[nfsv4] Preventing an NFSv4.1 client from destroying a migrated lease after TSM
Chuck Lever <chuck.lever@oracle.com> Wed, 08 March 2017 21:19 UTC
Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 853D21295CD for <nfsv4@ietfa.amsl.com>; Wed, 8 Mar 2017 13:19:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.702
X-Spam-Level:
X-Spam-Status: No, score=-3.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TawoV_dduzpR for <nfsv4@ietfa.amsl.com>; Wed, 8 Mar 2017 13:19:43 -0800 (PST)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 418331295C2 for <nfsv4@ietf.org>; Wed, 8 Mar 2017 13:19:43 -0800 (PST)
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v28LJfOG011364 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <nfsv4@ietf.org>; Wed, 8 Mar 2017 21:19:41 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0021.oracle.com (8.13.8/8.14.4) with ESMTP id v28LJfmT010162 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <nfsv4@ietf.org>; Wed, 8 Mar 2017 21:19:41 GMT
Received: from abhmp0009.oracle.com (abhmp0009.oracle.com [141.146.116.15]) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id v28LJddp005556 for <nfsv4@ietf.org>; Wed, 8 Mar 2017 21:19:40 GMT
Received: from anon-dhcp-171.1015granger.net (/68.46.169.226) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 08 Mar 2017 13:19:38 -0800
From: Chuck Lever <chuck.lever@oracle.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <ED0D48EE-4618-4E07-B97F-8320C77CF1EC@oracle.com>
Date: Wed, 08 Mar 2017 16:19:37 -0500
To: NFSv4 <nfsv4@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
X-Source-IP: aserv0021.oracle.com [141.146.126.233]
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/5UI2m3UdR4dn3DRn7uOcutP1Aj0>
Subject: [nfsv4] Preventing an NFSv4.1 client from destroying a migrated lease after TSM
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Mar 2017 21:19:44 -0000
One of Oracle's engineers, Xuan Qi, has been experimenting with NFSv4.1 Transparent State Migration. The implementations under test are a Solaris-based prototype NFS server, and a recent vintage migration-capable Linux NFS client. Xuan observed the following: + While a simple workload is running, there is an FS migration event from server A to server B. Transparent State Migration is done as part of this migration. The session that had been established between the client and server A is NOT migrated. + The client has never interacted with server B before the migration event. After the client retrieves fs_locations from server A, it begins trunking discovery with server B. + In the initial EXCHANGE_ID request with server B, the client presents the same client owner and boot verifier it previously presented to server A. + In the initial EXCHANGE_ID reply, server B reports the presence of the migrated lease by returning the same clientID the client got from server A and asserting EXCHGID4_FLAG_CONFIRMED_R. + The client thus believes this lease is an old one it forgot to clean up. It purges the migrated lease by sending a second EXCHANGE_ID with the same client owner but an arbitrary boot verifier. Server B returns a second distinct client ID. + The client issues a CREATE_SESSION with the second client ID. This client ID and session is not used for subsequent operations. + The client issues a DESTROY_SESSION and DESTROY_CLIENTID to server A, using the original session and client ID. How polite! + The client then establishes a fresh lease with server B by sending a third EXCHANGE_ID with the same client owner and the original boot verifier. Server B returns a third distinct client ID. The client then uses this new client ID for a CREATE_SESSION. This session is used to issue RECLAIM_COMPLETE with no OPEN state recovery. + The first WRITE operation to server B fails with NFS4ERR_BAD_STATEID. The client performs no-grace stateid recovery, and the workload continues normally. + Both servers report the same server scope, but different server owners. The scope string is "Solaris NFSv4.1 Server Scope" RFC 5661 and draft-ietf-nfsv4-migration-issues are not clear about how servers and clients are supposed to interact after Transparent State Migration. For instance: 1. Since the client has had no previous contact with server B, should the migrated lease be considered confirmed or not confirmed on server B? 2. How should the client determine whether or not Transparent State Migration has occurred? 3. If the session was migrated (which is not the case in the current example), how should the client determine it must perform BIND_CONN_TO_SESSION instead of CREATE_SESSION? (I guess just try BC2S first?) 4. If TSM is detected, the client performs no state recovery. Should it avoid sending RECLAIM_COMPLETE in this case? -- Chuck Lever
- Re: [nfsv4] Preventing an NFSv4.1 client from des… Chuck Lever
- Re: [nfsv4] Preventing an NFSv4.1 client from des… Xuan Qi
- Re: [nfsv4] Preventing an NFSv4.1 client from des… David Noveck
- Re: [nfsv4] Preventing an NFSv4.1 client from des… David Noveck
- Re: [nfsv4] Preventing an NFSv4.1 client from des… Chuck Lever
- [nfsv4] Preventing an NFSv4.1 client from destroy… Chuck Lever
- Re: [nfsv4] Preventing an NFSv4.1 client from des… David Noveck
- Re: [nfsv4] Preventing an NFSv4.1 client from des… Chuck Lever
- Re: [nfsv4] Preventing an NFSv4.1 client from des… David Noveck