Re: [nfsv4] Review of draft-ietf-nfsv4-fex-files-13 (part two of two)
Thomas Haynes <loghyr@primarydata.com> Thu, 31 August 2017 00:40 UTC
Return-Path: <loghyr@primarydata.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12F9B1329B8 for <nfsv4@ietfa.amsl.com>; Wed, 30 Aug 2017 17:40:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=primarydata.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8fNemgZ-_xXP for <nfsv4@ietfa.amsl.com>; Wed, 30 Aug 2017 17:40:00 -0700 (PDT)
Received: from us-smtp-delivery-194.mimecast.com (us-smtp-delivery-194.mimecast.com [63.128.21.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 478681323B8 for <nfsv4@ietf.org>; Wed, 30 Aug 2017 17:40:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=primarydata.com; s=mimecast20170802; t=1504139999; h=from:subject:date:message-id:to:cc:mime-version:content-type:in-reply-to:references; bh=mWqEjcFuNP41Uz836aCEnREb/i8ow9O5BIQvFi7PHtc=; b=Xj6mXDptNyBI3+jiNNlxy+4vshbpYniJhjNXMfbSyXlvT/QzQl7TLoy0EMKSCZ7l6mBgQhZWhz11zB2MEBZYuH8qInG4kUuLYJ7uXbxc//Rg3dj/mn+g0nJNUzaUmyDpv0NA/qzrebeF6FlEZ2KLfzuUj8hJZu0L0158ybFPWb8=
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02lp0051.outbound.protection.outlook.com [207.46.163.51]) (Using TLS) by us-smtp-1.mimecast.com with ESMTP id us-mta-42-3-tGwgq0Nk6TtcWtEkVoiQ-1; Wed, 30 Aug 2017 20:39:54 -0400
Received: from DM3PR1101MB1104.namprd11.prod.outlook.com (10.164.196.24) by DM3PR1101MB1088.namprd11.prod.outlook.com (10.164.196.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.13.10; Thu, 31 Aug 2017 00:39:53 +0000
Received: from DM3PR1101MB1104.namprd11.prod.outlook.com ([fe80::2548:eb18:ffa6:1ca3]) by DM3PR1101MB1104.namprd11.prod.outlook.com ([fe80::2548:eb18:ffa6:1ca3%13]) with mapi id 15.20.0013.011; Thu, 31 Aug 2017 00:39:53 +0000
From: Thomas Haynes <loghyr@primarydata.com>
To: Dave Noveck <davenoveck@gmail.com>
CC: "nfsv4@ietf.org" <nfsv4@ietf.org>
Thread-Topic: Review of draft-ietf-nfsv4-fex-files-13 (part two of two)
Thread-Index: AQHTGzwoRXLWKpVZSkuLtU+cCNvlxKKdrNgA
Date: Thu, 31 Aug 2017 00:39:52 +0000
Message-ID: <56F03D39-3BBD-41CA-80A7-6AE1F90BAFED@primarydata.com>
References: <CADaq8jcBNrFunHW+U_iRko+R3irSAvTNkYet_UJR1Se3nbcDTw@mail.gmail.com>
In-Reply-To: <CADaq8jcBNrFunHW+U_iRko+R3irSAvTNkYet_UJR1Se3nbcDTw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [63.157.6.18]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM3PR1101MB1088; 20:7KXdigQhKiEQAzeT72bqHmkMAq/Op3BaDkRCdMwo5U+PP/v0Hd84x1fQI3EW0LmYCHXoIw5xa2f0tj08YU+a6/nbsf24FygQrVynkHP62tXaC/OVC8dLoEt+uw9ZnSIdRVVLDnHmycGfHOPsNGcK8EWLqv1Nx+2Z5rfEbFrq5wE=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: ec22703b-0d55-41d1-d6ae-08d4f008cb77
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(2017082002075)(300000503095)(300135400095)(2017052603199)(201703131423075)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM3PR1101MB1088;
x-ms-traffictypediagnostic: DM3PR1101MB1088:
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705)(788757137089);
x-microsoft-antispam-prvs: <DM3PR1101MB108802A165F6B27EE833C13ECE9D0@DM3PR1101MB1088.namprd11.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(6041248)(2016111802025)(20161123564025)(20161123555025)(20161123558100)(20161123562025)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6043046)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM3PR1101MB1088; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM3PR1101MB1088;
x-forefront-prvs: 04163EF38A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39830400002)(189002)(24454002)(199003)(52314003)(377454003)(2900100001)(3846002)(102836003)(6116002)(236005)(6916009)(2950100002)(39060400002)(54896002)(53936002)(6506006)(76176999)(54356999)(6436002)(25786009)(3280700002)(106356001)(50986999)(53546010)(3660700001)(6246003)(1411001)(110136004)(2906002)(66066001)(229853002)(4326008)(6486002)(97736004)(6512007)(99286003)(83716003)(189998001)(82746002)(86362001)(8936002)(81156014)(68736007)(33656002)(5250100002)(8676002)(105586002)(14454004)(5660300001)(478600001)(36756003)(81166006)(7736002)(101416001)(230783001)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM3PR1101MB1088; H:DM3PR1101MB1104.namprd11.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
MIME-Version: 1.0
X-OriginatorOrg: primarydata.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Aug 2017 00:39:52.9178 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 03193ed6-8726-4bb3-a832-18ab0d28adb7
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3PR1101MB1088
X-MC-Unique: 3-tGwgq0Nk6TtcWtEkVoiQ-1
Content-Type: multipart/alternative; boundary="_000_56F03D393BBD41CA80A76AE1F90BAFEDprimarydatacom_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/Y1YKF4zfsGNEbO_TllF3IIFnnO4>
Subject: Re: [nfsv4] Review of draft-ietf-nfsv4-fex-files-13 (part two of two)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Aug 2017 00:40:04 -0000
On Aug 22, 2017, at 4:45 AM, David Noveck <davenoveck@gmail.com<mailto:davenoveck@gmail.com>> wrote:
Review Structure
This review has been split up into multiple emails to avoid running afoul of mailing list size restrictions.
This is the second section.
Previous Section
This section contains all the general (non-section-specific) comments and the first section of the detailed per-section comments. Generally it should be read first.
Current Section
Contains the bulk of the per-section comments, including those related to security considerations.
Comments by Section (from Section 2.1 onward)
2.1. LAYOUTCOMMIT
The reference to section 12.5.4 of RFC5661 may have to be updated to point to something within layout-types, given that that Section 12 of RFC5661 is updated by layout-types.
ACK
2.3. State and Locking Models
The sentence "The choice of locking models is governed by the following rules", is confusng since it is actually the server implementation who makes this choice, when there is a choice
Suggest replacing this by the following:
A client can determine which couplig model has been implemented as follows:
No, the client can just look at ffdv_tightly_coupled in ff_device_versions4.
But, agreed that the section appears aimless. I changed the first sentence to:
An implementation can always be deployed as a loosely
coupled model. There is however no way for a storage
device to indicate over a NFS protocol that it can
definitively participate in a tightly coupled model:
And after the points, added:
A storage device would have to either be discovered or
advertised over the control protocol to enable a tight
coupling model.
4.1. ff_device_addr4
In the first sentence, need to replace "storage protool specific "by "layout-type-specific”.
Ack but without hyphens
5. Flexible File Layout Type
The placement of the last sentence in the section is confusing. It should either be moved to Section 5.1 or "This" should be changed to "The next”.
A section is a major number.
A subsection is a minor number of a major number.
5.1. ff_layout4
The first pargraph, as currently written, seems to suggest that mirroring is always in effect. It needs to be clarified.
Went with:
The ff_layout4 structure specifies a layout in that portion of the
data file described in the current layout segment. It is either a
single instance or a set of mirrored copies of that portion of the
data file. When mirroring is in effect, it protects against loss of
data in layout segments. Note that while not explicitly shown in the
above XDR, each layout4 element returned in the logr_layout array of
LAYOUTGET4res (see Section 18.43.1 of [RFC5661]) describes a layout
segment. Hence each ff_layout4 also describes a layout segment.
There are a number of issues in the ninth (non-code) paragraph. Sucggest replacing the last two sentences by the following:
In the case of loose coupling when accessing an NFSv4 storage device, the client will use an anonymous stateid to perform I/O on the storage device as there is no use for the metadata server stateid in the absence of a control protocol to provide a global stateid model. In such cases, the server MUST set the ffds_stateid to be the anonymous stateid.
The sentences were too complex, rewrote as:
For tight coupling, ffds_stateid provides the stateid to be used by
the client to access the file. For loose coupling and a NFSv4
storage device, the client will have to use an anonymous stateid to
perform I/O on the storage device. With no control protocol, the
metadata server stateid can not be used to provide a globale stateid
model. Thus the server MUST set the ffds_stateid to be the anonymous
stateid.
There are a number of issues in the thirteenth (non-code) paragraph:
* It is unclear what the referent of the intial "These" is.
* The statement that "it can not be fixed" is not correct. It could be fixed although there are good resons not to fix it. Those reason should be explained.
* The statement that an implementation might require the protocol to be changed sounds backward to me and the IESG is likely to find it unacceptable.
Suggest the following replcement paragraph:
A number of issues stem from a mismatch between the fact that ffds_stateid is defined as a single item while ffds_fh_vers is defined as an array. It is possible for each open file on the storage device to require its own open stateid. Because there are established loosely coupled implementations of the version of the protocol described in this document, such potential issues have not been addressed here. It is possible for future layout types to be defined that adress these issues, should it become important to provide multiple stateids for the same underlying file.
Ack
5.1.2. Client Interactions with FF_FLAGS_NO_IO_THRU_MDS
Suggest replacing the second sentence by "The flag functions as a hint”.
Ack
To clarify the third sentence suggest replacing it by the following:
The flag indicates to the client that the metadata server prefers to separate the MDS I/O from the data I/O, most likely for peformance reasons.
Ack
The material beyond the current third sentece is just a complicated way of saying that the MDS has no effective way to deal with a client that ignores this flag. It would be better to just delete that material
Complicated? Sure.
But you miss the point that the mds can deal with a client which ignores the flag. It throws a hissy fit and refuses to proceed until the client does as requested.
Ack
14. Client Fencing
In the first sentece,suggest deleting the phrase "at the least”.
Ack
15. Security Considerations
The way the material before section 15.1 is written, it isn't clear that the first pargraph is dscussing security for pNFS as whole, while the following two paragraphs are about security with regard to the loose coupling model of the flex-files layout type.
In order to clarify, suggest:
* not describing pNFS as an extension since it is inconsistent with the watythis term is used in RFC8178. "Feature" would be better.
Ack
* shortening the first pargraph to put the stress on the fct that this issue was ealt with in RFC5661.
No, I’d rather get feedback during the Sec Dir review.
* Adding some introductory material to the second paragraph to make clear what you are talkig about.
Went with:
The metadata server is primarily responsible for securing the
data path. It has to authenticate the client access and
provide appropriate credentials to the client to access
data files on the storage device. Finally, it is responsible
for revoking access for a client to the storage device.
15.1. RPCSEC_GSS and Security Services
There needs to be some sort of introductory material to introduce this section as a whole. Suggest the following:
Because of the special use of principals within the loose coupling model, the issues are different in the case of loose coupling (Section 15.1.1) and tight coupling (Section 15.1.2)
Went with:
Because of the special use of principals within the loose coupling
model, the issues are different depending on the coupling model.
15.1.1. Loosely Coupled
Although I understand why RPCSEC_GSSv3 is not being used, many readers, not being familiar with the discussions about it, may well be confused, especually given the reference to "the intent of the loosely coupled model that the storage device not be modified" which is mentioned nowhere else in this document. Suggest the following replacement:
RPCSEC_GSS version 3 (RPCSEC_GSSv3) [RFC7861] contains facilities that would allow it to be used to authorize the client to the storage device on behalf of the metadata server. Doing so would require that each of the metadata server, storage device, and client would need to implement RPCSEC_GSSv3 using an RPC-application-defined structured privilege assertion in a manner described in Section 4.9.1 of [RFC7862]. The specifics necessary to do so are not described in this document. This is principally because any such specification would require extensive implementation work on a wide range of data servers, which would be unlikely to result in a widely usable specification for a considerable time.
As a result, the layout type described in this document will not provide support for use of RPCSEC_GSS togther with the loosely coupled model. However, future layout types could be specified which would allow such support, either through the use of RPCSEC_GSSv3, or in other ways.
While true, nothing prevents an implementation from doing this without a standard’s document.
Anyway,
Ack
17.1. Normative References
The reference for [pNFSLayouts] needs to be updated.
A moving window that will probably be fixed by the two documents becoming a cluster-pair.
I believe RFC7861 belongs here (see below).
17.2. Informative References
Given how this is used in Section 15.1.1, I believe the reference to RFC 7861 is more appropriate as a normative reference.
Ack
- [nfsv4] Review of draft-ietf-nfsv4-fex-files-13 (… David Noveck
- Re: [nfsv4] Review of draft-ietf-nfsv4-fex-files-… Thomas Haynes