IETF Logo Mail Archive

Re: [nfsv4] I-D Action:draft-ietf-nfsv4-ipv4v6-00.txt

dhawal bhagwat <dhawal@netapp.com> Thu, 28 October 2010 08:38 UTC

Return-Path: <dhawal@netapp.com>
X-Original-To: nfsv4@core3.amsl.com
Delivered-To: nfsv4@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2385F3A67F1 for <nfsv4@core3.amsl.com>; Thu, 28 Oct 2010 01:38:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.554
X-Spam-Level:
X-Spam-Status: No, score=-8.554 tagged_above=-999 required=5 tests=[AWL=0.233, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, SARE_SPEC_REPLICA_OBFU=1.812]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7etunde3-JIc for <nfsv4@core3.amsl.com>; Thu, 28 Oct 2010 01:38:50 -0700 (PDT)
Received: from mx2.netapp.com (mx2.netapp.com [216.240.18.37]) by core3.amsl.com (Postfix) with ESMTP id 8473F3A67AB for <nfsv4@ietf.org>; Thu, 28 Oct 2010 01:38:47 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.58,250,1286175600"; d="scan'208";a="474078962"
Received: from smtp1.corp.netapp.com ([10.57.156.124]) by mx2-out.netapp.com with ESMTP; 28 Oct 2010 01:40:39 -0700
Received: from cyclnb08.eng.btc.netapp.in (cyclnb08.eng.btc.netapp.in [10.72.8.58]) by smtp1.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id o9S8eaRJ001282; Thu, 28 Oct 2010 01:40:37 -0700 (PDT)
Date: Thu, 28 Oct 2010 14:10:36 +0530
From: dhawal bhagwat <dhawal@netapp.com>
To: Trond Myklebust <Trond.Myklebust@netapp.com>
In-Reply-To: <1288219688.13431.48.camel@heimdal.trondhjem.org>
Message-ID: <alpine.LRH.2.00.1010281401171.11213@plpyao08.rat.ogp.argncc.va>
References: <20101018174520.EB8BA3A6B8B@core3.amsl.com> <C9B236F2-1F42-4070-A083-1A776B5C9C92@netapp.com> <1287431593.3646.23.camel@heimdal.trondhjem.org> <alpine.LRH.2.00.1010280220330.11213@plpyao08.rat.ogp.argncc.va> <1288217995.13431.38.camel@heimdal.trondhjem.org> <1288219688.13431.48.camel@heimdal.trondhjem.org>
User-Agent: Alpine 2.00 (LRH 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Cc: nfsv4@ietf.org
Subject: Re: [nfsv4] I-D Action:draft-ietf-nfsv4-ipv4v6-00.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Oct 2010 08:38:53 -0000

Had not seen this when I replied to the previous post.  ... 


>} Date: Wed, 27 Oct 2010 18:48:08 -0400
>} From: Trond Myklebust <Trond.Myklebust@netapp.com>
>} To: dhawal bhagwat <dhawal@netapp.com>
>} Cc: Thomas Haynes <thomas@netapp.com>, nfsv4@ietf.org
>} Subject: Re: [nfsv4] I-D Action:draft-ietf-nfsv4-ipv4v6-00.txt
>} 
>} On Wed, 2010-10-27 at 18:19 -0400, Trond Myklebust wrote:
>} > On Thu, 2010-10-28 at 03:28 +0530, dhawal bhagwat wrote:
>} > > >} Date: Mon, 18 Oct 2010 15:53:13 -0400
>} > > >} From: Trond Myklebust <trond.myklebust@fys.uio.no>
>} > > >} To: Thomas Haynes <thomas@netapp.com>
>} > > >} Cc: nfsv4@ietf.org
>} > > >} Subject: Re: [nfsv4] I-D Action:draft-ietf-nfsv4-ipv4v6-00.txt
>} > > >} 
>} > > >} On Mon, 2010-10-18 at 14:28 -0500, Thomas Haynes wrote:
>} > > >} 
>} > > >} > 
>} > > >} > A larger question on the draft as a whole would be whether we could
>} > > >} > add some
>} > > >} > additional operations to NFSv4.2 to get rid of the guessing. I.e.,
>} > > >} > could a client
>} > > >} > send a server a list of IPv4 and IPv6 addresses that it is using and
>} > > >} > in return the
>} > > >} > server respond with the equivalence addresses that it is using?
>} > > >} > 
>} > > >} 
>} > > >} Why does the server need this information? The NFSv4.1 protocol does not
>} > > >} provide for server-initiated callbacks. All communication channels (i.e.
>} > > >} TCP connections) are initiated by the client in NFSv4.1.
>} > > >} 
>} > > >} Furthermore, EXCHANGE_ID already provides a mechanism to allow the
>} > > >} client to discover that 2 IP addresses point to the same server. This
>} > > >} mechanism even works independently of the actual transport mechanism
>} > > >} used, so it will work with RDMA and other possible future transport
>} > > >} mechanisms too.
>} > > >} 
>} > > >} > One issue I can see is that the machines might be on different subnets
>} > > >} > that use the
>} > > >} > same IP addresses. I.e., 192.168.2.14 on the filer's e0a might be a
>} > > >} > different private subnet
>} > > >} > than the 192.168.2.15 on the client's e1.
>} > > >} 
>} > > >} This is why relying on advertising of private nets via RPCBIND is bad.
>} > > 
>} > > Is this for RPCBIND to worry about?  Shouldn't setups like the one 
>} > > described above be separated into different IP spaces?  Within the same IP 
>} > > space, the above I believe is a incorrect network config -- how would 
>} > > hosts in one of those subnets, route to those in the other subnet?
>} > > 
>} > > If private subnets are properly configured, will there be a problem with 
>} > > RPCBIND advertising private addresses?
>} > 
>} > Consider the (common) case where I'm VPNed in to my office, but have a
>} > local connection to my home LAN so that I can access my NAS box, my
>} > printer etc. Is that an 'incorrect network config'?
>} > 
>} > If I then try to connect to an office NFS server, and its RPCBIND starts
>} > telling me to connect via an IP address that matches something on my LAN
>} > (and I start treating my NAS box as a replica of the office server),
>} > then who configured what incorrectly?
>} > 
>} > > For IPv6 however, there is the issue of RPCBIND advertising IPv6 
>} > > link local addresses across links -- that is for RPCBIND to explicitly 
>} > > take care of.  We have talked of this issue in the other draft 
>} > > (draft-ietf-nfsv4-ipv6-00.txt).
>} > 
>} > I can't see how RPCBIND can take care of anything. If it wants to
>} > advertise something on a private network, then it needs to know about my
>} > client's ability to route to the correct object on that private network.
>} > Advertising stuff on a global net doesn't have that problem, because the
>} > routing tables are globally defined.
>} 
>} To try to move this along: I'd see no problems with advertising
>} addresses on multiple global subnets.
>} 
>} However if the RPCBIND is going to advertise private subnets, then
>} AFAICS, the only safe situation is:
>} 
>}       * All the addresses advertised as being equivalent must be on the
>}         same subnet, or must be global addresses.
>}       * The private subnet is advertised by RPCBIND only through
>}         addresses on that same private subnet. If the client accesses
>}         RPCBIND through a different subnet, then it should not see the
>}         private subnet advertised.

Ok, this seems similar to what we are suggesting for IPv6 link local 
addresses (what I mentioned in my reply to your previous post) -- for 
IPv4, RPCBIND can try to look at the address from which it received a 
call, and decide which private addresses to advertise, accordingly.

thanks,

-{db}.


>} 
>} Cheers
>}   Trond
>} 
>} 
>}

v2.15.0 | Report a Bug | By Email