IETF Logo Mail Archive

Re: [nfsv4] Preventing an NFSv4.1 client from destroying a migrated lease after TSM

Chuck Lever <chuck.lever@oracle.com> Mon, 17 April 2017 18:45 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EDDC131779 for <nfsv4@ietfa.amsl.com>; Mon, 17 Apr 2017 11:45:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TICQ6O4GkkT8 for <nfsv4@ietfa.amsl.com>; Mon, 17 Apr 2017 11:45:44 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 033D1131780 for <nfsv4@ietf.org>; Mon, 17 Apr 2017 11:45:43 -0700 (PDT)
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v3HIjgM7029803 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 17 Apr 2017 18:45:42 GMT
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id v3HIjgV5015569 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 17 Apr 2017 18:45:42 GMT
Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id v3HIjfTc003406; Mon, 17 Apr 2017 18:45:41 GMT
Received: from anon-dhcp-171.1015granger.net (/68.46.169.226) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 17 Apr 2017 11:45:41 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <CADaq8jfhxcGqJd0U40JkyT9eT+hj24dovMmqFUtkSic_b08jDg@mail.gmail.com>
Date: Mon, 17 Apr 2017 14:45:40 -0400
Cc: NFSv4 <nfsv4@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <213DBA50-FB48-4B48-A177-22C2B6879D49@oracle.com>
References: <ED0D48EE-4618-4E07-B97F-8320C77CF1EC@oracle.com> <CADaq8jfHAF6+2AfuRGr2a=D0FX96YAVu=gGJTqGwSvhXCbntfg@mail.gmail.com> <BADB9283-3B08-49DD-A2E2-5C0C20054C45@oracle.com> <CADaq8jfhxcGqJd0U40JkyT9eT+hj24dovMmqFUtkSic_b08jDg@mail.gmail.com>
To: David Noveck <davenoveck@gmail.com>
X-Mailer: Apple Mail (2.3124)
X-Source-IP: userv0021.oracle.com [156.151.31.71]
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/KD5wTICJt5CDWWWJMTcZ_as42tQ>
Subject: Re: [nfsv4] Preventing an NFSv4.1 client from destroying a migrated lease after TSM
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Apr 2017 18:45:46 -0000

> On Mar 9, 2017, at 2:00 PM, David Noveck <davenoveck@gmail.com> wrote:
> 
> > I'm not certain what you mean by "handled ... as it
> > would have been in 4.0". Server trunking discovery in
> > NFSv4.0 requires an elaborate dance. In NFSv4.1,
> > trunking discovery can be done by a single operation
> > (EXCHANGE_ID).
> 
> What I meant was that, apart from the greater 
> calories expended in v4.0 case, the result should have
> been the same, i.e. that there is no trunking.
> 
> > I'm speculating that if the server hadn't asserted
> > CONFIRMED_R, this client could have recovered
> > correctly from the migration event. Is that what you
> > mean?
> 
> It wasn't what I meant, but, now that you say it, I think is
> probably right.

We've explored this mechanism a little more, and now we seem
to be hamstrung on the first paragraph of RFC 5661, Section
18.35.3:

   The client uses the EXCHANGE_ID operation to register a particular
   client owner with the server.  The client ID returned from this
   operation will be necessary for requests that create state on the
   server and will serve as a parent object to sessions created by the
   client.  In order to confirm the client ID it must first be used,
   along with the returned eir_sequenceid, as arguments to
   CREATE_SESSION.  If the flag EXCHGID4_FLAG_CONFIRMED_R is set in the
   result, eir_flags, then eir_sequenceid MUST be ignored, as it has no
   relevancy.

The problem is the normative requirement in the last
sentence. If CONFIRMED_R is set, a client is required
to ignore the returned contrived slot sequence number.
[ This is likely the reason that clients react to this
flag by purging the lease and starting over ].

Our first thought was to use the sequence number in the
migrated lease (in other words, the sequence number that
was established on the source server). A client knows
that sequence number by looking at the lease it has with
the source server.

However, there's no guarantee that the client will not
perform additional CREATE_SESSION operations against
the source server between the time the source server
copies the migrating lease and the client starts trunking
discovery for the destination server.

Another thought was to use a well-known constant, like
zero, when creating the first session on the destination
server.

What sequence number should be used for the first
CREATE_SESSSION with the destination server? If it is
the copied sequence number, what can prevent mutation
of that sequence number while migration of that lease
is not yet complete?

We've established that trunking discovery works correctly
when the destination server does not assert CONFIRMED_R.
This is because the client may use the contrived slot
sequence number provided by the destination server.

If the destination server does not assert CONFIRMED_R,
then how does the client determine whether Transparent
State Migration has occurred? Can it simply start using
the open and lock state it has, and deal with BAD_STATEID
if the servers did not perform TSM?


Confirmation of the lease means more than just that it
is present on the queried server: it also means there is
now a cached CREATE_SESSION reply, and a known good
contrived slot sequence number. Neither of those is true
for a migrated lease when the client's sessions were not
also migrated.

Thus we should consider that a migrated lease is really
not confirmed at all, but in some intermediate state.
A more ideal solution would be to create an additional
EXCHID4_FLAG that signifies the existence of a migrated
lease for the querying client.


In sum, here are some options we've considered:

1a. destination asserts CONF_R, but client uses the
returned contrived slot sequence anyway

1b. destination asserts CONF_R, and client uses a fixed
constant starting slot sequence

2. destination does not assert CONF_R, and client is
prepared for BAD_STATEID if TSM did not occur

3. destination asserts a new EXCHID4_FLAG that signifies
a TSM has made the client's lease available on that
server

4. NFSv4.1 TSM cannot occur unless the client's sessions
are also migrated

Are there others?

--
Chuck Lever

v2.23.0 | Report a Bug | By Email