference  [1] B. Pawlowski, S. Shepler, C. Beame, B. Callaghan, M. Eisler, D. Noveck, D. Robinson, and R. Thurlow. “The NFS Version 4 Protocol”. In Proceedings of the 2nd International System Administration and Networking Conference (SANE2000), page94, Maastricht, The Netherlands, May 2000.