draft-ietf-nfsv4-pnfs-block-12.txt   rfc5663.txt 
NFSv4 Working Group D. Black Internet Engineering Task Force (IETF) D. Black
Internet Draft EMC Corporation Request for Comments: 5663 S. Fridella
Expires: June 25, 2009 S. Fridella Category: Standards Track EMC Corporation
Intended Status: Proposed Standard EMC Corporation ISSN: 2070-1721 J. Glasgow
J. Glasgow Google
Google January 2010
December 22, 2008
pNFS Block/Volume Layout
draft-ietf-nfsv4-pnfs-block-12.txt
Status of this Memo Parallel NFS (pNFS) Block/Volume Layout
This Internet-Draft is submitted to IETF in full conformance with the Abstract
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Parallel NFS (pNFS) extends Network File Sharing version 4 (NFSv4) to
Task Force (IETF), its areas, and its working groups. Note that allow clients to directly access file data on the storage used by the
other groups may also distribute working documents as Internet- NFSv4 server. This ability to bypass the server for data access can
Drafts. increase both performance and parallelism, but requires additional
client functionality for data access, some of which is dependent on
the class of storage used. The main pNFS operations document
specifies storage-class-independent extensions to NFS; this document
specifies the additional extensions (primarily data structures) for
use of pNFS with block- and volume-based storage.
Internet-Drafts are draft documents valid for a maximum of six months Status of This Memo
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at This is an Internet Standards Track document.
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at This document is a product of the Internet Engineering Task Force
http://www.ietf.org/shadow.html (IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
This Internet-Draft will expire on June 25, 2009. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc5663.
Copyright Notice Copyright Notice
Copyright (c) 2008 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
Abstract the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Parallel NFS (pNFS) extends NFSv4 to allow clients to directly access
file data on the storage used by the NFSv4 server. This ability to
bypass the server for data access can increase both performance and
parallelism, but requires additional client functionality for data
access, some of which is dependent on the class of storage used. The
main pNFS operations draft specifies storage-class-independent
extensions to NFS; this draft specifies the additional extensions
(primarily data structures) for use of pNFS with block and volume
based storage.
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [RFC2119].
Table of Contents Table of Contents
Copyright Notice..................................................1 1. Introduction ....................................................4
1. Introduction...................................................4 1.1. Conventions Used in This Document ..........................4
1.1. General Definitions.......................................4 1.2. General Definitions ........................................5
1.2. Code Components Licensing Notice..........................5 1.3. Code Components Licensing Notice ...........................5
1.3. XDR Description...........................................5 1.4. XDR Description ............................................5
2. Block Layout Description.......................................8 2. Block Layout Description ........................................7
2.1. Background and Architecture...............................8 2.1. Background and Architecture ................................7
2.2. GETDEVICELIST and GETDEVICEINFO...........................9 2.2. GETDEVICELIST and GETDEVICEINFO ............................9
2.2.1. Volume Identification................................9 2.2.1. Volume Identification ...............................9
2.2.2. Volume Topology.....................................11 2.2.2. Volume Topology ....................................10
2.2.3. GETDEVICELIST and GETDEVICEINFO deviceid4...........14 2.2.3. GETDEVICELIST and GETDEVICEINFO deviceid4 ..........12
2.3. Data Structures: Extents and Extent Lists................14 2.3. Data Structures: Extents and Extent Lists .................12
2.3.1. Layout Requests and Extent Lists....................17 2.3.1. Layout Requests and Extent Lists ...................15
2.3.2. Layout Commits......................................18 2.3.2. Layout Commits .....................................16
2.3.3. Layout Returns......................................19 2.3.3. Layout Returns .....................................16
2.3.4. Client Copy-on-Write Processing.....................19 2.3.4. Client Copy-on-Write Processing ....................17
2.3.5. Extents are Permissions.............................21 2.3.5. Extents are Permissions ............................18
2.3.6. End-of-file Processing..............................22 2.3.6. End-of-file Processing .............................20
2.3.7. Layout Hints........................................23 2.3.7. Layout Hints .......................................20
2.3.8. Client Fencing......................................23 2.3.8. Client Fencing .....................................21
2.4. Crash Recovery Issues....................................25 2.4. Crash Recovery Issues .....................................23
2.5. Recalling resources: CB_RECALL_ANY.......................26 2.5. Recalling Resources: CB_RECALL_ANY ........................23
2.6. Transient and Permanent Errors...........................26 2.6. Transient and Permanent Errors ............................24
3. Security Considerations.......................................27 3. Security Considerations ........................................24
4. Conclusions...................................................29 4. Conclusions ....................................................26
5. IANA Considerations...........................................29 5. IANA Considerations ............................................26
6. Acknowledgments...............................................29 6. Acknowledgments ................................................26
7. References....................................................29 7. References .....................................................27
7.1. Normative References.....................................29 7.1. Normative References ......................................27
7.2. Informative References...................................30 7.2. Informative References ....................................27
Authors' Addresses...............................................30
1. Introduction 1. Introduction
Figure 1 shows the overall architecture of a Parallel NFS (pNFS) Figure 1 shows the overall architecture of a Parallel NFS (pNFS)
system: system:
+-----------+ +-----------+
|+-----------+ +-----------+ |+-----------+ +-----------+
||+-----------+ | | ||+-----------+ | |
||| | NFSv4.1 + pNFS | | ||| | NFSv4.1 + pNFS | |
+|| Clients |<------------------------------>| Server | +|| Clients |<------------------------------>| Server |
+| | | | +| | | |
+-----------+ | | +-----------+ | |
||| +-----------+ ||| +-----------+
||| | ||| |
||| | ||| |
||| Storage +-----------+ | ||| Storage +-----------+ |
||| Protocol |+-----------+ | ||| Protocol |+-----------+ |
||+----------------||+-----------+ Control | ||+----------------||+-----------+ Control |
|+-----------------||| | Protocol| |+-----------------||| | Protocol|
+------------------+|| Storage |------------+ +------------------+|| Storage |------------+
+| Systems | +| Systems |
+-----------+ +-----------+
Figure 1 pNFS Architecture Figure 1: pNFS Architecture
The overall approach is that pNFS-enhanced clients obtain sufficient The overall approach is that pNFS-enhanced clients obtain sufficient
information from the server to enable them to access the underlying information from the server to enable them to access the underlying
storage (on the Storage Systems) directly. See the pNFS portion of storage (on the storage systems) directly. See the pNFS portion of
[NFSV4.1] for more details. This draft is concerned with access from [NFSv4.1] for more details. This document is concerned with access
pNFS clients to Storage Systems over storage protocols based on from pNFS clients to storage systems over storage protocols based on
blocks and volumes, such as the SCSI protocol family (e.g., parallel blocks and volumes, such as the Small Computer System Interface
SCSI, FCP for Fibre Channel, iSCSI, SAS, and FCoE). This class of (SCSI) protocol family (e.g., parallel SCSI, Fibre Channel Protocol
(FCP) for Fibre Channel, Internet SCSI (iSCSI), Serial Attached SCSI
(SAS), and Fibre Channel over Ethernet (FCoE)). This class of
storage is referred to as block/volume storage. While the Server to storage is referred to as block/volume storage. While the Server to
Storage System protocol, called the "Control Protocol", is not of Storage System protocol, called the "Control Protocol", is not of
concern for interoperability here, it will typically also be a concern for interoperability here, it will typically also be a
block/volume protocol when clients use block/ volume protocols. block/volume protocol when clients use block/ volume protocols.
1.1. General Definitions 1.1. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
1.2. General Definitions
The following definitions are provided for the purpose of providing The following definitions are provided for the purpose of providing
an appropriate context for the reader. an appropriate context for the reader.
Byte Byte
This document defines a byte as an octet, i.e. a datum exactly 8
This document defines a byte as an octet, i.e., a datum exactly 8
bits in length. bits in length.
Client Client
The "client" is the entity that accesses the NFS server's The "client" is the entity that accesses the NFS server's
resources. The client may be an application which contains the resources. The client may be an application that contains the
logic to access the NFS server directly. The client may also be logic to access the NFS server directly. The client may also be
the traditional operating system client that provides remote file the traditional operating system client that provides remote file
system services for a set of applications. system services for a set of applications.
Server Server
The "Server" is the entity responsible for coordinating client The "server" is the entity responsible for coordinating client
access to a set of file systems and is identified by a Server access to a set of file systems and is identified by a server
owner. owner.
1.2. Code Components Licensing Notice 1.3. Code Components Licensing Notice
The external data representation (XDR) description and scripts for The external data representation (XDR) description and scripts for
extracting the XDR description are Code Components as described in extracting the XDR description are Code Components as described in
Section 4 of "Legal Provisions Relating to IETF Documents" [LEGAL]. Section 4 of "Legal Provisions Relating to IETF Documents" [LEGAL].
These Code Components are licensed according to the terms of Section These Code Components are licensed according to the terms of Section
4 of "Legal Provisions Relating to IETF Documents". 4 of "Legal Provisions Relating to IETF Documents".
1.3. XDR Description 1.4. XDR Description
This document contains the XDR ([XDR]) description of the NFSv4.1 This document contains the XDR ([XDR]) description of the NFSv4.1
block layout protocol. The XDR description is embedded in this block layout protocol. The XDR description is embedded in this
document in a way that makes it simple for the reader to extract into document in a way that makes it simple for the reader to extract into
a ready to compile form. The reader can feed this document into the a ready-to-compile form. The reader can feed this document into the
following shell script to produce the machine readable XDR following shell script to produce the machine readable XDR
description of the NFSv4.1 block layout: description of the NFSv4.1 block layout:
#!/bin/sh #!/bin/sh
grep '^ *///' $* | sed 's?^ */// ??' | sed 's?^ *///$??' grep '^ *///' $* | sed 's?^ */// ??' | sed 's?^ *///$??'
That is, if the above script is stored in a file called "extract.sh",
and this document is in a file called "spec.txt", then the reader can
do:
I.e. if the above script is stored in a file called "extract.sh", and sh extract.sh < spec.txt > nfs4_block_layout_spec.x
this document is in a file called "spec.txt", then the reader can do:
sh extract.sh < spec.txt > nfs4_block_layout_spec.x
The effect of the script is to remove both leading white space and a The effect of the script is to remove both leading white space and a
sentinel sequence of "///" from each matching line. sentinel sequence of "///" from each matching line.
The embedded XDR file header follows, with subsequent pieces embedded The embedded XDR file header follows, with subsequent pieces embedded
throughout the document: throughout the document:
/// /* /// /*
/// * This code was derived from IETF RFC &rfc.number. /// * This code was derived from RFC 5663.
[[RFC Editor: please insert RFC number if needed]]
/// * Please reproduce this note if possible. /// * Please reproduce this note if possible.
/// */ /// */
/// /* /// /*
/// * Copyright (c) 2008 IETF Trust and the persons identified /// * Copyright (c) 2010 IETF Trust and the persons identified
/// * as the document authors. All rights reserved. /// * as the document authors. All rights reserved.
/// * /// *
/// * Redistribution and use in source and binary forms, with /// * Redistribution and use in source and binary forms, with
/// * or without modification, are permitted provided that the /// * or without modification, are permitted provided that the
/// * following conditions are met: /// * following conditions are met:
/// * /// *
/// * o Redistributions of source code must retain the above /// * - Redistributions of source code must retain the above
/// * copyright notice, this list of conditions and the /// * copyright notice, this list of conditions and the
/// * following disclaimer. /// * following disclaimer.
/// * /// *
/// * o Redistributions in binary form must reproduce the above /// * - Redistributions in binary form must reproduce the above
/// * copyright notice, this list of conditions and the /// * copyright notice, this list of conditions and the
/// * following disclaimer in the documentation and/or other /// * following disclaimer in the documentation and/or other
/// * materials provided with the distribution. /// * materials provided with the distribution.
/// * /// *
/// * o Neither the name of Internet Society, IETF or IETF /// * - Neither the name of Internet Society, IETF or IETF
/// * Trust, nor the names of specific contributors, may be /// * Trust, nor the names of specific contributors, may be
/// * used to endorse or promote products derived from this /// * used to endorse or promote products derived from this
/// * software without specific prior written permission. /// * software without specific prior written permission.
/// * /// *
/// * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS /// * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS
/// * AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED /// * AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED
/// * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE /// * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
/// * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS /// * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
/// * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO /// * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
/// * EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE /// * EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
/// * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, /// * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
/// * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT /// * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
/// * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR /// * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
/// * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS /// * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
/// * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF /// * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
/// * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, /// * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
/// * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING /// * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
/// * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF /// * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
/// * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. /// * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
/// */ /// */
/// ///
/// /* /// /*
/// * nfs4_block_layout_prot.x /// * nfs4_block_layout_prot.x
/// */ /// */
/// ///
/// %#include "nfsv41.h" /// %#include "nfsv41.h"
/// ///
The XDR code contained in this document depends on types from The XDR code contained in this document depends on types from the
nfsv41.x file. This includes both nfs types that end with a 4, such nfsv41.x file. This includes both nfs types that end with a 4, such
as offset4, length4, etc, as well as more generic types such as as offset4, length4, etc., as well as more generic types such as
uint32_t and uint64_t. uint32_t and uint64_t.
2. Block Layout Description 2. Block Layout Description
2.1. Background and Architecture 2.1. Background and Architecture
The fundamental storage abstraction supported by block/volume storage The fundamental storage abstraction supported by block/volume storage
is a storage volume consisting of a sequential series of fixed size is a storage volume consisting of a sequential series of fixed-size
blocks. This can be thought of as a logical disk; it may be realized blocks. This can be thought of as a logical disk; it may be realized
by the Storage System as a physical disk, a portion of a physical by the storage system as a physical disk, a portion of a physical
disk or something more complex (e.g., concatenation, striping, RAID, disk, or something more complex (e.g., concatenation, striping, RAID,
and combinations thereof) involving multiple physical disks or and combinations thereof) involving multiple physical disks or
portions thereof. portions thereof.
A pNFS layout for this block/volume class of storage is responsible A pNFS layout for this block/volume class of storage is responsible
for mapping from an NFS file (or portion of a file) to the blocks of for mapping from an NFS file (or portion of a file) to the blocks of
storage volumes that contain the file. The blocks are expressed as storage volumes that contain the file. The blocks are expressed as
extents with 64 bit offsets and lengths using the existing NFSv4 extents with 64-bit offsets and lengths using the existing NFSv4
offset4 and length4 types. Clients must be able to perform I/O to offset4 and length4 types. Clients must be able to perform I/O to
the block extents without affecting additional areas of storage the block extents without affecting additional areas of storage
(especially important for writes), therefore extents MUST be aligned (especially important for writes); therefore, extents MUST be aligned
to 512-byte boundaries, and writable extents MUST be aligned to the to 512-byte boundaries, and writable extents MUST be aligned to the
block size used by the NFSv4 server in managing the actual file block size used by the NFSv4 server in managing the actual file
system (4 kilobytes and 8 kilobytes are common block sizes). This system (4 kilobytes and 8 kilobytes are common block sizes). This
block size is available as the NFSv4.1 layout_blksize attribute. block size is available as the NFSv4.1 layout_blksize attribute.
[NFSV4.1]. Readable extents SHOULD be aligned to the block size used [NFSv4.1]. Readable extents SHOULD be aligned to the block size used
by the NFSv4 server, but in order to support legacy file systems with by the NFSv4 server, but in order to support legacy file systems with
fragments, alignment to 512 byte boundaries is acceptable. fragments, alignment to 512-byte boundaries is acceptable.
The pNFS operation for requesting a layout (LAYOUTGET) includes the The pNFS operation for requesting a layout (LAYOUTGET) includes the
"layoutiomode4 loga_iomode" argument which indicates whether the "layoutiomode4 loga_iomode" argument, which indicates whether the
requested layout is for read-only use or read-write use. A read-only requested layout is for read-only use or read-write use. A read-only
layout may contain holes that are read as zero, whereas a read-write layout may contain holes that are read as zero, whereas a read-write
layout will contain allocated, but un-initialized storage in those layout will contain allocated, but un-initialized storage in those
holes (read as zero, can be written by client). This draft also holes (read as zero, can be written by client). This document also
supports client participation in copy on write (e.g. for file systems supports client participation in copy-on-write (e.g., for file
with snapshots) by providing both read-only and un-initialized systems with snapshots) by providing both read-only and un-
storage for the same range in a layout. Reads are initially initialized storage for the same range in a layout. Reads are
performed on the read-only storage, with writes going to the un- initially performed on the read-only storage, with writes going to
initialized storage. After the first write that initializes the un- the un-initialized storage. After the first write that initializes
initialized storage, all reads are performed to that now-initialized the un-initialized storage, all reads are performed to that now-
writeable storage, and the corresponding read-only storage is no initialized writable storage, and the corresponding read-only storage
longer used. is no longer used.
The block/volume layout solution expands the security The block/volume layout solution expands the security
responsibilities of the pNFS clients and there are a number of responsibilities of the pNFS clients, and there are a number of
environments where the mandatory to implement security properties for environments where the mandatory to implement security properties for
NFS cannot be satisfied. The additional security responsibilities of NFS cannot be satisfied. The additional security responsibilities of
the client follow, and a full discussion is present in Section 3 the client follow, and a full discussion is present in Section 3,
"Security Considerations". "Security Considerations".
o Typically, storage area network (SAN) disk arrays and SAN o Typically, storage area network (SAN) disk arrays and SAN
protocols provide access control mechanisms (e.g., logical unit protocols provide access control mechanisms (e.g., Logical Unit
number mapping and/or masking) which operate at the granularity of Number (LUN) mapping and/or masking), which operate at the
individual hosts, not individual blocks. For this reason, block- granularity of individual hosts, not individual blocks. For this
based protection must be provided by the client software. reason, block-based protection must be provided by the client
software.
o Similarly, SAN disk arrays and SAN protocols typically are not be o Similarly, SAN disk arrays and SAN protocols typically are not
able to validate NFS locks that apply to file regions. For able to validate NFS locks that apply to file regions. For
instance, if a file is covered by a mandatory read-only lock, the instance, if a file is covered by a mandatory read-only lock, the
server can ensure that only readable layouts for the file are server can ensure that only readable layouts for the file are
granted to pNFS clients. However, it is up to each pNFS client to granted to pNFS clients. However, it is up to each pNFS client to
ensure that the readable layout is used only to service read ensure that the readable layout is used only to service read
requests, and not to allow writes to the existing parts of the requests, and not to allow writes to the existing parts of the
file. file.
Since block/volume storage systems are generally not capable of Since block/volume storage systems are generally not capable of
enforcing such file-based security, in environments where pNFS enforcing such file-based security, in environments where pNFS
clients cannot be trusted to enforce such policies, pNFS block/volume clients cannot be trusted to enforce such policies, pNFS block/volume
storage layouts SHOULD NOT be used. storage layouts SHOULD NOT be used.
2.2. GETDEVICELIST and GETDEVICEINFO 2.2. GETDEVICELIST and GETDEVICEINFO
2.2.1. Volume Identification 2.2.1. Volume Identification
Storage Systems such as storage arrays can have multiple physical Storage systems such as storage arrays can have multiple physical
network ports that need not be connected to a common network, network ports that need not be connected to a common network,
resulting in a pNFS client having simultaneous multipath access to resulting in a pNFS client having simultaneous multipath access to
the same storage volumes via different ports on different networks. the same storage volumes via different ports on different networks.
The networks may not even be the same technology - for example, The networks may not even be the same technology -- for example,
access to the same volume via both iSCSI and Fibre Channel is access to the same volume via both iSCSI and Fibre Channel is
possible, hence network addresses are difficult to use for volume possible, hence network addresses are difficult to use for volume
identification. For this reason, this pNFS block layout identifies identification. For this reason, this pNFS block layout identifies
storage volumes by content, for example providing the means to match storage volumes by content, for example providing the means to match
(unique portions of) labels used by volume managers. Volume (unique portions of) labels used by volume managers. Volume
identification is performed by matching one or more opaque byte identification is performed by matching one or more opaque byte
sequences to specific parts of the stored data. Any block pNFS sequences to specific parts of the stored data. Any block pNFS
system using this layout MUST support a means of content-based unique system using this layout MUST support a means of content-based unique
volume identification that can be employed via the data structure volume identification that can be employed via the data structure
given here. given here.
skipping to change at page 10, line 30 skipping to change at page 9, line 39
/// opaque bsc_contents<>; /* contents of this component /// opaque bsc_contents<>; /* contents of this component
/// of the signature */ /// of the signature */
/// }; /// };
/// ///
Note that the opaque "bsc_contents" field in the Note that the opaque "bsc_contents" field in the
"pnfs_block_sig_component4" structure MUST NOT be interpreted as a "pnfs_block_sig_component4" structure MUST NOT be interpreted as a
zero-terminated string, as it may contain embedded zero-valued bytes. zero-terminated string, as it may contain embedded zero-valued bytes.
There are no restrictions on alignment (e.g., neither bsc_sig_offset There are no restrictions on alignment (e.g., neither bsc_sig_offset
nor the length are required to be multiples of 4). The nor the length are required to be multiples of 4). The
bsc_sig_offset is a signed quantity which when positive represents an bsc_sig_offset is a signed quantity, which, when positive, represents
byte offset from the start of the volume, and when negative an byte offset from the start of the volume, and when negative
represents an byte offset from the end of the volume. represents an byte offset from the end of the volume.
Negative offsets are permitted in order to simplify the client Negative offsets are permitted in order to simplify the client
implementation on systems where the device label is found at a fixed implementation on systems where the device label is found at a fixed
offset from the end of the volume. If the server uses negative offset from the end of the volume. If the server uses negative
offsets to describe the signature, then the client and server MUST offsets to describe the signature, then the client and server MUST
NOT see different volume sizes. Negative offsets SHOULD NOT be used NOT see different volume sizes. Negative offsets SHOULD NOT be used
in systems that dynamically resize volumes unless care is taken to in systems that dynamically resize volumes unless care is taken to
ensure that the device label is always present at the offset from the ensure that the device label is always present at the offset from the
end of the volume as seen by the clients. end of the volume as seen by the clients.
A signature is an array of up to "PNFS_BLOCK_MAX_SIG_COMP" (defined A signature is an array of up to "PNFS_BLOCK_MAX_SIG_COMP" (defined
below) signature components. The client MUST NOT assume that all below) signature components. The client MUST NOT assume that all
signature components are colocated within a single sector on a block signature components are co-located within a single sector on a block
device. device.
The pNFS client block layout driver uses this volume identification The pNFS client block layout driver uses this volume identification
to map pnfs_block_volume_type4 PNFS_BLOCK_VOLUME_SIMPLE deviceid4s to to map pnfs_block_volume_type4 PNFS_BLOCK_VOLUME_SIMPLE deviceid4s to
its local view of a logical unit number (LUN). its local view of a LUN.
2.2.2. Volume Topology 2.2.2. Volume Topology
The pNFS block server volume topology is expressed as an arbitrary The pNFS block server volume topology is expressed as an arbitrary
combination of base volume types enumerated in the following data combination of base volume types enumerated in the following data
structures. The individual components of the topology are contained structures. The individual components of the topology are contained
in an array and components may refer to other components by using in an array and components may refer to other components by using
array indices. array indices.
/// enum pnfs_block_volume_type4 { /// enum pnfs_block_volume_type4 {
/// PNFS_BLOCK_VOLUME_SIMPLE = 0, /* volume maps to a single /// PNFS_BLOCK_VOLUME_SIMPLE = 0, /* volume maps to a single
/// LU */ /// LU */
skipping to change at page 13, line 28 skipping to change at page 11, line 37
/// }; /// };
/// ///
The "pnfs_block_deviceaddr4" data structure is a structure that The "pnfs_block_deviceaddr4" data structure is a structure that
allows arbitrarily complex nested volume structures to be encoded. allows arbitrarily complex nested volume structures to be encoded.
The types of aggregations that are allowed are stripes, The types of aggregations that are allowed are stripes,
concatenations, and slices. Note that the volume topology expressed concatenations, and slices. Note that the volume topology expressed
in the pnfs_block_deviceaddr4 data structure will always resolve to a in the pnfs_block_deviceaddr4 data structure will always resolve to a
set of pnfs_block_volume_type4 PNFS_BLOCK_VOLUME_SIMPLE. The array set of pnfs_block_volume_type4 PNFS_BLOCK_VOLUME_SIMPLE. The array
of volumes is ordered such that the root of the volume hierarchy is of volumes is ordered such that the root of the volume hierarchy is
the last element of the array. Concat, slice and stripe volumes MUST the last element of the array. Concat, slice, and stripe volumes
refer to volumes defined by lower indexed elements of the array. MUST refer to volumes defined by lower indexed elements of the array.
The "pnfs_block_device_addr4" data structure is returned by the The "pnfs_block_device_addr4" data structure is returned by the
server as the storage-protocol-specific opaque field da_addr_body in server as the storage-protocol-specific opaque field da_addr_body in
the "device_addr4" structure by a successful GETDEVICEINFO operation. the "device_addr4" structure by a successful GETDEVICEINFO operation
[NFSV4.1]. [NFSv4.1].
As noted above, all device_addr4 structures eventually resolve to a As noted above, all device_addr4 structures eventually resolve to a
set of volumes of type PNFS_BLOCK_VOLUME_SIMPLE. These volumes are set of volumes of type PNFS_BLOCK_VOLUME_SIMPLE. These volumes are
each uniquely identified by a set of signature components. each uniquely identified by a set of signature components.
Complicated volume hierarchies may be composed of dozens of volumes Complicated volume hierarchies may be composed of dozens of volumes
each with several signature components, thus the device address may each with several signature components; thus, the device address may
require several kilobytes. The client SHOULD be prepared to allocate require several kilobytes. The client SHOULD be prepared to allocate
a large buffer to contain the result. In the case of the server a large buffer to contain the result. In the case of the server
returning NFS4ERR_TOOSMALL the client SHOULD allocate a buffer of at returning NFS4ERR_TOOSMALL, the client SHOULD allocate a buffer of at
least gdir_mincount_bytes to contain the expected result and retry least gdir_mincount_bytes to contain the expected result and retry
the GETDEVICEINFO request. the GETDEVICEINFO request.
2.2.3. GETDEVICELIST and GETDEVICEINFO deviceid4 2.2.3. GETDEVICELIST and GETDEVICEINFO deviceid4
The server in response to a GETDEVICELIST request typically will The server in response to a GETDEVICELIST request typically will
return a single "deviceid4" in the gdlr_deviceid_list array. This is return a single "deviceid4" in the gdlr_deviceid_list array. This is
because the deviceid4 when passed to GETDEVICEINFO will return a because the deviceid4 when passed to GETDEVICEINFO will return a
"device_addr4" which encodes the entire volume hierarchy. In the "device_addr4", which encodes the entire volume hierarchy. In the
case of copy-on-write file systems, the "gdlr_deviceid_list" array case of copy-on-write file systems, the "gdlr_deviceid_list" array
may contain two deviceid4's, one referencing the read-only volume may contain two deviceid4's, one referencing the read-only volume
hierarchy, and one referencing the writable volume hierarchy. There hierarchy, and one referencing the writable volume hierarchy. There
is no required ordering of the readable and writable ids in the array is no required ordering of the readable and writable IDs in the array
as the volumes are uniquely identified by their deviceid4, and are as the volumes are uniquely identified by their deviceid4, and are
referred to by layouts using the deviceid4. Another example of the referred to by layouts using the deviceid4. Another example of the
server returning multiple device items occurs when the file handle server returning multiple device items occurs when the file handle
represents the root of a name space spanning multiple physical file represents the root of a namespace spanning multiple physical file
systems on the server, each with a different volume hierarchy. In systems on the server, each with a different volume hierarchy. In
this example a server implementation may return either a list of this example, a server implementation may return either a list of
deviceids used by each of the physical file systems, or it may return device IDs used by each of the physical file systems, or it may
an empty list. return an empty list.
Each deviceid4 returned by a successful GETDEVICELIST operation is a Each deviceid4 returned by a successful GETDEVICELIST operation is a
shorthand id used to reference the whole volume topology. These shorthand id used to reference the whole volume topology. These
device ids, as well as device ids return in extents of a LAYOUTGET device IDs, as well as device IDs returned in extents of a LAYOUTGET
operation, can be used as input to the GETDEVICEINFO operation. operation, can be used as input to the GETDEVICEINFO operation.
Decoding the "pnfs_block_deviceaddr4" results in a flat ordering of Decoding the "pnfs_block_deviceaddr4" results in a flat ordering of
data blocks mapped to PNFS_BLOCK_VOLUME_SIMPLE volumes. Combined data blocks mapped to PNFS_BLOCK_VOLUME_SIMPLE volumes. Combined
with the mapping to a client LUN described in 2.2.1 Volume with the mapping to a client LUN described in Section 2.2.1 "Volume
Identification, a logical volume offset can be mapped to a block on a Identification", a logical volume offset can be mapped to a block on
pNFS client LUN. [NFSV4.1] a pNFS client LUN [NFSv4.1].
2.3. Data Structures: Extents and Extent Lists 2.3. Data Structures: Extents and Extent Lists
A pNFS block layout is a list of extents within a flat array of data A pNFS block layout is a list of extents within a flat array of data
blocks in a logical volume. The details of the volume topology can blocks in a logical volume. The details of the volume topology can
be determined by using the GETDEVICEINFO operation (see discussion of be determined by using the GETDEVICEINFO operation (see discussion of
volume identification, section 2.2 above). The block layout volume identification, Section 2.2 above). The block layout
describes the individual block extents on the volume that make up the describes the individual block extents on the volume that make up the
file. The offsets and length contained in an extent are specified in file. The offsets and length contained in an extent are specified in
units of bytes. units of bytes.
/// enum pnfs_block_extent_state4 { /// enum pnfs_block_extent_state4 {
/// PNFS_BLOCK_READ_WRITE_DATA = 0,/* the data located by this /// PNFS_BLOCK_READ_WRITE_DATA = 0,/* the data located by this
/// extent is valid /// extent is valid
/// for reading and writing. */ /// for reading and writing. */
/// PNFS_BLOCK_READ_DATA = 1, /* the data located by this /// PNFS_BLOCK_READ_DATA = 1, /* the data located by this
/// extent is valid for reading /// extent is valid for reading
/// only; it may not be /// only; it may not be
/// written. */ /// written. */
/// PNFS_BLOCK_INVALID_DATA = 2, /* the location is valid; the /// PNFS_BLOCK_INVALID_DATA = 2, /* the location is valid; the
/// data is invalid. It is a /// data is invalid. It is a
/// newly (pre-) allocated /// newly (pre-) allocated
/// extent. There is physical /// extent. There is physical
/// space on the volume. */ /// space on the volume. */
/// PNFS_BLOCK_NONE_DATA = 3 /* the location is invalid. It /// PNFS_BLOCK_NONE_DATA = 3 /* the location is invalid.
/// is a hole in the file. /// It is a hole in the file.
/// There is no physical space /// There is no physical space
/// on the volume. */ /// on the volume. */
/// }; /// };
/// ///
/// struct pnfs_block_extent4 { /// struct pnfs_block_extent4 {
/// deviceid4 bex_vol_id; /* id of logical volume on /// deviceid4 bex_vol_id; /* id of logical volume on
/// which extent of file is /// which extent of file is
/// stored. */ /// stored. */
/// offset4 bex_file_offset; /* the starting byte offset in /// offset4 bex_file_offset; /* the starting byte offset in
skipping to change at page 15, line 47 skipping to change at page 13, line 47
/// }; /// };
/// ///
/// /* block layout specific type for loc_body */ /// /* block layout specific type for loc_body */
/// struct pnfs_block_layout4 { /// struct pnfs_block_layout4 {
/// pnfs_block_extent4 blo_extents<>; /// pnfs_block_extent4 blo_extents<>;
/// /* extents which make up this /// /* extents which make up this
/// layout. */ /// layout. */
/// }; /// };
/// ///
The block layout consists of a list of extents which map the logical The block layout consists of a list of extents that map the logical
regions of the file to physical locations on a volume. The regions of the file to physical locations on a volume. The
"bex_storage_offset" field within each extent identifies a location "bex_storage_offset" field within each extent identifies a location
on the logical volume specified by the "bex_vol_id" field in the on the logical volume specified by the "bex_vol_id" field in the
extent. The bex_vol_id itself is shorthand for the whole topology of extent. The bex_vol_id itself is shorthand for the whole topology of
the logical volume on which the file is stored. The client is the logical volume on which the file is stored. The client is
responsible for translating this logical offset into an offset on the responsible for translating this logical offset into an offset on the
appropriate underlying SAN logical unit. In most cases all extents appropriate underlying SAN logical unit. In most cases, all extents
in a layout will reside on the same volume and thus have the same in a layout will reside on the same volume and thus have the same
bex_vol_id. In the case of copy on write file systems, the bex_vol_id. In the case of copy-on-write file systems, the
PNFS_BLOCK_READ_DATA extents may have a different bex_vol_id from the PNFS_BLOCK_READ_DATA extents may have a different bex_vol_id from the
writable extents. writable extents.
Each extent maps a logical region of the file onto a portion of the Each extent maps a logical region of the file onto a portion of the
specified logical volume. The bex_file_offset, bex_length, and specified logical volume. The bex_file_offset, bex_length, and
bex_state fields for an extent returned from the server are valid for bex_state fields for an extent returned from the server are valid for
all extents. In contrast, the interpretation of the all extents. In contrast, the interpretation of the
bex_storage_offset field depends on the value of bex_state as follows bex_storage_offset field depends on the value of bex_state as follows
(in increasing order): (in increasing order):
o PNFS_BLOCK_READ_WRITE_DATA means that bex_storage_offset is valid, o PNFS_BLOCK_READ_WRITE_DATA means that bex_storage_offset is valid,
and points to valid/initialized data that can be read and written. and points to valid/initialized data that can be read and written.
o PNFS_BLOCK_READ_DATA means that bex_storage_offset is valid and o PNFS_BLOCK_READ_DATA means that bex_storage_offset is valid and
points to valid/ initialized data which can only be read. Write points to valid/ initialized data that can only be read. Write
operations are prohibited; the client may need to request a read- operations are prohibited; the client may need to request a
write layout. read-write layout.
o PNFS_BLOCK_INVALID_DATA means that bex_storage_offset is valid, o PNFS_BLOCK_INVALID_DATA means that bex_storage_offset is valid,
but points to invalid un-initialized data. This data must not be but points to invalid un-initialized data. This data must not be
physically read from the disk until it has been initialized. A physically read from the disk until it has been initialized. A
read request for a PNFS_BLOCK_INVALID_DATA extent must fill the read request for a PNFS_BLOCK_INVALID_DATA extent must fill the
user buffer with zeros, unless the extent is covered by a user buffer with zeros, unless the extent is covered by a
PNFS_BLOCK_READ_DATA extent of a copy-on-write file system. Write PNFS_BLOCK_READ_DATA extent of a copy-on-write file system. Write
requests must write whole server-sized blocks to the disk; bytes requests must write whole server-sized blocks to the disk; bytes
not initialized by the user must be set to zero. Any write to not initialized by the user must be set to zero. Any write to
storage in a PNFS_BLOCK_INVALID_DATA extent changes the written storage in a PNFS_BLOCK_INVALID_DATA extent changes the written
portion of the extent to PNFS_BLOCK_READ_WRITE_DATA; the pNFS portion of the extent to PNFS_BLOCK_READ_WRITE_DATA; the pNFS
client is responsible for reporting this change via LAYOUTCOMMIT. client is responsible for reporting this change via LAYOUTCOMMIT.
o PNFS_BLOCK_NONE_DATA means that bex_storage_offset is not valid, o PNFS_BLOCK_NONE_DATA means that bex_storage_offset is not valid,
and this extent may not be used to satisfy write requests. Read and this extent may not be used to satisfy write requests. Read
requests may be satisfied by zero-filling as for requests may be satisfied by zero-filling as for
PNFS_BLOCK_INVALID_DATA. PNFS_BLOCK_NONE_DATA extents may be PNFS_BLOCK_INVALID_DATA. PNFS_BLOCK_NONE_DATA extents may be
returned by requests for readable extents; they are never returned returned by requests for readable extents; they are never returned
if the request was for a writeable extent. if the request was for a writable extent.
An extent list lists all relevant extents in increasing order of the An extent list contains all relevant extents in increasing order of
bex_file_offset of each extent; any ties are broken by increasing the bex_file_offset of each extent; any ties are broken by increasing
order of the extent state (bex_state). order of the extent state (bex_state).
2.3.1. Layout Requests and Extent Lists 2.3.1. Layout Requests and Extent Lists
Each request for a layout specifies at least three parameters: file Each request for a layout specifies at least three parameters: file
offset, desired size, and minimum size. If the status of a request offset, desired size, and minimum size. If the status of a request
indicates success, the extent list returned must meet the following indicates success, the extent list returned must meet the following
criteria: criteria:
o A request for a readable (but not writeable) layout returns only o A request for a readable (but not writable) layout returns only
PNFS_BLOCK_READ_DATA or PNFS_BLOCK_NONE_DATA extents (but not PNFS_BLOCK_READ_DATA or PNFS_BLOCK_NONE_DATA extents (but not
PNFS_BLOCK_INVALID_DATA or PNFS_BLOCK_READ_WRITE_DATA extents). PNFS_BLOCK_INVALID_DATA or PNFS_BLOCK_READ_WRITE_DATA extents).
o A request for a writeable layout returns o A request for a writable layout returns PNFS_BLOCK_READ_WRITE_DATA
PNFS_BLOCK_READ_WRITE_DATA or PNFS_BLOCK_INVALID_DATA extents (but or PNFS_BLOCK_INVALID_DATA extents (but not PNFS_BLOCK_NONE_DATA
not PNFS_BLOCK_NONE_DATA extents). It may also return extents). It may also return PNFS_BLOCK_READ_DATA extents only
PNFS_BLOCK_READ_DATA extents only when the offset ranges in those when the offset ranges in those extents are also covered by
extents are also covered by PNFS_BLOCK_INVALID_DATA extents to PNFS_BLOCK_INVALID_DATA extents to permit writes.
permit writes.
o The first extent in the list MUST contain the requested starting o The first extent in the list MUST contain the requested starting
offset. offset.
o The total size of extents within the requested range MUST cover at o The total size of extents within the requested range MUST cover at
least the minimum size. One exception is allowed: the total size least the minimum size. One exception is allowed: the total size
MAY be smaller if only readable extents were requested and EOF is MAY be smaller if only readable extents were requested and EOF is
encountered. encountered.
o Extents in the extent list MUST be logically contiguous for a o Extents in the extent list MUST be logically contiguous for a
skipping to change at page 18, line 16 skipping to change at page 16, line 5
indication to the metadata server that the client desires any layout indication to the metadata server that the client desires any layout
at offset loga_offset or less that the metadata server has "readily at offset loga_offset or less that the metadata server has "readily
available". Readily is subjective, and depends on the layout type available". Readily is subjective, and depends on the layout type
and the pNFS server implementation. For block layout servers, and the pNFS server implementation. For block layout servers,
readily available SHOULD be interpreted such that readable layouts readily available SHOULD be interpreted such that readable layouts
are always available, even if some extents are in the are always available, even if some extents are in the
PNFS_BLOCK_NONE_DATA state. When processing requests for writable PNFS_BLOCK_NONE_DATA state. When processing requests for writable
layouts, a layout is readily available if extents can be returned in layouts, a layout is readily available if extents can be returned in
the PNFS_BLOCK_READ_WRITE_DATA state. the PNFS_BLOCK_READ_WRITE_DATA state.
2.3.2. Layout Commits 2.3.2. Layout Commits
/// /* block layout specific type for lou_body */ /// /* block layout specific type for lou_body */
/// struct pnfs_block_layoutupdate4 { /// struct pnfs_block_layoutupdate4 {
/// pnfs_block_extent4 blu_commit_list<>; /// pnfs_block_extent4 blu_commit_list<>;
/// /* list of extents which /// /* list of extents which
/// * now contain valid data. /// * now contain valid data.
/// */ /// */
/// }; /// };
/// ///
The "pnfs_block_layoutupdate4" structure is used by the client as the The "pnfs_block_layoutupdate4" structure is used by the client as the
block-protocol specific argument in a LAYOUTCOMMIT operation. The block-protocol specific argument in a LAYOUTCOMMIT operation. The
"blu_commit_list" field is an extent list covering regions of the "blu_commit_list" field is an extent list covering regions of the
file layout that were previously in the PNFS_BLOCK_INVALID_DATA file layout that were previously in the PNFS_BLOCK_INVALID_DATA
state, but have been written by the client and should now be state, but have been written by the client and should now be
considered in the PNFS_BLOCK_READ_WRITE_DATA state. The bex_state considered in the PNFS_BLOCK_READ_WRITE_DATA state. The bex_state
field of each extent in the blu_commit_list MUST be set to field of each extent in the blu_commit_list MUST be set to
PNFS_BLOCK_READ_WRITE_DATA. The extents in the commit list MUST be PNFS_BLOCK_READ_WRITE_DATA. The extents in the commit list MUST be
disjoint and MUST be sorted by bex_file_offset. The disjoint and MUST be sorted by bex_file_offset. The
bex_storage_offset field is unused. Implementers should be aware bex_storage_offset field is unused. Implementors should be aware
that a server may be unable to commit regions at a granularity that a server may be unable to commit regions at a granularity
smaller than a file-system block (typically 4KB or 8KB). As noted smaller than a file-system block (typically 4 KB or 8 KB). As noted
above, the block-size that the server uses is available as an NFSv4 above, the block-size that the server uses is available as an NFSv4
attribute, and any extents included in the "blu_commit_list" MUST be attribute, and any extents included in the "blu_commit_list" MUST be
aligned to this granularity and have a size that is a multiple of aligned to this granularity and have a size that is a multiple of
this granularity. If the client believes that its actions have moved this granularity. If the client believes that its actions have moved
the end-of-file into the middle of a block being committed, the the end-of-file into the middle of a block being committed, the
client MUST write zeroes from the end-of-file to the end of that client MUST write zeroes from the end-of-file to the end of that
block before committing the block. Failure to do so may result in block before committing the block. Failure to do so may result in
junk (uninitialized data) appearing in that area if the file is junk (un-initialized data) appearing in that area if the file is
subsequently extended by moving the end-of-file. subsequently extended by moving the end-of-file.
2.3.3. Layout Returns 2.3.3. Layout Returns
The LAYOUTRETURN operation is done without any block layout specific The LAYOUTRETURN operation is done without any block layout specific
data. When the LAYOUTRETURN operation specifies a data. When the LAYOUTRETURN operation specifies a
LAYOUTRETURN4_FILE_return type, then the layoutreturn_file4 data LAYOUTRETURN4_FILE_return type, then the layoutreturn_file4 data
structure specifies the region of the file layout that is no longer structure specifies the region of the file layout that is no longer
needed by the client. The opaque "lrf_body" field of the needed by the client. The opaque "lrf_body" field of the
"layoutreturn_file4" data structure MUST have length zero. A "layoutreturn_file4" data structure MUST have length zero. A
LAYOUTRETURN operation represents an explicit release of resources by LAYOUTRETURN operation represents an explicit release of resources by
the client, usually done for the purpose of avoiding unnecessary the client, usually done for the purpose of avoiding unnecessary
CB_LAYOUTRECALL operations in the future. The client may return CB_LAYOUTRECALL operations in the future. The client may return
skipping to change at page 19, line 34 skipping to change at page 17, line 20
flight I/Os that the client issued before the layout was revoked are flight I/Os that the client issued before the layout was revoked are
rejected at the storage. For the block/volume protocol, this is rejected at the storage. For the block/volume protocol, this is
possible by fencing a client with an expired layout timer from the possible by fencing a client with an expired layout timer from the
physical storage. Note, however, that the granularity of this physical storage. Note, however, that the granularity of this
operation can only be at the host/logical-unit level. Thus, if one operation can only be at the host/logical-unit level. Thus, if one
of a client's layouts is unilaterally revoked by the server, it will of a client's layouts is unilaterally revoked by the server, it will
effectively render useless *all* of the client's layouts for files effectively render useless *all* of the client's layouts for files
located on the storage units comprising the logical volume. This may located on the storage units comprising the logical volume. This may
render useless the client's layouts for files in other file systems. render useless the client's layouts for files in other file systems.
2.3.4. Client Copy-on-Write Processing 2.3.4. Client Copy-on-Write Processing
Copy-on-write is a mechanism used to support file and/or file system Copy-on-write is a mechanism used to support file and/or file system
snapshots. When writing to unaligned regions, or to regions smaller snapshots. When writing to unaligned regions, or to regions smaller
than a file system block, the writer must copy the portions of the than a file system block, the writer must copy the portions of the
original file data to a new location on disk. This behavior can original file data to a new location on disk. This behavior can
either be implemented on the client or the server. The paragraphs either be implemented on the client or the server. The paragraphs
below describe how a pNFS block layout client implements access to a below describe how a pNFS block layout client implements access to a
file which requires copy-on-write semantics. file that requires copy-on-write semantics.
Distinguishing the PNFS_BLOCK_READ_WRITE_DATA and Distinguishing the PNFS_BLOCK_READ_WRITE_DATA and
PNFS_BLOCK_READ_DATA extent types in combination with the allowed PNFS_BLOCK_READ_DATA extent types in combination with the allowed
overlap of PNFS_BLOCK_READ_DATA extents with PNFS_BLOCK_INVALID_DATA overlap of PNFS_BLOCK_READ_DATA extents with PNFS_BLOCK_INVALID_DATA
extents allows copy-on-write processing to be done by pNFS clients. extents allows copy-on-write processing to be done by pNFS clients.
In classic NFS, this operation would be done by the server. Since In classic NFS, this operation would be done by the server. Since
pNFS enables clients to do direct block access, it is useful for pNFS enables clients to do direct block access, it is useful for
clients to participate in copy-on-write operations. All block/volume clients to participate in copy-on-write operations. All block/volume
pNFS clients MUST support this copy-on-write processing. pNFS clients MUST support this copy-on-write processing.
skipping to change at page 20, line 39 skipping to change at page 18, line 22
extent; all subsequent reads MUST be performed from this extent; the extent; all subsequent reads MUST be performed from this extent; the
corresponding portion of the PNFS_BLOCK_READ_DATA extent MUST NOT be corresponding portion of the PNFS_BLOCK_READ_DATA extent MUST NOT be
used after storing data in a PNFS_BLOCK_INVALID_DATA extent. If a used after storing data in a PNFS_BLOCK_INVALID_DATA extent. If a
client writes only a portion of an extent, the extent may be split at client writes only a portion of an extent, the extent may be split at
block aligned boundaries. block aligned boundaries.
When a client wishes to write data to a PNFS_BLOCK_INVALID_DATA When a client wishes to write data to a PNFS_BLOCK_INVALID_DATA
extent that is not covered by a PNFS_BLOCK_READ_DATA extent, it MUST extent that is not covered by a PNFS_BLOCK_READ_DATA extent, it MUST
treat this write identically to a write to a file not involved with treat this write identically to a write to a file not involved with
copy-on-write semantics. Thus, data must be written in at least copy-on-write semantics. Thus, data must be written in at least
block size increments, aligned to multiples of block sized offsets, block-sized increments, aligned to multiples of block-sized offsets,
and unwritten portions of blocks must be zero filled. and unwritten portions of blocks must be zero filled.
In the LAYOUTCOMMIT operation that normally sends updated layout In the LAYOUTCOMMIT operation that normally sends updated layout
information back to the server, for writable data, some information back to the server, for writable data, some
PNFS_BLOCK_INVALID_DATA extents may be committed as PNFS_BLOCK_INVALID_DATA extents may be committed as
PNFS_BLOCK_READ_WRITE_DATA extents, signifying that the storage at PNFS_BLOCK_READ_WRITE_DATA extents, signifying that the storage at
the corresponding bex_storage_offset values has been stored into and the corresponding bex_storage_offset values has been stored into and
is now to be considered as valid data to be read. is now to be considered as valid data to be read.
PNFS_BLOCK_READ_DATA extents are not committed to the server. For PNFS_BLOCK_READ_DATA extents are not committed to the server. For
extents that the client receives via LAYOUTGET as extents that the client receives via LAYOUTGET as
PNFS_BLOCK_INVALID_DATA and returns via LAYOUTCOMMIT as PNFS_BLOCK_INVALID_DATA and returns via LAYOUTCOMMIT as
PNFS_BLOCK_READ_WRITE_DATA, the server will understand that the PNFS_BLOCK_READ_WRITE_DATA, the server will understand that the
PNFS_BLOCK_READ_DATA mapping for that extent is no longer valid or PNFS_BLOCK_READ_DATA mapping for that extent is no longer valid or
necessary for that file. necessary for that file.
2.3.5. Extents are Permissions 2.3.5. Extents are Permissions
Layout extents returned to pNFS clients grant permission to read or Layout extents returned to pNFS clients grant permission to read or
write; PNFS_BLOCK_READ_DATA and PNFS_BLOCK_NONE_DATA are read-only write; PNFS_BLOCK_READ_DATA and PNFS_BLOCK_NONE_DATA are read-only
(PNFS_BLOCK_NONE_DATA reads as zeroes), PNFS_BLOCK_READ_WRITE_DATA (PNFS_BLOCK_NONE_DATA reads as zeroes), PNFS_BLOCK_READ_WRITE_DATA
and PNFS_BLOCK_INVALID_DATA are read/write, (PNFS_BLOCK_INVALID_DATA and PNFS_BLOCK_INVALID_DATA are read/write, (PNFS_BLOCK_INVALID_DATA
reads as zeros, any write converts it to PNFS_BLOCK_READ_WRITE_DATA). reads as zeros, any write converts it to PNFS_BLOCK_READ_WRITE_DATA).
This is the only client means of obtaining permission to perform This is the only means a client has of obtaining permission to
direct I/O to storage devices; a pNFS client MUST NOT perform direct perform direct I/O to storage devices; a pNFS client MUST NOT perform
I/O operations that are not permitted by an extent held by the direct I/O operations that are not permitted by an extent held by the
client. Client adherence to this rule places the pNFS server in client. Client adherence to this rule places the pNFS server in
control of potentially conflicting storage device operations, control of potentially conflicting storage device operations,
enabling the server to determine what does conflict and how to avoid enabling the server to determine what does conflict and how to avoid
conflicts by granting and recalling extents to/from clients. conflicts by granting and recalling extents to/from clients.
Block/volume class storage devices are not required to perform read Block/volume class storage devices are not required to perform read
and write operations atomically. Overlapping concurrent read and and write operations atomically. Overlapping concurrent read and
write operations to the same data may cause the read to return a write operations to the same data may cause the read to return a
mixture of before-write and after-write data. Overlapping write mixture of before-write and after-write data. Overlapping write
operations can be worse, as the result could be a mixture of data operations can be worse, as the result could be a mixture of data
from the two write operations; data corruption can occur if the from the two write operations; data corruption can occur if the
underlying storage is striped and the operations complete in underlying storage is striped and the operations complete in
different orders on different stripes. A pNFS server can avoid these different orders on different stripes. When there are multiple
conflicts by implementing a single writer XOR multiple readers clients who wish to access the same data, a pNFS server can avoid
concurrency control policy when there are multiple clients who wish these conflicts by implementing a concurrency control policy of
to access the same data. This policy MUST be implemented when single writer XOR multiple readers. This policy MUST be implemented
storage devices do not provide atomicity for concurrent read/write when storage devices do not provide atomicity for concurrent
and write/write operations to the same data. read/write and write/write operations to the same data.
If a client makes a layout request that conflicts with an existing If a client makes a layout request that conflicts with an existing
layout delegation, the request will be rejected with the error layout delegation, the request will be rejected with the error
NFS4ERR_LAYOUTTRYLATER. This client is then expected to retry the NFS4ERR_LAYOUTTRYLATER. This client is then expected to retry the
request after a short interval. During this interval the server request after a short interval. During this interval, the server
SHOULD recall the conflicting portion of the layout delegation from SHOULD recall the conflicting portion of the layout delegation from
the client that currently holds it. This reject-and-retry approach the client that currently holds it. This reject-and-retry approach
does not prevent client starvation when there is contention for the does not prevent client starvation when there is contention for the
layout of a particular file. For this reason a pNFS server SHOULD layout of a particular file. For this reason, a pNFS server SHOULD
implement a mechanism to prevent starvation. One possibility is that implement a mechanism to prevent starvation. One possibility is that
the server can maintain a queue of rejected layout requests. Each the server can maintain a queue of rejected layout requests. Each
new layout request can be checked to see if it conflicts with a new layout request can be checked to see if it conflicts with a
previous rejected request, and if so, the newer request can be previous rejected request, and if so, the newer request can be
rejected. Once the original requesting client retries its request, rejected. Once the original requesting client retries its request,
its entry in the rejected request queue can be cleared, or the entry its entry in the rejected request queue can be cleared, or the entry
in the rejected request queue can be removed when it reaches a in the rejected request queue can be removed when it reaches a
certain age. certain age.
NFSv4 supports mandatory locks and share reservations. These are NFSv4 supports mandatory locks and share reservations. These are
skipping to change at page 22, line 24 skipping to change at page 20, line 5
layouts, I/Os will be issued from the clients that hold the layouts layouts, I/Os will be issued from the clients that hold the layouts
directly to the storage devices that host the data. These devices directly to the storage devices that host the data. These devices
have no knowledge of files, mandatory locks, or share reservations, have no knowledge of files, mandatory locks, or share reservations,
and are not in a position to enforce such restrictions. For this and are not in a position to enforce such restrictions. For this
reason the NFSv4 server MUST NOT grant layouts that conflict with reason the NFSv4 server MUST NOT grant layouts that conflict with
mandatory locks or share reservations. Further, if a conflicting mandatory locks or share reservations. Further, if a conflicting
mandatory lock request or a conflicting open request arrives at the mandatory lock request or a conflicting open request arrives at the
server, the server MUST recall the part of the layout in conflict server, the server MUST recall the part of the layout in conflict
with the request before granting the request. with the request before granting the request.
2.3.6. End-of-file Processing 2.3.6. End-of-file Processing
The end-of-file location can be changed in two ways: implicitly as The end-of-file location can be changed in two ways: implicitly as
the result of a WRITE or LAYOUTCOMMIT beyond the current end-of-file, the result of a WRITE or LAYOUTCOMMIT beyond the current end-of-file,
or explicitly as the result of a SETATTR request. Typically, when a or explicitly as the result of a SETATTR request. Typically, when a
file is truncated by an NFSv4 client via the SETATTR call, the server file is truncated by an NFSv4 client via the SETATTR call, the server
frees any disk blocks belonging to the file which are beyond the new frees any disk blocks belonging to the file that are beyond the new
end-of-file byte, and MUST write zeros to the portion of the new end- end-of-file byte, and MUST write zeros to the portion of the new
of-file block beyond the new end-of-file byte. These actions render end-of-file block beyond the new end-of-file byte. These actions
any pNFS layouts which refer to the blocks that are freed or written render any pNFS layouts that refer to the blocks that are freed or
semantically invalid. Therefore, the server MUST recall from clients written semantically invalid. Therefore, the server MUST recall from
the portions of any pNFS layouts which refer to blocks that will be clients the portions of any pNFS layouts that refer to blocks that
freed or written by the server before processing the truncate will be freed or written by the server before processing the truncate
request. These recalls may take time to complete; as explained in request. These recalls may take time to complete; as explained in
[NFSv4.1], if the server cannot respond to the client SETATTR request [NFSv4.1], if the server cannot respond to the client SETATTR request
in a reasonable amount of time, it SHOULD reply to the client with in a reasonable amount of time, it SHOULD reply to the client with
the error NFS4ERR_DELAY. the error NFS4ERR_DELAY.
Blocks in the PNFS_BLOCK_INVALID_DATA state which lie beyond the new Blocks in the PNFS_BLOCK_INVALID_DATA state that lie beyond the new
end-of-file block present a special case. The server has reserved end-of-file block present a special case. The server has reserved
these blocks for use by a pNFS client with a writable layout for the these blocks for use by a pNFS client with a writable layout for the
file, but the client has yet to commit the blocks, and they are not file, but the client has yet to commit the blocks, and they are not
yet a part of the file mapping on disk. The server MAY free these yet a part of the file mapping on disk. The server MAY free these
blocks while processing the SETATTR request. If so, the server MUST blocks while processing the SETATTR request. If so, the server MUST
recall any layouts from pNFS clients which refer to the blocks before recall any layouts from pNFS clients that refer to the blocks before
processing the truncate. If the server does not free the processing the truncate. If the server does not free the
PNFS_BLOCK_INVALID_DATA blocks while processing the SETATTR request, PNFS_BLOCK_INVALID_DATA blocks while processing the SETATTR request,
it need not recall layouts which refer only to the PNFS_BLOCK_INVALID it need not recall layouts that refer only to the PNFS_BLOCK_INVALID
DATA blocks. DATA blocks.
When a file is extended implicitly by a WRITE or LAYOUTCOMMIT beyond When a file is extended implicitly by a WRITE or LAYOUTCOMMIT beyond
the current end-of-file, or extended explicitly by a SETATTR request, the current end-of-file, or extended explicitly by a SETATTR request,
the server need not recall any portions of any pNFS layouts. the server need not recall any portions of any pNFS layouts.
2.3.7. Layout Hints 2.3.7. Layout Hints
The SETATTR operation supports a layout hint attribute [NFSv4.1]. The SETATTR operation supports a layout hint attribute [NFSv4.1].
When the client sets a layout hint (data type layouthint4) with a When the client sets a layout hint (data type layouthint4) with a
layout type of LAYOUT4_BLOCK_VOLUME (the loh_type field), the layout type of LAYOUT4_BLOCK_VOLUME (the loh_type field), the
loh_body field contains a value of data type pnfs_block_layouthint4. loh_body field contains a value of data type pnfs_block_layouthint4.
/// /* block layout specific type for loh_body */ /// /* block layout specific type for loh_body */
/// struct pnfs_block_layouthint4 { /// struct pnfs_block_layouthint4 {
/// uint64_t blh_maximum_io_time; /* maximum i/o time in seconds /// uint64_t blh_maximum_io_time; /* maximum i/o time in seconds
/// */ /// */
skipping to change at page 23, line 25 skipping to change at page 21, line 4
When the client sets a layout hint (data type layouthint4) with a When the client sets a layout hint (data type layouthint4) with a
layout type of LAYOUT4_BLOCK_VOLUME (the loh_type field), the layout type of LAYOUT4_BLOCK_VOLUME (the loh_type field), the
loh_body field contains a value of data type pnfs_block_layouthint4. loh_body field contains a value of data type pnfs_block_layouthint4.
/// /* block layout specific type for loh_body */ /// /* block layout specific type for loh_body */
/// struct pnfs_block_layouthint4 { /// struct pnfs_block_layouthint4 {
/// uint64_t blh_maximum_io_time; /* maximum i/o time in seconds /// uint64_t blh_maximum_io_time; /* maximum i/o time in seconds
/// */ /// */
/// }; /// };
/// ///
The block layout client uses the layout hint data structure to The block layout client uses the layout hint data structure to
communicate to the server the maximum time that it may take an I/O to communicate to the server the maximum time that it may take an I/O to
execute on the client. Clients using block layouts MUST set the execute on the client. Clients using block layouts MUST set the
layout hint attribute before using LAYOUTGET operations. layout hint attribute before using LAYOUTGET operations.
2.3.8. Client Fencing 2.3.8. Client Fencing
The pNFS block protocol must handle situations in which a system The pNFS block protocol must handle situations in which a system
failure, typically a network connectivity issue, requires the server failure, typically a network connectivity issue, requires the server
to unilaterally revoke extents from one client in order to transfer to unilaterally revoke extents from one client in order to transfer
the extents to another client. The pNFS server implementation MUST the extents to another client. The pNFS server implementation MUST
ensure that when resources are transferred to another client, they ensure that when resources are transferred to another client, they
are not used by the client originally owning them, and this must be are not used by the client originally owning them, and this must be
ensured against any possible combination of partitions and delays ensured against any possible combination of partitions and delays
among all of the participants to the protocol (server, storage and among all of the participants to the protocol (server, storage and
client). Two approaches to guaranteeing this isolation are possible client). Two approaches to guaranteeing this isolation are possible
and are discussed below. and are discussed below.
One implementation choice for fencing the block client from the block One implementation choice for fencing the block client from the block
storage is the use of LUN masking or mapping at the storage systems storage is the use of LUN masking or mapping at the storage systems
or storage area network to disable access by the client to be or storage area network to disable access by the client to be
isolated. This requires server access to a management interface for isolated. This requires server access to a management interface for
the storage system and authorization to perform LUN masking and the storage system and authorization to perform LUN masking and
management operations. For example, SMI-S [SMIS] provides a means to management operations. For example, the Storage Management
discover and mask LUNs, including a means of associating clients with Initiative Specification (SMI-S) [SMIS] provides a means to discover
the necessary World Wide Names or Initiator names to be masked. and mask LUNs, including a means of associating clients with the
necessary World Wide Names or Initiator names to be masked.
In the absence of support for LUN masking, the server has to rely on In the absence of support for LUN masking, the server has to rely on
the clients to implement a timed lease I/O fencing mechanism. the clients to implement a timed-lease I/O fencing mechanism.
Because clients do not know if the server is using LUN masking, in Because clients do not know if the server is using LUN masking, in
all cases the client MUST implement timed lease fencing. In timed all cases, the client MUST implement timed-lease fencing. In timed-
lease fencing we define two time periods, the first, "lease_time" is lease fencing, we define two time periods, the first, "lease_time" is
the length of a lease as defined by the server's lease_time attribute the length of a lease as defined by the server's lease_time attribute
(see [NFSV4.1]), and the second, "blh_maximum_io_time" is the maximum (see [NFSv4.1]), and the second, "blh_maximum_io_time" is the maximum
time it can take for a client I/O to the storage system to either time it can take for a client I/O to the storage system to either
complete or fail; this value is often 30 seconds or 60 seconds, but complete or fail; this value is often 30 seconds or 60 seconds, but
may be longer in some environments. If the maximum client I/O time may be longer in some environments. If the maximum client I/O time
cannot be bounded, the client MUST use a value of all 1s as the cannot be bounded, the client MUST use a value of all 1s as the
blh_maximum_io_time. blh_maximum_io_time.
The client MUST use SETATTR with a layout hint of type After a new client ID is established, the client MUST use SETATTR
LAYOUT4_BLOCK_VOLUME to inform the server of its maximum I/O time with a layout hint of type LAYOUT4_BLOCK_VOLUME to inform the server
prior to issuing the first LAYOUTGET operation. The maximum io time of its maximum I/O time prior to issuing the first LAYOUTGET
hint is a per client attribute, and as such the server SHOULD operation. While the maximum I/O time hint is a per-file attribute,
maintain the value set by each client. A server which implements it is actually a per-client characteristic. Thus, the server MUST
fencing via LUN masking SHOULD accept any maximum io time value from maintain the last maximum I/O time hint sent separately for each
a client. A server which does not implement fencing may return an client. Each time the maximum I/O time changes, the server MUST
error NFS4ERR_INVAL to the SETATTR operation. Such a server SHOULD apply it to all files for which the client has a layout. If the
return NFS4ERR_INVAL when a client sends an unbounded maximum I/O client does not specify this attribute on a file for which a block
time (all 1s), or when the maximum I/O time is significantly greater layout is requested, the server SHOULD use the most recent value
than that of other clients using block layouts with pNFS. provided by the same client for any file; if that client has not
provided a value for this attribute, the server SHOULD reject the
layout request with the error NFS4ERR_LAYOUTUNAVAILABLE. The client
SHOULD NOT send a SETATTR of the layout hint with every LAYOUTGET. A
server that implements fencing via LUN masking SHOULD accept any
maximum I/O time value from a client. A server that does not
implement fencing may return an error NFS4ERR_INVAL to the SETATTR
operation. Such a server SHOULD return NFS4ERR_INVAL when a client
sends an unbounded maximum I/O time (all 1s), or when the maximum I/O
time is significantly greater than that of other clients using block
layouts with pNFS.
When a client receives the error NFS4ERR_INVAL in response to the When a client receives the error NFS4ERR_INVAL in response to the
SETATTR operation for a layout hint, the client MUST NOT use the SETATTR operation for a layout hint, the client MUST NOT use the
LAYOUTGET operation. After responding with NFS4ERR_INVAL to the LAYOUTGET operation. After responding with NFS4ERR_INVAL to the
SETATTR for layout hint, the server MUST return the error SETATTR for layout hint, the server MUST return the error
NFS4ERR_LAYOUTUNAVAILABLE to all subsequent LAYOUTGET operations from NFS4ERR_LAYOUTUNAVAILABLE to all subsequent LAYOUTGET operations from
that client. Thus the server, by returning either NFS4ERR_INVAL or that client. Thus, the server, by returning either NFS4ERR_INVAL or
NFS4_OK determines whether or not a client with a large, or an NFS4_OK determines whether or not a client with a large, or an
unbounded maximum I/O time may use pNFS. unbounded-maximum I/O time may use pNFS.
Using the lease time and the maximum i/o time values, we specify the Using the lease time and the maximum I/O time values, we specify the
behavior of the client and server as follows. behavior of the client and server as follows.
When a client receives layout information via a LAYOUTGET operation, When a client receives layout information via a LAYOUTGET operation,
those layouts are valid for at most "lease_time" seconds from when those layouts are valid for at most "lease_time" seconds from when
the server granted them. A layout is renewed by any successful the server granted them. A layout is renewed by any successful
SEQUENCE operation, or whenever a new stateid is created or updated SEQUENCE operation, or whenever a new stateid is created or updated
(see the section "Lease Renewal" of [NFSV4.1]). If the layout lease (see the section "Lease Renewal" of [NFSv4.1]). If the layout lease
is not renewed prior to expiration, the client MUST cease to use the is not renewed prior to expiration, the client MUST cease to use the
layout after "lease_time" seconds from when it either sent the layout after "lease_time" seconds from when it either sent the
original LAYOUTGET command, or sent the last operation renewing the original LAYOUTGET command or sent the last operation renewing the
lease. In other words, the client may not issue any I/O to blocks lease. In other words, the client may not issue any I/O to blocks
specified by an expired layout. In the presence of large specified by an expired layout. In the presence of large
communication delays between the client and server it is even communication delays between the client and server, it is even
possible for the lease to expire prior to the server response possible for the lease to expire prior to the server response
arriving at the client. In such a situation the client MUST NOT use arriving at the client. In such a situation, the client MUST NOT use
the expired layouts, and SHOULD revert to using standard NFSv41 READ the expired layouts, and SHOULD revert to using standard NFSv41 READ
and WRITE operations. Furthermore, the client must be configured and WRITE operations. Furthermore, the client must be configured
such that I/O operations complete within the "blh_maximum_io_time" such that I/O operations complete within the "blh_maximum_io_time"
even in the presence of multipath drivers that will retry I/Os via even in the presence of multipath drivers that will retry I/Os via
multiple paths. multiple paths.
As stated in the section "Dealing with Lease Expiration on the As stated in the "Dealing with Lease Expiration on the Client"
Client" of [NFSV4.1], if any SEQUENCE operation is successful, but section of [NFSv4.1], if any SEQUENCE operation is successful, but
sr_status_flag has SEQ4_STATUS_EXPIRED_ALL_STATE_REVOKED, sr_status_flag has SEQ4_STATUS_EXPIRED_ALL_STATE_REVOKED,
SEQ4_STATUS_EXPIRED_SOME_STATE_REVOKED, or SEQ4_STATUS_EXPIRED_SOME_STATE_REVOKED, or
SEQ4_STATUS_ADMIN_STATE_REVOKED set, the client MUST immediately SEQ4_STATUS_ADMIN_STATE_REVOKED is set, the client MUST immediately
cease to use all layouts and device id to device address mappings cease to use all layouts and device ID to device address mappings
associated with the corresponding server. associated with the corresponding server.
In the absence of known two way communication between the client and In the absence of known two-way communication between the client and
the server on the fore channel, the server must wait for at least the the server on the fore channel, the server must wait for at least the
time period "lease_time" plus "blh_maximum_io_time" before time period "lease_time" plus "blh_maximum_io_time" before
transferring layouts from the original client to any other client. transferring layouts from the original client to any other client.
The server, like the client, must take a conservative approach, and The server, like the client, must take a conservative approach, and
start the lease expiration timer from the time that it received the start the lease expiration timer from the time that it received the
operation which last renewed the lease. operation that last renewed the lease.
2.4. Crash Recovery Issues 2.4. Crash Recovery Issues
A critical requirement in crash recovery is that both the client and A critical requirement in crash recovery is that both the client and
the server know when the other has failed. Additionally, it is the server know when the other has failed. Additionally, it is
required that a client sees a consistent view of data across server required that a client sees a consistent view of data across server
restarts. These requirements and a full discussion of crash recovery restarts. These requirements and a full discussion of crash recovery
issues are covered in the "Crash Recovery" section of the NFSv41 issues are covered in the "Crash Recovery" section of the NFSv41
specification [NFSV4.1]. This document contains additional crash specification [NFSv4.1]. This document contains additional crash
recovery material specific only to the block/volume layout. recovery material specific only to the block/volume layout.
When the server crashes while the client holds a writable layout, and When the server crashes while the client holds a writable layout, and
the client has written data to blocks covered by the layout, and the the client has written data to blocks covered by the layout, and the
blocks are still in the PNFS_BLOCK_INVALID_DATA state, the client has blocks are still in the PNFS_BLOCK_INVALID_DATA state, the client has
two options for recovery. If the data that has been written to these two options for recovery. If the data that has been written to these
blocks is still cached by the client, the client can simply re-write blocks is still cached by the client, the client can simply re-write
the data via NFSv4, once the server has come back online. However, the data via NFSv4, once the server has come back online. However,
if the data is no longer in the client's cache, the client MUST NOT if the data is no longer in the client's cache, the client MUST NOT
attempt to source the data from the data servers. Instead, it should attempt to source the data from the data servers. Instead, it should
attempt to commit the blocks in question to the server during the attempt to commit the blocks in question to the server during the
server's recovery grace period, by sending a LAYOUTCOMMIT with the server's recovery grace period, by sending a LAYOUTCOMMIT with the
"loca_reclaim" flag set to true. This process is described in detail "loca_reclaim" flag set to true. This process is described in detail
in [NFSv4.1] section 18.42.4. in Section 18.42.4 of [NFSv4.1].
2.5. Recalling resources: CB_RECALL_ANY 2.5. Recalling Resources: CB_RECALL_ANY
The server may decide that it cannot hold all of the state for The server may decide that it cannot hold all of the state for
layouts without running out of resources. In such a case, it is free layouts without running out of resources. In such a case, it is free
to recall individual layouts using CB_LAYOUTRECALL to reduce the to recall individual layouts using CB_LAYOUTRECALL to reduce the
load, or it may choose to request that the client return any layout. load, or it may choose to request that the client return any layout.
The NFSv4.1 spec [NFSv4.1] defines the following types: The NFSv4.1 spec [NFSv4.1] defines the following types:
const RCA4_TYPE_MASK_BLK_LAYOUT = 4; const RCA4_TYPE_MASK_BLK_LAYOUT = 4;
skipping to change at page 26, line 33 skipping to change at page 24, line 20
uint32_t craa_objects_to_keep; uint32_t craa_objects_to_keep;
bitmap4 craa_type_mask; bitmap4 craa_type_mask;
}; };
When the server sends a CB_RECALL_ANY request to a client specifying When the server sends a CB_RECALL_ANY request to a client specifying
the RCA4_TYPE_MASK_BLK_LAYOUT bit in craa_type_mask, the client the RCA4_TYPE_MASK_BLK_LAYOUT bit in craa_type_mask, the client
should immediately respond with NFS4_OK, and then asynchronously should immediately respond with NFS4_OK, and then asynchronously
return complete file layouts until the number of files with layouts return complete file layouts until the number of files with layouts
cached on the client is less than craa_object_to_keep. cached on the client is less than craa_object_to_keep.
2.6. Transient and Permanent Errors 2.6. Transient and Permanent Errors
The server may respond to LAYOUTGET with a variety of error statuses. The server may respond to LAYOUTGET with a variety of error statuses.
These errors can convey transient conditions or more permanent These errors can convey transient conditions or more permanent
conditions that are unlikely to be resolved soon. conditions that are unlikely to be resolved soon.
The transient errors, NFS4ERR_RECALLCONFLICT and NFS4ERR_TRYLATER are The transient errors, NFS4ERR_RECALLCONFLICT and NFS4ERR_TRYLATER,
used to indicate that the server cannot immediately grant the layout are used to indicate that the server cannot immediately grant the
to the client. In the former case this is because the server has layout to the client. In the former case, this is because the server
recently issued a CB_LAYOUTRECALL to the requesting client, whereas has recently issued a CB_LAYOUTRECALL to the requesting client,
in the case of NFS4ERR_TRYLATER, the server cannot grant the request whereas in the case of NFS4ERR_TRYLATER, the server cannot grant the
possibly due to sharing conflicts with other clients. In either request possibly due to sharing conflicts with other clients. In
case, a reasonable approach for the client is to wait several either case, a reasonable approach for the client is to wait several
milliseconds and retry the request. The client SHOULD track the milliseconds and retry the request. The client SHOULD track the
number of retries, and if forward progress is not made, the client number of retries, and if forward progress is not made, the client
SHOULD send the READ or WRITE operation directly to the server. SHOULD send the READ or WRITE operation directly to the server.
The error NFS4ERR_LAYOUTUNAVAILABLE may be returned by the server if The error NFS4ERR_LAYOUTUNAVAILABLE may be returned by the server if
layouts are not supported for the requested file or its containing layouts are not supported for the requested file or its containing
file system. The server may also return this error code if the file system. The server may also return this error code if the
server is the progress of migrating the file from secondary storage, server is the progress of migrating the file from secondary storage,
or for any other reason which causes the server to be unable to or for any other reason that causes the server to be unable to supply
supply the layout. As a result of receiving the layout. As a result of receiving NFS4ERR_LAYOUTUNAVAILABLE, the
NFS4ERR_LAYOUTUNAVAILABLE, the client SHOULD send future READ and client SHOULD send future READ and WRITE requests directly to the
WRITE requests directly to the server. It is expected that a client server. It is expected that a client will not cache the file's
will not cache the file's layoutunavailable state forever, particular layoutunavailable state forever, particular if the file is closed,
if the file is closed, and thus eventually, the client MAY reissue a and thus eventually, the client MAY reissue a LAYOUTGET operation.
LAYOUTGET operation.
3. Security Considerations 3. Security Considerations
Typically, SAN disk arrays and SAN protocols provide access control Typically, SAN disk arrays and SAN protocols provide access control
mechanisms (e.g., logical unit number mapping and/or masking) which mechanisms (e.g., LUN mapping and/or masking) that operate at the
operate at the granularity of individual hosts. The functionality granularity of individual hosts. The functionality provided by such
provided by such mechanisms makes it possible for the server to mechanisms makes it possible for the server to "fence" individual
"fence" individual client machines from certain physical disks---that client machines from certain physical disks -- that is to say, to
is to say, to prevent individual client machines from reading or prevent individual client machines from reading or writing to certain
writing to certain physical disks. Finer-grained access control physical disks. Finer-grained access control methods are not
methods are not generally available. For this reason, certain generally available. For this reason, certain security
security responsibilities are delegated to pNFS clients for responsibilities are delegated to pNFS clients for block/volume
block/volume layouts. Block/volume storage systems generally control layouts. Block/volume storage systems generally control access at a
access at a volume granularity, and hence pNFS clients have to be volume granularity, and hence pNFS clients have to be trusted to only
trusted to only perform accesses allowed by the layout extents they perform accesses allowed by the layout extents they currently hold
currently hold (e.g., and not access storage for files on which a (e.g., and not access storage for files on which a layout extent is
layout extent is not held). In general, the server will not be able not held). In general, the server will not be able to prevent a
to prevent a client which holds a layout for a file from accessing client that holds a layout for a file from accessing parts of the
parts of the physical disk not covered by the layout. Similarly, the physical disk not covered by the layout. Similarly, the server will
server will not be able to prevent a client from accessing blocks not be able to prevent a client from accessing blocks covered by a
covered by a layout that it has already returned. This block-based layout that it has already returned. This block-based level of
level of protection must be provided by the client software. protection must be provided by the client software.
An alternative method of block/volume protocol use is for the storage An alternative method of block/volume protocol use is for the storage
devices to export virtualized block addresses, which do reflect the devices to export virtualized block addresses, which do reflect the
files to which blocks belong. These virtual block addresses are files to which blocks belong. These virtual block addresses are
exported to pNFS clients via layouts. This allows the storage device exported to pNFS clients via layouts. This allows the storage device
to make appropriate access checks, while mapping virtual block to make appropriate access checks, while mapping virtual block
addresses to physical block addresses. In environments where the addresses to physical block addresses. In environments where the
security requirements are such that client-side protection from security requirements are such that client-side protection from
access to storage outside of the authorized layout extents is not access to storage outside of the authorized layout extents is not
sufficient, pNFS block/volume storage layouts SHOULD NOT be used sufficient, pNFS block/volume storage layouts SHOULD NOT be used
unless the storage device is able to implement the appropriate access unless the storage device is able to implement the appropriate access
checks, via use of virtualized block addresses or other means. In checks, via use of virtualized block addresses or other means. In
contrast, an environment where client-side protection may suffice contrast, an environment where client-side protection may suffice
consists of co-located clients, server and storage systems in a consists of co-located clients, server and storage systems in a data
datacenter with a physically isolated SAN under control of a single center with a physically isolated SAN under control of a single
system administrator or small group of system administrators. system administrator or small group of system administrators.
This also has implications for some NFSv4 functionality outside pNFS. This also has implications for some NFSv4 functionality outside pNFS.
For instance, if a file is covered by a mandatory read-only lock, the For instance, if a file is covered by a mandatory read-only lock, the
server can ensure that only readable layouts for the file are granted server can ensure that only readable layouts for the file are granted
to pNFS clients. However, it is up to each pNFS client to ensure to pNFS clients. However, it is up to each pNFS client to ensure
that the readable layout is used only to service read requests, and that the readable layout is used only to service read requests, and
not to allow writes to the existing parts of the file. Similarly, not to allow writes to the existing parts of the file. Similarly,
block/volume storage devices are unable to validate NFS Access block/volume storage devices are unable to validate NFS Access
Control Lists (ACLs) and file open modes, so the client must enforce Control Lists (ACLs) and file open modes, so the client must enforce
the policies before sending a read or write request to the storage the policies before sending a READ or WRITE request to the storage
device. Since block/volume storage systems are generally not capable device. Since block/volume storage systems are generally not capable
of enforcing such file-based security, in environments where pNFS of enforcing such file-based security, in environments where pNFS
clients cannot be trusted to enforce such policies, pNFS block/volume clients cannot be trusted to enforce such policies, pNFS block/volume
storage layouts SHOULD NOT be used. storage layouts SHOULD NOT be used.
Access to block/volume storage is logically at a lower layer of the Access to block/volume storage is logically at a lower layer of the
I/O stack than NFSv4, and hence NFSv4 security is not directly I/O stack than NFSv4, and hence NFSv4 security is not directly
applicable to protocols that access such storage directly. Depending applicable to protocols that access such storage directly. Depending
on the protocol, some of the security mechanisms provided by NFSv4 on the protocol, some of the security mechanisms provided by NFSv4
(e.g., encryption, cryptographic integrity) may not be available, or (e.g., encryption, cryptographic integrity) may not be available or
may be provided via different means. At one extreme, pNFS with may be provided via different means. At one extreme, pNFS with
block/volume storage can be used with storage access protocols (e.g., block/volume storage can be used with storage access protocols (e.g.,
parallel SCSI) that provide essentially no security functionality. parallel SCSI) that provide essentially no security functionality.
At the other extreme, pNFS may be used with storage protocols such as At the other extreme, pNFS may be used with storage protocols such as
iSCSI that can provide significant security functionality. It is the iSCSI that can provide significant security functionality. It is the
responsibility of those administering and deploying pNFS with a responsibility of those administering and deploying pNFS with a
block/volume storage access protocol to ensure that appropriate block/volume storage access protocol to ensure that appropriate
protection is provided to that protocol (physical security is a protection is provided to that protocol (physical security is a
common means for protocols not based on IP). In environments where common means for protocols not based on IP). In environments where
the security requirements for the storage protocol cannot be met, the security requirements for the storage protocol cannot be met,
skipping to change at page 29, line 5 skipping to change at page 26, line 33
a different granularity and with a different notion of identity than a different granularity and with a different notion of identity than
NFSv4 (e.g., NFSv4 controls user access to files, iSCSI controls NFSv4 (e.g., NFSv4 controls user access to files, iSCSI controls
initiator access to volumes). The responsibility for enforcing initiator access to volumes). The responsibility for enforcing
appropriate correspondences between these security layers is placed appropriate correspondences between these security layers is placed
upon the pNFS client. As with the issues in the first paragraph of upon the pNFS client. As with the issues in the first paragraph of
this section, in environments where the security requirements are this section, in environments where the security requirements are
such that client-side protection from access to storage outside of such that client-side protection from access to storage outside of
the layout is not sufficient, pNFS block/volume storage layouts the layout is not sufficient, pNFS block/volume storage layouts
SHOULD NOT be used. SHOULD NOT be used.
4. Conclusions 4. Conclusions
This draft specifies the block/volume layout type for pNFS and This document specifies the block/volume layout type for pNFS and
associated functionality. associated functionality.
5. IANA Considerations 5. IANA Considerations
There are no IANA considerations in this document. All pNFS IANA There are no IANA considerations in this document. All pNFS IANA
Considerations are covered in [NFSV4.1]. Considerations are covered in [NFSv4.1].
6. Acknowledgments 6. Acknowledgments
This draft draws extensively on the authors' familiarity with the This document draws extensively on the authors' familiarity with the
mapping functionality and protocol in EMC's MPFS (previously named mapping functionality and protocol in EMC's Multi-Path File System
HighRoad) system [MPFS]. The protocol used by MPFS is called FMP (MPFS) (previously named HighRoad) system [MPFS]. The protocol used
(File Mapping Protocol); it is an add-on protocol that runs in by MPFS is called FMP (File Mapping Protocol); it is an add-on
parallel with file system protocols such as NFSv3 to provide pNFS- protocol that runs in parallel with file system protocols such as
like functionality for block/volume storage. While drawing on FMP, NFSv3 to provide pNFS-like functionality for block/volume storage.
the data structures and functional considerations in this draft While drawing on FMP, the data structures and functional
differ in significant ways, based on lessons learned and the considerations in this document differ in significant ways, based on
opportunity to take advantage of NFSv4 features such as COMPOUND lessons learned and the opportunity to take advantage of NFSv4
operations. The design to support pNFS client participation in copy- features such as COMPOUND operations. The design to support pNFS
on-write is based on text and ideas contributed by Craig Everhart. client participation in copy-on-write is based on text and ideas
contributed by Craig Everhart.
Andy Adamson, Ben Campbell, Richard Chandler, Benny Halevy, Fredric Andy Adamson, Ben Campbell, Richard Chandler, Benny Halevy, Fredric
Isaman, and Mario Wurzl all helped to review drafts of this Isaman, and Mario Wurzl all helped to review versions of this
specification. specification.
7. References 7. References
7.1. Normative References 7.1. Normative References
[LEGAL] IETF Trust, "Legal Provisions Relating to IETF Documents", [LEGAL] IETF Trust, "Legal Provisions Relating to IETF Documents",
URL http://trustee.ietf.org/docs/IETF-Trust-License- http://trustee.ietf.org/docs/IETF-Trust-License-Policy.pdf,
Policy.pdf, November 2008. November 2008.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[NFSV4.1] Shepler, S., Eisler, M., and Noveck, D. ed., "NFSv4 Minor [NFSv4.1] Shepler, S., Ed., Eisler, M., Ed., and D. Noveck, Ed.,
Version 1", RFC [[RFC Editor: please insert NFSv4 Minor "Network File System (NFS) Version 4 Minor Version 1
Version 1 RFC number]], [[RFC Editor: please insert NFSv4 Protocol", RFC 5661, January 2010.
Minor Version 1 RFC month]] [[RFC Editor: please insert
NFSv4 Minor Version 1 year].
<http://www.ietf.org/rfc/rfc[[RFC Editor: please insert
NFSv4 Minor Version 1 RFC number]].txt>.
[XDR] Eisler, M., "XDR: External Data Representation Standard", [XDR] Eisler, M., Ed., "XDR: External Data Representation
STD 67, RFC 4506, May 2006. Standard", STD 67, RFC 4506, May 2006.
7.2. Informative References 7.2. Informative References
[MPFS] EMC Corporation, "EMC Celerra Multi-Path File System", EMC [MPFS] EMC Corporation, "EMC Celerra Multi-Path File System
Data Sheet, available at: (MPFS)", EMC Data Sheet,
http://www.emc.com/collateral/software/data-sheet/h2006-celerra-mpfs- http://www.emc.com/collateral/software/data-sheet/
mpfsi.pdf h2006-celerra-mpfs-mpfsi.pdf.
link checked 13 March 2008
[SMIS] SNIA, "SNIA Storage Management Initiative Specification", [SMIS] SNIA, "Storage Management Initiative Specification (SMI-S)
version 1.0.2, available at: v1.4", http://www.snia.org/tech_activities/standards/
http://www.snia.org/tech_activities/standards/curr_standards/smi/SMI- curr_standards/smi/SMI-S_Technical_Position_v1.4.0r4.zip.
S_Technical_Position_v1.0.3r1.pdf
link checked 13 March 2008
Authors' Addresses Authors' Addresses
David L. Black David L. Black
EMC Corporation EMC Corporation
176 South Street 176 South Street
Hopkinton, MA 01748 Hopkinton, MA 01748
Phone: +1 (508) 293-7953 Phone: +1 (508) 293-7953
Email: black_david@emc.com EMail: black_david@emc.com
Stephen Fridella Stephen Fridella
EMC Corporation Nasuni Inc
228 South Street 313 Speen St
Hopkinton, MA 01748 Natick MA 01760
Phone: +1 (508) 249-3528 EMail: stevef@nasuni.com
Email: fridella_stephen@emc.com
Jason Glasgow Jason Glasgow
Google Google
5 Cambridge Center 5 Cambridge Center
Cambridge, MA 02142 Cambridge, MA 02142
Phone: +1 (617) 575 1599 Phone: +1 (617) 575 1599
Email: jglasgow@aya.yale.edu EMail: jglasgow@aya.yale.edu
 End of changes. 146 change blocks. 
353 lines changed or deleted 348 lines changed or added

This html diff was produced by rfcdiff 1.37b. The latest version is available from http://tools.ietf.org/tools/rfcdiff/