draft-ietf-nfsv4-requirements-00.txt   draft-ietf-nfsv4-requirements-01.txt 
Network Working Group Spencer Shepler Network Working Group Spencer Shepler
Document: draft-ietf-nfsv4-requirements-00.txt Document: draft-ietf-nfsv4-requirements-01.txt
NFS Version 4 Requirements NFS Version 4 Requirements
Status of this Memo Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
skipping to change at page 2, line 5 skipping to change at page 2, line 5
Abstract Abstract
With the creation of the NFS version 4 working group, a set of With the creation of the NFS version 4 working group, a set of
requirements for the next version of NFS must be codified to create a requirements for the next version of NFS must be codified to create a
reasonable context for the new protocol discussions and aide in the reasonable context for the new protocol discussions and aide in the
upcoming decisions. This Internet Draft has the purpose of upcoming decisions. This Internet Draft has the purpose of
presenting the requirements for NFS version 4 and will be used as the presenting the requirements for NFS version 4 and will be used as the
leading document for NFSv4 working group. leading document for NFSv4 working group.
NFSv4 Requirements September 1998 NFSv4 NFSv4 Requirements September 1998
Table of Contents Table of Contents
1. NFS Version 4 Requirements . . . . . . . . . . . . . . . . . 3 1. NFS Version 4 Requirements . . . . . . . . . . . . . . . . . 3
2. Ease of implementation or complexity of protocol . . . . . . 3 2. Ease of implementation or complexity of protocol . . . . . . 3
2.1. Extensibility / layering . . . . . . . . . . . . . . . . . 3 2.1. Extensibility / layering . . . . . . . . . . . . . . . . . 3
2.2. Managed Extensions or Minor Versioning . . . . . . . . . . 3 2.2. Managed Extensions or Minor Versioning . . . . . . . . . . 3
3. Reliable and Available . . . . . . . . . . . . . . . . . . . 4 3. Reliable and Available . . . . . . . . . . . . . . . . . . . 4
4. Scalable Performance . . . . . . . . . . . . . . . . . . . . 4 4. Scalable Performance . . . . . . . . . . . . . . . . . . . . 4
4.1. Throughput and Latency on the Network . . . . . . . . . . 4 4.1. Throughput and Latency on the Network . . . . . . . . . . 5
4.2. Server Work Load or Scalability . . . . . . . . . . . . . 4 4.2. Server Work Load or Scalability . . . . . . . . . . . . . 5
4.3. Client Caching . . . . . . . . . . . . . . . . . . . . . . 5 4.3. Client Caching . . . . . . . . . . . . . . . . . . . . . . 5
4.4. Disconnected Client Operation . . . . . . . . . . . . . . 5 4.4. Disconnected Client Operation . . . . . . . . . . . . . . 6
5. Interoperability . . . . . . . . . . . . . . . . . . . . . . 5 5. Interoperability . . . . . . . . . . . . . . . . . . . . . . 6
5.1. Platform Specific Behavior . . . . . . . . . . . . . . . . 6 5.1. Platform Specific Behavior . . . . . . . . . . . . . . . . 6
5.2. Extended Attributes . . . . . . . . . . . . . . . . . . . 6 5.2. Additional or Extended Attributes . . . . . . . . . . . . 6
5.3. Access Control Lists . . . . . . . . . . . . . . . . . . . 6 5.3. Access Control Lists . . . . . . . . . . . . . . . . . . . 7
6. RPC Mechanism and Security . . . . . . . . . . . . . . . . . 7 6. RPC Mechanism and Security . . . . . . . . . . . . . . . . . 8
6.1. Remote Procedure Call Mechanism . . . . . . . . . . . . . 7 6.1. Remote Procedure Call Mechanism . . . . . . . . . . . . . 8
6.2. User identification . . . . . . . . . . . . . . . . . . . 7 6.2. User identification . . . . . . . . . . . . . . . . . . . 8
6.3. Authentication . . . . . . . . . . . . . . . . . . . . . . 8 6.3. Security . . . . . . . . . . . . . . . . . . . . . . . . . 9
6.4. Security Negotiation . . . . . . . . . . . . . . . . . . . 8 6.3.1. Authentication . . . . . . . . . . . . . . . . . . . . . 9
7. Internet Accessibility . . . . . . . . . . . . . . . . . . . 9 6.3.2. Data Integrity . . . . . . . . . . . . . . . . . . . . 10
7.1. Transports . . . . . . . . . . . . . . . . . . . . . . . . 9 6.3.3. Data Privacy . . . . . . . . . . . . . . . . . . . . . 10
7.2. Firewalls and Proxy Servers . . . . . . . . . . . . . . . 9 6.3.4. Security Mechanisms . . . . . . . . . . . . . . . . . 10
7.3. Multiple RPCs and Latency . . . . . . . . . . . . . . . . 9 6.3.5. Security Negotiation . . . . . . . . . . . . . . . . . 10
8. File locking / recovery . . . . . . . . . . . . . . . . . 10 7. Internet Accessibility . . . . . . . . . . . . . . . . . . 10
9. Internationalization . . . . . . . . . . . . . . . . . . . 11 7.1. Congestion Control and Transport Selection . . . . . . . 11
10. Bibliography . . . . . . . . . . . . . . . . . . . . . . 12 7.2. Firewalls and Proxy Servers . . . . . . . . . . . . . . 11
11. Author's Address . . . . . . . . . . . . . . . . . . . . 14 7.3. Multiple RPCs and Latency . . . . . . . . . . . . . . . 11
8. File locking / recovery . . . . . . . . . . . . . . . . . 12
9. Internationalization . . . . . . . . . . . . . . . . . . . 13
10. Bibliography . . . . . . . . . . . . . . . . . . . . . . 14
11. Author's Address . . . . . . . . . . . . . . . . . . . . 16
NFSv4 Requirements September 1998 NFSv4 NFSv4 Requirements September 1998
1. NFS Version 4 Requirements 1. NFS Version 4 Requirements
As stated in the charter the first deliverable for the NFS version 4 As stated in the charter the first deliverable for the NFS version 4
working group is this requirements document. This document is to working group is this requirements document. This document is to
cover the "limitations and deficiencies of NFS version 3". Therefore cover the "limitations and deficiencies of NFS version 3". Therefore
the intent of the following sections is to identify the various the intent of the following sections is to identify the various
feature points of NFS as a distributed file system and discuss its feature points of NFS as a distributed file system and discuss its
current functionality and compare to other distributed file systems current functionality and compare to other distributed file systems
and offer reasonable requirements for each of these areas. and offer reasonable requirements for each of these areas.
2. Ease of implementation or complexity of protocol 2. Ease of implementation or complexity of protocol
One of the strengths of NFS has been the ability to implement a One of the strengths of NFS has been the ability to implement a
client or server with comparative ease. The eventual size of a basic client or server with relative ease. The eventual size of a basic
implementation is relatively small. One reason that keeping NFS as implementation is relatively small. The main reason for keeping NFS
simple as possible is that a simple protocol design can be described as simple as possible is that a simple protocol design can be
in a simple specification that promotes straightforward, described in a simple specification that promotes straightforward,
interoperable implementations. All protocols can run into problems interoperable implementations. All protocols can run into problems
when deployed on real networks, but simple protocols yield problems when deployed on real networks, but simple protocols yield problems
that are easier to diagnose and correct. that are easier to diagnose and correct.
2.1. Extensibility / layering 2.1. Extensibility / layering
With NFS' relative simplicity, the addition or layering of With NFS' relative simplicity, the addition or layering of
functionality has been easy to accomplish. The addition of features functionality has been easy to accomplish. The addition of features
like the client automount or autofs, client side disk caching and like the client automount or autofs, client side disk caching and
high availability servers are some examples. This type of high availability servers are examples. This type of extensibility
extensibility is desirable in an environment where problem solutions is desirable in an environment where problem solutions do not require
do not require protocol revision. This extensibility can also be protocol revision. This extensibility can also be helpful in the
helpful in the future where unforeseen problems or opportunities can future where unforeseen problems or opportunities can be solved by
be solved by layering functionality on an existing set of tools or layering functionality on an existing set of tools or protocol.
protocol.
2.2. Managed Extensions or Minor Versioning 2.2. Managed Extensions or Minor Versioning
For those cases where a the protocol is deficient or where a minor For those cases where the NFS protocol is deficient or where a minor
modification is the best solution for a problem, a minor version or a modification is the best solution for a problem, a minor version or a
managed extension of the NFS protocol would be helpful. With NFS managed extension could be helpful. There have been instances with
version 2, there were many minor extensions in the protocol to solve NFS version 2 and 3 where small straightforward functional additions
problems which were unforeseen. However they were done in a way that would have increased the overall value of the protocol immensely.
was not well documented or detection of support was not possible. A However, the perceived size and burden of using a change of RPC
new NFS protocol should allow for the rare instance where protocol version number for the introduction of new functionality led to no or
extension is the most prudent course and an entire revision would be slow change. It is possible that a new NFS protocol could allow for
the rare instance where protocol extension within the RPC version
NFSv4 NFSv4 Requirements September 1998
number is the most prudent course and an RPC revision would be
unnecessary or impractical. unnecessary or impractical.
NFSv4 Requirements September 1998 The areas of an NFS protocol which are most obviously volatile are
new orthogonal procedures, new well-defined file or directory
attributes and potentially new file types. It is possible and highly
desirable that these types of additions can be done without changing
the overall design model of NFS without significant effort or delay.
This is particularly true in adding new procedures.
A strong consideration should be given to a NFS protocol mechanism
for the introduction of this type of new functionality. This is
obviously in contrast to using the standard RPC version mechanism to
provide minor changes. The process of using RPC version numbers to
introduce new functionality brings with it a lot of history which may
not technically prevent its use. However, the historical issues
involved will need to be addressed as part of the NFS protocol work
to increase the chance of current and future success of the protocol.
3. Reliable and Available 3. Reliable and Available
Current NFS protocol design has lead to quick recovery from server Current NFS protocol design has lead to quick recovery from server
and client failure. This approach to the design has lended itself and client failure. This approach to the design has lent itself well
well to layered technologies like high availability and clustered to layered technologies like high availability and clustered servers.
servers. Providing a protocol design approach that lends itself to Providing a protocol design approach that lends itself to these types
these types of reliability and availability features is very of reliability and availability features is very desirable.
desirable.
For the next version of NFS, consideration should be given to client
side availability schemes such as client switching between or fail-
over to available server replicas. If possible, the protocol should
allow for or ease the building of such layered solutions.
4. Scalable Performance 4. Scalable Performance
In designing and developing an NFS protocol from a performance In designing and developing an NFS protocol from a performance
viewpoint there are several different points to consider. Each can viewpoint there are several different points to consider. Each can
play a significant role in perceived and real performance from the play a significant role in perceived and real performance from the
user's perspective. The three main areas of interest are: throughput user's perspective. The three main areas of interest are: throughput
and latency on the network, server work load or scalability and and latency on the network, server work load or scalability and
client side caching. client side caching.
NFSv4 NFSv4 Requirements September 1998
4.1. Throughput and Latency on the Network 4.1. Throughput and Latency on the Network
NFS currently has characteristics that provide good throughput for NFS currently has characteristics that provide good throughput for
read and write of file data. However, the number of RPCs required to the reading and writing of file data. However, the number of RPCs
accomplish some tasks combined with high latency network environments required to accomplish some tasks combined with high latency network
leads to sluggish response. The protocol should continue to provide environments leads to sluggish response. The protocol should
good raw read and write throughput. It should also address the issue continue to provide good raw read and write throughput while
of network latencies. This issue is discussed further in the section addressing the issue of network latency. This issue is discussed
on Internet Accessibility. further in the section on Internet Accessibility.
4.2. Server Work Load or Scalability 4.2. Server Work Load or Scalability
Current NFS operations are relatively lightweight in that the Current NFS operations are relatively lightweight in that the
processing work for most of the operations is not CPU intensive. processing work for most of the operations is not CPU intensive.
This allows for potential support of a large number of clients. This This allows for potential support of a large number of clients. This
attribute can also be helpful in building efficient and scalable SMP attribute can also be helpful in building efficient and scalable SMP
or cluster based servers. While this type of protocol design or cluster based servers. While this type of protocol design
(lightweight operations) is desirable, it needs to be balanced (lightweight operations) is desirable, it needs to be balanced
against the previous issue of having the client generate a large against the previous issue of having the client generate a large
number of RPCs to accomplish a straight forward task. number of RPCs to accomplish a straight forward task.
NFSv4 Requirements September 1998
4.3. Client Caching 4.3. Client Caching
In an attempt to speed response time and to reduce network and server In an attempt to speed response time and to reduce network and server
load, NFS clients have always cached directory and file data. load, NFS clients have always cached directory and file data.
However, this has usually been done as memory cache and in relatively However, this has usually been done as memory cache and in relatively
recent history, local disk caching has been added. recent history, local disk caching has been added.
Having the client cache directory and file data is very desirable. Having the client cache directory and file data is very desirable.
Other distributed file systems have shown that aggressive client side Other distributed file systems have shown that aggressive client side
caching can be very visible to the end user in response time gains. caching can be very visible to the end user in response time gains.
Client caching is increasingly important for Internet environments Client caching is increasingly important for Internet environments
where throughput can be limited and response time can grow where throughput can be limited and response time can grow
significantly. significantly.
The NFS protocol should allow for aggressive caching while balancing The NFS protocol should allow for aggressive caching while balancing
the needs for simplicity and Internet accessibility (i.e. firewalls). the needs for simplicity and Internet accessibility (i.e. firewalls).
If possible, the caching ability should be layered on the protocol If possible, the caching ability should be layered on the protocol
instead of embedding specific client caching functions in the instead of embedding specific client caching functions in the
protocol itself. protocol itself.
NFSv4 NFSv4 Requirements September 1998
4.4. Disconnected Client Operation 4.4. Disconnected Client Operation
An extension of client caching is the idea or functionality of An extension of client caching is the idea or functionality of
disconnected operation at the client. With the ability to cache disconnected operation at the client. With the ability to cache
directory and file data aggressively, a client could then provide directory and file data aggressively, a client could then provide
service to the end user while disconnected from the server or service to the end user while disconnected from the server or
network. network.
While very desirable, disconnected operation has the opportunity to While very desirable, disconnected operation has the opportunity to
inflict itself on the NFS protocol more so than regular client inflict itself upon the NFS protocol in an undesirable way as
caching. If this area is pursued, the tradeoffs will need to be compared to traditional client caching. Given the complexities of
weighed carefully in the areas of the semantics of disconnected disconnected client operation and subsequent resolution of client
operation along with user data synchronization or resolution at the data modification through various playback or data selection
point of reconnection. mechanisms, disconnected operation should not be a requirement for
the NFS effort. Even so, the NFS protocol should consider the
Editors Note: This section needs to be discussed and potential layering of disconnected operation solutions on top of the
expanded or clarified if it is found to be a stronger NFS protocol (as with other server and client solutions). The
requirement than what is stated in the above text. experiences with Coda, disconnected AFS and others should be helpful
in this area.
5. Interoperability 5. Interoperability
The NFS protocols are available for many different operating The NFS protocols are available for many different operating
environments. Even though this shows the protocol's ability to environments. Even though this shows the protocol's ability to
provide distributed file system service for more than a single
NFSv4 Requirements September 1998 operating system, the design of NFS is certainly Unix centric. The
next NFS protocol needs to be more inclusively of platform or file
provide distributed file system service in for more than a single system features beyond those of traditional Unix.
operating system, the design of NFS is certainly Unix centric.
Distributed file systems are usually tied in some way to the original
operating environment for which they were developed. A desired
feature of the next NFS protocol is to reduce platform centric
features while retaining reasonable functionality and performance in
the protocol.
5.1. Platform Specific Behavior 5.1. Platform Specific Behavior
Because of its Unix centric design, some of the protocol requirements Because of its Unix centric design, some of the protocol requirements
have been difficult to implement in some environments. For example, have been difficult to implement in some environments. For example,
persistent file handles (unique identifiers of file system objects), persistent file handles (unique identifiers of file system objects),
Unix uid/gid mappings, directory modification time, accurate file Unix uid/gid mappings, directory modification time, accurate file
sizes. sizes, file/directory locking semantics (SHAREs, PC-style locking).
Editors Note: This list could be expanded or more detail 5.2. Additional or Extended Attributes
of the associated problems could be added.
5.2. Extended Attributes NFS Versions 2 and 3 do not provide for file or directory attributes
beyond those that are found in the traditional Unix environment; for
example the user identifier/owner of the file, a permission or access
bitmap, time stamps for modification of the file or directory and
NFS does not provide for file or directory attributes beyond those NFSv4 NFSv4 Requirements September 1998
that are found in the traditional Unix environment; for example the
user identifier of the owner of the file, a permission or access file size to name a few. While the current set of attributes has
bitmap, time stamps for modification time of the file or directory
and file size to name a few. While the current set of attributes has
usually been sufficient, the file system's ability to manage usually been sufficient, the file system's ability to manage
additional information associated with a file or directory can be additional information associated with a file or directory can be
useful. useful.
Editors Note: Need to add examples of the use or potential There are many possibilities for additional attributes in the next
extended attributes. version of NFS. Some of these include: object creation timestamp,
user identifier of file's creator, timestamp of last backup or
archival bit, version number, file content type (MIME type),
existence of data management involvement (i.e. DMAPI).
Editors Note: Discussion of extended attribute support in This list is representative of the possibilities and are meant to
other file systems needs to be added. show the need for an additional attribute set. Enumerating the
'correct' set of attributes is difficult and is one of the reasons
for looking towards minor versioning as a way to provide needed
extensibility. Another way to provide some extensibility is in
providing support for a generalized named attribute mechanism. This
mechanism would allow a client to name, store and retrieve arbitrary
data and have it associated as an attribute of a file or directory.
This type of extended attribute mechanism brings with it a large set
of issues that will need to be addressed in the protocol
specification while keeping the overall goal of simplicity in mind.
There are operating environments that provide named or extended
attribute mechanisms. Digital Unix provides for the storage of
extended attributes with some generalized format. HPFS and NTFS also
provide for named data associated with traditional files. SGI's
local file system, XFS, also provides for this type of name/value
extended attributes. However, there does not seem to be a clear
direction that can be taken from these or other environments.
5.3. Access Control Lists 5.3. Access Control Lists
One specific type of extended attribute can be the Access Control Access Control Lists (ACL) can be viewed as one specific type of
List (ACL). This attribute is a designation of user access to a file extended attribute. This attribute is a designation of user access
or directory. Many vendors have created ancillary protocols to NFS to a file or directory. Many vendors have created ancillary
protocols to NFS to extend the server's ACL mechanism across the
network. Generally this has been done for homogeneous operating
environments. Even though the server still interprets the ACL and has
final control over access to a file system object, the client is able
to manipulate the ACL via these additional protocols.
NFSv4 Requirements September 1998 Other distributed file systems have also provided ACL support. DFS,
AFS and CIFS to name a few. Based on current capabilities, it seems
to be a requirement that NFS provide this capability as well but the
major issue is one of compatibility. It may be problematic to create
a workable ACL mechanism that will encompass a reasonable set of
to extend the server's ACL mechanism across the network. Even though NFSv4 NFSv4 Requirements September 1998
the server still interprets the ACL and has final control over access
to a file system object, the client is able to manipulate the ACL via
these additional protocols.
DFS provides the ability to manipulate the ACLs of their file functionality for all operating environments.
servers. CIFS provides this capability as well.
Editors Note: Is the CIFS statement true in this case? The three major reasons behind providing ACL support are existing
What are the mechanisms? distributed file system support, file servers not providing native
environment for user management of ACLs and perception of ACL support
as part of security requirement. Even with the complicated nature of
ACL support it is still worthwhile to work towards a solution that
can at least provide basic functionality for the user.
6. RPC Mechanism and Security 6. RPC Mechanism and Security
NFS relies on the underlying security mechanisms provided by the NFS relies on the underlying security mechanisms provided by the
ONCRPC protocol. Until the introduction of the ONCRPC RPCSEC_GSS ONCRPC protocol. Until the introduction of the ONCRPC RPCSEC_GSS
security flavor, NFS security was generally limited to none security flavor, NFS security was generally limited to none
(AUTH_SYS) or DES (AUTH_DH). The AUTH_DH security flavor was not (AUTH_SYS) or DES (AUTH_DH). The AUTH_DH security flavor was not
successful in providing readily available security for NFS because of successful in providing readily available security for NFS because of
a lack of implementation and deployment. Also the 192 bit public a lack of implementation and deployment. Also the 192 bit public
keys modulos used for the AUTH_DH security flavor quickly became too keys modulos used for the AUTH_DH security flavor quickly became too
small for reasonable security. small for reasonable security.
6.1. Remote Procedure Call Mechanism 6.1. Remote Procedure Call Mechanism
The ONCRPC protocol provides the basic NFS foundation for the The ONCRPC protocol provides the basic NFS foundation for the
following reasons: following reasons:
o Open protocol definition managed by IETF o Open protocol definition managed by IETF
o Transport independent (UDP and TCP supported -- and others????) o Transport independent (i.e. UDP and TCP supported)
o Simple data representation and procedure encoding models o Simple data representation and procedure encoding models
o Various security mechanisms available through use of RPCSEC_GSS o Various security mechanisms available through use of RPCSEC_GSS
6.2. User identification 6.2. User identification
NFS has been limited to the use of the Unix centric user NFS has been limited to the use of the Unix centric user
identification mechanism of numeric user id based on the available identification mechanism of numeric user id based on the available
file system attributes and the use of the ONCRPC. However, for NFS file system attributes and the use of the ONCRPC. However, for NFS
NFSv4 Requirements September 1998
to move beyond the limits of large work groups, user identification to move beyond the limits of large work groups, user identification
should be string based and the definition of the user identifier should be string based and the definition of the user identifier
should allow for integration into an external naming service or should allow for integration into an external naming service or
services. services.
NFSv4 NFSv4 Requirements September 1998
Internet scaling should also be considered for this as well. The Internet scaling should also be considered for this as well. The
identification mechanism should take into account multiple naming identification mechanism should take into account multiple naming
domains and other extremes that can be presented by use outside of domains and other extremes that can be presented by use outside of
the work group. the work group.
Editors Note: Should identify what other distributed file If NFS is to move among various naming and security services, it may
systems do for naming and if these approaches can help be necessary to stay with a string based identification. This would
solve the issues above or are themselves limited. allow for servers and clients to translate between the external
string representation to a local or internal numeric (or other
identifier) which matches internal implementation needs.
6.3. Authentication DFS uses a string based naming scheme but translates the name to a
UUID (16 byte identifier) that is used for internal protocol
representations. The DCE/DFS string name is a combination of cell
(administrative domain) and user name. As mentioned, NFS clients and
servers map a Unix user name to a 32 bit user identifier that is then
used for ONCRPC and NFS protocol fields requiring the user
identifier.
6.3. Security
As a result of a lack of implementation and deployment and relatively As a result of a lack of implementation and deployment and relatively
weak protection, authentication has been a major issue for ONCRPC and weak protection, authentication has been a major issue for ONCRPC and
hence NFS. With the introduction of the RPCSEC_GSS security flavor, hence NFS. With the introduction of the RPCSEC_GSS security flavor,
ONCRPC can provide for reasonable authentication along with integrity ONCRPC can provide for reasonable authentication along with integrity
and privacy, if desired. The RPCSEC_GSS framework will allow the use and privacy, if desired. The RPCSEC_GSS framework will allow the use
of both public and private key mechanisms. Therefore, NFS as a user of both public and private key mechanisms. Therefore, NFS as a user
of ONCRPC should state its specific requirements for each of these of ONCRPC should state its specific requirements for each of these
areas. areas.
In comparison, AFS and DFS provide strong authentication mechanisms.
CIFS does provide authentication at initial server contact but does
not continue this authentication during subsequent interaction.
6.3.1. Authentication
Strong authentication is a requirement for NFS and the logical Strong authentication is a requirement for NFS and the logical
solution for this is in the use of ONCRPC and RPCSEC_GSS. solution for this is in the use of ONCRPC and RPCSEC_GSS. This
solution will allow for both private and public key mechanisms to be
employed if required. This flexibility will allow for security
usability in varying environments.
Editors Note: Beyond authentication, should NFS make use NFSv4 NFSv4 Requirements September 1998
of the integrity and privacy features of RPCSEC_GSS? This
could prove useful in the broader Internet environment.
Editors Note: What security mechanisms should be specified 6.3.2. Data Integrity
or required by NFS? For private key, Kerberos V5 can be
used. Are there other obvious suggestions? For public
key, SPKM [RFC2025] can be used. Are there other
suggestions for public key?
6.4. Security Negotiation Since file and directory data is the essence of distributed file
service, the NFS protocol should provide to the users of the file
service a reasonable level of data integrity. The RPCSEC_GSS
mechanism provides a framework for data integrity and the security
mechanisms chosen for NFS should be implemented to provide data
integrity.
Along with the authentication requirements, a method for client and 6.3.3. Data Privacy
server to automatically negotiate an agreeable security mechanism
needs to be in place. This will ease administration overhead and
NFSv4 Requirements September 1998 Data privacy, while desirable, is not as important in all
environments as authentication and integrity. Data privacy should be
an available option within NFS but not a requirement.
interoperability difficulties. 6.3.4. Security Mechanisms
With the use of the RPCSEC_GSS framework, both public and private
mechanisms can and should be provided by NFS. The choice from both
public and private key mechanisms will allow for the appropriate
choice being made by the user based on factors within their
environment.
Potential choices for the private key mechanism would be Kerberos V5
and for the public key choice, SPKM [RFC2025] is available.
6.3.5. Security Negotiation
With both private and public key mechanisms available to the end
user, the NFS server and client will need a method to negotiate
appropriate usage based on availability and policy. This negotiation
should account for authentication, integrity, and privacy so that
administrators and users can employ the appropriate security policies
for their environments.
7. Internet Accessibility 7. Internet Accessibility
Being a product of an IETF working group, the NFS protocol should not Being a product of an IETF working group, the NFS protocol should not
only be built upon IETF technologies where possible but should also only be built upon IETF technologies where possible but should also
work well within the broader Internet environment.
7.1. Transports NFSv4 NFSv4 Requirements September 1998
ONCRPC is available for both UDP and TCP transports. NFS as a user work well within the broader Internet environment.
of ONCRPC has not placed any requirements on the use of either UDP or
TCP. Today's NFS implementations generally support both transports.
At a minimum, NFS should require the support of both UDP and TCP at 7.1. Congestion Control and Transport Selection
the client and server. An alternative would be to require TCP only
for both client and server.
However, it can be argued that some new NFS protocol features could As with any network protocol, congestion control is a major issue and
rely on the use of TCP and its connection state. If this type of the transport mechanisms that are chosen for NFS should take this
transport dependency were built into NFS, UDP would be lost for some into account. Traditionally implementations of NFS have been
environments as the low overhead and potentially better performing deployed using both UDP and TCP. With the use of UDP, most
alternative. implementations provide a rudimentary attempt of congestion control
with simple back-off algorithms and round trip timers. While this
may be sufficient in today's NFS deployments, as an Internet protocol
NFS will need to ensure sufficient congestion control or management.
With congestion control in mind, NFS must use TCP as a transport (via
ONCRPC). The UDP transport provides its own advantages in certain
circumstances. In today's NFS implementations, UDP has been shown to
produce greater throughput as compared to similarly configured
systems that use TCP. If UDP is to be supplied as an NFS transport
mechanism, then the issues of congestion control must be dealt with.
7.2. Firewalls and Proxy Servers 7.2. Firewalls and Proxy Servers
NFS's protocol design should allow its use via Internet firewalls. NFS's protocol design should allow its use via Internet firewalls.
The protocol should also allow for the use of file system proxy The protocol should also allow for the use of file system proxy/cache
servers if possible (especially for caching). servers. Proxy servers can be very useful for scalability and other
reasons. The NFS protocol needs to address the need of proxy servers
Editors Note: What potential issues exist with the in a way that will deal with the issues of security, access control,
combination of aggressive client caching and proxy caching? and content control. It is possible that these issues can be
addressed by documenting the related issues of proxy server usage.
Editors Note: Also what are the security implications of However, it is likely that the NFS protocol will need to support
proxy NFS servers? proxy servers directly through the NFS protocol. In any case, the
NFS proxy server should be considered during protocol development.
7.3. Multiple RPCs and Latency 7.3. Multiple RPCs and Latency
As an application at the NFS client performs simple file system As an application at the NFS client performs simple file system
NFSv4 Requirements September 1998
operations, multiple NFS operations or RPCs may be executed to operations, multiple NFS operations or RPCs may be executed to
accomplish the work for the application. While the NFS version 3 accomplish the work for the application. While the NFS version 3
protocol addressed some of this by returning file and directory protocol addressed some of this by returning file and directory
attributes for most procedures hence reducing follow up GETATTR attributes for most procedures hence reducing follow up GETATTR
requests, there is still room for improvement. Reducing the number requests, there is still room for improvement. Reducing the number
of RPCs can lead to a reduction of processing overhead on the server of RPCs can lead to a reduction of processing overhead on the server
(transport and security processing) along with reducing the time (transport and security processing) along with reducing the time
NFSv4 NFSv4 Requirements September 1998
spent at the client waiting for the server's individual responses. spent at the client waiting for the server's individual responses.
This issue is more prominent environments with higher degrees of This issue is more prominent in environments with larger degrees of
latency. latency.
One approach to resolving this issue is by allowing multiple The CIFS file access protocol supports 'batched requests' that allow
individual operations to be combined together in a single RPC. This multiple requests to be batched and therefore reducing the number of
would reduce the transport and security processing overhead while round trip messages between client and server.
allowing for the use of simple protocol operations to accomplish more
complete tasks.
Note that CIFS provides a similar mechanism with its chaining. This same approach can be used by NFS to allow the grouping of
multiple procedure calls together in a traditional RPC request. Not
only would this allow for the reduction in protocol imposed latency
but would reduce transport and security processing overhead and could
allow a client to complete more complex tasks by combining
procedures.
8. File locking / recovery 8. File locking / recovery
NFS has provided Unix file locking and DOS SHARE capability with the NFS has provided Unix file locking and DOS SHARE capability with the
use of an ancillary protocol (Network Lock Manager / NLM). The NLM use of an ancillary protocol (Network Lock Manager / NLM). The NLM
protocol provides for file locking and recovery of those locks in the protocol provides for file locking and recovery of those locks in the
event of client or server failure. NLM requires that the server make event of client or server failure. NLM requires that the server make
call backs to the client for certain scenarios and therefore is not call backs to the client for certain scenarios and therefore is not
necessarily well suited for Internet firewall traversal. necessarily well suited for Internet firewall traversal.
Desirable features of file locking support are: Desirable features of file locking support are:
o Integration with the NFS protocol o Integration with the NFS protocol
o Interoperability between operating environments o Interoperability between operating environments (i.e.
traditional NFS, CIFS, DFS, Novell environments)
o Scalable solutions - thousands of clients o Scalable solutions - thousands of clients
o Internet capable (firewall traversal, latency sensitive) o Internet capable (firewall traversal, latency sensitive)
o Timely recovery in the event of client/server failure o Timely recovery in the event of client/server failure or cluster
fail-over.
Editors Note: Do these items need further definition?
DFS offers file locking but does not provide DOS SHARE capability.
DFS' relies on the server calling back to the client for the file
NFSv4 Requirements September 1998
locking functionality. DFS offers file locking but does not provide DOS SHARE
capability. DFS' relies on the server calling back to the
client for the file locking functionality.
CIFS supports file locking and DOS SHARE support. CIFS supports file locking and DOS SHARE support.
NFSv4 NFSv4 Requirements September 1998
9. Internationalization 9. Internationalization
The current NFS protocols are limited in their support of anything The current NFS protocols are limited in their support of anything
more than 7-bit ASCII strings. It is imperative that NFS support a more than 7-bit ASCII strings. It is imperative that NFS support a
range of character sets. This can be provided by requiring support range of character sets. This can be provided by requiring support
for Unicode with a UTF-8 wire encoding. Therefore, all strings for Unicode with a UTF-8 wire encoding. Therefore, all strings
defined as part of the NFS protocol will need to be defined as UTF-8 defined as part of the NFS protocol will need to be defined as UTF-8
and the appropriate XDR encoding used. and the appropriate XDR encoding used.
NFSv4 Requirements September 1998 NFSv4 NFSv4 Requirements September 1998
10. Bibliography 10. Bibliography
[RFC1094] [RFC1094]
Sun Microsystems, Inc., "NFS: Network File System Protocol Sun Microsystems, Inc., "NFS: Network File System Protocol
Specification", RFC1094, March 1989. Specification", RFC1094, March 1989.
ftp://ftp.isi.edu/in-notes/rfc1094.txt ftp://ftp.isi.edu/in-notes/rfc1094.txt
[RFC1813] [RFC1813]
skipping to change at page 13, line 5 skipping to change at page 15, line 5
[RFC2025] [RFC2025]
Adams, C., "The Simple Public-Key GSS-API Mechanism (SPKM)", RFC2025, Adams, C., "The Simple Public-Key GSS-API Mechanism (SPKM)", RFC2025,
Bell-Northern Research, October 1996. Bell-Northern Research, October 1996.
ftp://ftp.isi.edu/in-notes/rfc2025.txt ftp://ftp.isi.edu/in-notes/rfc2025.txt
[RFC2078] [RFC2078]
Linn, J., "Generic Security Service Application Program Interface, Linn, J., "Generic Security Service Application Program Interface,
Version 2", RFC2078, OpenVision Technologies, January 1997. Version 2", RFC2078, OpenVision Technologies, January 1997.
NFSv4 Requirements September 1998 NFSv4 NFSv4 Requirements September 1998
ftp://ftp.isi.edu/in-notes/rfc2078.txt ftp://ftp.isi.edu/in-notes/rfc2078.txt
[RFC2203] [RFC2203]
Eisler, M., Chiu, A., Ling, L., "RPCSEC_GSS Protocol Specification" Eisler, M., Chiu, A., Ling, L., "RPCSEC_GSS Protocol Specification"
RFC2203, Sun Microsystems, Inc., August 1995. RFC2203, Sun Microsystems, Inc., August 1995.
ftp://ftp.isi.edu/in-notes/rfc2203.txt ftp://ftp.isi.edu/in-notes/rfc2203.txt
[Sandberg] [Sandberg]
skipping to change at page 14, line 5 skipping to change at page 16, line 5
protocols, including the Lock Manager and the Portmapper. protocols, including the Lock Manager and the Portmapper.
[X/OpenPCNFS] [X/OpenPCNFS]
X/Open Company, Ltd., X/Open CAE Specification: Protocols for X/Open X/Open Company, Ltd., X/Open CAE Specification: Protocols for X/Open
Internetworking: (PC)NFS, Developer's Specification, X/Open Company, Internetworking: (PC)NFS, Developer's Specification, X/Open Company,
Ltd., Apex Plaza, Forbury Road, Reading Berkshire, RG1 1AX, United Ltd., Apex Plaza, Forbury Road, Reading Berkshire, RG1 1AX, United
Kingdom, 1991. This is an indispensable reference for NFS version 2 Kingdom, 1991. This is an indispensable reference for NFS version 2
protocol and accompanying protocols, including the Lock Manager and protocol and accompanying protocols, including the Lock Manager and
the Portmapper. the Portmapper.
NFSv4 Requirements September 1998 NFSv4 NFSv4 Requirements September 1998
11. Author's Address 11. Author's Address
Address comments related to this memorandum to: Address comments related to this memorandum to:
spencer.shepler@eng.sun.com -or- nfsv4-wg@sunroof.eng.sun.com spencer.shepler@eng.sun.com -or- nfsv4-wg@sunroof.eng.sun.com
Spencer Shepler Spencer Shepler
Sun Microsystems, Inc. Sun Microsystems, Inc.
7808 Moonflower Drive 7808 Moonflower Drive
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/