draft-ietf-nfsv4-scsi-layout-10.txt   rfc8154.txt 
NFSv4 C. Hellwig Internet Engineering Task Force (IETF) C. Hellwig
Internet-Draft Request for Comments: 8154 May 2017
Intended status: Standards Track December 05, 2016 Category: Standards Track
Expires: June 8, 2017 ISSN: 2070-1721
Parallel NFS (pNFS) SCSI Layout Parallel NFS (pNFS) Small Computer System Interface (SCSI) Layout
draft-ietf-nfsv4-scsi-layout-10.txt
Abstract Abstract
The Parallel Network File System (pNFS) allows a separation between The Parallel Network File System (pNFS) allows a separation between
the metadata (onto a metadata server) and data (onto a storage the metadata (onto a metadata server) and data (onto a storage
device) for a file. The SCSI Layout Type is defined in this document device) for a file. The Small Computer System Interface (SCSI)
as an extension to pNFS to allow the use SCSI based block storage layout type is defined in this document as an extension to pNFS to
devices. allow the use of SCSI-based block storage devices.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on June 8, 2017. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc8154.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Conventions Used in This Document . . . . . . . . . . . . 4 1.1. Conventions Used in This Document . . . . . . . . . . . . 4
1.2. General Definitions . . . . . . . . . . . . . . . . . . . 4 1.2. General Definitions . . . . . . . . . . . . . . . . . . . 4
1.3. Code Components Licensing Notice . . . . . . . . . . . . 4 1.3. Code Components Licensing Notice . . . . . . . . . . . . 5
1.4. XDR Description . . . . . . . . . . . . . . . . . . . . . 5 1.4. XDR Description . . . . . . . . . . . . . . . . . . . . . 5
2. SCSI Layout Description . . . . . . . . . . . . . . . . . . . 6 2. SCSI Layout Description . . . . . . . . . . . . . . . . . . . 7
2.1. Background and Architecture . . . . . . . . . . . . . . . 6 2.1. Background and Architecture . . . . . . . . . . . . . . . 7
2.2. layouttype4 . . . . . . . . . . . . . . . . . . . . . . . 8 2.2. layouttype4 . . . . . . . . . . . . . . . . . . . . . . . 8
2.3. GETDEVICEINFO . . . . . . . . . . . . . . . . . . . . . . 8 2.3. GETDEVICEINFO . . . . . . . . . . . . . . . . . . . . . . 8
2.3.1. Volume Identification . . . . . . . . . . . . . . . . 8 2.3.1. Volume Identification . . . . . . . . . . . . . . . . 8
2.3.2. Volume Topology . . . . . . . . . . . . . . . . . . . 9 2.3.2. Volume Topology . . . . . . . . . . . . . . . . . . . 10
2.4. Data Structures: Extents and Extent Lists . . . . . . . . 12 2.4. Data Structures: Extents and Extent Lists . . . . . . . . 12
2.4.1. Layout Requests and Extent Lists . . . . . . . . . . 14 2.4.1. Layout Requests and Extent Lists . . . . . . . . . . 15
2.4.2. Layout Commits . . . . . . . . . . . . . . . . . . . 15 2.4.2. Layout Commits . . . . . . . . . . . . . . . . . . . 16
2.4.3. Layout Returns . . . . . . . . . . . . . . . . . . . 16 2.4.3. Layout Returns . . . . . . . . . . . . . . . . . . . 17
2.4.4. Layout Revocation . . . . . . . . . . . . . . . . . . 16 2.4.4. Layout Revocation . . . . . . . . . . . . . . . . . . 17
2.4.5. Client Copy-on-Write Processing . . . . . . . . . . . 17 2.4.5. Client Copy-on-Write Processing . . . . . . . . . . . 17
2.4.6. Extents are Permissions . . . . . . . . . . . . . . . 18 2.4.6. Extents Are Permissions . . . . . . . . . . . . . . . 18
2.4.7. Partial-Block Updates . . . . . . . . . . . . . . . . 19 2.4.7. Partial-Block Updates . . . . . . . . . . . . . . . . 19
2.4.8. End-of-file Processing . . . . . . . . . . . . . . . 19 2.4.8. End-of-File Processing . . . . . . . . . . . . . . . 20
2.4.9. Layout Hints . . . . . . . . . . . . . . . . . . . . 20 2.4.9. Layout Hints . . . . . . . . . . . . . . . . . . . . 20
2.4.10. Client Fencing . . . . . . . . . . . . . . . . . . . 20 2.4.10. Client Fencing . . . . . . . . . . . . . . . . . . . 21
2.5. Crash Recovery Issues . . . . . . . . . . . . . . . . . . 22 2.5. Crash Recovery Issues . . . . . . . . . . . . . . . . . . 22
2.6. Recalling Resources: CB_RECALL_ANY . . . . . . . . . . . 22 2.6. Recalling Resources: CB_RECALL_ANY . . . . . . . . . . . 23
2.7. Transient and Permanent Errors . . . . . . . . . . . . . 23 2.7. Transient and Permanent Errors . . . . . . . . . . . . . 23
2.8. Volatile write caches . . . . . . . . . . . . . . . . . . 23 2.8. Volatile Write Caches . . . . . . . . . . . . . . . . . . 24
3. Enforcing NFSv4 Semantics . . . . . . . . . . . . . . . . . . 24 3. Enforcing NFSv4 Semantics . . . . . . . . . . . . . . . . . . 24
3.1. Use of Open Stateids . . . . . . . . . . . . . . . . . . 24 3.1. Use of Open Stateids . . . . . . . . . . . . . . . . . . 25
3.2. Enforcing Security Restrictions . . . . . . . . . . . . . 25 3.2. Enforcing Security Restrictions . . . . . . . . . . . . . 26
3.3. Enforcing Locking Restrictions . . . . . . . . . . . . . 25 3.3. Enforcing Locking Restrictions . . . . . . . . . . . . . 26
4. Security Considerations . . . . . . . . . . . . . . . . . . . 26 4. Security Considerations . . . . . . . . . . . . . . . . . . . 27
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28
6. Normative References . . . . . . . . . . . . . . . . . . . . 27 6. Normative References . . . . . . . . . . . . . . . . . . . . 28
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . 28 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 29
Appendix B. RFC Editor Notes . . . . . . . . . . . . . . . . . . 28 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 30
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 29
1. Introduction 1. Introduction
Figure 1 shows the overall architecture of a Parallel NFS (pNFS) Figure 1 shows the overall architecture of a Parallel NFS (pNFS)
system: system:
+-----------+ +-----------+
|+-----------+ +-----------+ |+-----------+ +-----------+
||+-----------+ | | ||+-----------+ | |
||| | NFSv4.1 + pNFS | | ||| | NFSv4.1 + pNFS | |
+|| Clients |<------------------------------>| Server | +|| Clients |<------------------------------>| Server |
+| | | | +| | | |
+-----------+ | | +-----------+ | |
||| +-----------+ ||| +-----------+
||| | ||| |
||| | ||| |
||| Storage +-----------+ | ||| Storage +-----------+ |
||| Protocol |+-----------+ | ||| Protocol |+-----------+ |
||+----------------||+-----------+ Control | ||+----------------||+-----------+ Control |
|+-----------------||| | Protocol| |+-----------------||| | Protocol|
+------------------+|| Storage |------------+ +------------------+|| Storage |------------+
+| Systems | +| Systems |
+-----------+ +-----------+
Figure 1 Figure 1
The overall approach is that pNFS-enhanced clients obtain sufficient The overall approach is that pNFS-enhanced clients obtain sufficient
information from the server to enable them to access the underlying information from the server to enable them to access the underlying
storage (on the storage systems) directly. See the Section 12 of storage (on the storage systems) directly. See Section 12 of
[RFC5661] for more details. This document is concerned with access [RFC5661] for more details. This document is concerned with access
from pNFS clients to storage devices over block storage protocols from pNFS clients to storage devices over block storage protocols
based on the the SCSI Architecture Model ([SAM-5]), e.g., Fibre based on the SCSI Architecture Model [SAM-5], e.g., the Fibre Channel
Channel Protocol (FCP) for Fibre Channel, Internet SCSI (iSCSI) or Protocol (FCP), Internet SCSI (iSCSI), or Serial Attached SCSI (SAS).
Serial Attached SCSI (SAS). pNFS SCSI layout requires block based pNFS SCSI layout requires block-based SCSI command sets, for example,
SCSI command sets, for example SCSI Block Commands ([SBC3]). While SCSI Block Commands [SBC3]. While SCSI command sets for non-block-
SCSI command set for non-block based access exist these are not based access exist, these are not supported by the SCSI layout type,
supported by the SCSI layout type, and all future references to SCSI and all future references to SCSI storage devices will imply a block-
storage devices will imply a block based SCSI command set. based SCSI command set.
The Server to Storage System protocol, called the "Control Protocol", The Server to Storage System protocol, called the "Control Protocol",
is not of concern for interoperability, although it will typically be is not of concern for interoperability, although it will typically be
the same SCSI based storage protocol. the same SCSI-based storage protocol.
This document is based on [RFC5663] and makes changes to the block This document is based on [RFC5663] and makes changes to the block
layout type to provide a better pNFS layout protocol for SCSI based layout type to provide a better pNFS layout protocol for SCSI-based
storage devices. Despite these changes, [RFC5663] remains the storage devices. Despite these changes, [RFC5663] remains the
defining document for the existing block layout type. pNFS Block Disk defining document for the existing block layout type. pNFS Block Disk
Protection [RFC6688] is unnecessary in the context of the SCSI layout Protection [RFC6688] is unnecessary in the context of the SCSI layout
type because the new layout type provides mandatory disk access type because the new layout type provides mandatory disk access
protection as part of the layout type definition. In contrast to protection as part of the layout type definition. In contrast to
[RFC5663], this document uses SCSI protocol features to provide [RFC5663], this document uses SCSI protocol features to provide
reliable fencing by using SCSI Persistent Reservations, and it can reliable fencing by using SCSI persistent reservations, and it can
provide reliable and efficient device discovery by using SCSI device provide reliable and efficient device discovery by using SCSI device
identifiers instead of having to rely on probing all devices identifiers instead of having to rely on probing all devices
potentially attached to a client. This new layout type also potentially attached to a client. This new layout type also
optimizes the I/O path by reducing the size of the LAYOUTCOMMIT optimizes the Input/Output (I/O) path by reducing the size of the
payload. LAYOUTCOMMIT payload.
The above two paragraphs summarize the major functional differences The above two paragraphs summarize the major functional differences
from [RFC5663]. There are other minor differences, e.g., the "base" from [RFC5663]. There are other minor differences, e.g., the "base"
volume type in this specification is used instead of the "simple" volume type in this specification is used instead of the "simple"
volume type in [RFC5663], but there are no significant differences in volume type in [RFC5663], but there are no significant differences in
the data structures that describe the volume topology above this the data structures that describe the volume topology above this
level Section 2.3.2 or in the data structures that describe extents level (Section 2.3.2) or in the data structures that describe extents
Section 2.4. (Section 2.4).
1.1. Conventions Used in This Document 1.1. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
1.2. General Definitions 1.2. General Definitions
The following definitions are provided for the purpose of providing The following definitions are provided for the purpose of providing
an appropriate context for the reader. an appropriate context for the reader.
Byte This document defines a byte as an octet, i.e., a datum exactly Byte: an octet, i.e., a datum exactly 8 bits in length.
8 bits in length.
Client The "client" is the entity that accesses the NFS server's Client: the entity that accesses the NFS server's resources. The
resources. The client may be an application that contains the client may be an application that contains the logic to access the
logic to access the NFS server directly. The client may also be NFS server directly. The client may also be the traditional
the traditional operating system client that provides remote file operating system client that provides remote file system services
system services for a set of applications. for a set of applications.
Server The "server" is the entity responsible for coordinating Server: the entity responsible for coordinating client access to a
client access to a set of file systems and is identified by a set of file systems and is identified by a server owner.
server owner.
metadata server (MDS) The metadata server is a pNFS server which Metadata Server (MDS): a pNFS server that provides metadata
provides metadata information for a file system object. It also information for a file system object. It also is responsible for
is responsible for generating layouts for file system objects. generating layouts for file system objects. Note that the MDS is
Note that the MDS is also responsible for directory-based also responsible for directory-based operations.
operations.
1.3. Code Components Licensing Notice 1.3. Code Components Licensing Notice
The external data representation (XDR) description and scripts for The external data representation (XDR) description and scripts for
extracting the XDR description are Code Components as described in extracting the XDR description are Code Components as described in
Section 4 of "Legal Provisions Relating to IETF Documents" [LEGAL]. Section 4 of "Legal Provisions Relating to IETF Documents" [LEGAL].
These Code Components are licensed according to the terms of These Code Components are licensed according to the terms of
Section 4 of "Legal Provisions Relating to IETF Documents". Section 4 of "Legal Provisions Relating to IETF Documents".
1.4. XDR Description 1.4. XDR Description
This document contains the XDR [RFC4506] description of the NFSv4.1 This document contains the XDR [RFC4506] description of the NFSv4.1
SCSI layout protocol. The XDR description is embedded in this SCSI layout protocol. The XDR description is embedded in this
document in a way that makes it simple for the reader to extract into document in a way that makes it simple for the reader to extract into
a ready-to-compile form. The reader can feed this document into the a ready-to-compile form. The reader can feed this document into the
following shell script to produce the machine readable XDR following shell script to produce the machine-readable XDR
description of the NFSv4.1 SCSI layout: description of the NFSv4.1 SCSI layout:
#!/bin/sh #!/bin/sh
grep '^ *///' $* | sed 's?^ */// ??' | sed 's?^ *///$??' grep '^ *///' $* | sed 's?^ */// ??' | sed 's?^ *///$??'
That is, if the above script is stored in a file called "extract.sh", That is, if the above script is stored in a file called "extract.sh",
and this document is in a file called "spec.txt", then the reader can and this document is in a file called "spec.txt", then the reader can
do: do:
sh extract.sh < spec.txt > scsi_prot.x sh extract.sh < spec.txt > scsi_prot.x
The effect of the script is to remove leading white space from each The effect of the script is to remove leading white space from each
line, plus a sentinel sequence of "///". line, plus a sentinel sequence of "///".
The embedded XDR file header follows. Subsequent XDR descriptions, The embedded XDR file header follows. Subsequent XDR descriptions
with the sentinel sequence are embedded throughout the document. with the sentinel sequence are embedded throughout the document.
Note that the XDR code contained in this document depends on types Note that the XDR code contained in this document depends on types
from the NFSv4.1 nfs4_prot.x file [RFC5662]. This includes both nfs from the NFSv4.1 nfs4_prot.x file [RFC5662]. This includes both NFS
types that end with a 4, such as offset4, length4, etc., as well as types that end with a 4, such as offset4, length4, etc., as well as
more generic types such as uint32_t and uint64_t. more generic types such as uint32_t and uint64_t.
/// /* /// /*
/// * This code was derived from RFCTBD10 /// * This code was derived from RFC 8154.
/// * Please reproduce this note if possible. /// * Please reproduce this note if possible.
/// */ /// */
/// /* /// /*
/// * Copyright (c) 2010,2015 IETF Trust and the persons /// * Copyright (c) 2017 IETF Trust and the persons
/// * identified as the document authors. All rights reserved. /// * identified as authors of the code. All rights reserved.
/// * /// *
/// * Redistribution and use in source and binary forms, with /// * Redistribution and use in source and binary forms, with
/// * or without modification, are permitted provided that the /// * or without modification, are permitted provided that the
/// * following conditions are met: /// * following conditions are met:
/// * /// *
/// * - Redistributions of source code must retain the above /// * - Redistributions of source code must retain the above
/// * copyright notice, this list of conditions and the /// * copyright notice, this list of conditions and the
/// * following disclaimer. /// * following disclaimer.
/// * /// *
/// * - Redistributions in binary form must reproduce the above /// * - Redistributions in binary form must reproduce the above
/// * copyright notice, this list of conditions and the /// * copyright notice, this list of conditions and the
/// * following disclaimer in the documentation and/or other /// * following disclaimer in the documentation and/or other
/// * materials provided with the distribution. /// * materials provided with the distribution.
/// * /// *
/// * - Neither the name of Internet Society, IETF or IETF /// * - Neither the name of Internet Society, IETF or IETF
/// * Trust, nor the names of specific contributors, may be /// * Trust, nor the names of specific contributors, may be
/// * used to endorse or promote products derived from this /// * used to endorse or promote products derived from this
/// * software without specific prior written permission. /// * software without specific prior written permission.
/// * /// *
/// * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS /// * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS
/// * AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED /// * AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED
/// * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE /// * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
/// * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS /// * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
/// * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO /// * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
/// * EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE /// * EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
/// * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, /// * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
/// * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT /// * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
/// * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR /// * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
/// * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS /// * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
/// * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF /// * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
/// * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, /// * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
/// * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING /// * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
/// * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF /// * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
/// * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. /// * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
/// */ /// */
/// ///
/// /* /// /*
/// * nfs4_scsi_layout_prot.x /// * nfs4_scsi_layout_prot.x
/// */ /// */
/// ///
/// %#include "nfsv41.h" /// %#include "nfsv41.h"
/// ///
2. SCSI Layout Description 2. SCSI Layout Description
2.1. Background and Architecture 2.1. Background and Architecture
The fundamental storage model supported by SCSI storage devices is a The fundamental storage model supported by SCSI storage devices is a
Logical Unit (LU) consisting of a sequential series of fixed-size logical unit (LU) consisting of a sequential series of fixed-size
blocks. Logical units used as devices for NFS SCSI layouts, and the blocks. Logical units used as devices for NFS SCSI layouts, and the
SCSI initiators used for the pNFS Metadata Server and clients MUST SCSI initiators used for the pNFS metadata server and clients, MUST
support SCSI persistent reservations as defined in [SPC4]. support SCSI persistent reservations as defined in [SPC4].
A pNFS layout for this SCSI class of storage is responsible for A pNFS layout for this SCSI class of storage is responsible for
mapping from an NFS file (or portion of a file) to the blocks of mapping from an NFS file (or portion of a file) to the blocks of
storage volumes that contain the file. The blocks are expressed as storage volumes that contain the file. The blocks are expressed as
extents with 64-bit offsets and lengths using the existing NFSv4 extents with 64-bit offsets and lengths using the existing NFSv4
offset4 and length4 types. Clients MUST be able to perform I/O to offset4 and length4 types. Clients MUST be able to perform I/O to
the block extents without affecting additional areas of storage the block extents without affecting additional areas of storage
(especially important for writes); therefore, extents MUST be aligned (especially important for writes); therefore, extents MUST be aligned
to logical block size boundaries of the underlying logical units to logical block size boundaries of the underlying logical units
(typically 512 or 4096 bytes). For complex volume topologies the (typically 512 or 4096 bytes). For complex volume topologies, the
serves MUST ensure extents are aligned to the logical block size server MUST ensure extents are aligned to the logical block size
boundaries of the larges logical block size in the volume topology. boundaries of the largest logical block size in the volume topology.
The pNFS operation for requesting a layout (LAYOUTGET) includes the The pNFS operation for requesting a layout (LAYOUTGET) includes the
"layoutiomode4 loga_iomode" argument, which indicates whether the "layoutiomode4 loga_iomode" argument, which indicates whether the
requested layout is for read-only use or read-write use. A read-only requested layout is for read-only use or read-write use. A read-only
layout may contain holes that are read as zero, whereas a read-write layout may contain holes that are read as zero, whereas a read-write
layout will contain allocated, but un-initialized storage in those layout will contain allocated but uninitialized storage in those
holes (read as zero, can be written by client). This document also holes (read as zero, can be written by client). This document also
supports client participation in copy-on-write (e.g., for file supports client participation in copy-on-write (e.g., for file
systems with snapshots) by providing both read-only and un- systems with snapshots) by providing both read-only and uninitialized
initialized storage for the same range in a layout. Reads are storage for the same range in a layout. Reads are initially
initially performed on the read-only storage, with writes going to performed on the read-only storage, with writes going to the
the un-initialized storage. After the first write that initializes uninitialized storage. After the first write that initializes the
the un-initialized storage, all reads are performed to that now- uninitialized storage, all reads are performed to that now-
initialized writable storage, and the corresponding read-only storage initialized writable storage, and the corresponding read-only storage
is no longer used. is no longer used.
The SCSI layout solution expands the security responsibilities of the The SCSI layout solution expands the security responsibilities of the
pNFS clients, and there are a number of environments where the pNFS clients, and there are a number of environments where the
mandatory to implement security properties for NFS cannot be mandatory-to-implement security properties for NFS cannot be
satisfied. The additional security responsibilities of the client satisfied. The additional security responsibilities of the client
follow, and a full discussion is present in Section 4, "Security follow, and a full discussion is present in Section 4 ("Security
Considerations". Considerations").
o Typically, SCSI storage devices provide access control mechanisms o Typically, SCSI storage devices provide access control mechanisms
(e.g., Logical Unit Number (LUN) mapping and/or masking), which (e.g., Logical Unit Number (LUN) mapping and/or masking), which
operate at the granularity of individual hosts, not individual operate at the granularity of individual hosts, not individual
blocks. For this reason, block-based protection must be provided blocks. For this reason, block-based protection must be provided
by the client software. by the client software.
o Similarly, SCSI storage devices typically are not able to validate o Similarly, SCSI storage devices typically are not able to validate
NFS locks that apply to file regions. For instance, if a file is NFS locks that apply to file regions. For instance, if a file is
covered by a mandatory read-only lock, the server can ensure that covered by a mandatory read-only lock, the server can ensure that
only readable layouts for the file are granted to pNFS clients. only readable layouts for the file are granted to pNFS clients.
However, it is up to each pNFS client to ensure that the readable However, it is up to each pNFS client to ensure that the readable
layout is used only to service read requests, and not to allow layout is used only to service read requests and not to allow
writes to the existing parts of the file. writes to the existing parts of the file.
Since SCSI storage devices are generally not capable of enforcing Since SCSI storage devices are generally not capable of enforcing
such file-based security, in environments where pNFS clients cannot such file-based security, in environments where pNFS clients cannot
be trusted to enforce such policies, pNFS SCSI layouts MUST NOT be be trusted to enforce such policies, pNFS SCSI layouts MUST NOT be
used. used.
2.2. layouttype4 2.2. layouttype4
The layout4 type defined in [RFC5662] is extended with a new value as The layout4 type defined in [RFC5662] is extended with a new value as
follows: follows:
enum layouttype4 { enum layouttype4 {
LAYOUT4_NFSV4_1_FILES = 1, LAYOUT4_NFSV4_1_FILES = 1,
LAYOUT4_OSD2_OBJECTS = 2, LAYOUT4_OSD2_OBJECTS = 2,
LAYOUT4_BLOCK_VOLUME = 3, LAYOUT4_BLOCK_VOLUME = 3,
LAYOUT4_SCSI = 0x80000005 LAYOUT4_SCSI = 5
[[RFC Editor: please modify the LAYOUT4_SCSI };
to be the layouttype assigned by IANA]]
};
This document defines structure associated with the layouttype4 value This document defines the structure associated with the layouttype4
LAYOUT4_SCSI. [RFC5661] specifies the loc_body structure as an XDR value LAYOUT4_SCSI. [RFC5661] specifies the loc_body structure as an
type "opaque". The opaque layout is uninterpreted by the generic XDR type "opaque". The opaque layout is uninterpreted by the generic
pNFS client layers, but obviously must be interpreted by the Layout pNFS client layers but obviously must be interpreted by the layout
Type implementation. type implementation.
2.3. GETDEVICEINFO 2.3. GETDEVICEINFO
2.3.1. Volume Identification 2.3.1. Volume Identification
SCSI targets implementing [SPC4] export unique LU names for each LU SCSI targets implementing [SPC4] export unique LU names for each LU
through the Device Identification VPD page (page code 0x83), which through the Device Identification Vital Product Data (VPD) page (page
can be obtained using the INQUIRY command with the EVPD bit set to code 0x83), which can be obtained using the INQUIRY command with the
one. This document uses a subset of this information to identify LUs Enable VPD (EVPD) bit set to one. This document uses a subset of
backing pNFS SCSI layouts. Device Identification VPD page this information to identify LUs backing pNFS SCSI layouts. The
descriptors used to identify LUs for use with pNFS SCSI layouts must Device Identification VPD page descriptors used to identify LUs for
adhere to the following restrictions: use with pNFS SCSI layouts must adhere to the following restrictions:
1. The "ASSOCIATION" MUST be set to 0 (The DESIGNATOR field is 1. The "ASSOCIATION" MUST be set to 0 (The "DESIGNATOR" field is
associated with the addressed logical unit). associated with the addressed logical unit).
2. The "DESIGNATOR TYPE" MUST be set to one of four values that are 2. The "DESIGNATOR TYPE" MUST be set to one of four values that are
required for the mandatory logical unit name in section 7.7.3 of required for the mandatory logical unit name in Section 7.7.3 of
[SPC4], as explicitly listed in the "pnfs_scsi_designator_type" [SPC4], as explicitly listed in the "pnfs_scsi_designator_type"
enumeration: enumeration:
PS_DESIGNATOR_T10 T10 vendor ID based PS_DESIGNATOR_T10 - based on T10 vendor ID
PS_DESIGNATOR_EUI64 EUI-64-based PS_DESIGNATOR_EUI64 - based on EUI-64
PS_DESIGNATOR_NAA NAA PS_DESIGNATOR_NAA - Network Address Authority (NAA)
PS_DESIGNATOR_NAME SCSI name string PS_DESIGNATOR_NAME - SCSI name string
Any other association or designator type MUST NOT be used. Use
3. Any other association or designator type MUST NOT be used. Use
of T10 vendor IDs is discouraged when one of the other types can of T10 vendor IDs is discouraged when one of the other types can
be used. be used.
The "CODE SET" VPD page field is stored in the "sbv_code_set" field The "CODE SET" VPD page field is stored in the "sbv_code_set" field
of the "pnfs_scsi_base_volume_info4" structure, the "DESIGNATOR TYPE" of the "pnfs_scsi_base_volume_info4" data structure, the "DESIGNATOR
is stored in "sbv_designator_type", and the DESIGNATOR is stored in TYPE" is stored in "sbv_designator_type", and the DESIGNATOR is
"sbv_designator". Due to the use of a XDR array the "DESIGNATOR stored in "sbv_designator". Due to the use of an XDR array, the
LENGTH" field does not need to be set separately. Only certain "DESIGNATOR LENGTH" field does not need to be set separately. Only
combinations of "sbv_code_set" and "sbv_designator_type" are valid, certain combinations of "sbv_code_set" and "sbv_designator_type" are
please refer to [SPC4] for details, and note that ASCII MAY be used valid; please refer to [SPC4] for details, and note that ASCII MAY be
as the code set for UTF-8 text that contains only printable ASCII used as the code set for UTF-8 text that contains only printable
characters. Note that a Device Identification VPD page MAY contain ASCII characters. Note that a Device Identification VPD page MAY
multiple descriptors with the same association, code set and contain multiple descriptors with the same association, code set, and
designator type. NFS clients thus MUST check all the descriptors for designator type. Thus, NFS clients MUST check all the descriptors
a possible match to "sbv_code_set", "sbv_designator_type" and for a possible match to "sbv_code_set", "sbv_designator_type", and
"sbv_designator". "sbv_designator".
Storage devices such as storage arrays can have multiple physical Storage devices such as storage arrays can have multiple physical
network interfaces that need not be connected to a common network, network interfaces that need not be connected to a common network,
resulting in a pNFS client having simultaneous multipath access to resulting in a pNFS client having simultaneous multipath access to
the same storage volumes via different ports on different networks. the same storage volumes via different ports on different networks.
Selection of one or multiple ports to access the storage device is Selection of one or multiple ports to access the storage device is
left up to the client. left up to the client.
Additionally the server returns a Persistent Reservation key in the Additionally, the server returns a persistent reservation key in the
"sbv_pr_key" field. See Section 2.4.10 for more details on the use "sbv_pr_key" field. See Section 2.4.10 for more details on the use
of Persistent Reservations. of persistent reservations.
2.3.2. Volume Topology 2.3.2. Volume Topology
The pNFS SCSI layout volume topology is expressed in terms of the The pNFS SCSI layout volume topology is expressed in terms of the
volume types described below. The individual components of the volume types described below. The individual components of the
topology are contained in an array and components MAY refer to other topology are contained in an array, and components MAY refer to other
components by using array indices. components by using array indices.
/// enum pnfs_scsi_volume_type4 { /// enum pnfs_scsi_volume_type4 {
/// PNFS_SCSI_VOLUME_SLICE = 1, /* volume is a slice of /// PNFS_SCSI_VOLUME_SLICE = 1, /* volume is a slice of
/// another volume */ /// another volume */
/// PNFS_SCSI_VOLUME_CONCAT = 2, /* volume is a /// PNFS_SCSI_VOLUME_CONCAT = 2, /* volume is a
/// concatenation of /// concatenation of
/// multiple volumes */ /// multiple volumes */
/// PNFS_SCSI_VOLUME_STRIPE = 3 /* volume is striped across /// PNFS_SCSI_VOLUME_STRIPE = 3 /* volume is striped across
/// multiple volumes */ /// multiple volumes */
/// PNFS_SCSI_VOLUME_BASE = 4, /* volume maps to a single /// PNFS_SCSI_VOLUME_BASE = 4, /* volume maps to a single
/// LU */ /// LU */
/// }; /// };
/// ///
/// /*
/// * Code sets from SPC-4.
/// */
/// enum pnfs_scsi_code_set {
/// PS_CODE_SET_BINARY = 1,
/// PS_CODE_SET_ASCII = 2,
/// PS_CODE_SET_UTF8 = 3
/// };
///
/// /*
/// * Designator types from taken from SPC-4.
/// *
/// * Other values are allocated in SPC-4, but not mandatory to
/// * implement or aren't Logical Unit names.
/// */
/// enum pnfs_scsi_designator_type {
/// PS_DESIGNATOR_T10 = 1,
/// PS_DESIGNATOR_EUI64 = 2,
/// PS_DESIGNATOR_NAA = 3,
/// PS_DESIGNATOR_NAME = 8
/// };
///
/// /*
/// * Logical Unit name + reservation key.
/// */
/// struct pnfs_scsi_base_volume_info4 {
/// pnfs_scsi_code_set sbv_code_set;
/// pnfs_scsi_designator_type sbv_designator_type;
/// opaque sbv_designator<>;
/// uint64_t sbv_pr_key;
/// };
///
/// struct pnfs_scsi_slice_volume_info4 { /// /*
/// offset4 ssv_start; /* offset of the start of /// * Code sets from SPC-4.
/// the slice in bytes */ /// */
/// length4 ssv_length; /* length of slice in /// enum pnfs_scsi_code_set {
/// bytes */ /// PS_CODE_SET_BINARY = 1,
/// uint32_t ssv_volume; /* array index of sliced /// PS_CODE_SET_ASCII = 2,
/// volume */ /// PS_CODE_SET_UTF8 = 3
/// }; /// };
/// ///
/// /*
/// * Designator types taken from SPC-4.
/// *
/// * Other values are allocated in SPC-4 but are not mandatory to
/// * implement or aren't logical unit names.
/// */
/// enum pnfs_scsi_designator_type {
/// PS_DESIGNATOR_T10 = 1,
/// PS_DESIGNATOR_EUI64 = 2,
/// PS_DESIGNATOR_NAA = 3,
/// PS_DESIGNATOR_NAME = 8
/// };
///
/// /*
/// * Logical unit name + reservation key.
/// */
/// struct pnfs_scsi_base_volume_info4 {
/// pnfs_scsi_code_set sbv_code_set;
/// pnfs_scsi_designator_type sbv_designator_type;
/// opaque sbv_designator<>;
/// uint64_t sbv_pr_key;
/// };
///
/// /// struct pnfs_scsi_slice_volume_info4 {
/// struct pnfs_scsi_concat_volume_info4 { /// offset4 ssv_start; /* offset of the start of
/// uint32_t scv_volumes<>; /* array indices of volumes /// the slice in bytes */
/// which are concatenated */ /// length4 ssv_length; /* length of slice in
/// }; /// bytes */
/// /// uint32_t ssv_volume; /* array index of sliced
/// struct pnfs_scsi_stripe_volume_info4 { /// volume */
/// length4 ssv_stripe_unit; /* size of stripe in bytes */ /// };
/// uint32_t ssv_volumes<>; /* array indices of ///
/// volumes which are striped
/// across -- MUST be same
/// size */
/// };
/// ///
/// union pnfs_scsi_volume4 switch (pnfs_scsi_volume_type4 type) { /// struct pnfs_scsi_concat_volume_info4 {
/// case PNFS_SCSI_VOLUME_BASE: /// uint32_t scv_volumes<>; /* array indices of volumes
/// pnfs_scsi_base_volume_info4 sv_simple_info; /// that are concatenated */
/// case PNFS_SCSI_VOLUME_SLICE: /// };
/// pnfs_scsi_slice_volume_info4 sv_slice_info;
/// case PNFS_SCSI_VOLUME_CONCAT:
/// pnfs_scsi_concat_volume_info4 sv_concat_info;
/// case PNFS_SCSI_VOLUME_STRIPE:
/// pnfs_scsi_stripe_volume_info4 sv_stripe_info;
/// };
///
/// /* SCSI layout-specific type for da_addr_body */ ///
/// struct pnfs_scsi_deviceaddr4 { /// struct pnfs_scsi_stripe_volume_info4 {
/// pnfs_scsi_volume4 sda_volumes<>; /* array of volumes */ /// length4 ssv_stripe_unit; /* size of stripe in bytes */
/// }; /// uint32_t ssv_volumes<>; /* array indices of
/// /// volumes that are striped
/// across -- MUST be same
/// size */
/// };
///
/// union pnfs_scsi_volume4 switch (pnfs_scsi_volume_type4 type) {
/// case PNFS_SCSI_VOLUME_BASE:
/// pnfs_scsi_base_volume_info4 sv_simple_info;
/// case PNFS_SCSI_VOLUME_SLICE:
/// pnfs_scsi_slice_volume_info4 sv_slice_info;
/// case PNFS_SCSI_VOLUME_CONCAT:
/// pnfs_scsi_concat_volume_info4 sv_concat_info;
/// case PNFS_SCSI_VOLUME_STRIPE:
/// pnfs_scsi_stripe_volume_info4 sv_stripe_info;
/// };
///
/// /* SCSI layout-specific type for da_addr_body */
/// struct pnfs_scsi_deviceaddr4 {
/// pnfs_scsi_volume4 sda_volumes<>; /* array of volumes */
/// };
///
The "pnfs_scsi_deviceaddr4" data structure is a structure that allows The "pnfs_scsi_deviceaddr4" data structure is a structure that allows
arbitrarily complex nested volume structures to be encoded. The arbitrarily complex nested volume structures to be encoded. The
types of aggregations that are allowed are stripes, concatenations, types of aggregations that are allowed are stripes, concatenations,
and slices. Note that the volume topology expressed in the and slices. Note that the volume topology expressed in the
pnfs_scsi_deviceaddr4 data structure will always resolve to a set of "pnfs_scsi_deviceaddr4" data structure will always resolve to a set
pnfs_scsi_volume_type4 PNFS_SCSI_VOLUME_BASE. The array of volumes of "pnfs_scsi_volume_type4" PNFS_SCSI_VOLUME_BASE. The array of
is ordered such that the root of the volume hierarchy is the last volumes is ordered such that the root of the volume hierarchy is the
element of the array. Concat, slice, and stripe volumes MUST refer last element of the array. Concat, slice, and stripe volumes MUST
to volumes defined by lower indexed elements of the array. refer to volumes defined by lower indexed elements of the array.
The "pnfs_scsi_device_addr4" data structure is returned by the server The "pnfs_scsi_deviceaddr4" data structure is returned by the server
as the storage-protocol-specific opaque field da_addr_body in the as the storage-protocol-specific opaque field "da_addr_body" in the
"device_addr4" structure by a successful GETDEVICEINFO operation "device_addr4" data structure by a successful GETDEVICEINFO operation
[RFC5661]. [RFC5661].
As noted above, all device_addr4 structures eventually resolve to a As noted above, all "device_addr4" data structures eventually resolve
set of volumes of type PNFS_SCSI_VOLUME_BASE. Complicated volume to a set of volumes of type PNFS_SCSI_VOLUME_BASE. Complicated
hierarchies may be composed of dozens of volumes each with several volume hierarchies may be composed of dozens of volumes, each with
components; thus, the device address may require several kilobytes. several components; thus, the device address may require several
The client SHOULD be prepared to allocate a large buffer to contain kilobytes. The client SHOULD be prepared to allocate a large buffer
the result. In the case of the server returning NFS4ERR_TOOSMALL, to contain the result. In the case of the server returning
the client SHOULD allocate a buffer of at least gdir_mincount_bytes NFS4ERR_TOOSMALL, the client SHOULD allocate a buffer of at least
to contain the expected result and retry the GETDEVICEINFO request. gdir_mincount_bytes to contain the expected result and retry the
GETDEVICEINFO request.
2.4. Data Structures: Extents and Extent Lists 2.4. Data Structures: Extents and Extent Lists
A pNFS SCSI layout is a list of extents within a flat array of data A pNFS SCSI layout is a list of extents within a flat array of data
blocks in a volume. The details of the volume topology can be blocks in a volume. The details of the volume topology can be
determined by using the GETDEVICEINFO operation. The SCSI layout determined by using the GETDEVICEINFO operation. The SCSI layout
describes the individual block extents on the volume that make up the describes the individual block extents on the volume that make up the
file. The offsets and length contained in an extent are specified in file. The offsets and length contained in an extent are specified in
units of bytes. units of bytes.
/// enum pnfs_scsi_extent_state4 { /// enum pnfs_scsi_extent_state4 {
/// PNFS_SCSI_READ_WRITE_DATA = 0, /* the data located by /// PNFS_SCSI_READ_WRITE_DATA = 0, /* the data located by
/// this extent is valid /// this extent is valid
/// for reading and /// for reading and
/// writing. */ /// writing. */
/// PNFS_SCSI_READ_DATA = 1, /* the data located by this /// PNFS_SCSI_READ_DATA = 1, /* the data located by this
/// extent is valid for /// extent is valid for
/// reading only; it may not /// reading only; it may not
/// be written. */ /// be written. */
/// PNFS_SCSI_INVALID_DATA = 2, /* the location is valid; the /// PNFS_SCSI_INVALID_DATA = 2, /* the location is valid; the
/// data is invalid. It is a /// data is invalid. It is a
/// newly (pre-) allocated /// newly (pre-)allocated
/// extent. The client MUST /// extent. The client MUST
/// not read from this /// not read from this
/// space */ /// space. */
/// PNFS_SCSI_NONE_DATA = 3 /* the location is invalid. /// PNFS_SCSI_NONE_DATA = 3 /* the location is invalid.
/// It is a hole in the file. /// It is a hole in the file.
/// The client MUST NOT read /// The client MUST NOT read
/// from or write to this /// from or write to this
/// space */ /// space. */
/// }; /// };
///
/// struct pnfs_scsi_extent4 {
/// deviceid4 se_vol_id; /* id of the volume on
/// which extent of file is
/// stored. */
/// offset4 se_file_offset; /* starting byte offset
/// in the file */
/// length4 se_length; /* size in bytes of the
/// extent */
/// offset4 se_storage_offset; /* starting byte offset
/// in the volume */
/// pnfs_scsi_extent_state4 se_state;
/// /* state of this extent */
/// };
///
/// /* SCSI layout-specific type for loc_body */ ///
/// struct pnfs_scsi_layout4 { /// struct pnfs_scsi_extent4 {
/// pnfs_scsi_extent4 sl_extents<>; /// deviceid4 se_vol_id; /* id of the volume on
/// /* extents which make up this /// which extent of file is
/// layout. */ /// stored */
/// }; /// offset4 se_file_offset; /* starting byte offset
/// /// in the file */
/// length4 se_length; /* size in bytes of the
/// extent */
/// offset4 se_storage_offset; /* starting byte offset
/// in the volume */
/// pnfs_scsi_extent_state4 se_state;
/// /* state of this extent */
/// };
///
/// /* SCSI layout-specific type for loc_body */
/// struct pnfs_scsi_layout4 {
/// pnfs_scsi_extent4 sl_extents<>;
/// /* extents that make up this
/// layout */
/// };
///
The SCSI layout consists of a list of extents that map the regions of The SCSI layout consists of a list of extents that map the regions of
the file to locations on a volume. The "se_storage_offset" field the file to locations on a volume. The "se_storage_offset" field
within each extent identifies a location on the volume specified by within each extent identifies a location on the volume specified by
the "se_vol_id" field in the extent. The se_vol_id itself is the "se_vol_id" field in the extent. The "se_vol_id" itself is
shorthand for the whole topology of the volume on which the file is shorthand for the whole topology of the volume on which the file is
stored. The client is responsible for translating this volume- stored. The client is responsible for translating this volume-
relative offset into an offset on the appropriate underlying SCSI LU. relative offset into an offset on the appropriate underlying SCSI LU.
Each extent maps a region of the file onto a portion of the specified Each extent maps a region of the file onto a portion of the specified
LU. The se_file_offset, se_length, and se_state fields for an extent LU. The "se_file_offset", "se_length", and "se_state" fields for an
returned from the server are valid for all extents. In contrast, the extent returned from the server are valid for all extents. In
interpretation of the se_storage_offset field depends on the value of contrast, the interpretation of the "se_storage_offset" field depends
se_state as follows (in increasing order): on the value of "se_state" as follows (in increasing order):
PNFS_SCSI_READ_WRITE_DATA means that se_storage_offset is valid, and PNFS_SCSI_READ_WRITE_DATA
points to valid/initialized data that can be read and written. "se_storage_offset" is valid and points to valid/initialized data
that can be read and written.
PNFS_SCSI_READ_DATA means that se_storage_offset is valid and points PNFS_SCSI_READ_DATA
to valid/initialized data that can only be read. Write operations "se_storage_offset" is valid and points to valid/initialized data
are prohibited. that can only be read. Write operations are prohibited.
PNFS_SCSI_INVALID_DATA means that se_storage_offset is valid, but PNFS_SCSI_INVALID_DATA
points to invalid un-initialized data. This data MUST not be read "se_storage_offset" is valid but points to invalid, uninitialized
from the disk until it has been initialized. A read request for a data. This data MUST not be read from the disk until it has been
PNFS_SCSI_INVALID_DATA extent MUST fill the user buffer with initialized. A read request for a PNFS_SCSI_INVALID_DATA extent
zeros, unless the extent is covered by a PNFS_SCSI_READ_DATA MUST fill the user buffer with zeros, unless the extent is covered
extent of a copy-on-write file system. Write requests MUST write by a PNFS_SCSI_READ_DATA extent of a copy-on-write file system.
whole server-sized blocks to the disk; bytes not initialized by Write requests MUST write whole server-sized blocks to the disk;
the user MUST be set to zero. Any write to storage in a bytes not initialized by the user MUST be set to zero. Any write
PNFS_SCSI_INVALID_DATA extent changes the written portion of the to storage in a PNFS_SCSI_INVALID_DATA extent changes the written
extent to PNFS_SCSI_READ_WRITE_DATA; the pNFS client is portion of the extent to PNFS_SCSI_READ_WRITE_DATA; the pNFS
responsible for reporting this change via LAYOUTCOMMIT. client is responsible for reporting this change via LAYOUTCOMMIT.
PNFS_SCSI_NONE_DATA means that se_storage_offset is not valid, and PNFS_SCSI_NONE_DATA
this extent MAY not be used to satisfy write requests. Read "se_storage_offset" is not valid, and this extent MAY not be used
requests MAY be satisfied by zero-filling as for to satisfy write requests. Read requests MAY be satisfied by
PNFS_SCSI_INVALID_DATA. PNFS_SCSI_NONE_DATA extents MAY be zero-filling as for PNFS_SCSI_INVALID_DATA. PNFS_SCSI_NONE_DATA
returned by requests for readable extents; they are never returned extents MAY be returned by requests for readable extents; they are
if the request was for a writable extent. never returned if the request was for a writable extent.
An extent list contains all relevant extents in increasing order of An extent list contains all relevant extents in increasing order of
the se_file_offset of each extent; any ties are broken by increasing the se_file_offset of each extent; any ties are broken by increasing
order of the extent state (se_state). order of the extent state (se_state).
2.4.1. Layout Requests and Extent Lists 2.4.1. Layout Requests and Extent Lists
Each request for a layout specifies at least three parameters: file Each request for a layout specifies at least three parameters: file
offset, desired size, and minimum size. If the status of a request offset, desired size, and minimum size. If the status of a request
indicates success, the extent list returned MUST meet the following indicates success, the extent list returned MUST meet the following
criteria: criteria:
o A request for a readable (but not writable) layout MUST return o A request for a readable (but not writable) layout MUST return
either PNFS_SCSI_READ_DATA or PNFS_SCSI_NONE_DATA extents. It either PNFS_SCSI_READ_DATA or PNFS_SCSI_NONE_DATA extents. It
SHALL NOT return PNFS_SCSI_INVALID_DATA or SHALL NOT return PNFS_SCSI_INVALID_DATA or
PNFS_SCSI_READ_WRITE_DATA extents. PNFS_SCSI_READ_WRITE_DATA extents.
o A request for a writable layout MUST return o A request for a writable layout MUST return
PNFS_SCSI_READ_WRITE_DATA or PNFS_SCSI_INVALID_DATA extents, and PNFS_SCSI_READ_WRITE_DATA or PNFS_SCSI_INVALID_DATA extents, and
it MAY return addition PNFS_SCSI_READ_DATA extents for ranges it MAY return additional PNFS_SCSI_READ_DATA extents for ranges
covered by PNFS_SCSI_INVALID_DATA extents to allow client side covered by PNFS_SCSI_INVALID_DATA extents to allow client-side
copy-on-write operations. A request for a writable layout SHALL copy-on-write operations. A request for a writable layout SHALL
NOT return PNFS_SCSI_NONE_DATA extents. NOT return PNFS_SCSI_NONE_DATA extents.
o The first extent in the list MUST contain the requested starting o The first extent in the list MUST contain the requested starting
offset. offset.
o The total size of extents within the requested range MUST cover at o The total size of extents within the requested range MUST cover at
least the minimum size. One exception is allowed: the total size least the minimum size. One exception is allowed: the total size
MAY be smaller if only readable extents were requested and EOF is MAY be smaller if only readable extents were requested and EOF is
encountered. encountered.
skipping to change at page 15, line 23 skipping to change at page 16, line 4
o Extents MUST be ordered in the list by starting offset, with o Extents MUST be ordered in the list by starting offset, with
PNFS_SCSI_READ_DATA extents preceding PNFS_SCSI_INVALID_DATA PNFS_SCSI_READ_DATA extents preceding PNFS_SCSI_INVALID_DATA
extents in the case of equal se_file_offsets. extents in the case of equal se_file_offsets.
According to [RFC5661], if the minimum requested size, According to [RFC5661], if the minimum requested size,
loga_minlength, is zero, this is an indication to the metadata server loga_minlength, is zero, this is an indication to the metadata server
that the client desires any layout at offset loga_offset or less that that the client desires any layout at offset loga_offset or less that
the metadata server has "readily available". Given the lack of a the metadata server has "readily available". Given the lack of a
clear definition of this phrase, in the context of the SCSI layout clear definition of this phrase, in the context of the SCSI layout
type, when loga_minlength is zero, the metadata server SHOULD: type, when loga_minlength is zero, the metadata server SHOULD do the
following:
o when processing requests for readable layouts, return all such, o when processing requests for readable layouts, return all such
even if some extents are in the PNFS_SCSI_NONE_DATA state. layouts, even if some extents are in the PNFS_SCSI_NONE_DATA
state.
o when processing requests for writable layouts, return extents o when processing requests for writable layouts, return extents that
which can be returned in the PNFS_SCSI_READ_WRITE_DATA state. can be returned in the PNFS_SCSI_READ_WRITE_DATA state.
2.4.2. Layout Commits 2.4.2. Layout Commits
/// ///
/// /* SCSI layout-specific type for lou_body */ /// /* SCSI layout-specific type for lou_body */
/// ///
/// struct pnfs_scsi_range4 { /// struct pnfs_scsi_range4 {
/// offset4 sr_file_offset; /* starting byte offset /// offset4 sr_file_offset; /* starting byte offset
/// in the file */ /// in the file */
/// length4 sr_length; /* size in bytes */ /// length4 sr_length; /* size in bytes */
/// }; /// };
/// ///
/// struct pnfs_scsi_layoutupdate4 { /// struct pnfs_scsi_layoutupdate4 {
/// pnfs_scsi_range4 slu_commit_list<>; /// pnfs_scsi_range4 slu_commit_list<>;
/// /* list of extents which /// /* list of extents that
/// * now contain valid data. /// * now contain valid data.
/// */ /// */
/// }; /// };
The "pnfs_scsi_layoutupdate4" structure is used by the client as the The "pnfs_scsi_layoutupdate4" data structure is used by the client as
SCSI layout-specific argument in a LAYOUTCOMMIT operation. The the SCSI layout-specific argument in a LAYOUTCOMMIT operation. The
"slu_commit_list" field is a list covering regions of the file layout "slu_commit_list" field is a list covering regions of the file layout
that were previously in the PNFS_SCSI_INVALID_DATA state, but have that were previously in the PNFS_SCSI_INVALID_DATA state but have
been written by the client and SHOULD now be considered in the been written by the client and SHOULD now be considered in the
PNFS_SCSI_READ_WRITE_DATA state. The extents in the commit list MUST PNFS_SCSI_READ_WRITE_DATA state. The extents in the commit list MUST
be disjoint and MUST be sorted by sr_file_offset. Implementors be disjoint and MUST be sorted by sr_file_offset. Implementors
should be aware that a server MAY be unable to commit regions at a should be aware that a server MAY be unable to commit regions at a
granularity smaller than a file-system block (typically 4 KB or 8 granularity smaller than a file system block (typically 4 KB or 8
KB). As noted above, the block-size that the server uses is KB). As noted above, the block size that the server uses is
available as an NFSv4 attribute, and any extents included in the available as an NFSv4 attribute, and any extents included in the
"slu_commit_list" MUST be aligned to this granularity and have a size "slu_commit_list" MUST be aligned to this granularity and have a size
that is a multiple of this granularity. Since the block in question that is a multiple of this granularity. Since the block in question
is in state PNFS_SCSI_INVALID_DATA, byte ranges not written SHOULD be is in state PNFS_SCSI_INVALID_DATA, byte ranges not written SHOULD be
filled with zeros. This applies even if it appears that the area filled with zeros. This applies even if it appears that the area
being written is beyond what the client believes to be the end of being written is beyond what the client believes to be the end of
file. file.
2.4.3. Layout Returns 2.4.3. Layout Returns
A LAYOUTRETURN operation represents an explicit release of resources A LAYOUTRETURN operation represents an explicit release of resources
by the client. This MAY be done in response to a CB_LAYOUTRECALL or by the client. This MAY be done in response to a CB_LAYOUTRECALL or
before any recall, in order to avoid a future CB_LAYOUTRECALL. When before any recall, in order to avoid a future CB_LAYOUTRECALL. When
the LAYOUTRETURN operation specifies a LAYOUTRETURN4_FILE return the LAYOUTRETURN operation specifies a LAYOUTRETURN4_FILE return
type, then the layoutreturn_file4 data structure specifies the region type, then the "layoutreturn_file4" data structure specifies the
of the file layout that is no longer needed by the client. region of the file layout that is no longer needed by the client.
The LAYOUTRETURN operation is done without any SCSI layout specific The LAYOUTRETURN operation is done without any data specific to the
data. The opaque "lrf_body" field of the "layoutreturn_file4" data SCSI layout. The opaque "lrf_body" field of the "layoutreturn_file4"
structure MUST have length zero. data structure MUST have length zero.
2.4.4. Layout Revocation 2.4.4. Layout Revocation
Layouts MAY be unilaterally revoked by the server, due to the Layouts MAY be unilaterally revoked by the server due to the client's
client's lease time expiring, or the client failing to return a lease time expiring or the client failing to return a layout that has
layout which has been recalled in a timely manner. For the SCSI been recalled in a timely manner. For the SCSI layout type, this is
layout type this is accomplished by fencing off the client from accomplished by fencing off the client from access to storage as
access to storage as described in Section 2.4.10. When this is done, described in Section 2.4.10. When this is done, it is necessary that
it is necessary that all I/Os issued by the fenced-off client be all I/Os issued by the fenced-off client be rejected by the storage.
rejected by the storage This includes any in-flight I/Os that the This includes any in-flight I/Os that the client issued before the
client issued before the layout was revoked. layout was revoked.
Note, that the granularity of this operation can only be at the host/ Note that the granularity of this operation can only be at the host/
LU level. Thus, if one of a client's layouts is unilaterally revoked LU level. Thus, if one of a client's layouts is unilaterally revoked
by the server, it will effectively render useless *all* of the by the server, it will effectively render useless *all* of the
client's layouts for files located on the storage units comprising client's layouts for files located on the storage units comprising
the volume. This may render useless the client's layouts for files the volume. This may render useless the client's layouts for files
in other file systems. See Section 2.4.10.5 for a discussion of in other file systems. See Section 2.4.10.5 for a discussion of
recovery from from fencing. recovery from fencing.
2.4.5. Client Copy-on-Write Processing 2.4.5. Client Copy-on-Write Processing
Copy-on-write is a mechanism used to support file and/or file system Copy-on-write is a mechanism used to support file and/or file system
snapshots. When writing to unaligned regions, or to regions smaller snapshots. When writing to unaligned regions, or to regions smaller
than a file system block, the writer MUST copy the portions of the than a file system block, the writer MUST copy the portions of the
original file data to a new location on disk. This behavior can original file data to a new location on disk. This behavior can be
either be implemented on the client or the server. The paragraphs implemented either on the client or the server. The paragraphs below
below describe how a pNFS SCSI layout client implements access to a describe how a pNFS SCSI layout client implements access to a file
file that requires copy-on-write semantics. that requires copy-on-write semantics.
Distinguishing the PNFS_SCSI_READ_WRITE_DATA and PNFS_SCSI_READ_DATA Distinguishing the PNFS_SCSI_READ_WRITE_DATA and PNFS_SCSI_READ_DATA
extent types in combination with the allowed overlap of extent types in combination with the allowed overlap of
PNFS_SCSI_READ_DATA extents with PNFS_SCSI_INVALID_DATA extents PNFS_SCSI_READ_DATA extents with PNFS_SCSI_INVALID_DATA extents
allows copy-on-write processing to be done by pNFS clients. In allows copy-on-write processing to be done by pNFS clients. In
classic NFS, this operation would be done by the server. Since pNFS classic NFS, this operation would be done by the server. Since pNFS
enables clients to do direct block access, it is useful for clients enables clients to do direct block access, it is useful for clients
to participate in copy-on-write operations. All SCSI pNFS clients to participate in copy-on-write operations. All SCSI pNFS clients
MUST support this copy-on-write processing. MUST support this copy-on-write processing.
skipping to change at page 17, line 42 skipping to change at page 18, line 25
an area of a layout, the client MUST effectively copy the data from an area of a layout, the client MUST effectively copy the data from
the PNFS_SCSI_READ_DATA extent for any partial blocks of the PNFS_SCSI_READ_DATA extent for any partial blocks of
se_file_offset and range, merge in the changes to be written, and se_file_offset and range, merge in the changes to be written, and
write the result to the PNFS_SCSI_INVALID_DATA extent for the blocks write the result to the PNFS_SCSI_INVALID_DATA extent for the blocks
for that se_file_offset and range. That is, if entire blocks of data for that se_file_offset and range. That is, if entire blocks of data
are to be overwritten by an operation, the corresponding are to be overwritten by an operation, the corresponding
PNFS_SCSI_READ_DATA blocks need not be fetched, but any partial- PNFS_SCSI_READ_DATA blocks need not be fetched, but any partial-
block writes MUST be merged with data fetched via PNFS_SCSI_READ_DATA block writes MUST be merged with data fetched via PNFS_SCSI_READ_DATA
extents before storing the result via PNFS_SCSI_INVALID_DATA extents. extents before storing the result via PNFS_SCSI_INVALID_DATA extents.
For the purposes of this discussion, "entire blocks" and "partial For the purposes of this discussion, "entire blocks" and "partial
blocks" refer to the server's file-system block size. Storing of blocks" refer to the block size of the server's file system. Storing
data in a PNFS_SCSI_INVALID_DATA extent converts the written portion of data in a PNFS_SCSI_INVALID_DATA extent converts the written
of the PNFS_SCSI_INVALID_DATA extent to a PNFS_SCSI_READ_WRITE_DATA portion of the PNFS_SCSI_INVALID_DATA extent to a
extent; all subsequent reads MUST be performed from this extent; the PNFS_SCSI_READ_WRITE_DATA extent; all subsequent reads MUST be
corresponding portion of the PNFS_SCSI_READ_DATA extent MUST NOT be performed from this extent; the corresponding portion of the
used after storing data in a PNFS_SCSI_INVALID_DATA extent. If a PNFS_SCSI_READ_DATA extent MUST NOT be used after storing data in a
client writes only a portion of an extent, the extent MAY be split at PNFS_SCSI_INVALID_DATA extent. If a client writes only a portion of
block aligned boundaries. an extent, the extent MAY be split at block-aligned boundaries.
When a client wishes to write data to a PNFS_SCSI_INVALID_DATA extent When a client wishes to write data to a PNFS_SCSI_INVALID_DATA extent
that is not covered by a PNFS_SCSI_READ_DATA extent, it MUST treat that is not covered by a PNFS_SCSI_READ_DATA extent, it MUST treat
this write identically to a write to a file not involved with copy- this write identically to a write to a file not involved with copy-
on-write semantics. Thus, data MUST be written in at least block- on-write semantics. Thus, data MUST be written in at least block-
sized increments, aligned to multiples of block-sized offsets, and sized increments and aligned to multiples of block-sized offsets, and
unwritten portions of blocks MUST be zero filled. unwritten portions of blocks MUST be zero filled.
2.4.6. Extents are Permissions 2.4.6. Extents Are Permissions
Layout extents returned to pNFS clients grant permission to read or Layout extents returned to pNFS clients grant permission to read or
write; PNFS_SCSI_READ_DATA and PNFS_SCSI_NONE_DATA are read-only write; PNFS_SCSI_READ_DATA and PNFS_SCSI_NONE_DATA are read-only
(PNFS_SCSI_NONE_DATA reads as zeroes), PNFS_SCSI_READ_WRITE_DATA and (PNFS_SCSI_NONE_DATA reads as zeros), and PNFS_SCSI_READ_WRITE_DATA
PNFS_SCSI_INVALID_DATA are read/write, (PNFS_SCSI_INVALID_DATA reads and PNFS_SCSI_INVALID_DATA are read-write (PNFS_SCSI_INVALID_DATA
as zeros, any write converts it to PNFS_SCSI_READ_WRITE_DATA). This reads as zeros; any write converts it to PNFS_SCSI_READ_WRITE_DATA).
is the only means a client has of obtaining permission to perform This is the only means a client has of obtaining permission to
direct I/O to storage devices; a pNFS client MUST NOT perform direct perform direct I/O to storage devices; a pNFS client MUST NOT perform
I/O operations that are not permitted by an extent held by the direct I/O operations that are not permitted by an extent held by the
client. Client adherence to this rule places the pNFS server in client. Client adherence to this rule places the pNFS server in
control of potentially conflicting storage device operations, control of potentially conflicting storage device operations,
enabling the server to determine what does conflict and how to avoid enabling the server to determine what does conflict and how to avoid
conflicts by granting and recalling extents to/from clients. conflicts by granting and recalling extents to/from clients.
If a client makes a layout request that conflicts with an existing If a client makes a layout request that conflicts with an existing
layout delegation, the request will be rejected with the error layout delegation, the request will be rejected with the error
NFS4ERR_LAYOUTTRYLATER. This client is then expected to retry the NFS4ERR_LAYOUTTRYLATER. This client is then expected to retry the
request after a short interval. During this interval, the server request after a short interval. During this interval, the server
SHOULD recall the conflicting portion of the layout delegation from SHOULD recall the conflicting portion of the layout delegation from
skipping to change at page 18, line 49 skipping to change at page 19, line 33
certain age. certain age.
NFSv4 supports mandatory locks and share reservations. These are NFSv4 supports mandatory locks and share reservations. These are
mechanisms that clients can use to restrict the set of I/O operations mechanisms that clients can use to restrict the set of I/O operations
that are permissible to other clients. Since all I/O operations that are permissible to other clients. Since all I/O operations
ultimately arrive at the NFSv4 server for processing, the server is ultimately arrive at the NFSv4 server for processing, the server is
in a position to enforce these restrictions. However, with pNFS in a position to enforce these restrictions. However, with pNFS
layouts, I/Os will be issued from the clients that hold the layouts layouts, I/Os will be issued from the clients that hold the layouts
directly to the storage devices that host the data. These devices directly to the storage devices that host the data. These devices
have no knowledge of files, mandatory locks, or share reservations, have no knowledge of files, mandatory locks, or share reservations,
and are not in a position to enforce such restrictions. For this and they are not in a position to enforce such restrictions. For
reason the NFSv4 server MUST NOT grant layouts that conflict with this reason, the NFSv4 server MUST NOT grant layouts that conflict
mandatory locks or share reservations. Further, if a conflicting with mandatory locks or share reservations. Further, if a
mandatory lock request or a conflicting open request arrives at the conflicting mandatory lock request or a conflicting OPEN request
server, the server MUST recall the part of the layout in conflict arrives at the server, the server MUST recall the part of the layout
with the request before granting the request. in conflict with the request before granting the request.
2.4.7. Partial-Block Updates 2.4.7. Partial-Block Updates
SCSI storage devices do not provide byte granularity access and can SCSI storage devices do not provide byte granularity access and can
only perform read and write operations atomically on a block only perform read and write operations atomically on a block
granularity. WRITES to SCSI storage devices thus require read- granularity. Writes to SCSI storage devices thus require read-
modify-write cycles to write data smaller than the block size or modify-write cycles to write data that is smaller than the block size
which is otherwise not block-aligned. Write operations from multiple or that is otherwise not block aligned. Write operations from
clients to the same block can thus lead to data corruption even if multiple clients to the same block can thus lead to data corruption
the byte range written by the applications does not overlap. When even if the byte range written by the applications does not overlap.
there are multiple clients who wish to access the same block, a pNFS When there are multiple clients who wish to access the same block, a
server MUST avoid these conflicts by implementing a concurrency pNFS server MUST avoid these conflicts by implementing a concurrency
control policy of single writer XOR multiple readers for a given data control policy of single writer XOR multiple readers for a given data
block. block.
2.4.8. End-of-file Processing 2.4.8. End-of-File Processing
The end-of-file location can be changed in two ways: implicitly as The end-of-file location can be changed in two ways: implicitly as
the result of a WRITE or LAYOUTCOMMIT beyond the current end-of-file, the result of a WRITE or LAYOUTCOMMIT beyond the current end of file
or explicitly as the result of a SETATTR request. Typically, when a or explicitly as the result of a SETATTR request. Typically, when a
file is truncated by an NFSv4 client via the SETATTR call, the server file is truncated by an NFSv4 client via the SETATTR call, the server
frees any disk blocks belonging to the file that are beyond the new frees any disk blocks belonging to the file that are beyond the new
end-of-file byte, and MUST write zeros to the portion of the new end- end-of-file byte and MUST write zeros to the portion of the new end-
of-file block beyond the new end-of-file byte. These actions render of-file block beyond the new end-of-file byte. These actions render
any pNFS layouts that refer to the blocks that are freed or written semantically invalid any pNFS layouts that refer to the blocks that
semantically invalid. Therefore, the server MUST recall from clients are freed or written. Therefore, the server MUST recall from clients
the portions of any pNFS layouts that refer to blocks that will be the portions of any pNFS layouts that refer to blocks that will be
freed or written by the server before effecting the file truncation. freed or written by the server before effecting the file truncation.
These recalls may take time to complete; as explained in [RFC5661], These recalls may take time to complete; as explained in [RFC5661],
if the server cannot respond to the client SETATTR request in a if the server cannot respond to the client SETATTR request in a
reasonable amount of time, it SHOULD reply to the client with the reasonable amount of time, it SHOULD reply to the client with the
error NFS4ERR_DELAY. error NFS4ERR_DELAY.
Blocks in the PNFS_SCSI_INVALID_DATA state that lie beyond the new Blocks in the PNFS_SCSI_INVALID_DATA state that lie beyond the new
end-of-file block present a special case. The server has reserved end-of-file block present a special case. The server has reserved
these blocks for use by a pNFS client with a writable layout for the these blocks for use by a pNFS client with a writable layout for the
file, but the client has yet to commit the blocks, and they are not file, but the client has yet to commit the blocks, and they are not
yet a part of the file mapping on disk. The server MAY free these yet a part of the file mapping on disk. The server MAY free these
blocks while processing the SETATTR request. If so, the server MUST blocks while processing the SETATTR request. If so, the server MUST
recall any layouts from pNFS clients that refer to the blocks before recall any layouts from pNFS clients that refer to the blocks before
processing the truncate. If the server does not free the processing the truncate. If the server does not free the
PNFS_SCSI_INVALID_DATA blocks while processing the SETATTR request, PNFS_SCSI_INVALID_DATA blocks while processing the SETATTR request,
it need not recall layouts that refer only to the it need not recall layouts that refer only to the
PNFS_SCSI_INVALID_DATA blocks. PNFS_SCSI_INVALID_DATA blocks.
When a file is extended implicitly by a WRITE or LAYOUTCOMMIT beyond When a file is extended implicitly by a WRITE or LAYOUTCOMMIT beyond
the current end-of-file, or extended explicitly by a SETATTR request, the current end of file, or extended explicitly by a SETATTR request,
the server need not recall any portions of any pNFS layouts. the server need not recall any portions of any pNFS layouts.
2.4.9. Layout Hints 2.4.9. Layout Hints
The layout hint attribute specified in [RFC5661] is not supported by The layout hint attribute specified in [RFC5661] is not supported by
the SCSI layout, and the pNFS server MUST reject setting a layout the SCSI layout, and the pNFS server MUST reject setting a layout
hint attribute with a loh_type value of LAYOUT4_SCSI_VOLUME during hint attribute with a loh_type value of LAYOUT4_SCSI_VOLUME during
OPEN or SETATTR operations. On a file system only supporting the OPEN or SETATTR operations. On a file system only supporting the
SCSI layout a server MUST NOT report the layout_hint attribute in the SCSI layout, a server MUST NOT report the layout_hint attribute in
supported_attrs attribute. the supported_attrs attribute.
2.4.10. Client Fencing 2.4.10. Client Fencing
The pNFS SCSI protocol must handle situations in which a system The pNFS SCSI protocol must handle situations in which a system
failure, typically a network connectivity issue, requires the server failure, typically a network connectivity issue, requires the server
to unilaterally revoke extents from a client after the client fails to unilaterally revoke extents from a client after the client fails
to respond to a CB_LAYOUTRECALL request. This is implemented by to respond to a CB_LAYOUTRECALL request. This is implemented by
fencing off a non-responding client from access to the storage fencing off a non-responding client from access to the storage
device. device.
The pNFS SCSI protocol implements fencing using Persistent The pNFS SCSI protocol implements fencing using persistent
Reservations (PRs), similar to the fencing method used by existing reservations (PRs), similar to the fencing method used by existing
shared disk file systems. By placing a PR of type "Exclusive Access shared disk file systems. By placing a PR of type "Exclusive Access
- Registrants Only" on each SCSI LU exported to pNFS clients the MDS - Registrants Only" on each SCSI LU exported to pNFS clients, the MDS
prevents access from any client that does not have an outstanding prevents access from any client that does not have an outstanding
device ID that gives the client a reservation key to access the LU, device ID that gives the client a reservation key to access the LU
and allows the MDS to revoke access to the logic unit at any time. and allows the MDS to revoke access to the logical unit at any time.
2.4.10.1. PRs - Key Generation 2.4.10.1. PRs -- Key Generation
To allow fencing individual systems, each system MUST use a unique To allow fencing individual systems, each system MUST use a unique
Persistent Reservation key. [SPC4] does not specify a way to persistent reservation key. [SPC4] does not specify a way to
generate keys. This document assigns the burden to generate unique generate keys. This document assigns the burden to generate unique
keys to the MDS, which MUST generate a key for itself before keys to the MDS, which MUST generate a key for itself before
exporting a volume, and a key for each client that accesses SCSI exporting a volume and a key for each client that accesses SCSI
layout volumes. Individuals keys for each volume that a client can layout volumes. Individuals keys for each volume that a client can
access are permitted but not required. access are permitted but not required.
2.4.10.2. PRs - MDS Registration and Reservation 2.4.10.2. PRs -- MDS Registration and Reservation
Before returning a PNFS_SCSI_VOLUME_BASE volume to the client, the Before returning a PNFS_SCSI_VOLUME_BASE volume to the client, the
MDS needs to prepare the volume for fencing using PRs. This is done MDS needs to prepare the volume for fencing using PRs. This is done
by registering the reservation generated for the MDS with the device by registering the reservation generated for the MDS with the device
using the "PERSISTENT RESERVE OUT" command with a service action of using the "PERSISTENT RESERVE OUT" command with a service action of
"REGISTER", followed by a "PERSISTENT RESERVE OUT" command, with a "REGISTER", followed by a "PERSISTENT RESERVE OUT" command with a
service action of "RESERVE" and the type field set to 8h (Exclusive service action of "RESERVE" and the "TYPE" field set to 8h (Exclusive
Access - Registrants Only). To make sure all I_T nexuses (see Access - Registrants Only). To make sure all I_T nexuses (see
section 3.1.45 of [SAM-5]) are registered, the MDS SHOULD set the Section 3.1.45 of [SAM-5]) are registered, the MDS SHOULD set the
"All Target Ports" (ALL_TG_PT) bit when registering the key, or "All Target Ports" (ALL_TG_PT) bit when registering the key or
otherwise ensure the registration is performed for each target port, otherwise ensure the registration is performed for each target port,
and MUST perform registration for each initiator port. and it MUST perform registration for each initiator port.
2.4.10.3. PRs - Client Registration 2.4.10.3. PRs -- Client Registration
Before performing the first I/O to a device returned from a Before performing the first I/O to a device returned from a
GETDEVICEINFO operation the client will register the registration key GETDEVICEINFO operation, the client will register the registration
returned in sbv_pr_key with the storage device by issuing a key returned in sbv_pr_key with the storage device by issuing a
"PERSISTENT RESERVE OUT" command with a service action of REGISTER "PERSISTENT RESERVE OUT" command with a service action of REGISTER
with the "SERVICE ACTION RESERVATION KEY" set to the reservation key with the "SERVICE ACTION RESERVATION KEY" set to the reservation key
returned in sbv_pr_key. To make sure all I_T nexuses are registered, returned in sbv_pr_key. To make sure all I_T nexuses are registered,
the client SHOULD set the "All Target Ports" (ALL_TG_PT) bit when the client SHOULD set the "All Target Ports" (ALL_TG_PT) bit when
registering the key, or otherwise ensure the registration is registering the key or otherwise ensure the registration is performed
performed for each target port, and MUST perform registration for for each target port, and it MUST perform registration for each
each initiator port. initiator port.
When a client stops using a device earlier returned by GETDEVICEINFO When a client stops using a device earlier returned by GETDEVICEINFO,
it MUST unregister the earlier registered key by issuing a it MUST unregister the earlier registered key by issuing a
"PERSISTENT RESERVE OUT" command with a service action of "REGISTER" "PERSISTENT RESERVE OUT" command with a service action of "REGISTER"
with the "RESERVATION KEY" set to the earlier registered reservation with the "RESERVATION KEY" set to the earlier registered reservation
key. key.
2.4.10.4. PRs - Fencing Action 2.4.10.4. PRs -- Fencing Action
In case of a non-responding client the MDS fences the client by In case of a non-responding client, the MDS fences the client by
issuing a "PERSISTENT RESERVE OUT" command with the service action issuing a "PERSISTENT RESERVE OUT" command with the service action
set to "PREEMPT" or "PREEMPT AND ABORT", the reservation key field set to "PREEMPT" or "PREEMPT AND ABORT", the "RESERVATION KEY" field
set to the server's reservation key, the service action reservation set to the server's reservation key, the service action "RESERVATION
key field set to the reservation key associated with the non- KEY" field set to the reservation key associated with the non-
responding client, and the type field set to 8h (Exclusive Access - responding client, and the "TYPE" field set to 8h (Exclusive Access -
Registrants Only). Registrants Only).
After the MDS preempts a client, all client I/O to the LU fails. The After the MDS preempts a client, all client I/O to the LU fails. The
client SHOULD at this point return any layout that refers to the client SHOULD at this point return any layout that refers to the
device ID that points to the LU. Note that the client can device ID that points to the LU. Note that the client can
distinguish I/O errors due to fencing from other errors based on the distinguish I/O errors due to fencing from other errors based on the
"RESERVATION CONFLICT" SCSI status. Refer to [SPC4] for details. "RESERVATION CONFLICT" SCSI status. Refer to [SPC4] for details.
2.4.10.5. Client Recovery After a Fence Action 2.4.10.5. Client Recovery after a Fence Action
A client that detects a "RESERVATION CONFLICT" SCSI status (I/O A client that detects a "RESERVATION CONFLICT" SCSI status (I/O
error) on the storage devices MUST commit all layouts that use the error) on the storage devices MUST commit all layouts that use the
storage device through the MDS, return all outstanding layouts for storage device through the MDS, return all outstanding layouts for
the device, forget the device ID and unregister the reservation key. the device, forget the device ID, and unregister the reservation key.
Future GETDEVICEINFO calls MAY refer to the storage device again, in Future GETDEVICEINFO calls MAY refer to the storage device again, in
which case the client will perform a new registration based on the which case the client will perform a new registration based on the
key provided (via sbv_pr_key) at that time. key provided (via sbv_pr_key) at that time.
2.5. Crash Recovery Issues 2.5. Crash Recovery Issues
A critical requirement in crash recovery is that both the client and A critical requirement in crash recovery is that both the client and
the server know when the other has failed. Additionally, it is the server know when the other has failed. Additionally, it is
required that a client sees a consistent view of data across server required that a client sees a consistent view of data across server
restarts. These requirements and a full discussion of crash recovery restarts. These requirements and a full discussion of crash recovery
issues are covered in the "Crash Recovery" section of the NFSv41 issues are covered in Section 8.4 ("Crash Recovery") of the NFSv4.1
specification [RFC5661]. This document contains additional crash specification [RFC5661]. This document contains additional crash
recovery material specific only to the SCSI layout. recovery material specific only to the SCSI layout.
When the server crashes while the client holds a writable layout, and When the server crashes while the client holds a writable layout, the
the client has written data to blocks covered by the layout, and the client has written data to blocks covered by the layout, and the
blocks are still in the PNFS_SCSI_INVALID_DATA state, the client has blocks are still in the PNFS_SCSI_INVALID_DATA state, the client has
two options for recovery. If the data that has been written to these two options for recovery. If the data that has been written to these
blocks is still cached by the client, the client can simply re-write blocks is still cached by the client, the client can simply re-write
the data via NFSv4, once the server has come back online. However, the data via NFSv4 once the server has come back online. However, if
if the data is no longer in the client's cache, the client MUST NOT the data is no longer in the client's cache, the client MUST NOT
attempt to source the data from the data servers. Instead, it SHOULD attempt to source the data from the data servers. Instead, it SHOULD
attempt to commit the blocks in question to the server during the attempt to commit the blocks in question to the server during the
server's recovery grace period, by sending a LAYOUTCOMMIT with the server's recovery grace period by sending a LAYOUTCOMMIT with the
"loca_reclaim" flag set to true. This process is described in detail "loca_reclaim" flag set to true. This process is described in detail
in Section 18.42.4 of [RFC5661]. in Section 18.42.4 of [RFC5661].
2.6. Recalling Resources: CB_RECALL_ANY 2.6. Recalling Resources: CB_RECALL_ANY
The server MAY decide that it cannot hold all of the state for The server MAY decide that it cannot hold all of the state for
layouts without running out of resources. In such a case, it is free layouts without running out of resources. In such a case, it is free
to recall individual layouts using CB_LAYOUTRECALL to reduce the to recall individual layouts using CB_LAYOUTRECALL to reduce the
load, or it MAY choose to request that the client return any layout. load, or it MAY choose to request that the client return any layout.
The NFSv4.1 spec [RFC5661] defines the following types: The NFSv4.1 specification [RFC5661] defines the following types:
const RCA4_TYPE_MASK_BLK_LAYOUT = 4; const RCA4_TYPE_MASK_BLK_LAYOUT = 4;
struct CB_RECALL_ANY4args { struct CB_RECALL_ANY4args {
uint32_t craa_objects_to_keep; uint32_t craa_objects_to_keep;
bitmap4 craa_type_mask; bitmap4 craa_type_mask;
}; };
When the server sends a CB_RECALL_ANY request to a client specifying When the server sends a CB_RECALL_ANY request to a client specifying
the RCA4_TYPE_MASK_BLK_LAYOUT bit in craa_type_mask, the client the RCA4_TYPE_MASK_BLK_LAYOUT bit in craa_type_mask, the client
SHOULD immediately respond with NFS4_OK, and then asynchronously SHOULD immediately respond with NFS4_OK and then asynchronously
return complete file layouts until the number of files with layouts return complete file layouts until the number of files with layouts
cached on the client is less than craa_object_to_keep. cached on the client is less than craa_object_to_keep.
2.7. Transient and Permanent Errors 2.7. Transient and Permanent Errors
The server may respond to LAYOUTGET with a variety of error statuses. The server may respond to LAYOUTGET with a variety of error statuses.
These errors can convey transient conditions or more permanent These errors can convey transient conditions or more permanent
conditions that are unlikely to be resolved soon. conditions that are unlikely to be resolved soon.
The error NFS4ERR_RECALLCONFLICT indicates that the server has The error NFS4ERR_RECALLCONFLICT indicates that the server has
recently issued a CB_LAYOUTRECALL to the requesting client, making it recently issued a CB_LAYOUTRECALL to the requesting client, making it
necessary for the client to respond to the recall before processing necessary for the client to respond to the recall before processing
the layout request. A client can wait for that recall to be receive the layout request. A client can wait for that recall to be received
and processe or it can retry as for NFS4ERR_TRYLATER, as described and processed, or it can retry as NFS4ERR_TRYLATER, as described
below. below.
The error NFS4ERR_TRYLATER is used to indicate that the server cannot The error NFS4ERR_TRYLATER is used to indicate that the server cannot
immediately grant the layout to the client. This may be due to immediately grant the layout to the client. This may be due to
constraints on writable sharing of blocks by multiple clients or to a constraints on writable sharing of blocks by multiple clients or to a
conflict with a recallable lock (e.g. a delegation). In either case, conflict with a recallable lock (e.g., a delegation). In either
a reasonable approach for the client is to wait several milliseconds case, a reasonable approach for the client is to wait several
and retry the request. The client SHOULD track the number of milliseconds and retry the request. The client SHOULD track the
retries, and if forward progress is not made, the client SHOULD number of retries, and if forward progress is not made, the client
abandon the attempt to get a layout and perform READ and WRITE SHOULD abandon the attempt to get a layout and perform READ and WRITE
operations by sending them to the server operations by sending them to the server.
The error NFS4ERR_LAYOUTUNAVAILABLE MAY be returned by the server if The error NFS4ERR_LAYOUTUNAVAILABLE MAY be returned by the server if
layouts are not supported for the requested file or its containing layouts are not supported for the requested file or its containing
file system. The server MAY also return this error code if the file system. The server MAY also return this error code if the
server is the progress of migrating the file from secondary storage, server is in the process of migrating the file from secondary
there is a conflicting lock that would prevent the layout from being storage, there is a conflicting lock that would prevent the layout
granted, or for any other reason that causes the server to be unable from being granted, or any other reason causes the server to be
to supply the layout. As a result of receiving unable to supply the layout. As a result of receiving
NFS4ERR_LAYOUTUNAVAILABLE, the client SHOULD abandon the attempt to NFS4ERR_LAYOUTUNAVAILABLE, the client SHOULD abandon the attempt to
get a layout and perform READ and WRITE operations by sending them to get a layout and perform READ and WRITE operations by sending them to
the MDS. It is expected that a client will not cache the file's the MDS. It is expected that a client will not cache the file's
layoutunavailable state forever. In particular, when the file is layoutunavailable state forever. In particular, when the file is
closed or opened by the client, issuing a new LAYOUTGET is closed or opened by the client, issuing a new LAYOUTGET is
appropriate. appropriate.
2.8. Volatile write caches 2.8. Volatile Write Caches
Many storage devices implement volatile write caches that require an Many storage devices implement volatile write caches that require an
explicit flush to persist the data from write operations to stable explicit flush to persist the data from write operations to stable
storage. Storage devices implementing [SBC3] should indicate a storage. Storage devices implementing [SBC3] should indicate a
volatile write cache by setting the WCE bit to 1 in the Caching mode volatile write cache by setting the Write Cache Enable (WCE) bit to 1
page. When a volatile write cache is used, the pNFS server MUST in the Caching mode page. When a volatile write cache is used, the
ensure the volatile write cache has been committed to stable storage pNFS server MUST ensure the volatile write cache has been committed
before the LAYOUTCOMMIT operation returns by using one of the to stable storage before the LAYOUTCOMMIT operation returns by using
SYNCHRONIZE CACHE commands. one of the SYNCHRONIZE CACHE commands.
3. Enforcing NFSv4 Semantics 3. Enforcing NFSv4 Semantics
The functionality provided by SCSI Persistent Reservations makes it The functionality provided by SCSI persistent reservations makes it
possible for the MDS to control access by individual client machines possible for the MDS to control access by individual client machines
to specific LUs. Individual client machines may be allowed to or to specific LUs. Individual client machines may be allowed to or
prevented from reading or writing to certain block devices. Finer- prevented from reading or writing to certain block devices. Finer-
grained access control methods are not generally available. grained access control methods are not generally available.
For this reason, certain responsibilities for enforcing NFSv4 For this reason, certain responsibilities for enforcing NFSv4
semantics, including security and locking, are delegated to pNFS semantics, including security and locking, are delegated to pNFS
clients when SCSI layouts are being used. The metadata server's role clients when SCSI layouts are being used. The metadata server's role
is to only grant layouts appropriately and the pNFS clients have to is to only grant layouts appropriately, and the pNFS clients have to
be trusted to only perform accesses allowed by the layout extents be trusted to only perform accesses allowed by the layout extents
they currently hold (e.g., and not access storage for files on which they currently hold (e.g., not access storage for files on which a
a layout extent is not held). In general, the server will not be layout extent is not held). In general, the server will not be able
able to prevent a client that holds a layout for a file from to prevent a client that holds a layout for a file from accessing
accessing parts of the physical disk not covered by the layout. parts of the physical disk not covered by the layout. Similarly, the
Similarly, the server will not be able to prevent a client from server will not be able to prevent a client from accessing blocks
accessing blocks covered by a layout that it has already returned. covered by a layout that it has already returned. The pNFS client
The pNFS client must respect the layout model for this mapping type must respect the layout model for this mapping type to appropriately
to appropriately respect NFSv4 semantics. respect NFSv4 semantics.
Furthermore, there is no way for the storage to determine the Furthermore, there is no way for the storage to determine the
specific NFSv4 entity (principal, openowner, lockowner) on whose specific NFSv4 entity (principal, openowner, lockowner) on whose
behalf the I/O operation is being done. This fact may limit the behalf the I/O operation is being done. This fact may limit the
functionality to be supported and require the pNFS client to functionality to be supported and require the pNFS client to
implement server policies other than those describable by layouts. implement server policies other than those describable by layouts.
In cases in which layouts previously granted become invalid, the In cases in which layouts previously granted become invalid, the
server has the option of recalling them. In situations in which server has the option of recalling them. In situations in which
communication difficulties prevent this from happening, layouts may communication difficulties prevent this from happening, layouts may
be revoked by the server. This revocation is accompanied by changes be revoked by the server. This revocation is accompanied by changes
in persistent reservation which have the effect of preventing SCSI in persistent reservation that have the effect of preventing SCSI
access to the LUs in question by the client. access to the LUs in question by the client.
3.1. Use of Open Stateids 3.1. Use of Open Stateids
The effective implementation of these NFSv4 semantic constraints is The effective implementation of these NFSv4 semantic constraints is
complicated by the different granularities of the actors for the complicated by the different granularities of the actors for the
different types of the functionality to be enforced: different types of the functionality to be enforced:
o To enforce security constraints for particular principals. o To enforce security constraints for particular principals.
o To enforce locking constraints for particular owners (openowners o To enforce locking constraints for particular owners (openowners
and lockowners) and lockowners).
Fundamental to enforcing both of these sorts of constraints is the Fundamental to enforcing both of these sorts of constraints is the
principle that a pNFS client must not issue a SCSI I/O operation principle that a pNFS client must not issue a SCSI I/O operation
unless it possesses both: unless it possesses both:
o A valid open stateid for the file in question, performing the I/O o A valid open stateid for the file in question, performing the I/O
that allows I/O of the type in question, which is associated with that allows I/O of the type in question, which is associated with
the openowner and principal on whose behalf the I/O is to be done. the openowner and principal on whose behalf the I/O is to be done.
o A valid layout stateid for the file in question that covers the o A valid layout stateid for the file in question that covers the
skipping to change at page 25, line 29 skipping to change at page 26, line 16
of administrative revocation, the server MUST recall all layouts that of administrative revocation, the server MUST recall all layouts that
allow I/O to be done on any of the files for which open revocation allow I/O to be done on any of the files for which open revocation
happens. When there is a failure to successfully return those happens. When there is a failure to successfully return those
layouts, the client MUST be fenced. layouts, the client MUST be fenced.
3.2. Enforcing Security Restrictions 3.2. Enforcing Security Restrictions
The restriction noted above provides adequate enforcement of The restriction noted above provides adequate enforcement of
appropriate security restriction when the principal issuing the I/O appropriate security restriction when the principal issuing the I/O
is the same as that opening the file. The server is responsible for is the same as that opening the file. The server is responsible for
checking that the I/O mode requested by the open is allowed for the checking that the I/O mode requested by the OPEN is allowed for the
principal doing the OPEN. If the correct sort of I/O is done on principal doing the OPEN. If the correct sort of I/O is done on
behalf of the same principal, then the security restriction is behalf of the same principal, then the security restriction is
thereby enforced. thereby enforced.
If I/O is done by a principal different from the one that opened the If I/O is done by a principal different from the one that opened the
file, the client SHOULD send the I/O to be performed by the metadata file, the client SHOULD send the I/O to be performed by the metadata
server rather than doing it directly to the storage device. server rather than doing it directly to the storage device.
3.3. Enforcing Locking Restrictions 3.3. Enforcing Locking Restrictions
Mandatory enforcement of whole-file locking by means of share Mandatory enforcement of whole-file locking by means of share
reservations is provided when the pNFS client obeys the requirement reservations is provided when the pNFS client obeys the requirement
set forth in Section 3.1 above. Since performing I/O requires a set forth in Section 3.1. Since performing I/O requires a valid open
valid open stateid an I/O that violates an existing share reservation stateid, an I/O that violates an existing share reservation would
would only be possible when the server allows conflicting open only be possible when the server allows conflicting open stateids to
stateids to exist. exist.
The nature of the SCSI layout type is such implementation/enforcement The nature of the SCSI layout type is that such implementation/
of mandatory byte-range locks is very difficult. Given that layouts enforcement of mandatory byte-range locks is very difficult. Given
are granted to clients rather than owners, the pNFS client is in no that layouts are granted to clients rather than owners, the pNFS
position to successfully arbitrate among multiple lockowners on the client is in no position to successfully arbitrate among multiple
same client. Suppose lockowner A is doing a write and, while the I/O lockowners on the same client. Suppose lockowner A is doing a write
is pending, lockowner B requests a mandatory byte-range for a byte and, while the I/O is pending, lockowner B requests a mandatory byte-
range potentially overlapping the pending I/O. In such a situation, range lock for a byte range potentially overlapping the pending I/O.
the lock request cannot be granted while the I/O is pending. In a In such a situation, the lock request cannot be granted while the I/O
non-pNFS environment, the server would have to wait for pending I/O is pending. In a non-pNFS environment, the server would have to wait
before granting the mandatory byte-range lock. In the pNFS for pending I/O before granting the mandatory byte-range lock. In
environment the server does not issue the I/O and is thus in no the pNFS environment, the server does not issue the I/O and is thus
position to wait for its completion. The server may recall such in no position to wait for its completion. The server may recall
layouts but in doing so, it has no way of distinguishing those being such layouts, but in doing so, it has no way of distinguishing those
used by lockowners A and B, making it difficult to allow B to perform being used by lockowners A and B, making it difficult to allow B to
I/O while forbidding A from doing so. Given this fact, the MDS need perform I/O while forbidding A from doing so. Given this fact, the
to successfully recall all layouts that overlap the range being MDS need to successfully recall all layouts that overlap the range
locked before returning a successful response to the LOCK request. being locked before returning a successful response to the LOCK
While the lock is in effect, the server SHOULD respond to requests request. While the lock is in effect, the server SHOULD respond to
for layouts which overlap a currently locked area with requests for layouts that overlap a currently locked area with
NFS4ERR_LAYOUTUNAVAILABLE. To simplify the required logic a server NFS4ERR_LAYOUTUNAVAILABLE. To simplify the required logic, a server
MAY do this for all layout requests on the file in question as long MAY do this for all layout requests on the file in question as long
as there are any byte-range locks in effect. as there are any byte-range locks in effect.
Given these difficulties it may be difficult for servers supporting Given these difficulties, it may be difficult for servers supporting
mandatory byte-range locks to also support SCSI layouts. Servers can mandatory byte-range locks to also support SCSI layouts. Servers can
support advisory byte-range locks instead. The NFSv4 protocol support advisory byte-range locks instead. The NFSv4 protocol
currently has no way of determining whether byte-range lock support currently has no way of determining whether byte-range lock support
on a particular file system will be mandatory or advisory, except by on a particular file system will be mandatory or advisory, except by
trying operation which would conflict if mandatory locking is in trying operation, which would conflict if mandatory locking is in
effect. Therefore, to avoid confusion, servers SHOULD NOT switch effect. Therefore, to avoid confusion, servers SHOULD NOT switch
between mandatory and advisory byte-range locking based on whether between mandatory and advisory byte-range locking based on whether
any SCSI layouts have been obtained or whether a client that has any SCSI layouts have been obtained or whether a client that has
obtained a SCSI layout has requested a byte-range lock. obtained a SCSI layout has requested a byte-range lock.
4. Security Considerations 4. Security Considerations
Access to SCSI storage devices is logically at a lower layer of the Access to SCSI storage devices is logically at a lower layer of the
I/O stack than NFSv4, and hence NFSv4 security is not directly I/O stack than NFSv4; hence, NFSv4 security is not directly
applicable to protocols that access such storage directly. Depending applicable to protocols that access such storage directly. Depending
on the protocol, some of the security mechanisms provided by NFSv4 on the protocol, some of the security mechanisms provided by NFSv4
(e.g., encryption, cryptographic integrity) may not be available or (e.g., encryption and cryptographic integrity) may not be available
may be provided via different means. At one extreme, pNFS with SCSI or may be provided via different means. At one extreme, pNFS with
layouts can be used with storage access protocols (e.g., serial SCSI layouts can be used with storage access protocols (e.g., Serial
attached SCSI ([SAS3]) that provide essentially no security Attached SCSI [SAS3]) that provide essentially no security
functionality. At the other extreme, pNFS may be used with storage functionality. At the other extreme, pNFS may be used with storage
protocols such as iSCSI ([RFC7143]) that can provide significant protocols such as iSCSI [RFC7143] that can provide significant
security functionality. It is the responsibility of those security functionality. It is the responsibility of those
administering and deploying pNFS with a SCSI storage access protocol administering and deploying pNFS with a SCSI storage access protocol
to ensure that appropriate protection is provided to that protocol to ensure that appropriate protection is provided to that protocol
(physical security is a common means for protocols not based on IP). (physical security is a common means for protocols not based on IP).
In environments where the security requirements for the storage In environments where the security requirements for the storage
protocol cannot be met, pNFS SCSI layouts SHOULD NOT be used. protocol cannot be met, pNFS SCSI layouts SHOULD NOT be used.
When using IP-based storage protocols such as iSCSI, IPSEC should be When using IP-based storage protocols such as iSCSI, IPsec should be
used as outlined in [RFC3723] and updated in [RFC7146]. used as outlined in [RFC3723] and updated in [RFC7146].
When security is available for a storage protocol, it is generally at When security is available for a storage protocol, it is generally at
a different granularity and with a different notion of identity than a different granularity and with a different notion of identity than
NFSv4 (e.g., NFSv4 controls user access to files, iSCSI controls NFSv4 (e.g., NFSv4 controls user access to files, and iSCSI controls
initiator access to volumes). The responsibility for enforcing initiator access to volumes). The responsibility for enforcing
appropriate correspondences between these security layers is placed appropriate correspondences between these security layers is placed
upon the pNFS client. As with the issues in the first paragraph of upon the pNFS client. As with the issues in the first paragraph of
this section, in environments where the security requirements are this section, in environments where the security requirements are
such that client-side protection from access to storage outside of such that client-side protection from access to storage outside of
the layout is not sufficient, pNFS SCSI layouts SHOULD NOT be used. the layout is not sufficient, pNFS SCSI layouts SHOULD NOT be used.
5. IANA Considerations 5. IANA Considerations
IANA is requested to assign a new pNFS layout type in the pNFS Layout IANA has assigned a new pNFS layout type in the "pNFS Layout Types
Types Registry as follows (the value 5 is suggested): Layout Type Registry" as follows:
Name: LAYOUT4_SCSI Value: 0x00000005 RFC: RFCTBD10 How: L (new layout
type) Minor Versions: 1 Layout Type Name: LAYOUT4_SCSI
Value: 0x00000005
RFC: RFC 8154
How: L
Minor Versions: 1
6. Normative References 6. Normative References
[LEGAL] IETF Trust, "Legal Provisions Relating to IETF Documents", [LEGAL] IETF Trust, "Legal Provisions Relating to IETF Documents",
November 2008, <http://trustee.ietf.org/docs/ March 2015, <http://trustee.ietf.org/docs/
IETF-Trust-License-Policy.pdf>. IETF-Trust-License-Policy.pdf>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", March 1997. Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC3723] Aboba, B., Tseng, J., Walker, J., Rangan, V., and F. [RFC3723] Aboba, B., Tseng, J., Walker, J., Rangan, V., and F.
Travostino, "Securing Block Storage Protocols over IP", Travostino, "Securing Block Storage Protocols over IP",
RFC 3723, Apr 2004. RFC 3723, DOI 10.17487/RFC3723, April 2004,
<http://www.rfc-editor.org/info/rfc3723>.
[RFC4506] Eisler, M., "XDR: External Data Representation Standard", [RFC4506] Eisler, M., Ed., "XDR: External Data Representation
STD 67, RFC 4506, May 2006. Standard", STD 67, RFC 4506, DOI 10.17487/RFC4506, May
2006, <http://www.rfc-editor.org/info/rfc4506>.
[RFC5661] Shepler, S., Ed., Eisler, M., Ed., and D. Noveck, Ed., [RFC5661] Shepler, S., Ed., Eisler, M., Ed., and D. Noveck, Ed.,
"Network File System (NFS) Version 4 Minor Version 1 "Network File System (NFS) Version 4 Minor Version 1
Protocol", RFC 5661, January 2010. Protocol", RFC 5661, DOI 10.17487/RFC5661, January 2010,
<http://www.rfc-editor.org/info/rfc5661>.
[RFC5662] Shepler, S., Ed., Eisler, M., Ed., and D. Noveck, Ed., [RFC5662] Shepler, S., Ed., Eisler, M., Ed., and D. Noveck, Ed.,
"Network File System (NFS) Version 4 Minor Version 1 "Network File System (NFS) Version 4 Minor Version 1
External Data Representation Standard (XDR) Description", External Data Representation Standard (XDR) Description",
RFC 5662, January 2010. RFC 5662, DOI 10.17487/RFC5662, January 2010,
<http://www.rfc-editor.org/info/rfc5662>.
[RFC5663] Black, D., Ed., Fridella, S., Ed., and J. Glasgow, Ed., [RFC5663] Black, D., Fridella, S., and J. Glasgow, "Parallel NFS
"Parallel NFS (pNFS) Block/Volume Layout", RFC 5663, (pNFS) Block/Volume Layout", RFC 5663,
January 2010. DOI 10.17487/RFC5663, January 2010,
<http://www.rfc-editor.org/info/rfc5663>.
[RFC6688] Black, D., Ed., Glasgow, J., and S. Faibish, "Parallel NFS [RFC6688] Black, D., Ed., Glasgow, J., and S. Faibish, "Parallel NFS
(pNFS) Block Disk Protection", RFC 6688, July 2012. (pNFS) Block Disk Protection", RFC 6688,
DOI 10.17487/RFC6688, July 2012,
<http://www.rfc-editor.org/info/rfc6688>.
[RFC7143] Chadalapaka, M., Meth, K., and D. Black, "Internet Small [RFC7143] Chadalapaka, M., Satran, J., Meth, K., and D. Black,
Computer System Interface (iSCSI) Protocol "Internet Small Computer System Interface (iSCSI) Protocol
(Consolidated)", RFC RFC7143, April 2014. (Consolidated)", RFC 7143, DOI 10.17487/RFC7143, April
2014, <http://www.rfc-editor.org/info/rfc7143>.
[RFC7146] Black, D. and P. Koning, "Securing Block Storage Protocols [RFC7146] Black, D. and P. Koning, "Securing Block Storage Protocols
over IP: RFC 3723 Requirements Update for IPsec v3", RFC over IP: RFC 3723 Requirements Update for IPsec v3",
RFC7146, April 2014. RFC 7146, DOI 10.17487/RFC7146, April 2014,
<http://www.rfc-editor.org/info/rfc7146>.
[SAM-5] INCITS Technical Committee T10, "SCSI Architecture Model - [SAM-5] INCITS Technical Committee T10, "Information Technology -
5 (SAM-5)", ANSI INCITS 515-2016, 2016. SCSI Architecture Model - 5 (SAM-5)", ANSI
INCITS 515-2016, 2016.
[SAS3] INCITS Technical Committee T10, "Serial Attached Scsi-3", [SAS3] INCITS Technical Committee T10, "Information technology -
ANSI INCITS ANSI INCITS 519-2014, ISO/IEC 14776-154, 2014. Serial Attached SCSI-3 (SAS-3)", ANSI INCITS 519-2014,
ISO/IEC 14776-154, 2014.
[SBC3] INCITS Technical Committee T10, "SCSI Block Commands-3", [SBC3] INCITS Technical Committee T10, "Information Technology -
ANSI INCITS INCITS 514-2014, ISO/IEC 14776-323, 2014. SCSI Block Commands - 3 (SBC-3)", ANSI INCITS 514-2014,
ISO/IEC 14776-323, 2014.
[SPC4] INCITS Technical Committee T10, "SCSI Primary Commands-4", [SPC4] INCITS Technical Committee T10, "Information Technology -
ANSI INCITS 513-2015, 2015. SCSI Primary Commands - 4 (SPC-4)", ANSI INCITS 513-2015,
2015.
Appendix A. Acknowledgments Acknowledgments
Large parts of this document were copied verbatim, and others were Large parts of this document were copied verbatim from [RFC5663], and
inspired by [RFC5663]. Thank to David Black, Stephen Fridella and some parts were inspired by it. Thank to David Black, Stephen
Jason Glasgow for their work on the pNFS block/volume layout Fridella, and Jason Glasgow for their work on the pNFS block/volume
protocol. layout protocol.
David Black, Robert Elliott and Tom Haynes provided a throughout David Black, Robert Elliott, and Tom Haynes provided a thorough
review of drafts of this document, and their input led to the current review of drafts of this document, and their input led to the current
form of the document. form of the document.
David Noveck provided ample feedback to various drafts of this David Noveck provided ample feedback to various drafts of this
document, wrote the section on enforcing NFSv4 semantics and rewrote document, wrote the section on enforcing NFSv4 semantics, and rewrote
various sections to better catch the intent. various sections to better catch the intent.
Appendix B. RFC Editor Notes
[RFC Editor: please remove this section prior to publishing this
document as an RFC]
[RFC Editor: prior to publishing this document as an RFC, please
replace all occurrences of RFCTBD10 with RFCxxxx where xxxx is the
RFC number of this document]
[RFC Editor: This draft has a normative dependence on SAM-5, whose
publication as a standard is in progress. Publication of this draft
as an RFC has to wait for publication of SAM-5 including availability
of a reference to the published standard. The author will be able to
advise the RFC Editor when SAM-5 is published and supply the
necessary reference.]
Author's Address Author's Address
Christoph Hellwig Christoph Hellwig
Email: hch@lst.de Email: hch@lst.de
 End of changes. 168 change blocks. 
613 lines changed or deleted 611 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/