Institute for Advanced Professional Studies
NFSv4: Overview of New Features
Network File System (NFS) has been the standard distributed file system for UNIX systems for almost two decades. Though originally developed by Sun Microsystems, it is now an industry-wide effort whose latest specification is a collaborative effort of Sun, Hummingbird, and Network Appliance. NFSv4, specified in RFC 3530, adds a great deal of functionality, including the file-system semantics required by Microsoft Windows clients. Additional features are being proposed as part of NFSv4.1: sessions, support for clustered servers, and directory delegation.
The next few paragraphs highlight some of the new features and functionality, all of which are covered in the NFSv4: Protocol and Implementation workshop presented by Dr. Thomas W. Doeppner. Customized courses such as NFSv4 Administration can be provided for groups needing NFSv4 system management training.
Links to more detailed information about NFS Protocol Specifications and IETF NFSv4.1 Internet Drafts may be found at http://www.iaps.com/nfs-specifications.html.
File System Name Space:
NFSv4 provides a different model file system name-space model than did previous versions. Servers, rather than exporting multiple file systems, export a single "pseudo file system," formed from multiple actual file systems, and potentially customized for each client.
RPC and Communications Transport:
NFSv4 continues to be based on ONC RPC, but compound RPC calls improve performance, particularly by eliminating much communication latency. The use of a transport that handles congestion (in particular, TCP) is now mandated.
File System and File Model:
A major change from earlier versions is to move from a UNIX-centered file and file system approach to a model that makes sense to Windows as well as UNIX clients. This entails support for a much extended set of attributes, including different authentication attributes (Windows-based ACLs). Also of importance is the means for clients to refer to server objects (such as files and directories). For example, the notion of "file handle" used in earlier versions has been modified and extended to allow support for additional server objects.
The simple model used in earlier versions for shared access to files has been extensively enhanced, partly for support of Windows file access semantics and partly for scalability (among other reasons). Though the traditional weak-consistency model (for unlocked access to files) of NFS has not changed, mandatory locking as well as advisory locking files is now supported. Optimizations, such as the use of caching and "open delegation," provide good performance and scalability in most common situations.
A major strength of NFS has always been its failure semantics, i.e., the ease with which clients and servers can cope with each others' failures. This ease is maintained in NFSv4, with improvements with respect to recovery when locked files are in use. More state information is maintained on NFSv4 servers than on earlier servers (for which only the then-separate network lock manager maintained server state); such state must be appropriately recovered after failures. Finally, limited forms of file migration and replication are supported.
This has been one of NFSv3's weakest features. Now a strong scrty model is mandated, where client/server interactions are done using the GSS-API framework. Three security mechanisms are required: Kerberos, LIPKEY, and SPKM-3. Which one is actually used is negotiated between client and server. In addition, also negotiated are quality of protection, such as which crypto techniques are used, and service, i.e., authentication only, integrity, or privacy. Security principals are now given as strings (e.g., user@domain) rather than as user IDs as was done in the earlier versions. Authorization uses both standard UNIX-like permissions as well as Windows ACLs.
A number of new features are being added to NFSv4 as part of the soon-to-be-completed NFSv4.1 specification. These features, described in our NFSv4.1 new features overview, include a session layer which provides enhanced reliability, and Parallel NFS (pNFS) which provides support for clustered servers.
June 4, 2007
© Copyright 2002-2010 Institute for Advanced Professional Studies (IAPS)