[nfsv4] Review of draft-ietf-nfsv4-fex-files-13 (part two of two)

David Noveck <davenoveck@gmail.com> Tue, 22 August 2017 11:45 UTC

Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 93E031329AD for <nfsv4@ietfa.amsl.com>; Tue, 22 Aug 2017 04:45:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id qCRpCPqjRGP6 for <nfsv4@ietfa.amsl.com>; Tue, 22 Aug 2017 04:45:26 -0700 (PDT)
Received: from mail-it0-x234.google.com (mail-it0-x234.google.com [IPv6:2607:f8b0:4001:c0b::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EC2A1329AB for <nfsv4@ietf.org>; Tue, 22 Aug 2017 04:45:26 -0700 (PDT)
Received: by mail-it0-x234.google.com with SMTP id 77so43001418itj.1 for <nfsv4@ietf.org>; Tue, 22 Aug 2017 04:45:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=wr9vpm2nV5PVNs+QTdENNSWWpOXfclKypeQkfUlGjLI=; b=XJpKFPtWy42spi0948Kpw4doNHLaUln0U8mbOxkr5+jGkMlVOQwtxn5WUdi96eT1eB q7yTsKcO7CCeCA5HEGD2XEWoSFmucXaJy035/v+6RwylEaGuuvjpN77dk97SCmRUh9WX zluNbFo0gIG+XcoOjNxT+nC8Ak5nXEWCwL2GElfmqRVpx5k40K7Bn1PtvyVRkQL7pQcf XSNrVMNjESF2P6bqIkPNE9Vfb1GQxqRuDABLR+fKYDQ4GpbgPUpNs1fhwFBGfG6dSKA6 5tXpOZhtFwas6X0Yuos2j/zs9WcpknUt/BpobLhK9WKXkraT5vtOQ9gnmErXvC3MXPrT 1qlw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=wr9vpm2nV5PVNs+QTdENNSWWpOXfclKypeQkfUlGjLI=; b=I8+JhTOiky4/spZbve/NKh2FCj5rS68LiGRWKzgTAX3O2xrWkQGwwKTcuxoJBo/YHe UGU+TskdlbmfnKUoPes/lry//z1t8t9MEsk3eATF9XdjJy5Jvf5HIiUscw9wGns8Wi/t 9aSohvdDRB9ze+nLcZAQVmQuD6nPp3fmHt2S8w/xaJwgT2gh0tmNkDVP0wi+GpRh41hg x3fIZk2pw1gFRV7I6WsN2gSuq+JzHueeVCAbf8AK+crm8tfVxvuXdfVgG3f/VaTdFMVu brk1LwjSuiS+F+GUq6iCfy7LOrsg1MnYINMzoK+i6+ROOLU8IcNFznRcPvZFG13JK+76 oMzg==
X-Gm-Message-State: AHYfb5hnK6Gj6hvfcKc16of6f4MkTqC2Ef+/UaPg5WRrvfqyFq1udt8w IcYg2SDU3K9gy7WJoFTychH6HftsJg==
X-Received: by with SMTP id u194mr230023itc.27.1503402325252; Tue, 22 Aug 2017 04:45:25 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Tue, 22 Aug 2017 04:45:24 -0700 (PDT)
From: David Noveck <davenoveck@gmail.com>
Date: Tue, 22 Aug 2017 07:45:24 -0400
Message-ID: <CADaq8jcBNrFunHW+U_iRko+R3irSAvTNkYet_UJR1Se3nbcDTw@mail.gmail.com>
To: Tom Haynes <loghyr@primarydata.com>
Cc: "nfsv4@ietf.org" <nfsv4@ietf.org>
Content-Type: multipart/alternative; boundary="001a11484d068d37bf0557562174"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/b--d1uq49oBdW79bbxM87hOTTow>
Subject: [nfsv4] Review of draft-ietf-nfsv4-fex-files-13 (part two of two)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Aug 2017 11:45:29 -0000

*Review Structure*

This review has been split up into multiple emails to avoid running afoul
of mailing list size restrictions.

This is the second section.

*Previous Section*

This section contains all the general (non-section-specific) comments and
the first section of the detailed per-section comments.   Generally it
should be read first.

*Current Section*

Contains the bulk of the per-section comments, including those related to
security considerations.

*Comments by Section (from Section 2.1 onward)*


The reference to section 12.5.4 of RFC5661 may have to be updated to
point to something within layout-types, given that that Section 12 of
RFC5661 is updated by layout-types.

*2.3.  State and Locking Models*

The sentence* "*The choice of locking models is governed by the
following rules", is confusng since it is actually the server
implementation who makes this choice, when there is a choice

Suggest replacing this by the following:

A client can determine which couplig model has been implemented as follows:

*4.1.  ff_device_addr4*

In the first sentence, need to replace "storage protool specific "by

*5.  Flexible File Layout Type*

The placement of the last sentence in the section is confusing.  It
should either be moved to Section 5.1 or "This" should be changed to
"The next".

*5.1.  ff_layout4*

The first pargraph, as currently written, seems to suggest that
mirroring is always in effect.  It needs to be clarified.

There are a number of issues in the ninth (non-code) paragraph.
Sucggest replacing the last two sentences by the following:

In the case of loose coupling when accessing an NFSv4 storage device,
the client will use an anonymous stateid to perform I/O on the storage
device as there is no use for the metadata server stateid in the
absence of a control protocol to provide a global stateid model. In
such cases, the server MUST set the ffds_stateid to be the anonymous

There are a number of issues in the thirteenth (non-code) paragraph:

   - It is unclear what the referent of the intial "These" is.
   - The statement that "it can not be fixed" is not correct. It could be
   fixed although there are good resons not to fix it. Those reason should be
   - The statement that an implementation might require the protocol to be
   changed sounds backward to me and the IESG is likely to find it

Suggest the following replcement paragraph:

A number of issues stem from a mismatch between the fact that
ffds_stateid is defined as a single item while ffds_fh_vers is defined
as an array.  It is possible for each open file on the storage device
to require its own open stateid.  Because there are established
loosely coupled implementations of the version of the protocol
described in this document, such potential issues have not been
addressed here.  It is possible for future layout types to be defined
that adress these issues, should it become important to provide
multiple stateids for the same underlying file.

*5.1.2.  Client Interactions with FF_FLAGS_NO_IO_THRU_MDS*

Suggest replacing the second sentence by "The flag functions as a hint".

To clarify the third sentence suggest replacing it by the following:

The flag indicates to the client that the metadata server prefers to
separate  the MDS I/O from the data I/O, most likely for peformance

The material beyond the current third sentece is just a complicated
way of saying that the MDS has no effective way to deal with a client
that ignores this flag.  It would be better to just delete that

*14.  Client Fencing*

In the first sentece,suggest deleting the phrase "at the least".

*15.  Security Considerations*

The way the material before section 15.1 is written, it isn't clear
that the first pargraph is dscussing security for pNFS as whole, while
the following two paragraphs are about security with regard to the
loose coupling model of the flex-files layout type.

In order to clarify, suggest:

   - not describing pNFS as an extension since it is inconsistent with
the watythis term is used in RFC8178.  "Feature" would be better.
   - shortening the first pargraph to put the stress on the fct that
this issue was ealt with in RFC5661.
   - Adding some introductory material to the second paragraph to make
clear what you are talkig about.

*15.1.  RPCSEC_GSS and Security Services*

There needs to be some sort of introductory material to introduce this
section as a whole.  Suggest the following:

Because of the special use of principals within the loose coupling
model, the  issues are different in the case of loose coupling
(Section 15.1.1) and tight coupling (Section 15.1.2)

*15.1.1.  Loosely Coupled*

Although I understand why RPCSEC_GSSv3 is not being used, many
readers, not being familiar with the discussions about it, may well be
confused, especually given the reference to "the intent of the loosely
coupled model that the storage device not be modified" which is
mentioned nowhere else in this document.  Suggest the following

RPCSEC_GSS version 3 (RPCSEC_GSSv3) [RFC7861] contains facilities that
would allow it to be used to authorize the client to the storage
device on behalf of the metadata server.  Doing so  would require that
each of the metadata server, storage device, and client would need to
implement RPCSEC_GSSv3 using an RPC-application-defined structured
privilege assertion in a manner described in Section 4.9.1 of
[RFC7862].  The specifics necessary to do so are not described in this
document.  This is principally because any such specification would
require extensive implementation work on a wide range of data servers,
which would be unlikely  to result in a widely usable specification
for a considerable time.

As a result, the layout type described in this document will not
provide support for use of RPCSEC_GSS togther with the loosely coupled
model.  However, future layout types could be specified which would
allow such support, either through the use of RPCSEC_GSSv3, or in
other ways.

*17.1.  Normative References*

The reference for [pNFSLayouts] needs to be updated.

I believe RFC7861 belongs here (see below).

*17.2.  Informative References*

Given how this is used in Section 15.1.1, I believe the reference to
RFC 7861 is more appropriate as a normative reference.