draft-ietf-nfsv4-pnfs-block-disk-protection-02.txt   draft-ietf-nfsv4-pnfs-block-disk-protection-03.txt 
NFSv4 Working Group D. Black NFSv4 Working Group D. Black (ed.)
Internet-Draft EMC Corporation Internet-Draft EMC Corporation
Intended status: Proposed Standard J. Glasgow Intended status: Proposed Standard J. Glasgow
Expires: November 23, 2012 Google Expires: December YY, 2012 Google
Updates: 5663 S. Faibish Updates: 5663 S. Faibish
EMC Corporation EMC Corporation
May 22, 2012 June 22, 2012
pNFS block disk protection pNFS block disk protection
draft-ietf-nfsv4-pnfs-block-disk-protection-02 draft-ietf-nfsv4-pnfs-block-disk-protection-03
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
This Internet-Draft will expire on November 23, 2012. This Internet-Draft will expire on December 23, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 30 skipping to change at page 2, line 30
boots, as opposed to waiting until the client can communicate with boots, as opposed to waiting until the client can communicate with
the NFSv4 server. the NFSv4 server.
Table of Contents Table of Contents
1. Introduction...................................................3 1. Introduction...................................................3
2. Conventions used in this document..............................4 2. Conventions used in this document..............................4
3. GPT Partition Table Entry......................................4 3. GPT Partition Table Entry......................................4
4. Security Considerations........................................5 4. Security Considerations........................................5
5. IANA Considerations............................................5 5. IANA Considerations............................................5
6. Conclusions....................................................5 6. References.....................................................6
7. References.....................................................6 6.1. Normative References......................................6
7.1. Normative References......................................6 6.2. Informative References....................................6
7.2. Informative References....................................6
Acknowledgements..................................................6 Acknowledgements..................................................6
Authors' Addresses................................................7 Authors' Addresses................................................7
1. Introduction 1. Introduction
Figure 1 shows the overall architecture of a Parallel NFS (pNFS) Figure 1 shows the overall architecture of a Parallel NFS (pNFS)
system: system:
+-----------+ +-----------+
|+-----------+ +-----------+ |+-----------+ +-----------+
skipping to change at page 4, line 23 skipping to change at page 4, line 23
undesirable and potentially problematic. This is because the storage undesirable and potentially problematic. This is because the storage
access control mechanisms are quasi-static; they are typically access control mechanisms are quasi-static; they are typically
configured once to allow client access to the block pNFS storage configured once to allow client access to the block pNFS storage
devices and not reconfigured dynamically (e.g., based on crashes and devices and not reconfigured dynamically (e.g., based on crashes and
reboots). Block storage access controls can be changed to respond to reboots). Block storage access controls can be changed to respond to
unusual circumstances (e.g., to fence [remove access from] an unusual circumstances (e.g., to fence [remove access from] an
uncooperative pNFS client), but should not be used as part of routine uncooperative pNFS client), but should not be used as part of routine
client operations (e.g., reboot). A different mechanism is needed. client operations (e.g., reboot). A different mechanism is needed.
This document specifies an entry in the GUID partition table (GPT) This document specifies an entry in the GUID partition table (GPT)
that can be used to identify pNFS devices. This GPT entry is intended that can be used by a pNFS server to label pNFS storage devices. This
for shared storage devices that are accessible to pNFS clients and GPT entry is intended for shared pNFS storage devices that are
servers, and that may be accessible to other hosts or systems. accessible to pNFS clients and servers, and that may be accessible to
other hosts or systems. This entry enables pNFS clients as well as
other hosts and systems to avoid accessing pNFS storage devices via
means other than pNFS.
2. Conventions used in this document 2. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [RFC2119]. document are to be interpreted as described in RFC-2119 [RFC2119].
3. GPT Partition Table Entry 3. GPT Partition Table Entry
The following mechanism enables pNFS clients to identify pNFS block The following mechanism enables pNFS clients to identify pNFS block
storage devices without contacting the server: storage devices without contacting the server:
- Each block storage device dedicated to pNFS includes a GUID - Each block storage device dedicated to pNFS includes a GUID
partition table (GPT) [GPT]. partition table (GPT) [GPT].
- The pNFS Block Storage partitions are identified in the GPT with - The pNFS Block Storage partitions are identified in the GPT with
GUID e5b72a69-23e5-4b4d-b176-16532674fc34. This GUID has been GUID e5b72a69-23e5-4b4d-b176-16532674fc34 which has been
generated by one of the draft authors for this purpose. GPT generated for this purpose. GPT GUID usage is well understood
GUID usage is well understood and implemented. This document and implemented. This document provides a definition for this
provides a definition for this GUID and its usage. A central GUID and its usage. A central registration mechanism does not
registration mechanism does not exist for GPT GUIDs, or GUIDs in exist for GPT GUIDs, or GUIDs in general by design, see
general by design, see [RFC4122]. [RFC4122].
This mechanism enables an operating system to prevent non-pNFS access This mechanism enables an operating system to prevent non-pNFS access
to pNFS block storage immediately upon boot. Servers that support to pNFS block storage immediately upon boot. Servers that support
pNFS block layouts SHOULD use the GPT and this GUID for all pNFS pNFS block layouts SHOULD use the GPT and this GUID for all pNFS
block storage devices. block storage devices.
A pNFS client operating system that supports block layouts SHOULD A pNFS client operating system that supports block layouts SHOULD
recognize this GUID and use its presence to prevent data access to recognize this GUID and SHOULD use its presence to prevent data
pNFS block devices until a layout that includes the device is access to pNFS block devices until a layout that includes the device
received from the MDS. is received from the MDS.
Data stored on pNFS block layout storage devices can be better Data stored on pNFS block layout storage devices can be better
protected by incorporating checks for this GUID into other hosts and protected by incorporating checks for this GUID into other hosts and
systems that do not support pNFS block layouts. If pNFS block systems that do not support pNFS block layouts. If pNFS block
storage devices are presented to such hosts or systems by mistake, storage devices are presented to such hosts or systems by mistake,
the check for presence of this GUID can be used to prevent writes the check for presence of this GUID can be used to prevent writes
that could otherwise corrupt stored pNFS data. that could otherwise corrupt stored pNFS data.
As of November 2011, many current operating system versions support Many current operating system versions support the GPT [GPT-W].
the GPT, including FreeBSD, Linux and Solaris [GPT-W].
4. Security Considerations 4. Security Considerations
The pNFS block layout security considerations in [RFC5663] apply to The pNFS block layout security considerations in [RFC5663] apply to
this document. this document.
The security considerations in [RFC4122] apply to the GUID specified The security considerations in [RFC4122] apply to the GUID specified
in this document. in this document.
5. IANA Considerations 5. IANA Considerations
There are no IANA considerations in this document. There are no IANA considerations in this document.
6. Conclusions 6. References
This document specifies an identification mechanism for pNFS block
storage devices that can be used to protect those devices during
operating system boot before the pNFS meta data server can be
contacted.
7. References
7.1. Normative References 6.1. Normative References
[GPT] Unified EFI Forum, "Unified Extensible Firmware Interface [GPT] Unified EFI Forum, "Unified Extensible Firmware Interface
Specification", Version 2.3.1, Errata A, Section 5.3, Specification", Version 2.3.1, Errata A, Section 5.3,
September 2011, available from http://www.uefi.org . September 2011, available from http://www.uefi.org .
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC5663] Black, D., Glasgow, J., Fridella, S., "Parallel NFS (pNFS) [RFC5663] Black, D., Glasgow, J., Fridella, S., "Parallel NFS (pNFS)
Block/Volume Layout", RFC 5663, January 2010. Block/Volume Layout", RFC 5663, January 2010.
7.2. Informative References 6.2. Informative References
[GPT-W] http://en.wikipedia.org/wiki/GUID_Partition_Table [GPT-W] http://en.wikipedia.org/wiki/GUID_Partition_Table
[RFC4122] Leach, P., Mealling, M., Salz, R., "A Universally Unique [RFC4122] Leach, P., Mealling, M., Salz, R., "A Universally Unique
IDentifier (UUID) URN Namespace", RFC 4122, July 2005. IDentifier (UUID) URN Namespace", RFC 4122, July 2005.
Acknowledgements Acknowledgements
This document was produced by the IETF NFSv4 Working Group. Review This document was produced by the IETF NFSv4 Working Group. Review
comments from members of the working group improved this document and comments from members of the working group improved this document and
are gratefully acknowledged. The authors would like to thank Tom are gratefully acknowledged. The authors would like to thank Tom
Talpey and Martin Stiemerling for helpful comments on this document, Talpey, and members of the IESG for helpful comments on this
and also Alex Burlyga for providing an appropriate reference for the document, and also Alex Burlyga for providing an appropriate
format of the GPT. reference for the format of the GPT.
This document was prepared using 2-Word-v2.0.template.dot. This document was prepared using 2-Word-v2.0.template.dot.
Authors' Addresses Authors' Addresses
David L. Black (editor) David L. Black (editor)
EMC Corporation EMC Corporation
176 South Street 176 South Street
Hopkinton, MA 01748 Hopkinton, MA 01748
US US
 End of changes. 14 change blocks. 
36 lines changed or deleted 30 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/