Network File System (NFS) Upper-Layer Binding To RPC-Over-RDMA Version 2
Oracle CorporationUnited States of Americachuck.lever@oracle.com
Transport
Network File System Version 4NFS-Over-RDMA
This document specifies Upper-Layer Bindings of Network File System (NFS) protocol versions to RPC-over-RDMA version 2.
The RPC-over-RDMA version 2 transport may
employ direct data placement to convey data payloads
associated with RPC transactions
.
RPC client and server implementations
using RPC-over-RDMA version 2 must agree
which XDR data items
and
RPC procedures
are eligible to use direct data placement (DDP)
to enable successful interoperation.
An Upper-Layer Binding specifies this agreement
for one or more versions of one RPC program.
Other operational details, such as
RPC binding assignments,
pairing Write chunks with result data items,
and reply size estimation,
are also specified by this Binding.
This document contains material required of Upper-Layer Bindings,
as specified in
,
for the following NFS protocol versions:
NFS version 2
NFS version 3
NFS version 4.0
NFS version 4.1
NFS version 4.2
The current document also provides Upper-Layer Bindings
for auxiliary protocols used with NFS versions 2 and 3 (see
).
This document assumes the reader is already familiar
with concepts and terminology defined in
and the documents it references.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted
as described in BCP 14
when, and only when, they appear in all capitals, as shown here.
During the construction of each RPC Call message,
a Requester is responsible for allocating appropriate resources
for receiving the corresponding Reply message.
If the Requester expects that the RPC Reply message
could be larger than its inline threshold,
it MAY provide
Write chunks wherein the Responder can place results
and
Reply chunks wherein the Responder can place the reply's Payload stream.
The Upper-Layer Binding specification in this section
applies to NFS version 2
and
NFS version 3
.
For brevity, in this document, a "Legacy NFS client"
refers to an NFS client using version 2 or version 3
of the NFS RPC program (100003) to communicate with an NFS server.
Likewise, a "Legacy NFS server" is an NFS server
communicating with clients using NFS version 2 or NFS version 3.
The following XDR data items in NFS versions 2 and 3 are DDP-eligible:
The opaque file data argument in the NFS WRITE procedure
The pathname argument in the NFS SYMLINK procedure
The opaque file data result in the NFS READ procedure
The pathname result in the NFS READLINK procedure
All other argument or result data items in NFS versions 2 and 3 are not DDP-eligible.
A transport error does not indicate
whether the server has processed the arguments of the RPC Call,
or whether the server has accessed or modified client memory associated with that RPC.
A Legacy NFS client determines the maximum reply size
for each operation using the criteria outlined in
.
Legacy NFS servers traditionally
listen for clients on UDP and TCP port 2049.
Additionally, they register these ports with a local portmapper service
.
A Legacy NFS server supporting RPC-over-RDMA version 2
on such a network and registering itself with the RPC portmapper MAY choose an arbitrary port,
or
MAY use the alternative well-known port number for its RPC-over-RDMA service
(see
).
The chosen port MAY be registered with the RPC portmapper
using the netids assigned in
.
Legacy NFS client implementations often rely on
a transport-layer keep-alive mechanism to detect
when a legacy server has become unresponsive.
When an NFS server is no longer responsive,
client-side keep-alive terminates the connection,
which in turn triggers reconnection and RPC retransmission.
Some RDMA transports (such as the Reliable Connected QP type on InfiniBand)
have no keep-alive mechanism.
Without a disconnect or new RPC traffic,
such connections can remain alive
long after an NFS server has become unresponsive or unreachable.
Once an NFS client has consumed all available RPC-over-RDMA version 2 credits
on that transport connection,
it awaits a reply indefinitely before sending another RPC request.
Legacy NFS clients SHOULD reserve one RPC-over-RDMA version 2 credit
to use for periodic server or connection health assessment.
Either peer can use this credit
to drive an RPC request on an otherwise idle connection,
triggering either an affirmative server response or a connection termination.
Legacy NFS servers can employ request replay detection
to reduce the risk of data corruption
that could result when a client retransmits a request.
A legacy NFS server can choose to send a cached response
when a replay is detected,
rather than executing the request again.
Replay detection is not perfect, but it is usually adequate.
For legacy NFS servers, replay detection commonly utilizes
heuristic indicators such as
the IP address of the NFS client,
the source port of the connection,
the transaction ID of the request,
and
the contents of the request's RPC and upper-layer protocol headers.
In short, replay detection is typically based
on a connection tuple and the request's XID.
A legacy NFS client is careful to re-use the same source port,
if practical, when reconnecting so that
legacy NFS servers are better able to detect retransmissions.
However, a legacy NFS client operating over an RDMA transport
has no control over connection source ports.
It is almost certain that
an RPC request that is retransmitted on a new connection
can never be detected as a replay
if the legacy NFS server includes the connection source port
in its replay detection heuristics.
Therefore a legacy NFS server using an RDMA transport
should never use a legacy NFS client connection's source port
as part of RPC request replay detection.
Storage administrators typically deploy
NFS versions 2 and 3 with several other protocols,
sometimes referred to as "NFS auxiliary protocols."
These are distinct RPC programs that define procedures
that are not part of the NFS RPC program (100003).
The Upper-Layer Bindings in this section apply to:
Versions 2 and 3 of the MOUNT RPC program (100005)
Versions 1, 3, and 4 of the NLM RPC program (100021)
Version 1 of the NSM RPC program (100024),
described in Chapter 11 of
Version 1 of the NFSACL RPC program (100227),
which does not have a public definition.
NFSACL is treated in this document as a de facto standard,
as there are several interoperating implementations.
Historically, NFS/RDMA implementations have chosen to convey
the MOUNT, NLM, and NSM protocols via TCP.
A legacy NFS server implementation MUST provide support for these protocols via TCP
to enable interoperation of these protocols when NFS/RDMA is in use.
Often legacy clients and servers that
support the NFSACL RPC program convey NFSACL procedures
on the same connection as the NFS RPC program (100003).
Utilizing the same connection obviates the need
for separate rpcbind queries to discover server support for this RPC program.
ACLs are typically small,
but even large ACLs must be encoded and decoded to some degree.
Thus no data item in this Upper-Layer Protocol is DDP-eligible.
For procedures whose replies do not include an ACL object,
the size of a reply is determined directly from the NFSACL RPC program's XDR definition.
Legacy client implementations should choose a maximum size
for ACLs based on internal limits.
The Upper-Layer Binding specification in this section
applies to versions of the NFS RPC program
defined in NFS version 4.0
NFS version 4.1
and
NFS version 4.2
.
Only the following XDR data items in the COMPOUND procedure
of all NFS version 4 minor versions are DDP-eligible:
The opaque data field in the WRITE4args structure
The linkdata field of the NF4LNK arm in the createtype4 union
The opaque data field in the READ4resok structure
The linkdata field in the READLINK4resok structure
Within NFS version 4, there are certain variable-length result data items
whose maximum size cannot be estimated by clients reliably
because there is no protocol-specified size limit on these result arrays.
These include:
The attrlist4 field
Fields containing ACLs such as
fattr4_acl,
fattr4_dacl,
and
fattr4_sacl
Fields in the fs_locations4 and fs_locations_info4 data structures
Fields which pertain to pNFS layout metadata,
such as
loc_body,
loh_body,
da_addr_body,
lou_body,
lrf_body,
fattr_layout_types,
and
fs_layout_types
The NFS version 4.0 protocol itself
does not impose any bound on the size of NFS calls or responses.
Some of the data items enumerated in
(in particular, the items related to ACLs and fs_locations)
make it difficult to predict the maximum size of NFS version 4.0 replies
that interrogate variable-length fattr4 attributes.
Client implementations might rely upon internal architectural limits
to constrain the reply size,
but such limits are not always guaranteed to be reliable.
When an NFS version 4.0 client expects an especially sizeable fattr4 result,
it can provide a Reply chunk to enable that server to return that result
via explicit RDMA.
An NFS version 4.0 client can use short Reply chunk retry
when an NFS COMPOUND containing a GETATTR operation
encounters a transport error.
In NFS version 4.1 and newer minor versions,
the csa_fore_chan_attrs argument of the CREATE_SESSION operation
contains a ca_maxresponsesize field.
The value in this field can be taken
as the absolute maximum size of replies
generated by an NFS version 4.1 server.
A client can use this value in cases where it is not possible
to estimate a reply size upper bound precisely.
In practice, objects such as
ACLs,
named attributes,
layout bodies,
and
security labels
are much smaller than this maximum.
NFS version 4 servers are required to listen on TCP port 2049,
and they are not required to register with a rpcbind service
.
Therefore, an NFS version 4 server supporting RPC-over-RDMA version 2
MUST use the alternative well-known port number
for its RPC-over-RDMA service (see
Clients SHOULD connect to this well-known port
without consulting the RPC portmapper (as for NFS version 4 on TCP transports).
An NFS version 4 COMPOUND procedure can contain more than one operation
that carries a DDP-eligible data item.
An NFS version 4 client provides XDR Position values
in each Read chunk to disambiguate which chunk
is associated with which argument data item.
However, NFS version 4 server and client implementations must agree in advance
on how to pair Write chunks with returned result data items.
In the following lists, a "READ operation" refers to any NFS version 4 operation
that has a DDP-eligible result data item.
An NFS version 4 client applies
the mechanism specified in Section 4.3.2 of
is applied to this class of operations as follows:
If an NFS version 4 client wishes all DDP-eligible items
in an NFS reply to be conveyed inline,
it leaves the Write list empty.
An NFS version 4 server applies that mechanism as follows:
The first chunk in the Write list MUST be used
by the first READ operation in an NFS version 4 COMPOUND procedure.
The next Write chunk is used by the next READ operation, and so on.
If an NFS version 4 client has provided a matching non-empty Write chunk,
then the corresponding READ operation MUST return its DDP-eligible data item
using that chunk.
If an NFS version 4 client has provided an empty matching Write chunk,
then the corresponding READ operation MUST return all of its result data items inline.
If a READ operation returns a union arm which does not contain a DDP-eligible result,
and the NFS version 4 client has provided a matching non-empty Write chunk,
an NFS version 4 server MUST return an empty Write chunk in that Write list position.
If there are more READ operations than Write chunks,
then remaining NFS Read operations in an NFS version 4 COMPOUND
that have no matching Write chunk MUST return their results inline.
The RPC-over-RDMA version 2 protocol does not place any limit
on the number of chunks or segments that may appear in Read or Write lists.
However, for various reasons, NFS version 4 server implementations
often have practical limits on the number of chunks or segments
they can process in a single RPC transaction
conveyed via RPC-over-RDMA version 2.
These implementation limits are especially important
when Kerberos integrity or privacy is in use
.
GSS services increase the size of credential material in RPC headers,
potentially requiring the use of a Long message,
which increases the complexity of chunk lists
independent of the particular NFS version 4 COMPOUND being conveyed.
In the absence of explicit knowledge of the server's limits,
NFS version 4 clients SHOULD follow the prescriptions listed below
when constructing RPC-over-RDMA version 2 messages.
NFS version 4 servers MUST accept and process all such requests.
The Read list can contain either
a Position-Zero Read chunk,
one Read chunk with a non-zero Position,
or
both.
The Write list can contain no more than one Write chunk.
Any chunk can contain up to sixteen RDMA segments.
NFS version 4 clients wishing to send more complex chunk lists
can provide configuration interfaces to
bound the complexity of NFS version 4 COMPOUNDs,
limit the number of elements in scatter-gather operations,
and
avoid other sources of chunk overruns at the receiving peer.
If an NFS version 4 server receives
an RPC request via RPC-over-RDMA version 2
that it cannot process
due to chunk list complexity limits,
it SHOULD return one of the following responses
to the client:
A problem is detected by the transport layer
while parsing the transport header in an RPC Call message.
The server responds with an RDMA2_ERROR message with the err
field set to ERR_CHUNK.
A problem is detected during XDR decoding of the RPC Call message
while the RPC layer reassembles the call's XDR stream.
The server responds with an RPC reply with its "reply_stat" field
set to MSG_ACCEPTED and its "accept_stat" field set to GARBAGE_ARGS.
After receiving one of these errors,
an NFS version 4 client SHOULD NOT retransmit the failing request,
as the result would be the same error.
It SHOULD immediately terminate the RPC transaction
associated with the XID in the reply.
The following example shows a Write list with three Write chunks, A, B, and C.
The NFS version 4 server consumes the provided Write chunks
by writing the results of the designated operations
in the compound request (READ and READLINK) back to each chunk.
If the NFS version 4 client does not want to have the READLINK result
returned via RDMA, it provides an empty Write chunk for buffer B
to indicate that the READLINK result must be returned inline.
The NFS version 4 family of protocols support server-initiated callbacks
to notify NFS version 4 clients of events such as recalled delegations.
NFS version 4.0 implementations typically employ
a separate TCP connection to handle callback operations,
even when the forward channel uses an RPC-over-RDMA version 2 transport.
No operation in the NFS version 4.0 callback RPC program
conveys a data payload of significant size.
Therefore, no XDR data items in this RPC program is DDP-eligible.
A CB_RECALL reply is small and fixed in size.
The CB_GETATTR reply contains a variable-length fattr4 data item.
See
for a discussion of reply size prediction for this data item.
An NFS version 4.0 client advertises netids
and ad hoc port addresses for contacting its NFS version 4.0 callback service
using the SETCLIENTID operation.
In NFS version 4.1 and newer minor versions,
callback operations may appear on the same connection
as is used for NFS version 4 forward channel client requests.
NFS version 4 clients and servers MUST use the approach described in
to convey backchannel operations on an RPC-over-RDMA version 2 transport.
The csa_back_chan_attrs argument of the CREATE_SESSION operation
contains a ca_maxresponsesize field.
The value in this field is the absolute maximum size
of backchannel replies generated by a replying NFS version 4 client.
There are no DDP-eligible data items in callback procedures
defined in NFS version 4.1 or NFS version 4.2.
However, some callback operations,
such as messages that convey device ID information,
can be sizeable.
A sender can use Message Continuation or a Long message in this situation.
When an NFS version 4.1 client can support Long Calls in its backchannel,
it reports a backchannel ca_maxrequestsize
that is larger than the connection's inline thresholds.
Otherwise, an NFS version 4 server MUST use only Short messages
to convey backchannel operations.
The presence of an NFS version 4 session (as defined in
)
does not effect the operation of RPC-over-RDMA version 2.
None of the operations introduced to support NFS sessions
(e.g., the SEQUENCE operation) contain DDP-eligible data items.
There is no need to match the number of session slots
with the number of available RPC-over-RDMA version 2 credits.
However, there are a few new cases where an RPC transaction can fail.
For example, a Requester might receive, in response to an RPC request,
an RDMA2_ERROR message with a rdma_err value of ERR_CHUNK.
These situations are not different from existing RPC errors,
which an NFS session implementation can already handle for other transport types.
Moreover, there might be no SEQUENCE result available to the Requester
to distinguish whether failure occurred
before or after the Responder executed the requested operations.
When a transport error occurs (e.g., an RDMA2_ERROR type message is received),
the Requester proceeds, as usual,
to match the incoming XID value to a waiting RPC Call.
The Requester
terminates the RPC transaction
and
reports the result status to the RPC consumer.
The Requester's session implementation then determines
the session ID and slot for the failed request
and performs slot recovery to make that slot usable again.
Otherwise, that slot could be rendered permanently unavailable.
When an NFS session is not present
(for example, when NFS version 4.0 is in use),
a transport error does not indicate
whether the server has processed the arguments of the RPC Call,
or whether the server has accessed or modified client memory associated with that RPC.
Section 3.1 of
states:
Where an NFS version 4 implementation supports
operation over the IP network protocol,
the supported transport layer between NFS and IP MUST be an IETF standardized transport protocol
that is specified to avoid network congestion;
such transports include TCP and the Stream Control Transmission Protocol (SCTP).
Section 2.9.1 of
further states:
Even if NFS version 4.1 is used over a non-IP network protocol,
it is RECOMMENDED that the transport support congestion control.
It is permissible for a connectionless transport to be used
under NFS version 4.1;
however, reliable and in-order delivery of data
combined with congestion control by the connectionless transport is REQUIRED.
As a consequence,
UDP by itself MUST NOT be used as an NFS version 4.1 transport.
RPC-over-RDMA version 2 utilizes only
RDMA Reliable Connected QP type connections
.
RDMA Reliable Connected QPs are
reliable, connection-oriented transports
that guarantee in-order delivery,
meeting all the above requirements.
NFS version 4 client implementations often rely on
a transport-layer keep-alive mechanism to detect
when an NFS version 4 server has become unresponsive.
When an NFS server is no longer responsive,
client-side keep-alive terminates the connection,
which in turn triggers reconnection and RPC retransmission.
Some RDMA transports (such as the Reliable Connected QP type on InfiniBand)
have no keep-alive mechanism.
Without a disconnect or new RPC traffic,
such connections can remain alive long after an NFS server has become unresponsive.
Once an NFS client has consumed all available RPC-over-RDMA version 2 credits
on that transport connection,
it indefinitely awaits a reply before sending another RPC request.
NFS version 4 clients SHOULD reserve one RPC-over-RDMA version 2 credit
to use for periodic server or connection health assessment.
Either peer can use this credit
to drive an RPC request on an otherwise idle connection,
triggering either a quick affirmative server response or immediate connection termination.
In addition to network partition and request loss scenarios,
RPC-over-RDMA version 2 transport connections can be terminated
when a Transport header is malformed,
Reply messages exceed receive resources,
or when too many RPC-over-RDMA messages are sent at once.
In such cases:
If a transport error occurs (e.g., an RDMA2_ERROR type message is received)
before the disconnect or instead of a disconnect,
the Requester MUST respond to that error
as prescribed by the specification of the RPC transport.
Then the NFS version 4 rules for handling retransmission apply.
If there is a transport disconnect and the Responder has provided no other response for a request,
then only the NFS version 4 rules for handling retransmission apply.
RPC programs such as NFS are required to have an Upper-Layer Binding specification
to interoperate on RPC-over-RDMA version 2 transports
.
Via standards action, the Upper-Layer Binding specified in this document can be extended
to cover versions of the NFS version 4 protocol specified after NFS version 4 minor version 2,
or to cover separately published extensions to an existing NFS version 4 minor version,
as described in
.
RPC-over-RDMA version 2 supports all RPC security models,
including RPCSEC_GSS security and transport-level security
.
The choice of what Direct Data Placement mechanism to convey RPC argument and results
does not affect this
since it changes only the method of data transfer.
Because the current document defines only the binding of the NFS protocols atop
,
all relevant security considerations are, therefore,
described at that layer.
The use of direct data placement in NFS
introduces a need for an additional port number assignment
for networks that share traditional UDP and TCP port spaces with RDMA services.
The iWARP protocol is such an example
.
For this purpose,
the current document specifies
a set of transport protocol port number assignments.
IANA has assigned the following ports for NFS/RDMA in the IANA port registry,
according to the guidelines described in
.
The current document should be added as a reference
for the nfsrdma port assignments.
The current document does not alter these assignments.
RPC-over-RDMA Version 2 Protocol
This document specifies the second version of a transport protocol
that conveys Remote Procedure Call (RPC) messages
using Remote Direct Memory Access (RDMA).
This version of the protocol is extensible.
Protocols for Interworking: XNFS, Version 3WThe Open Group
This Technical Standard is aligned with Sun's NFS Version 3,
and incorporates the Sun WebNFS™ extensions.
The process of accessing remote files and directories
as though they were part of the local file system hierarchy
is commonly known as Transparent File Access (TFA).
The most widely used heterogeneous TFA architecture
is the Network File System (NFS),
originally developed by Sun Microsytems.
The Open Group XNFS offers a complete solution to transparent file access
between open system-compliant systems,
through the XNFS protocols for interoperability,
and The Open Group XSI interfaces for application/user portability
(as identified in several XNFS appendixes).
Thanks to Tom Talpey, who contributed the text of
.
Dave Noveck contributed the text of
and
.
The author also wishes to thank
Bill Baker
and
Greg Marsden
for their support of this work.
Special thanks go to
Transport Area Director Magnus Westerlund,
NFSV4 Working Group Chairs
Spencer Shepler,
Brian Pawlowski,
and
Dave Noveck,
and
NFSV4 Working Group Secretary Thomas Haynes for their support.