Re: [nfsv4] Preventing an NFSv4.1 client from destroying a migrated lease after TSM
Chuck Lever <chuck.lever@oracle.com> Mon, 17 April 2017 18:45 UTC
Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EDDC131779 for <nfsv4@ietfa.amsl.com>; Mon, 17 Apr 2017 11:45:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TICQ6O4GkkT8 for <nfsv4@ietfa.amsl.com>; Mon, 17 Apr 2017 11:45:44 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 033D1131780 for <nfsv4@ietf.org>; Mon, 17 Apr 2017 11:45:43 -0700 (PDT)
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v3HIjgM7029803 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 17 Apr 2017 18:45:42 GMT
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id v3HIjgV5015569 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 17 Apr 2017 18:45:42 GMT
Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id v3HIjfTc003406; Mon, 17 Apr 2017 18:45:41 GMT
Received: from anon-dhcp-171.1015granger.net (/68.46.169.226) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 17 Apr 2017 11:45:41 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <CADaq8jfhxcGqJd0U40JkyT9eT+hj24dovMmqFUtkSic_b08jDg@mail.gmail.com>
Date: Mon, 17 Apr 2017 14:45:40 -0400
Cc: NFSv4 <nfsv4@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <213DBA50-FB48-4B48-A177-22C2B6879D49@oracle.com>
References: <ED0D48EE-4618-4E07-B97F-8320C77CF1EC@oracle.com> <CADaq8jfHAF6+2AfuRGr2a=D0FX96YAVu=gGJTqGwSvhXCbntfg@mail.gmail.com> <BADB9283-3B08-49DD-A2E2-5C0C20054C45@oracle.com> <CADaq8jfhxcGqJd0U40JkyT9eT+hj24dovMmqFUtkSic_b08jDg@mail.gmail.com>
To: David Noveck <davenoveck@gmail.com>
X-Mailer: Apple Mail (2.3124)
X-Source-IP: userv0021.oracle.com [156.151.31.71]
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/KD5wTICJt5CDWWWJMTcZ_as42tQ>
Subject: Re: [nfsv4] Preventing an NFSv4.1 client from destroying a migrated lease after TSM
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Apr 2017 18:45:46 -0000
> On Mar 9, 2017, at 2:00 PM, David Noveck <davenoveck@gmail.com> wrote: > > > I'm not certain what you mean by "handled ... as it > > would have been in 4.0". Server trunking discovery in > > NFSv4.0 requires an elaborate dance. In NFSv4.1, > > trunking discovery can be done by a single operation > > (EXCHANGE_ID). > > What I meant was that, apart from the greater > calories expended in v4.0 case, the result should have > been the same, i.e. that there is no trunking. > > > I'm speculating that if the server hadn't asserted > > CONFIRMED_R, this client could have recovered > > correctly from the migration event. Is that what you > > mean? > > It wasn't what I meant, but, now that you say it, I think is > probably right. We've explored this mechanism a little more, and now we seem to be hamstrung on the first paragraph of RFC 5661, Section 18.35.3: The client uses the EXCHANGE_ID operation to register a particular client owner with the server. The client ID returned from this operation will be necessary for requests that create state on the server and will serve as a parent object to sessions created by the client. In order to confirm the client ID it must first be used, along with the returned eir_sequenceid, as arguments to CREATE_SESSION. If the flag EXCHGID4_FLAG_CONFIRMED_R is set in the result, eir_flags, then eir_sequenceid MUST be ignored, as it has no relevancy. The problem is the normative requirement in the last sentence. If CONFIRMED_R is set, a client is required to ignore the returned contrived slot sequence number. [ This is likely the reason that clients react to this flag by purging the lease and starting over ]. Our first thought was to use the sequence number in the migrated lease (in other words, the sequence number that was established on the source server). A client knows that sequence number by looking at the lease it has with the source server. However, there's no guarantee that the client will not perform additional CREATE_SESSION operations against the source server between the time the source server copies the migrating lease and the client starts trunking discovery for the destination server. Another thought was to use a well-known constant, like zero, when creating the first session on the destination server. What sequence number should be used for the first CREATE_SESSSION with the destination server? If it is the copied sequence number, what can prevent mutation of that sequence number while migration of that lease is not yet complete? We've established that trunking discovery works correctly when the destination server does not assert CONFIRMED_R. This is because the client may use the contrived slot sequence number provided by the destination server. If the destination server does not assert CONFIRMED_R, then how does the client determine whether Transparent State Migration has occurred? Can it simply start using the open and lock state it has, and deal with BAD_STATEID if the servers did not perform TSM? Confirmation of the lease means more than just that it is present on the queried server: it also means there is now a cached CREATE_SESSION reply, and a known good contrived slot sequence number. Neither of those is true for a migrated lease when the client's sessions were not also migrated. Thus we should consider that a migrated lease is really not confirmed at all, but in some intermediate state. A more ideal solution would be to create an additional EXCHID4_FLAG that signifies the existence of a migrated lease for the querying client. In sum, here are some options we've considered: 1a. destination asserts CONF_R, but client uses the returned contrived slot sequence anyway 1b. destination asserts CONF_R, and client uses a fixed constant starting slot sequence 2. destination does not assert CONF_R, and client is prepared for BAD_STATEID if TSM did not occur 3. destination asserts a new EXCHID4_FLAG that signifies a TSM has made the client's lease available on that server 4. NFSv4.1 TSM cannot occur unless the client's sessions are also migrated Are there others? -- Chuck Lever
- Re: [nfsv4] Preventing an NFSv4.1 client from des… Chuck Lever
- Re: [nfsv4] Preventing an NFSv4.1 client from des… Xuan Qi
- Re: [nfsv4] Preventing an NFSv4.1 client from des… David Noveck
- Re: [nfsv4] Preventing an NFSv4.1 client from des… David Noveck
- Re: [nfsv4] Preventing an NFSv4.1 client from des… Chuck Lever
- [nfsv4] Preventing an NFSv4.1 client from destroy… Chuck Lever
- Re: [nfsv4] Preventing an NFSv4.1 client from des… David Noveck
- Re: [nfsv4] Preventing an NFSv4.1 client from des… Chuck Lever
- Re: [nfsv4] Preventing an NFSv4.1 client from des… David Noveck