IETF Logo Mail Archive

Re: [nfsv4] 4.0 trunking

David Noveck <davenoveck@gmail.com> Thu, 22 September 2016 12:06 UTC

Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0227712B0FE for <nfsv4@ietfa.amsl.com>; Thu, 22 Sep 2016 05:06:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GAa8IGAmfQ9v for <nfsv4@ietfa.amsl.com>; Thu, 22 Sep 2016 05:06:28 -0700 (PDT)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62E8912BBA8 for <nfsv4@ietf.org>; Thu, 22 Sep 2016 04:59:42 -0700 (PDT)
Received: by mail-oi0-x230.google.com with SMTP id a62so94575808oib.1 for <nfsv4@ietf.org>; Thu, 22 Sep 2016 04:59:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/htNXkJLS/5KbRjzZD4j4pxEH+ynz+p983Qypxl23Zw=; b=cG//dYzKm0kXwRG8TizpvNiygZTN3+E4SmMrM3pTCahquyyHuLJKzSkkl3RJ9il443 shmTsH+vkyWQwWWqzOaT8OiRyISnrF1xbGs83kv9qjtqz7UrAzg3UQEa7n1jjf6K3nzG ysxkt6WH4bcq68itvAwaaA5A9AE8LQuBKWcZUncuoCzm5YOb5HWyMFvlZK81XrYWHVNn HIY4EZhG9YuV+gIUo9IOP5ATZlcd7ZNygPbc0Xpzsm9i7xSbFAp0dqqugEbj/52W4GxB PS4CXDkW5m1V009XS4Vm1QLi9epBZ6XhiEY30fX/lAuDEQeEk3n4hPVvsM48YFTZ9uln Zfiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/htNXkJLS/5KbRjzZD4j4pxEH+ynz+p983Qypxl23Zw=; b=cnocoWY3/vm8p6xht1Lnv5E5YpbGPTWPnObvbaEIvV/bGdutFCBYGj6oFZtpw15T/s lvd7Ux8LiwQkC/7QCtIi5e72rFCnriscEb2PycAQJl/3XNqlYU7AUZYc3/THs+bxkv2g DewoLQQeUju3m2gTdGaIccQgZbWFV2quGUSl9FP8RD9/jfYV3bkvV/ZmBHHdtwhYwGhQ ai/62bLyZBl1e2ml7vAuKDEf6/YiBkIs7opiz1QNHrxqA4JUyugi8sUl24/CrJn4qZqw rGNbUbFazBspEO4xJ3Q2J74G1Uv23nbHNwr4OFhw1aWH8KnqZ7dG8wb9fY1GlYwB7Uu5 MiMQ==
X-Gm-Message-State: AE9vXwP6f5LmjNpJdJxBTSH1nzisFZa5Bx/VoUb0RYtPcwncdjtpWef7pHD/GjuvcZc5N4b3yuCfKvwK+N3zWA==
X-Received: by 10.202.76.207 with SMTP id z198mr1729482oia.29.1474545581641; Thu, 22 Sep 2016 04:59:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.192.10 with HTTP; Thu, 22 Sep 2016 04:59:40 -0700 (PDT)
In-Reply-To: <20160921195339.GC24084@fieldses.org>
References: <CADaq8jfiRU7DTRYXGHZvMALAZWeRjhqcpo8Si3_diMt_5dNSMw@mail.gmail.com> <20160908010532.GA10658@fieldses.org> <CADaq8jcnananUPDHH4Vzhv93JTxZegsZLMCtZWFD-keHheKvHA@mail.gmail.com> <20160910200355.GA30688@fieldses.org> <BBB2EBDC-6F05-44C1-B45A-C84C24A9AD7F@netapp.com> <20160920213931.GC12789@fieldses.org> <CADaq8jeqr9WPeBeV0ruxwy+5omfgHhJFjAR=tCGL3N-Yjt0PuQ@mail.gmail.com> <20160921024531.GA17232@fieldses.org> <CADaq8jdUJG7zBwn7f2xtLO3gf4nvwjM2H00E6N2oTGP2b9Nzww@mail.gmail.com> <20160921141409.GA20963@fieldses.org> <20160921195339.GC24084@fieldses.org>
From: David Noveck <davenoveck@gmail.com>
Date: Thu, 22 Sep 2016 07:59:40 -0400
Message-ID: <CADaq8jfHUr_A=90UTPG7M5+7to3bM1DiYc6sAyYWYOXQTGeTiA@mail.gmail.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Content-Type: multipart/alternative; boundary="001a1134f97e9954f3053d176591"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/gPRd4Km2kve29IqkATAziS5VKqQ>
Cc: "Adamson, Andy" <William.Adamson@netapp.com>, "nfsv4@ietf.org" <nfsv4@ietf.org>
Subject: Re: [nfsv4] 4.0 trunking
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Sep 2016 12:06:33 -0000

> Great, let me know when there's something to review.

Right now I'm having trouble deciding exactly what needs to be fixed.
Clearly, the paragraph in section 5.8 containing the phrase "vanishingly
small" needs to be corrected since it is, as you pointed out, incorrect.
In the future, I'll refer to this as "the VS paragraph".

The question is what else, if anything needs to be fixed.  I had been
thinking that the problems you were seeing indicated that the algorithm in
section 5.8 needed correcting.  As it now appears that the Linux client had
implemented something different than that, the correctness of the algorithm
in section 5.8 has to be considered an open question.

> The Linux client looks like it's actually doing something even simpler,

And thus different!

So the questions we need to address are:

   - Whether the algorithm is section 5.8 has been implemented by any
   client.
   - Whether anybody has any reason to believe that that algorithm in
   section 5.8 would not work as described there, even when servers do not
   conform to the VS paragraph.

> basically:
>
>       1. a SETCLIENTID to IP address X1 returns a clientid.  You
>       confirm it and carry on.
>
>       2.  Some time later a SETCLIENTID to IP address X2 returns the
>       same clientid, and verifier V2.  To check whether X1 and X2
>       actually point to the same server:
>
>       3. Confirm that SETCLIENTID with SETCLIENTID_CONFIRM(client, V2)
>       sent to X1.
>

I don't see how that would be helpful.  By hypothesis, X1 and X2 both think
that a specific clientid4/verifier pair is valid.  If that is the case, a
SETCLIENTID_CONFIRM to X1 will succeed, independently of whether X1 and X2
are the same server or not.

> And I don't see how to shoehorn this extra check in there,

So, is the non-shoehorn-able extra check you are referring to the list item
3 above?  If that is the case, then it is easy to see how, given what you
have told us about how the server is assigning clientid4 and verifier
values, why this is commonly resulting in identifying separate servers as
the same.  On the other hand, I can see how someone reading the VS
paragraph might assume that the probability of this happening with two
different servers was "vanishingly small" and so punt.

> so I think it
> needs to add in the extra callback-changing SETCLIENTID to X1.

Although the text is not as clear as it might be , the intention of the
algorithm in section 5.8 is that the SETCLIENTID be done to X2 and
confirmed on X1.  It probably would work the other way around but the
critical part is that the SETCLIENTID and SETCLIENTID_CONFIRM have to go to
different IP addresses, in order to help determine whether  those two
addresses are connected to the same server.

> Oh, now that I look at it I think it's really easy.

Unfortunately, my experience has been that the probability, in this area,
of thinking that something is really easy, and it turning out tht way, is
"vanishingly small" :-(

> All we have to do
> is check that the verifier has changed since step 1.

How exactly do you expect to do that?

>If it has, continue to step 3,

If it has, then I don't see how they could be different servers.

> if it hasn't, they're different servers.

I'm not sure of the exact context here, but you have to be aware of the
possibility that a new verifier will not be generated because a given
request is treated as a replay.  If you are not doing a callback-changing
SETCLIENTIDs, it is easy to fall into this case.

On Wed, Sep 21, 2016 at 3:53 PM, J. Bruce Fields <bfields@fieldses.org>
wrote:

> On Wed, Sep 21, 2016 at 10:14:09AM -0400, J. Bruce Fields wrote:
> > On Wed, Sep 21, 2016 at 05:09:59AM -0400, David Noveck wrote:
> > > I think that works.  I'm going to look at how to update section 5.8 of
> > > RFC7931.
> >
> > Great, let me know when there's something to review.
> >
> > The Linux client looks like it's actually doing something even simpler,
> > basically:
> >
> >       1. a SETCLIENTID to IP address X1 returns a clientid.  You
> >       confirm it and carry on.
> >
> >       2.  Some time later a SETCLIENTID to IP address X2 returns the
> >       same clientid, and verifier V2.  To check whether X1 and X2
> >       actually point to the same server:
> >
> >       3. Confirm that SETCLIENTID with SETCLIENTID_CONFIRM(client, V2)
> >       sent to X1.
> >
> > And I don't see how to shoehorn this extra check in there, so I think it
> > needs to add in the extra callback-changing SETCLIENTID to X1.
>
> Oh, now that I look at it I think it's really easy.  All we have to do
> is check that the verifier has changed since step 1.  If it has,
> continue to step 3, if it hasn't, they're different servers.
>
> --b.
>

v2.23.0 | Report a Bug | By Email