draft-ietf-nfsv4-pnfs-obj-05.txt   draft-ietf-nfsv4-pnfs-obj-06.txt 
NFSv4 B. Halevy NFSv4 B. Halevy
Internet-Draft B. Welch Internet-Draft B. Welch
Intended status: Standards Track J. Zelenka Intended status: Standards Track J. Zelenka
Expires: August 28, 2008 Panasas Expires: September 18, 2008 Panasas
February 25, 2008 March 17, 2008
Object-based pNFS Operations Object-based pNFS Operations
draft-ietf-nfsv4-pnfs-obj-05 draft-ietf-nfsv4-pnfs-obj-06
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 35 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 28, 2008. This Internet-Draft will expire on September 18, 2008.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2008). Copyright (C) The IETF Trust (2008).
Abstract Abstract
This Internet-Draft provides a description of the object-based pNFS This Internet-Draft provides a description of the object-based pNFS
extension for NFSv4. This is a companion to the main pnfs extension for NFSv4. This is a companion to the main pnfs
specification in the NFSv4 Minor Version 1 Internet Draft, which is specification in the NFSv4 Minor Version 1 Internet Draft, which is
currently draft-ietf-nfsv4-minorversion1-20.txt. currently draft-ietf-nfsv4-minorversion1-21.txt.
Requirements Language Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [1]. document are to be interpreted as described in RFC 2119 [1].
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Object Storage Device Addressing and Discovery . . . . . . . . 4 2. Object Storage Device Addressing and Discovery . . . . . . . . 4
2.1. pnfs_osd_addr_type4 . . . . . . . . . . . . . . . . . . . 5 2.1. pnfs_osd_addr_type4 . . . . . . . . . . . . . . . . . . . 5
2.2. pnfs_osd_deviceaddr4 . . . . . . . . . . . . . . . . . . . 6 2.2. pnfs_osd_deviceaddr4 . . . . . . . . . . . . . . . . . . . 5
3. Object-Based Layout . . . . . . . . . . . . . . . . . . . . . 6 2.2.1. SCSI Target Identifier . . . . . . . . . . . . . . . . 6
3.1. pnfs_osd_layout4 . . . . . . . . . . . . . . . . . . . . . 7 2.2.2. Device Network Address . . . . . . . . . . . . . . . . 7
3.1.1. pnfs_osd_objid4 . . . . . . . . . . . . . . . . . . . 7 3. Object-Based Layout . . . . . . . . . . . . . . . . . . . . . 7
3.1.2. pnfs_osd_version4 . . . . . . . . . . . . . . . . . . 8 3.1. pnfs_osd_layout4 . . . . . . . . . . . . . . . . . . . . . 8
3.1.3. pnfs_osd_object_cred4 . . . . . . . . . . . . . . . . 9 3.1.1. pnfs_osd_objid4 . . . . . . . . . . . . . . . . . . . 8
3.1.4. pnfs_osd_raid_algorithm4 . . . . . . . . . . . . . . . 10 3.1.2. pnfs_osd_version4 . . . . . . . . . . . . . . . . . . 9
3.1.5. pnfs_osd_data_map4 . . . . . . . . . . . . . . . . . . 10 3.1.3. pnfs_osd_object_cred4 . . . . . . . . . . . . . . . . 10
3.2. Data Mapping Schemes . . . . . . . . . . . . . . . . . . . 11 3.1.4. pnfs_osd_raid_algorithm4 . . . . . . . . . . . . . . . 11
3.2.1. Simple Striping . . . . . . . . . . . . . . . . . . . 11 3.1.5. pnfs_osd_data_map4 . . . . . . . . . . . . . . . . . . 11
3.2.2. Nested Striping . . . . . . . . . . . . . . . . . . . 12 3.2. Data Mapping Schemes . . . . . . . . . . . . . . . . . . . 12
3.2.3. Mirroring . . . . . . . . . . . . . . . . . . . . . . 13 3.2.1. Simple Striping . . . . . . . . . . . . . . . . . . . 12
3.3. RAID Algorithms . . . . . . . . . . . . . . . . . . . . . 14 3.2.2. Nested Striping . . . . . . . . . . . . . . . . . . . 13
3.3.1. PNFS_OSD_RAID_0 . . . . . . . . . . . . . . . . . . . 14 3.2.3. Mirroring . . . . . . . . . . . . . . . . . . . . . . 14
3.3.2. PNFS_OSD_RAID_4 . . . . . . . . . . . . . . . . . . . 14 3.3. RAID Algorithms . . . . . . . . . . . . . . . . . . . . . 15
3.3.3. PNFS_OSD_RAID_5 . . . . . . . . . . . . . . . . . . . 15 3.3.1. PNFS_OSD_RAID_0 . . . . . . . . . . . . . . . . . . . 15
3.3.4. PNFS_OSD_RAID_PQ . . . . . . . . . . . . . . . . . . . 15 3.3.2. PNFS_OSD_RAID_4 . . . . . . . . . . . . . . . . . . . 15
3.3.5. RAID Usage and implementation notes . . . . . . . . . 16 3.3.3. PNFS_OSD_RAID_5 . . . . . . . . . . . . . . . . . . . 16
4. Object-Based Layout Update . . . . . . . . . . . . . . . . . . 16 3.3.4. PNFS_OSD_RAID_PQ . . . . . . . . . . . . . . . . . . . 16
4.1. pnfs_osd_layoutupdate4 . . . . . . . . . . . . . . . . . . 16 3.3.5. RAID Usage and implementation notes . . . . . . . . . 17
4.1.1. pnfs_osd_deltaspaceused4 . . . . . . . . . . . . . . . 17 4. Object-Based Layout Update . . . . . . . . . . . . . . . . . . 17
5. Object-Based Layout Return . . . . . . . . . . . . . . . . . . 17 4.1. pnfs_osd_layoutupdate4 . . . . . . . . . . . . . . . . . . 17
5.1. pnfs_osd_layoutreturn4 . . . . . . . . . . . . . . . . . . 18 4.1.1. pnfs_osd_deltaspaceused4 . . . . . . . . . . . . . . . 18
5.1.1. pnfs_osd_errno4 . . . . . . . . . . . . . . . . . . . 19 5. Recovering from Client I/O Errors . . . . . . . . . . . . . . 18
5.1.2. pnfs_osd_ioerr4 . . . . . . . . . . . . . . . . . . . 20 6. Object-Based Layout Return . . . . . . . . . . . . . . . . . . 19
6. Object-Based Creation Layout Hint . . . . . . . . . . . . . . 20 6.1. pnfs_osd_layoutreturn4 . . . . . . . . . . . . . . . . . . 20
6.1. pnfs_osd_layouthint4 . . . . . . . . . . . . . . . . . . . 20 6.1.1. pnfs_osd_errno4 . . . . . . . . . . . . . . . . . . . 21
7. Layout Segments . . . . . . . . . . . . . . . . . . . . . . . 22 6.1.2. pnfs_osd_ioerr4 . . . . . . . . . . . . . . . . . . . 22
7.1. CB_LAYOUTRECALL and LAYOUTRETURN . . . . . . . . . . . . . 22 7. Object-Based Creation Layout Hint . . . . . . . . . . . . . . 22
7.2. LAYOUTCOMMIT . . . . . . . . . . . . . . . . . . . . . . . 23 7.1. pnfs_osd_layouthint4 . . . . . . . . . . . . . . . . . . . 22
8. Recalling Layouts . . . . . . . . . . . . . . . . . . . . . . 23 8. Layout Segments . . . . . . . . . . . . . . . . . . . . . . . 24
8.1. CB_RECALL_ANY . . . . . . . . . . . . . . . . . . . . . . 23 8.1. CB_LAYOUTRECALL and LAYOUTRETURN . . . . . . . . . . . . . 24
9. Client Fencing . . . . . . . . . . . . . . . . . . . . . . . . 24 8.2. LAYOUTCOMMIT . . . . . . . . . . . . . . . . . . . . . . . 25
10. Security Considerations . . . . . . . . . . . . . . . . . . . 24 9. Recalling Layouts . . . . . . . . . . . . . . . . . . . . . . 25
10.1. OSD Security Data Types . . . . . . . . . . . . . . . . . 25 9.1. CB_RECALL_ANY . . . . . . . . . . . . . . . . . . . . . . 25
10.2. The OSD Security Protocol . . . . . . . . . . . . . . . . 26 10. Client Fencing . . . . . . . . . . . . . . . . . . . . . . . . 26
10.3. Protocol Privacy Requirements . . . . . . . . . . . . . . 27 11. Security Considerations . . . . . . . . . . . . . . . . . . . 26
10.4. Revoking Capabilities . . . . . . . . . . . . . . . . . . 27 11.1. OSD Security Data Types . . . . . . . . . . . . . . . . . 27
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 11.2. The OSD Security Protocol . . . . . . . . . . . . . . . . 28
12. XDR Description of the Objects layout type . . . . . . . . . . 28 11.3. Protocol Privacy Requirements . . . . . . . . . . . . . . 29
13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 32 11.4. Revoking Capabilities . . . . . . . . . . . . . . . . . . 29
13.1. Normative References . . . . . . . . . . . . . . . . . . . 32 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30
13.2. Informative References . . . . . . . . . . . . . . . . . . 33 13. XDR Description of the Objects layout type . . . . . . . . . . 30
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 33 14. References . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 33 14.1. Normative References . . . . . . . . . . . . . . . . . . . 34
Intellectual Property and Copyright Statements . . . . . . . . . . 35 14.2. Informative References . . . . . . . . . . . . . . . . . . 35
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 36
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 36
Intellectual Property and Copyright Statements . . . . . . . . . . 38
1. Introduction 1. Introduction
In pNFS, the file server returns typed layout structures that In pNFS, the file server returns typed layout structures that
describe where file data is located. There are different layouts for describe where file data is located. There are different layouts for
different storage systems and methods of arranging data on storage different storage systems and methods of arranging data on storage
devices. This document describes the layouts used with object-based devices. This document describes the layouts used with object-based
storage devices (OSD) that are accessed according to the iSCSI/OSD storage devices (OSD) that are accessed according to the OSD storage
storage protocol standard (SNIA T10/1355-D [2]). protocol standard (SNIA T10/1355-D [2]).
An "object" is a container for data and attributes, and files are An "object" is a container for data and attributes, and files are
stored in one or more objects. The OSD protocol specifies several stored in one or more objects. The OSD protocol specifies several
operations on objects, including READ, WRITE, FLUSH, GET ATTRIBUTES, operations on objects, including READ, WRITE, FLUSH, GET ATTRIBUTES,
SET ATTRIBUTES, CREATE and DELETE. However, using the object-based SET ATTRIBUTES, CREATE and DELETE. However, using the object-based
layout the client only uses the READ, WRITE, GET ATTRIBUTES and FLUSH layout the client only uses the READ, WRITE, GET ATTRIBUTES and FLUSH
commands. The other commands are only used by the pNFS server. commands. The other commands are only used by the pNFS server.
An object-based layout for pNFS includes object identifiers, An object-based layout for pNFS includes object identifiers,
capabilities that allow clients to READ or WRITE those objects, and capabilities that allow clients to READ or WRITE those objects, and
various parameters that control how file data is striped across their various parameters that control how file data is striped across their
component objects. The OSD protocol has a capability-based security component objects. The OSD protocol has a capability-based security
scheme that allows the pNFS server to control what operations and scheme that allows the pNFS server to control what operations and
what objects can be used by clients. This scheme is described in what objects can be used by clients. This scheme is described in
more detail in the Security Considerations section (Section 10). more detail in the Security Considerations section (Section 11).
2. Object Storage Device Addressing and Discovery 2. Object Storage Device Addressing and Discovery
Data operations to an OSD require the client to know the "address" of Data operations to an OSD require the client to know the "address" of
each OSD's root object. The root object is synonymous with SCSI each OSD's root object. The root object is synonymous with SCSI
logical unit. The client specifies SCSI logical units to its SCSI logical unit. The client specifies SCSI logical units to its SCSI
stack using a representation local to the client. Because these protocol stack using a representation local to the client. Because
representations are local, GETDEVICEINFO must return information that these representations are local, GETDEVICEINFO must return
can be used by the client to select the correct local representation. information that can be used by the client to select the correct
local representation.
In the block world, a set offset (logical block number or track/ In the block world, a set offset (logical block number or track/
sector) contains a disk label. This label identifies the disk sector) contains a disk label. This label identifies the disk
uniquely. In contrast, an OSD has a standard set of attributes on uniquely. In contrast, an OSD has a standard set of attributes on
its root object. For device identification purposes the OSD System its root object. For device identification purposes the OSD System
ID (root information attribute number 3) and the OSD Name (root ID (root information attribute number 3) and the OSD Name (root
information attribute number 9) are used as the label. These appear information attribute number 9) are used as the label. These appear
in the pnfs_osd_deviceaddr4 type below under the "systemid" and in the pnfs_osd_deviceaddr4 type below under the "systemid" and
"osdname" fields. "osdname" fields.
In some situations, SCSI target discovery may need to be driven based In some situations, SCSI target discovery may need to be driven based
on information contained in the GETDEVICEINFO response. One example on information contained in the GETDEVICEINFO response. One example
of this is iSCSI targets that are not known to the client until a of this is iSCSI targets that are not known to the client until a
layout has been requested. Eventually iSCSI will adopt ANSI T10 layout has been requested. The information provided as the
SAM-3, at which time the World Wide Name (WWN aka, EUI-64/EUI-128) "targetid", "netaddr", and "lun" fields in the pnfs_osd_deviceaddr4
naming conventions can be specified. In addition, Fibre Channel (FC) type described below (see Section 2.2), allows the client to probe a
SCSI targets have a unique WWN. Although these FC targets have specific device given its network address and optionally its iSCSI
already been discovered, some implementations may want to specify the Name (see iSCSI [3]), or when the device network address is omitted,
WWN in addition to the label. This information appears as the to discover the object storage device using the provided device name
"target" and "lun" fields in the pnfs_osd_deviceaddr4 type described or SCSI device identifier (See SPC-3 [4].)
below.
The systemid is used by the client, along with the object credential The systemid is used by the client, along with the object credential
to sign each request with the request integrity check value. This to sign each request with the request integrity check value. This
method protects the client from unintentionally accessing a device if method protects the client from unintentionally accessing a device if
the device address mapping was changed (or revoked). The server the device address mapping was changed (or revoked). The server
computes the capability_key using its own view of the systemid computes the capability_key using its own view of the systemid
associated with the respective deviceid present in the credential. associated with the respective deviceid present in the credential.
If the client's view of the deviceid mapping is stale, the client If the client's view of the deviceid mapping is stale, the client
will use the wrong systemid (which must be system-wide unique) and will use the wrong systemid (which must be system-wide unique) and
the I/O request to the OSD will fail to pass the integrity check the I/O request to the OSD will fail to pass the integrity check
verification. verification.
To recover from this condition the client should report the error via To recover from this condition the client should report the error and
LAYOUTCOMMIT, return the layout using LAYOUTRETURN, and invalidate return the layout using LAYOUTRETURN, and invalidate all the device
all the device address mappings associated with this layout. The address mappings associated with this layout. The client can then
client can then ask for a new layout if it wishes using LAYOUTGET and ask for a new layout if it wishes using LAYOUTGET and resolve the
resolve the referenced deviceids using GETDEVICEINFO or referenced deviceids using GETDEVICEINFO or GETDEVICELIST.
GETDEVICELIST.
The server MUST provide the systemid and SHOULD also provide the The server MUST provide the systemid and SHOULD also provide the
osdname. When the OSD name is present the client SHOULD get the root osdname. When the OSD name is present the client SHOULD get the root
information attributes whenever it establishes communication with the information attributes whenever it establishes communication with the
OSD and verify that the OSD name it got from the OSD matches the one OSD and verify that the OSD name it got from the OSD matches the one
sent by the metadata server. To do so, the client uses the sent by the metadata server. To do so, the client uses the
root_obj_cred credentials. root_obj_cred credentials.
2.1. pnfs_osd_addr_type4 2.1. pnfs_osd_addr_type4
The following enum specifies the manner in which a scsi target can be The following enum specifies the manner in which a scsi target can be
specified. The target can be specified as a network address, as an specified. The target can be specified as an SCSI Name, or as a SCSI
Internet Qualified Name (IQN), or by the World-Wide Name (WWN) of the Device Identifier.
target.
enum pnfs_obj_addr_type4 { enum pnfs_obj_addr_type4 {
OBJ_TARGET_NETADDR = 1, OBJ_TARGET_ANON = 1,
OBJ_TARGET_IQN = 2, OBJ_TARGET_SCSI_NAME = 2,
OBJ_TARGET_WWN = 3 OBJ_TARGET_SCSI_DEVICE_ID = 3
}; };
2.2. pnfs_osd_deviceaddr4 2.2. pnfs_osd_deviceaddr4
The specification for an object device address is as follows: The specification for an object device address is as follows:
struct pnfs_osd_deviceaddr4 { struct pnfs_osd_deviceaddr4 {
union target switch (pnfs_osd_addr_type4 type) { union targetid switch (pnfs_osd_addr_type4 type) {
case OBJ_TARGET_NETADDR: case OBJ_TARGET_SCSI_NAME:
pnfs_netaddr4 netaddr; string scsi_name<>;
case OBJ_TARGET_IQN:
string iqn<>;
case OBJ_TARGET_WWN: case OBJ_TARGET_SCSI_DEVICE_ID:
string wwn<>; opaque scsi_device_id<>;
default: default:
void; void;
}; };
union netaddr switch (bool netaddr_available) {
case TRUE:
netaddr4 netaddr;
case FALSE:
void;
};
uint64_t lun; uint64_t lun;
opaque systemid<>; opaque systemid<>;
pnfs_osd_object_cred4 root_obj_cred; pnfs_osd_object_cred4 root_obj_cred;
opaque osdname<>; opaque osdname<>;
}; };
2.2.1. SCSI Target Identifier
When "targetid" is specified as a OBJ_TARGET_SCSI_NAME, the
"scsi_name" string MUST be formatted as a "iSCSI Name" as specified
in iSCSI [3] and [5]. Note that the specification of the scsi_name
string format is outside the scope of this document. Parsing the
string is based on the string prefix, e.g. "iqn.", "eui.", or "naa."
and more formats MAY be specified in the future in accordance with
iSCSI Names properties.
Currently, the iSCSI Name provides for naming the target device using
a string formmatted as an iSCSI Qualified Name (IQN) or as an EUI [8]
string. Those are typically used to identify iSCSI or SRP [9]
devices. The Network Address Authority (NAA) string format (see [5])
provides for naming the device using globally unique identifiers, as
defined in FC-FS [10]. These are typically used to identify Fibre
Channel or SAS [11] (Serial Attached SCSI) devices. In particular,
such devices that are dual-attached both over Fibre Channel or SAS,
and over iSCSI.
When "targetid" is specified as a OBJ_TARGET_SCSI_DEVICE_ID, the
"scsi_device_id" opaque field MUST be formatted as a SCSI Device
Identifier as defined in SPC-3 [4] VPD Page 83h (Section 7.6.3.
"Device Identification VPD Page".) Note that similarly to the
"scsi_name", the specification of the scsi_device_id opaque contents
is outside the scope of this document and more formats MAY be
specified in the future in accordance with SPC-3.
The OBJ_TARGET_ANON pnfs_osd_addr_type4 MAY be used for providing no
target identification. In this case only the OSD systemid and
optionally, the provided network address, are used to locate to
device.
2.2.2. Device Network Address
The optional "netaddr" field MAY be provided by the server as a hint
to accelerate device discovery over e.g., the iSCSI transport
protocol. The network address is given with the netaddr4 type, which
specifies a TCP/IP based endpoint (as specified in NFSv4.1 draft
[12]). When given, the client SHOULD use it to probe for the SCSI
device at the given network address. The client MAY still use other
discovery mechanisms such as iSNS [13] to locate the device using the
targetid. In particular, such external name service, SHOULD be used
when the devices may be attached to the network using multiple
connections, and/or multiple storage fabrics (e.g. Fibre-Channel and
iSCSI.)
3. Object-Based Layout 3. Object-Based Layout
The layout4 type is defined in the NFSv4.1 draft [6] as follows: The layout4 type is defined in the NFSv4.1 draft [12] as follows:
enum layouttype4 { enum layouttype4 {
LAYOUT4_NFSV4_1_FILES = 1, LAYOUT4_NFSV4_1_FILES = 1,
LAYOUT4_OSD2_OBJECTS = 2, LAYOUT4_OSD2_OBJECTS = 2,
LAYOUT4_BLOCK_VOLUME = 3 LAYOUT4_BLOCK_VOLUME = 3
}; };
struct layout_content4 { struct layout_content4 {
layouttype4 loc_type; layouttype4 loc_type;
opaque loc_body<>; opaque loc_body<>;
skipping to change at page 7, line 4 skipping to change at page 7, line 47
layouttype4 loc_type; layouttype4 loc_type;
opaque loc_body<>; opaque loc_body<>;
}; };
struct layout4 { struct layout4 {
offset4 lo_offset; offset4 lo_offset;
length4 lo_length; length4 lo_length;
layoutiomode4 lo_iomode; layoutiomode4 lo_iomode;
layout_content4 lo_content; layout_content4 lo_content;
}; };
This document defines structure associated with the layouttype4 This document defines structure associated with the layouttype4
value, LAYOUT4_OSD2_OBJECTS. The NFSv4.1 draft [6] specifies the value, LAYOUT4_OSD2_OBJECTS. The NFSv4.1 draft [12] specifies the
loc_body structure as an XDR type "opaque". The opaque layout is loc_body structure as an XDR type "opaque". The opaque layout is
uninterpreted by the generic pNFS client layers, but obviously must uninterpreted by the generic pNFS client layers, but obviously must
be interpreted by the object-storage layout driver. This document be interpreted by the object-storage layout driver. This document
defines the structure of this opaque value, pnfs_osd_layout4. defines the structure of this opaque value, pnfs_osd_layout4.
3.1. pnfs_osd_layout4 3.1. pnfs_osd_layout4
struct pnfs_osd_layout4 { struct pnfs_osd_layout4 {
pnfs_osd_data_map4 map; pnfs_osd_data_map4 map;
uint32_t comps_index; uint32_t comps_index;
skipping to change at page 8, line 16 skipping to change at page 9, line 16
deviceid4 device_id; deviceid4 device_id;
uint64_t partition_id; uint64_t partition_id;
uint64_t object_id; uint64_t object_id;
}; };
The pnfs_osd_objid4 type is used to identify an object within a The pnfs_osd_objid4 type is used to identify an object within a
partition on a specified object storage device. "device_id" selects partition on a specified object storage device. "device_id" selects
the object storage device from the set of available storage devices. the object storage device from the set of available storage devices.
The device is identified with the deviceid4 type, which is an index The device is identified with the deviceid4 type, which is an index
into addressing information about that device returned by the into addressing information about that device returned by the
GETDEVICELIST and GETDEVICEINFO pnfs operations. Within an OSD, a GETDEVICELIST and GETDEVICEINFO pnfs operations. The deviceid4 data
partition is identified with a 64-bit number, "partition_id". Within type is defined in NFSv4.1 draft [12]. Within an OSD, a partition is
a partition, an object is identified with a 64-bit number, identified with a 64-bit number, "partition_id". Within a partition,
"object_id". Creation and management of partitions is outside the an object is identified with a 64-bit number, "object_id". Creation
scope of this standard, and is a facility provided by the object and management of partitions is outside the scope of this standard,
storage file system. and is a facility provided by the object storage file system.
3.1.2. pnfs_osd_version4 3.1.2. pnfs_osd_version4
enum pnfs_osd_version4 { enum pnfs_osd_version4 {
PNFS_OSD_MISSING = 0, PNFS_OSD_MISSING = 0,
PNFS_OSD_VERSION_1 = 1, PNFS_OSD_VERSION_1 = 1,
PNFS_OSD_VERSION_2 = 2 PNFS_OSD_VERSION_2 = 2
}; };
The osd_version is used to indicate the OSD protocol version or The osd_version is used to indicate the OSD protocol version or
whether an object is missing (i.e., unavailable). Some layout whether an object is missing (i.e., unavailable). Some layout
schemes encode redundant information and can compensate for missing schemes encode redundant information and can compensate for missing
components, but the data placement algorithm needs to know what parts components, but the data placement algorithm needs to know what parts
are missing. are missing.
At this time the OSD standard is at version 1.0, and we anticipate a At this time the OSD standard is at version 1.0, and we anticipate a
version 2.0 of the standard ((SNIA T10/1729-D [7])). The second version 2.0 of the standard ((SNIA T10/1729-D [14])). The second
generation OSD protocol has additional proposed features to support generation OSD protocol has additional proposed features to support
more robust error recovery, snapshots, and byte-range capabilities. more robust error recovery, snapshots, and byte-range capabilities.
Therefore, the OSD version is explicitly called out in the Therefore, the OSD version is explicitly called out in the
information returned in the layout. (This information can also be information returned in the layout. (This information can also be
deduced by looking inside the capability type at the format field, deduced by looking inside the capability type at the format field,
which is the first byte. The format value is 0x1 for an OSD v1 which is the first byte. The format value is 0x1 for an OSD v1
capability. However, it seems most robust to call out the version capability. However, it seems most robust to call out the version
explicitly.) explicitly.)
3.1.3. pnfs_osd_object_cred4 3.1.3. pnfs_osd_object_cred4
skipping to change at page 9, line 27 skipping to change at page 10, line 27
opaque capability<>; opaque capability<>;
}; };
The pnfs_osd_object_cred4 structure is used to identify each The pnfs_osd_object_cred4 structure is used to identify each
component comprising the file. The object_id identifies the component comprising the file. The object_id identifies the
component object, the osd_version represents the osd protocol component object, the osd_version represents the osd protocol
version, or whether that component is unavailable, and the capability version, or whether that component is unavailable, and the capability
and capability key, along with the systemid from the and capability key, along with the systemid from the
pnfs_osd_deviceaddr, provide the OSD security credentials needed to pnfs_osd_deviceaddr, provide the OSD security credentials needed to
access that object. The cap_key_sec value denotes the method used to access that object. The cap_key_sec value denotes the method used to
secure the capability_key (see Section 10.1 for more details). secure the capability_key (see Section 11.1 for more details).
To comply with the OSD security requirements the capability key To comply with the OSD security requirements the capability key
SHOULD be transferred securely to prevent eavesdropping (see SHOULD be transferred securely to prevent eavesdropping (see
Section 10). Therefore, a client SHOULD either issue the LAYOUTGET Section 11). Therefore, a client SHOULD either issue the LAYOUTGET
operation via RPCSEC_GSS with the privacy service or to previously operation via RPCSEC_GSS with the privacy service or to previously
establish an SSV for the sessions via the NFSv4.1 SET_SSV operation. establish an SSV for the sessions via the NFSv4.1 SET_SSV operation.
The pnfs_osd_cap_key_sec4 type is used to identify the method used by The pnfs_osd_cap_key_sec4 type is used to identify the method used by
the server to secure the capability key. the server to secure the capability key.
o PNFS_OSD_CAP_KEY_SEC_NONE denotes that the capability_key is not o PNFS_OSD_CAP_KEY_SEC_NONE denotes that the capability_key is not
encrypted in which case the client SHOULD issue the LAYOUTGET encrypted in which case the client SHOULD issue the LAYOUTGET
operation with RPCSEC_GSS with the privacy service or the NFSv4.1 operation with RPCSEC_GSS with the privacy service or the NFSv4.1
transport should be secured by using methods that are external to transport should be secured by using methods that are external to
NFSv4.1 like the use of IPSEC [8] for transporting the NFSV4.1 NFSv4.1 like the use of IPSEC [15] for transporting the NFSV4.1
protocol. protocol.
o PNFS_OSD_CAP_KEY_SEC_SSV denotes that the capability_key contents o PNFS_OSD_CAP_KEY_SEC_SSV denotes that the capability_key contents
are encrypted using the SSV GSS context and the capability key as are encrypted using the SSV GSS context and the capability key as
inputs to the GSS_Wrap() function (see [3]) with the conf_req_flag inputs to the GSS_Wrap() function (see GSS-API [6]) with the
set to TRUE. The client MUST use the secret SSV key as part of conf_req_flag set to TRUE. The client MUST use the secret SSV key
the client's GSS context to decrypt the capability key using the as part of the client's GSS context to decrypt the capability key
value of the capability_key field as the input_message to the using the value of the capability_key field as the input_message
GSS_unwrap() function. Note that to prevent eavesdropping of the to the GSS_unwrap() function. Note that to prevent eavesdropping
SSV key the client SHOULD issue SET_SSV via RPCSEC_GSS with the of the SSV key the client SHOULD issue SET_SSV via RPCSEC_GSS with
privacy service. the privacy service.
The actual method chosen depends on whether the client established a The actual method chosen depends on whether the client established a
SSV key with the server and whether it issued the LAYOUTGET operation SSV key with the server and whether it issued the LAYOUTGET operation
with the RPCSEC_GSS privacy method. Naturally, if the client did not with the RPCSEC_GSS privacy method. Naturally, if the client did not
establish a SSV key via SET_SSV the server MUST use the establish a SSV key via SET_SSV the server MUST use the
PNFS_OSD_CAP_KEY_SEC_NONE method. Otherwise, if the LAYOUTGET PNFS_OSD_CAP_KEY_SEC_NONE method. Otherwise, if the LAYOUTGET
operation was not issued with the RPCSEC_GSS privacy method the operation was not issued with the RPCSEC_GSS privacy method the
server SHOULD secure the capability_key with the server SHOULD secure the capability_key with the
PNFS_OSD_CAP_KEY_SEC_SSV method. The server MAY use the PNFS_OSD_CAP_KEY_SEC_SSV method. The server MAY use the
PNFS_OSD_CAP_KEY_SEC_SSV method also when the LAYOUTGET operation was PNFS_OSD_CAP_KEY_SEC_SSV method also when the LAYOUTGET operation was
skipping to change at page 15, line 42 skipping to change at page 16, line 42
(Compute C based on L' as described above) (Compute C based on L' as described above)
C' = (C - (N%W)) % W C' = (C - (N%W)) % W
I = W - (N%W) - 1 I = W - (N%W) - 1
if (C' <= I) { if (C' <= I) {
C'++ C'++
} }
3.3.4. PNFS_OSD_RAID_PQ 3.3.4. PNFS_OSD_RAID_PQ
PNFS_OSD_RAID_PQ is a double-parity scheme that uses the Reed-Solomon PNFS_OSD_RAID_PQ is a double-parity scheme that uses the Reed-Solomon
P+Q encoding scheme [9]. In this layout, the last two component P+Q encoding scheme [16]. In this layout, the last two component
objects hold the P and Q data, respectively. P is parity computed objects hold the P and Q data, respectively. P is parity computed
with XOR, and Q is a more complex equation that is not described with XOR, and Q is a more complex equation that is not described
here. The equations given above for embedded parity can be used to here. The equations given above for embedded parity can be used to
map a file offset to the correct component object by setting the map a file offset to the correct component object by setting the
number of parity components to 2 instead of 1 for RAID4 or RAID5. number of parity components to 2 instead of 1 for RAID4 or RAID5.
Clients may simply choose to read data through the metadata server if Clients may simply choose to read data through the metadata server if
two components are missing or damaged. two components are missing or damaged.
Issue: This scheme also has a RAID_4 like layout where the ECC blocks Issue: This scheme also has a RAID_4 like layout where the ECC blocks
are stored on the same components on every stripe and a rotated, are stored on the same components on every stripe and a rotated,
skipping to change at page 16, line 25 skipping to change at page 17, line 25
object, the result could include different data in the same ranges of object, the result could include different data in the same ranges of
mirrored tuples, or corrupt parity information. It is the mirrored tuples, or corrupt parity information. It is the
responsibility of the metadata server to enforce serialization responsibility of the metadata server to enforce serialization
requirements such as this. For example, the metadata server may do requirements such as this. For example, the metadata server may do
so by not granting overlapping write layouts within mirrored objects. so by not granting overlapping write layouts within mirrored objects.
4. Object-Based Layout Update 4. Object-Based Layout Update
layoutupdate4 is used in the LAYOUTCOMMIT operation to convey updates layoutupdate4 is used in the LAYOUTCOMMIT operation to convey updates
to the layout and additional information to the metadata server. It to the layout and additional information to the metadata server. It
is defined in the NFSv4.1 draft [6] as follows: is defined in the NFSv4.1 draft [12] as follows:
struct layoutupdate4 { struct layoutupdate4 {
layouttype4 lou_type; layouttype4 lou_type;
opaque lou_body<>; opaque lou_body<>;
}; };
The layoutupdate4 type is an opaque value at the generic pNFS client The layoutupdate4 type is an opaque value at the generic pNFS client
level. If the lou_type layout type is LAYOUT4_OSD2_OBJECTS, then the level. If the lou_type layout type is LAYOUT4_OSD2_OBJECTS, then the
lou_body opaque value is defined by the pnfs_osd_layoutupdate4 type. lou_body opaque value is defined by the pnfs_osd_layoutupdate4 type.
4.1. pnfs_osd_layoutupdate4 4.1. pnfs_osd_layoutupdate4
struct pnfs_osd_layoutupdate4 { struct pnfs_osd_layoutupdate4 {
pnfs_osd_deltaspaceused4 delta_space_used; pnfs_osd_deltaspaceused4 lou_delta_space_used;
bool lou_ioerr;
}; };
Object-Based pNFS clients are not allowed to modify the layout. Object-Based pNFS clients are not allowed to modify the layout.
"delta_space_used" is used to convey capacity usage information back "lou_delta_space_used" is used to convey capacity usage information
to the metadata server. back to the metadata server.
4.1.1. pnfs_osd_deltaspaceused4 4.1.1. pnfs_osd_deltaspaceused4
union pnfs_osd_deltaspaceused4 switch (bool valid) { union pnfs_osd_deltaspaceused4 switch (bool valid) {
case TRUE: case TRUE:
int64_t delta; /* Bytes consumed by write activity */ int64_t dsu_delta; /* Bytes consumed by write activity */
case FALSE: case FALSE:
void; void;
}; };
pnfs_osd_deltaspaceused4 is used to convey space utilization pnfs_osd_deltaspaceused4 is used to convey space utilization
information at the time of LAYOUTCOMMIT. For the file system to information at the time of LAYOUTCOMMIT. For the file system to
properly maintain capacity used information, it needs to track how properly maintain capacity used information, it needs to track how
much capacity was consumed by WRITE operations performed by the much capacity was consumed by WRITE operations performed by the
client. In this protocol, the OSD returns the capacity consumed by a client. In this protocol, the OSD returns the capacity consumed by a
write, which can be different than the number of bytes written write, which can be different than the number of bytes written
because of internal overhead like block-based allocation and indirect because of internal overhead like block-based allocation and indirect
blocks, and the client reflects this back to the pNFS server so it blocks, and the client reflects this back to the pNFS server so it
can accurately track quota. The pNFS server can choose to trust this can accurately track quota. The pNFS server can choose to trust this
information coming from the clients and therefore avoid querying the information coming from the clients and therefore avoid querying the
OSDs at the time of LAYOUTCOMMIT. If the client is unable to obtain OSDs at the time of LAYOUTCOMMIT. If the client is unable to obtain
this information from the OSD, it simply returns invalid this information from the OSD, it simply returns invalid
delta_space_used. lou_delta_space_used.
5. Object-Based Layout Return The "lou_ioerr" flag is used when I/O errors were encountered while
writing the file. The client MUST report the errors using the
pnfs_osd_ioerr4 structure (See Section 6.1.1) at LAYOUTRETURN time.
If the client updated the file successfully before hitting the I/O
errors it MAY use LAYOUTCOMMIT to update the metadata server as
described above. Typically, in the error-free case, the server MAY
turn around and update the file's attributes on the storage devices.
However, if I/O errors were encountered the server better not attempt
to write the new attributes on the storage devices until it receives
the I/O error report, therefore the client MUST set the lou_ioerr
flag to true. Note that in this case, the client SHOULD send both
the LAYOUTCOMMIT and LAYOUTRETURN operations in the same COMPOUND
RPC.
5. Recovering from Client I/O Errors
The pNFS client may encounter errors when directly accessing the
object storage devices. However, it is the responsibility of the
metadata server to handle the I/O errors. When the
LAYOUT4_OSD2_OBJECTS layout type is used, the client MUST report the
I/O errors to the server at LAYOUTRETURN time using the
pnfs_osd_ioerr4 structure (See Section 6.1.1).
The metadata server analyzes the error and determines the required
recovery operations such as repairing any parity inconsistencies,
recovering media failures, or reconstructing missing objects.
The metadata server SHOULD recall any outstanding layouts to allow it
exclusive write access to the stripes being recovered and to prevent
other clients from hitting the same error condition. In these cases,
the server MUST complete recovery before handing out any new layouts
to the affected byte ranges.
Although is it MAY be acceptable for the client to propagate a
corresponding error to the application that initiated the I/O
operation and drop any unwritten data, the client SHOULD attempt to
retry the original I/O operation by requesting a new layout using
LAYOUTGET and retry the I/O operation(s) using the new layout or the
client MAY just retry the I/O operation(s) using regular NFS READ or
WRITE operations via the metadata server. The client SHOULD attempt
to retrieve a new layout and retry the I/O operation using OSD
commands first and only if the error persists, retry the I/O
operation via the metadata server.
6. Object-Based Layout Return
layoutreturn_file4 is used in the LAYOUTRETURN operation to convey layoutreturn_file4 is used in the LAYOUTRETURN operation to convey
layout-type specific information to the server. It is defined in the layout-type specific information to the server. It is defined in the
NFSv4.1 draft [6] as follows: NFSv4.1 draft [12] as follows:
struct layoutreturn_file4 { struct layoutreturn_file4 {
offset4 lrf_offset; offset4 lrf_offset;
length4 lrf_length; length4 lrf_length;
stateid4 lrf_stateid; stateid4 lrf_stateid;
/* layouttype4 specific data */ /* layouttype4 specific data */
opaque lrf_body<>; opaque lrf_body<>;
}; };
union layoutreturn4 switch(layoutreturn_type4 lr_returntype) { union layoutreturn4 switch(layoutreturn_type4 lr_returntype) {
skipping to change at page 18, line 32 skipping to change at page 20, line 32
bool lora_reclaim; bool lora_reclaim;
layoutreturn_stateid lora_recallstateid; layoutreturn_stateid lora_recallstateid;
layouttype4 lora_layout_type; layouttype4 lora_layout_type;
layoutiomode4 lora_iomode; layoutiomode4 lora_iomode;
layoutreturn4 lora_layoutreturn; layoutreturn4 lora_layoutreturn;
}; };
If the lora_layout_type layout type is LAYOUT4_OSD2_OBJECTS, then the If the lora_layout_type layout type is LAYOUT4_OSD2_OBJECTS, then the
lrf_body opaque value is defined by the pnfs_osd_layoutreturn4 type. lrf_body opaque value is defined by the pnfs_osd_layoutreturn4 type.
5.1. pnfs_osd_layoutreturn4 6.1. pnfs_osd_layoutreturn4
struct pnfs_osd_layoutreturn4 { struct pnfs_osd_layoutreturn4 {
pnfs_osd_ioerr4 ioerr<>; pnfs_osd_ioerr4 ioerr<>;
}; };
When OSD I/O operations failed, "ioerr" is used to report these When OSD I/O operations failed, "ioerr" is used to report these
errors to the metadata server. The pnfs_osd_ioerr4 data structure is errors to the metadata server. The pnfs_osd_ioerr4 data structure is
defined as follows: defined as follows:
5.1.1. pnfs_osd_errno4 6.1.1. pnfs_osd_errno4
enum pnfs_osd_errno4 { enum pnfs_osd_errno4 {
PNFS_OSD_ERR_EIO = 1, PNFS_OSD_ERR_EIO = 1,
PNFS_OSD_ERR_NOT_FOUND = 2, PNFS_OSD_ERR_NOT_FOUND = 2,
PNFS_OSD_ERR_NO_SPACE = 3, PNFS_OSD_ERR_NO_SPACE = 3,
PNFS_OSD_ERR_BAD_CRED = 4, PNFS_OSD_ERR_BAD_CRED = 4,
PNFS_OSD_ERR_NO_ACCESS = 5, PNFS_OSD_ERR_NO_ACCESS = 5,
PNFS_OSD_ERR_UNREACHABLE = 6, PNFS_OSD_ERR_UNREACHABLE = 6,
PNFS_OSD_ERR_RESOURCE = 7 PNFS_OSD_ERR_RESOURCE = 7
}; };
skipping to change at page 20, line 10 skipping to change at page 22, line 10
o PNFS_OSD_ERR_UNREACHABLE indicates the client did not complete the o PNFS_OSD_ERR_UNREACHABLE indicates the client did not complete the
I/O operation at the Object Storage Device due to a communication I/O operation at the Object Storage Device due to a communication
failure. Whether the I/O operation was executed by the OSD or not failure. Whether the I/O operation was executed by the OSD or not
is undetermined. is undetermined.
o PNFS_OSD_ERR_RESOURCE indicates the client did not issue the I/O o PNFS_OSD_ERR_RESOURCE indicates the client did not issue the I/O
operation due to a local problem on the initiator (i.e. client) operation due to a local problem on the initiator (i.e. client)
side, e.g., when running out of memory. The client MUST guarantee side, e.g., when running out of memory. The client MUST guarantee
that the OSD command was never dispatched to the OSD. that the OSD command was never dispatched to the OSD.
5.1.2. pnfs_osd_ioerr4 6.1.2. pnfs_osd_ioerr4
struct pnfs_osd_ioerr4 { struct pnfs_osd_ioerr4 {
pnfs_osd_objid4 component; pnfs_osd_objid4 component;
length4 comp_offset; length4 comp_offset;
length4 comp_length; length4 comp_length;
bool iswrite; bool iswrite;
pnfs_osd_errno4 errno; pnfs_osd_errno4 errno;
}; };
The pnfs_osd_ioerr4 structure is used to return error indications for The pnfs_osd_ioerr4 structure is used to return error indications for
objects that generated errors during data transfers. These are hints objects that generated errors during data transfers. These are hints
to the metadata server that there are problems with that object. For to the metadata server that there are problems with that object. For
each error, "component", "comp_offset", and "comp_length" represent each error, "component", "comp_offset", and "comp_length" represent
the object and byte range within the component object in which the the object and byte range within the component object in which the
error occurred, "iswrite" is set to "true" if the failed OSD error occurred, "iswrite" is set to "true" if the failed OSD
operation was data modifying, and "errno" represents the type of operation was data modifying, and "errno" represents the type of
error. error.
6. Object-Based Creation Layout Hint Component byte ranges in the optional pnfs_osd_ioerr4 structure are
used for recovering the object and MUST be set by the client to cover
all failed I/O operations to the component.
The layouthint4 type is defined in the NFSv4.1 draft [6] as follows: 7. Object-Based Creation Layout Hint
The layouthint4 type is defined in the NFSv4.1 draft [12] as follows:
struct layouthint4 { struct layouthint4 {
layouttype4 loh_type; layouttype4 loh_type;
opaque loh_body<>; opaque loh_body<>;
}; };
The layouthint4 structure is used by the client to pass in a hint The layouthint4 structure is used by the client to pass in a hint
about the type of layout it would like created for a particular file. about the type of layout it would like created for a particular file.
If the loh_type layout type is LAYOUT4_OSD2_OBJECTS, then the If the loh_type layout type is LAYOUT4_OSD2_OBJECTS, then the
loh_body opaque value is defined by the pnfs_osd_layouthint4 type. loh_body opaque value is defined by the pnfs_osd_layouthint4 type.
6.1. pnfs_osd_layouthint4 7.1. pnfs_osd_layouthint4
union num_comps_hint4 switch (bool valid) { union num_comps_hint4 switch (bool valid) {
case TRUE: case TRUE:
uint32_t num_comps; uint32_t num_comps;
case FALSE: case FALSE:
void; void;
}; };
union stripe_unit_hint4 switch (bool valid) { union stripe_unit_hint4 switch (bool valid) {
case TRUE: case TRUE:
length4 stripe_unit; length4 stripe_unit;
case FALSE: case FALSE:
void; void;
}; };
union group_width_hint4 switch (bool valid) { union group_width_hint4 switch (bool valid) {
case TRUE: case TRUE:
uint32_t group_width; uint32_t group_width;
skipping to change at page 22, line 12 skipping to change at page 24, line 16
cares about, e.g. it can provide a hint for the desired number of cares about, e.g. it can provide a hint for the desired number of
mirrored components, regardless of the the raid algorithm selected mirrored components, regardless of the the raid algorithm selected
for the file. The server should make an attempt to honor the hints for the file. The server should make an attempt to honor the hints
but it can ignore any or all of them at its own discretion and but it can ignore any or all of them at its own discretion and
without failing the respective create operation. without failing the respective create operation.
The num_comps hint can be used to limit the total number of component The num_comps hint can be used to limit the total number of component
objects comprising the file. All other hints correspond directly to objects comprising the file. All other hints correspond directly to
the different fields of pnfs_osd_data_map4. the different fields of pnfs_osd_data_map4.
7. Layout Segments 8. Layout Segments
The pnfs layout operations operate on logical byte ranges. There is The pnfs layout operations operate on logical byte ranges. There is
no requirement in the protocol for any relationship between byte no requirement in the protocol for any relationship between byte
ranges used in LAYOUTGET to acquire layouts and byte ranges used in ranges used in LAYOUTGET to acquire layouts and byte ranges used in
CB_LAYOUTRECALL, LAYOUTCOMMIT, or LAYOUTRETURN. However, using OSD CB_LAYOUTRECALL, LAYOUTCOMMIT, or LAYOUTRETURN. However, using OSD
capabilities poses limitations on these operations since the capabilities poses limitations on these operations since the
capabilities associated with layout segments cannot be merged or capabilities associated with layout segments cannot be merged or
split. The following guidelines should be followed for proper split. The following guidelines should be followed for proper
operation of object-based layouts. operation of object-based layouts.
7.1. CB_LAYOUTRECALL and LAYOUTRETURN 8.1. CB_LAYOUTRECALL and LAYOUTRETURN
In general, the object-based layout driver should keep track of each In general, the object-based layout driver should keep track of each
layout segment it got, keeping record of the segment's iomode, layout segment it got, keeping record of the segment's iomode,
offset, and length. The server should allow the client to get offset, and length. The server should allow the client to get
multiple overlapping layout segments but is free to recall the layout multiple overlapping layout segments but is free to recall the layout
to prevent overlap. to prevent overlap.
In response to CB_LAYOUTRECALL, the client should return all layout In response to CB_LAYOUTRECALL, the client should return all layout
segments matching the given iomode and overlapping with the recalled segments matching the given iomode and overlapping with the recalled
range. When returning the layouts for this byte range with range. When returning the layouts for this byte range with
skipping to change at page 23, line 5 skipping to change at page 25, line 6
the clientid, iomode, and byte range given in LAYOUTRETURN. If no the clientid, iomode, and byte range given in LAYOUTRETURN. If no
exact match is found then the server should release all layout exact match is found then the server should release all layout
segments matching the clientid and iomode and that are fully segments matching the clientid and iomode and that are fully
contained in the returned byte range. If none are found and the byte contained in the returned byte range. If none are found and the byte
range is a subset of an outstanding layout segment with for the same range is a subset of an outstanding layout segment with for the same
clientid and iomode, then the client can be considered malfunctioning clientid and iomode, then the client can be considered malfunctioning
and the server SHOULD recall all layouts from this client to reset and the server SHOULD recall all layouts from this client to reset
its state. If this behavior repeats the server SHOULD deny all its state. If this behavior repeats the server SHOULD deny all
LAYOUTGETs from this client. LAYOUTGETs from this client.
7.2. LAYOUTCOMMIT 8.2. LAYOUTCOMMIT
LAYOUTCOMMIT is only used by object-based pNFS to convey modified LAYOUTCOMMIT is only used by object-based pNFS to convey modified
attributes hints and/or to report I/O errors to the MDS. Therefore, attributes hints and/or to report I/O errors to the MDS. Therefore,
the offset and length in LAYOUTCOMMIT4args are reserved for future the offset and length in LAYOUTCOMMIT4args are reserved for future
use and should be set to 0. However, component byte ranges in the use and should be set to 0.
optional pnfs_osd_ioerr4 structure are used for recovering the object
and MUST be set by the client to cover all failed I/O operations to
the component.
8. Recalling Layouts 9. Recalling Layouts
The object-based metadata server should recall outstanding layouts in The object-based metadata server should recall outstanding layouts in
the following cases: the following cases:
o When the file's security policy changes, i.e. ACLs or permission o When the file's security policy changes, i.e. ACLs or permission
mode bits are set. mode bits are set.
o When the file's aggregation map changes, rendering outstanding o When the file's aggregation map changes, rendering outstanding
layouts invalid. layouts invalid.
o When there are sharing conflicts. For example, the server will o When there are sharing conflicts. For example, the server will
issue stripe aligned layout segments for RAID-5 objects. To issue stripe aligned layout segments for RAID-5 objects. To
prevent corruption of the file's parity, Multiple clients must not prevent corruption of the file's parity, Multiple clients must not
hold valid write layouts for the same stripes. An outstanding RW hold valid write layouts for the same stripes. An outstanding RW
layout should be recalled when a conflicting LAYOUTGET is received layout should be recalled when a conflicting LAYOUTGET is received
from a different client for LAYOUTIOMODE4_RW and for a byte-range from a different client for LAYOUTIOMODE4_RW and for a byte-range
overlapping with the outstanding layout segment. overlapping with the outstanding layout segment.
8.1. CB_RECALL_ANY 9.1. CB_RECALL_ANY
The metadata server can use the CB_RECALL_ANY callback operation to The metadata server can use the CB_RECALL_ANY callback operation to
notify the client to return some or all of its layouts. The NFSv4.1 notify the client to return some or all of its layouts. The NFSv4.1
draft [6] defines the following types: draft [12] defines the following types:
const RCA4_TYPE_MASK_OBJ_LAYOUT_MIN = 8; const RCA4_TYPE_MASK_OBJ_LAYOUT_MIN = 8;
const RCA4_TYPE_MASK_OBJ_LAYOUT_MAX = 11; const RCA4_TYPE_MASK_OBJ_LAYOUT_MAX = 11;
struct CB_RECALL_ANY4args { struct CB_RECALL_ANY4args {
uint32_t craa_objects_to_keep; uint32_t craa_objects_to_keep;
bitmap4 craa_type_mask; bitmap4 craa_type_mask;
}; };
Typically, CB_RECALL_ANY will be used to recall client state when the Typically, CB_RECALL_ANY will be used to recall client state when the
skipping to change at page 24, line 19 skipping to change at page 26, line 18
const PNFS_OSD_RCA4_TYPE_MASK_READ = RCA4_TYPE_MASK_OBJ_LAYOUT_MIN; const PNFS_OSD_RCA4_TYPE_MASK_READ = RCA4_TYPE_MASK_OBJ_LAYOUT_MIN;
const PNFS_OSD_RCA4_TYPE_MASK_RW = RCA4_TYPE_MASK_OBJ_LAYOUT_MIN+1; const PNFS_OSD_RCA4_TYPE_MASK_RW = RCA4_TYPE_MASK_OBJ_LAYOUT_MIN+1;
The PNFS_OSD_RCA4_TYPE_MASK_READ flag notifies the client to return The PNFS_OSD_RCA4_TYPE_MASK_READ flag notifies the client to return
layouts of iomode LAYOUTIOMODE4_READ. Similarly, the layouts of iomode LAYOUTIOMODE4_READ. Similarly, the
PNFS_OSD_RCA4_TYPE_MASK_RW flag notifies the client to return layouts PNFS_OSD_RCA4_TYPE_MASK_RW flag notifies the client to return layouts
of iomode LAYOUTIOMODE4_RW. When both mask flags are set, the client of iomode LAYOUTIOMODE4_RW. When both mask flags are set, the client
is notified to return layouts of either iomode. is notified to return layouts of either iomode.
9. Client Fencing 10. Client Fencing
In cases where clients are uncommunicative and their lease has In cases where clients are uncommunicative and their lease has
expired or when clients fail to return recalled layouts in a timely expired or when clients fail to return recalled layouts in a timely
manner the server MAY revoke client layouts and/or device address manner the server MAY revoke client layouts and/or device address
mappings and reassign these resources to other clients. To avoid mappings and reassign these resources to other clients. To avoid
data corruption, the metadata server MUST fence off the revoked data corruption, the metadata server MUST fence off the revoked
clients from the respective objects as described in Section 10.4. clients from the respective objects as described in Section 11.4.
10. Security Considerations 11. Security Considerations
The pNFS extension partitions the NFSv4 file system protocol into two The pNFS extension partitions the NFSv4 file system protocol into two
parts, the control path and the data path (storage protocol). The parts, the control path and the data path (storage protocol). The
control path contains all the new operations described by this control path contains all the new operations described by this
extension; all existing NFSv4 security mechanisms and features apply extension; all existing NFSv4 security mechanisms and features apply
to the control path. The combination of components in a pNFS system to the control path. The combination of components in a pNFS system
is required to preserve the security properties of NFSv4 with respect is required to preserve the security properties of NFSv4 with respect
to an entity accessing data via a client, including security to an entity accessing data via a client, including security
countermeasures to defend against threats that NFSv4 provides countermeasures to defend against threats that NFSv4 provides
defenses for in environments where these threats are considered defenses for in environments where these threats are considered
skipping to change at page 25, line 34 skipping to change at page 27, line 33
and enforcement of the server access control policy using the layout and enforcement of the server access control policy using the layout
security credentials, the NOSEC security method MUST NOT be used for security credentials, the NOSEC security method MUST NOT be used for
I/O operation. It MAY only be used to get the System ID attribute I/O operation. It MAY only be used to get the System ID attribute
when the metadata server provided only the OSD name with the device when the metadata server provided only the OSD name with the device
address. The remainder of this section gives an overview of the address. The remainder of this section gives an overview of the
security mechanism described in that standard. The goal is to give security mechanism described in that standard. The goal is to give
the reader a basic understanding of the object security model. Any the reader a basic understanding of the object security model. Any
discrepancies between this text and the actual standard are obviously discrepancies between this text and the actual standard are obviously
to be resolved in favor of the OSD standard. to be resolved in favor of the OSD standard.
10.1. OSD Security Data Types 11.1. OSD Security Data Types
There are three main data types associated with object security: a There are three main data types associated with object security: a
capability, a credential, and security parameters. The capability is capability, a credential, and security parameters. The capability is
a set of fields that specifies an object and what operations can be a set of fields that specifies an object and what operations can be
performed on it. A credential is a signed capability. Only a performed on it. A credential is a signed capability. Only a
security manager that knows the secret device keys can correctly sign security manager that knows the secret device keys can correctly sign
a capability to form a valid credential. In pNFS, the file server a capability to form a valid credential. In pNFS, the file server
acts as the security manager and returns signed capabilities (i.e., acts as the security manager and returns signed capabilities (i.e.,
credentials) to the pNFS client. The security parameters are values credentials) to the pNFS client. The security parameters are values
computed by the issuer of OSD commands (i.e., the client) that prove computed by the issuer of OSD commands (i.e., the client) that prove
skipping to change at page 26, line 10 skipping to change at page 28, line 8
resulting signatures into the security_parameters field of the OSD resulting signatures into the security_parameters field of the OSD
command. The object storage device uses the secret keys it shares command. The object storage device uses the secret keys it shares
with the security manager to validate the signature values in the with the security manager to validate the signature values in the
security parameters. security parameters.
The security types are opaque to the generic layers of the pNFS The security types are opaque to the generic layers of the pNFS
client. The credential contents are defined as opaque within the client. The credential contents are defined as opaque within the
pnfs_osd_object_cred4 type. Instead of repeating the definitions pnfs_osd_object_cred4 type. Instead of repeating the definitions
here, the reader is referred to section 4.9.2.2 of the OSD standard. here, the reader is referred to section 4.9.2.2 of the OSD standard.
10.2. The OSD Security Protocol 11.2. The OSD Security Protocol
The object storage protocol relies on a cryptographically secure The object storage protocol relies on a cryptographically secure
capability to control accesses at the object storage devices. capability to control accesses at the object storage devices.
Capabilities are generated by the metadata server, returned to the Capabilities are generated by the metadata server, returned to the
client, and used by the client as described below to authenticate client, and used by the client as described below to authenticate
their requests to the Object Storage Device (OSD). Capabilities their requests to the Object Storage Device (OSD). Capabilities
therefore achieve the required access and open mode checking. They therefore achieve the required access and open mode checking. They
allow the file server to define and check a policy (e.g., open mode) allow the file server to define and check a policy (e.g., open mode)
and the OSD to enforce that policy without knowing the details (e.g., and the OSD to enforce that policy without knowing the details (e.g.,
user IDs and ACLs). user IDs and ACLs).
skipping to change at page 27, line 21 skipping to change at page 29, line 20
OSD uses the SecretKey it shares with the metadata server to compare OSD uses the SecretKey it shares with the metadata server to compare
the ReqMAC the client sent with a locally computed value: the ReqMAC the client sent with a locally computed value:
LocalCapKey = MAC<SecretKey>(Cap, SystemID) LocalCapKey = MAC<SecretKey>(Cap, SystemID)
LocalReqMAC = MAC<LocalCapKey>(Req, ReqNonce) LocalReqMAC = MAC<LocalCapKey>(Req, ReqNonce)
and if they match the OSD assumes that the capabilities came from an and if they match the OSD assumes that the capabilities came from an
authentic metadata server and allows access to the object, as allowed authentic metadata server and allows access to the object, as allowed
by the Cap. by the Cap.
10.3. Protocol Privacy Requirements 11.3. Protocol Privacy Requirements
Note that if the server LAYOUTGET reply, holding CapKey and Cap, is Note that if the server LAYOUTGET reply, holding CapKey and Cap, is
snooped by another client, it can be used to generate valid OSD snooped by another client, it can be used to generate valid OSD
requests (within the Cap access restrictions). requests (within the Cap access restrictions).
To provide the required privacy requirements for the capability key To provide the required privacy requirements for the capability key
returned by LAYOUTGET, the GSS-API can be used, e.g. by using the returned by LAYOUTGET, the GSS-API [6] framework can be used, e.g. by
RPCSEC_GSS privacy method to send the LAYOUTGET operation or by using using the RPCSEC_GSS privacy method to send the LAYOUTGET operation
the SSV key to encrypt the capability_key using the GSS_Wrap() or by using the SSV key to encrypt the capability_key using the
function. Two general ways to provide privacy in the absence of GSS- GSS_Wrap() function. Two general ways to provide privacy in the
API that are independent of NFSv4 are either an isolated network such absence of GSS-API that are independent of NFSv4 are either an
as a VLAN or a secure channel provided by IPsec [8]. isolated network such as a VLAN or a secure channel provided by IPsec
[15].
10.4. Revoking Capabilities 11.4. Revoking Capabilities
At any time, the metadata server may invalidate all outstanding At any time, the metadata server may invalidate all outstanding
capabilities on an object by changing its POLICY ACCESS TAG capabilities on an object by changing its POLICY ACCESS TAG
attribute. The value of the POLICY ACCESS TAG is part of a attribute. The value of the POLICY ACCESS TAG is part of a
capability, and it must match the state of the object attribute. If capability, and it must match the state of the object attribute. If
they do not match, the OSD rejects accesses to the object with the they do not match, the OSD rejects accesses to the object with the
sense key set to ILLEGAL REQUEST and an additional sense code set to sense key set to ILLEGAL REQUEST and an additional sense code set to
INVALID FIELD IN CDB. When a client attempts to use a capability and INVALID FIELD IN CDB. When a client attempts to use a capability and
is rejected this way, it should issue a LAYOUTCOMMIT for the object is rejected this way, it should issue a LAYOUTCOMMIT for the object
and specify PNFS_OSD_BAD_CRED in the ioerr parameter. The client may and specify PNFS_OSD_BAD_CRED in the ioerr parameter. The client may
skipping to change at page 28, line 27 skipping to change at page 30, line 27
responsibility to enforce access control among multiple users responsibility to enforce access control among multiple users
accessing the same file. It is neither required nor expected that accessing the same file. It is neither required nor expected that
the pNFS client will obtain a separate layout for each user accessing the pNFS client will obtain a separate layout for each user accessing
a shared object. The client SHOULD use OPEN and ACCESS calls to a shared object. The client SHOULD use OPEN and ACCESS calls to
check user permissions when performing I/O so that the server's check user permissions when performing I/O so that the server's
access control policies are correctly enforced. The result of the access control policies are correctly enforced. The result of the
ACCESS operation may be cached while the client holds a valid layout ACCESS operation may be cached while the client holds a valid layout
as the server is expected to recall layouts when the file's access as the server is expected to recall layouts when the file's access
permissions or ACL change. permissions or ACL change.
11. IANA Considerations 12. IANA Considerations
As described in the NFSv4.1 draft [6], new layout type numbers will As described in the NFSv4.1 draft [12], new layout type numbers will
be requested from IANA. This document defines the protocol be requested from IANA. This document defines the protocol
associated with the existing layout type number, associated with the existing layout type number,
LAYOUT4_OSD2_OBJECTS, and it requires no further actions for IANA. LAYOUT4_OSD2_OBJECTS, and it requires no further actions for IANA.
12. XDR Description of the Objects layout type 13. XDR Description of the Objects layout type
This section contains the XDR ([4]) description of objects layout This section contains the XDR [7] description of objects layout
protocol. The XDR description is provided in this document in a way protocol. The XDR description is provided in this document in a way
that makes it simple for the reader to extract into ready to compile that makes it simple for the reader to extract into ready to compile
form. The reader can feed this document in the following shell form. The reader can feed this document in the following shell
script to produce the machine readable XDR description of the objects script to produce the machine readable XDR description of the objects
layout protocol: layout protocol:
#!/bin/sh #!/bin/sh
grep "^ *///" | sed 's?^ *///??' grep "^ *///" | sed 's?^ *///??'
I.e. if the above script is stored in a file called "extract.sh", and I.e. if the above script is stored in a file called "extract.sh", and
skipping to change at page 29, line 15 skipping to change at page 31, line 15
line, plus a sentinel sequence of "///". line, plus a sentinel sequence of "///".
The XDR description, with the sentinel sequence follows: The XDR description, with the sentinel sequence follows:
///%#include <nfs4_prot.h> ///%#include <nfs4_prot.h>
/// ///
////* ////*
/// * Device information /// * Device information
/// */ /// */
///enum pnfs_obj_addr_type4 { ///enum pnfs_obj_addr_type4 {
/// OBJ_TARGET_NETADDR = 1, /// OBJ_TARGET_ANON = 1,
/// OBJ_TARGET_IQN = 2, /// OBJ_TARGET_SCSI_NAME = 2,
/// OBJ_TARGET_WWN = 3 /// OBJ_TARGET_SCSI_DEVICE_ID = 3
///}; ///};
/// ///
///struct pnfs_osd_deviceaddr4 { ///struct pnfs_osd_deviceaddr4 {
/// union target switch (pnfs_osd_addr_type4 type) { /// union targetid switch (pnfs_osd_addr_type4 type) {
/// case OBJ_TARGET_NETADDR: /// case OBJ_TARGET_SCSI_NAME:
/// pnfs_netaddr4 netaddr; /// string scsi_name<>;
///
/// case OBJ_TARGET_IQN:
/// string iqn<>;
/// ///
/// case OBJ_TARGET_WWN: /// case OBJ_TARGET_SCSI_DEVICE_ID:
/// string wwn<>; /// opaque scsi_device_id<>;
/// ///
/// default: /// default:
/// void; /// void;
/// }; /// };
/// union netaddr switch (bool netaddr_available) {
/// case TRUE:
/// netaddr4 netaddr;
/// case FALSE:
/// void;
/// };
/// uint64_t lun; /// uint64_t lun;
/// opaque systemid<>; /// opaque systemid<>;
/// pnfs_osd_object_cred4 root_obj_cred; /// pnfs_osd_object_cred4 root_obj_cred;
/// opaque osdname<>; /// opaque osdname<>;
///}; ///};
/// ///
////* ////*
/// * Layout type /// * Layout type
/// */ /// */
///enum pnfs_osd_raid_algorithm4 { ///enum pnfs_osd_raid_algorithm4 {
skipping to change at page 30, line 49 skipping to change at page 33, line 4
/// pnfs_osd_data_map4 map; /// pnfs_osd_data_map4 map;
/// uint32_t comps_index; /// uint32_t comps_index;
/// pnfs_osd_object_cred4 components<>; /// pnfs_osd_object_cred4 components<>;
///}; ///};
/// ///
////* ////*
/// * Layout update /// * Layout update
/// */ /// */
///union pnfs_osd_deltaspaceused4 switch (bool valid) { ///union pnfs_osd_deltaspaceused4 switch (bool valid) {
///case TRUE: ///case TRUE:
/// int64_t delta; /* Bytes consumed by write activity */ /// int64_t delta; /* Bytes consumed by write activity */
///case FALSE: ///case FALSE:
/// void; /// void;
///}; ///};
/// ///
///struct pnfs_osd_layoutupdate4 { ///struct pnfs_osd_layoutupdate4 {
/// pnfs_osd_deltaspaceused4 delta_space_used; /// pnfs_osd_deltaspaceused4 lou_delta_space_used;
/// bool lou_ioerr;
///}; ///};
/// ///
////* ////*
/// * Layout return /// * Layout return
/// */ /// */
///enum pnfs_osd_errno4 { ///enum pnfs_osd_errno4 {
/// PNFS_OSD_ERR_EIO = 1, /// PNFS_OSD_ERR_EIO = 1,
/// PNFS_OSD_ERR_NOT_FOUND = 2, /// PNFS_OSD_ERR_NOT_FOUND = 2,
/// PNFS_OSD_ERR_NO_SPACE = 3, /// PNFS_OSD_ERR_NO_SPACE = 3,
/// PNFS_OSD_ERR_BAD_CRED = 4, /// PNFS_OSD_ERR_BAD_CRED = 4,
skipping to change at page 32, line 41 skipping to change at page 34, line 45
/// ///
///struct pnfs_osd_layouthint4 { ///struct pnfs_osd_layouthint4 {
/// num_comps_hint4 num_comps_hint; /// num_comps_hint4 num_comps_hint;
/// stripe_unit_hint4 stripe_unit_hint; /// stripe_unit_hint4 stripe_unit_hint;
/// group_width_hint4 group_width_hint; /// group_width_hint4 group_width_hint;
/// group_depth_hint4 group_depth_hint; /// group_depth_hint4 group_depth_hint;
/// mirror_cnt_hint4 mirror_cnt_hint; /// mirror_cnt_hint4 mirror_cnt_hint;
/// raid_algorithm_hint4 raid_algorithm_hint; /// raid_algorithm_hint4 raid_algorithm_hint;
///}; ///};
13. References 14. References
13.1. Normative References 14.1. Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, March 1997. Levels", RFC 2119, March 1997.
[2] Weber, R., "SCSI Object-Based Storage Device Commands", [2] Weber, R., "SCSI Object-Based Storage Device Commands",
July 2004, <http://www.t10.org/ftp/t10/drafts/osd/osd-r10.pdf>. July 2004, <http://www.t10.org/ftp/t10/drafts/osd/osd-r10.pdf>.
[3] Linn, J., "Generic Security Service Application Program [3] IBM, IBM, Cisco Systems, Hewlett-Packard Co., and IBM,
"Internet Small Computer Systems Interface (iSCSI)", RFC 3720,
April 2004, <http://www.ietf.org/rfc/rfc3720.txt>.
[4] Weber, R., "SCSI Primary Commands - 3 (SPC-3)", INCITS 408-
2005, May 2005.
[5] Hewlett-Packard Co., Hewlett-Packard Co., and Hewlett-Packard
Co., "T11 Network Address Authority (NAA) Naming Format for
iSCSI Node Names", RFC 3980, February 2005,
<http://www.ietf.org/rfc/rfc3980.txt>.
[6] Linn, J., "Generic Security Service Application Program
Interface Version 2, Update 1", RFC 2743, January 2000. Interface Version 2, Update 1", RFC 2743, January 2000.
[4] Eisler, M., "XDR: External Data Representation Standard", [7] Eisler, M., "XDR: External Data Representation Standard",
STD 67, RFC 4506, May 2006. STD 67, RFC 4506, May 2006.
[5] Shepler, S., Callaghan, B., Robinson, D., Thurlow, R., Beame, 14.2. Informative References
C., Eisler, M., and D. Noveck, "Network File System (NFS)
version 4 Protocol", RFC 3530, April 2003.
13.2. Informative References [8] IEEE, "Guidelines for 64-bit Global Identifier (EUI-64)
Registration Authority",
<http://standards.ieee.org/regauth/oui/tutorials/EUI64.html>.
[6] Shepler, S., Eisler, M., and D. Noveck, "NFSv4 Minor Version 1", [9] T10/ANSI INCITS 365-2002, "SCSI RDMA Protocol (SRP)",
February 2008, <http://www.ietf.org/internet-drafts/ INCITS 365-2002,
draft-ietf-nfsv4-minorversion1-20.txt>. <http://ftp.t10.org/ftp/t10/drafts/srp/srp-r16a.pdf>.
[7] Weber, R., "SCSI Object-Based Storage Device Commands -2 [10] T11 1619-D/ANSI INCITS 424-2007, "Fibre Channel Framing and
Signaling - 2 (FC-FS-2)", INCITS 424-2007, August 2006,
<http://www.t11.org/t11/stat.nsf/upnum/1619-d>.
[11] T10 1601-D/ANSI INCITS 417-2006, "Serial Attached SCSI - 1.1
(SAS-1.1)", INCITS 417-2006, September 2005,
<http://www.t10.org/ftp/t10/drafts/sas1/sas1r10.pdf>.
[12] Shepler, S., Eisler, M., and D. Noveck, "NFSv4 Minor Version
1", February 2008, <http://www.ietf.org/internet-drafts/
draft-ietf-nfsv4-minorversion1-21.txt>.
[13] Tseng, J., Gibbons, K., Travostino, F., Du Laney, C., and J.
Souza, "Internet Storage Name Service (iSNS)", RFC 4171,
September 2005, <http://www.ietf.org/rfc/rfc4171.txt>.
[14] Weber, R., "SCSI Object-Based Storage Device Commands -2
(OSD-2)", January 2008, (OSD-2)", January 2008,
<http://www.t10.org/ftp/t10/drafts/osd2/osd2r03.pdf>. <http://www.t10.org/ftp/t10/drafts/osd2/osd2r03.pdf>.
[8] Kent, S. and K. Seo, "Security Architecture for the Internet [15] Kent, S. and K. Seo, "Security Architecture for the Internet
Protocol", RFC 4301, December 2005. Protocol", RFC 4301, December 2005.
[9] MacWilliams, F. and N. Sloane, "The Theory of Error-Correcting [16] MacWilliams, F. and N. Sloane, "The Theory of Error-Correcting
Codes, Part I", 1977. Codes, Part I", 1977.
Appendix A. Acknowledgments Appendix A. Acknowledgments
Todd Pisek was a co-editor of the initial drafts for this document. Todd Pisek was a co-editor of the initial drafts for this document.
Daniel E. Messinger and Pete Wyckoff reviewed and commented on this Daniel E. Messinger and Pete Wyckoff reviewed and commented on this
document. document.
Authors' Addresses Authors' Addresses
 End of changes. 76 change blocks. 
173 lines changed or deleted 306 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/