CITI ASC status
From Linux NFS
University of Michigan/CITI NFSv4 ASC alliance
Status of October 2006
Task 1. pNFS Demonstration
Demonstration of pNFS with multiple back end methods (PVFS2 and File) including layout recall — LANL will replicate this demonstration at LANL working with CITI remotely
Development
We updated the Linux pNFS client and server to the 2.6.17 kernel level, and are preparing to rebase again for 2.6.19.
We updated the pNFS code base to draft-ietf-nfsv4-minorversion1-05. Testing identified multiple bugs, which we fixed.
The linux client separates common NFS code from NFSv2/3/4 code by using version specific operations. We rewrote the Linux pNFS client to use its own set of version specfic operations. This provides a controlled interface to the pNFS code, and eases updating the code to new kernel versions.
Four client layout modules are in development.
- File layout driver (CITI, Network Appliance, and IBM Almaden).
- PVFS2 layout driver (CITI).
- Object layout driver (Panasas).
- Block layout driver (CITI).
To accommodate the requirements of the multiple layout drivers, we expanded the policy interface between the layout driver and generic pNFS client. This interface allows layout drivers to set the following policies:
- stripe size
- writeback cache gathering policies
- blocksize
- read and write threshold
- timing of layoutget invocation
- determine if I/O uses pagecache or direct method
We are designing and coding a pNFS client layout cache to replace the current implementation, which supports only a single layout per inode.
We improved the interface to the underlying file system on the Linux pNFS server. The new interface is being used by the Panasas object layout server, the IBM GPFS server, and the PVFS2 server.
We are coding the pNFS layout management service and file system interfaces on the Linux pNFS server to do a better job of bookkeeping so that we can extend the layout recall implementation, which is limited to a single layout.
We have continued to develop the PVFS2 layout driver and PVFS2 support in the pNFS server. The layout driver I/O interface supports direct access, page cache access with NFSv4 readahead and writeback, and the O_DIRECT access method. In addition, PVFS2 now supports the pNFS file-based layout, which lets pNFS clients choose how they access the file system.
We demonstrated how pNFS can improve the overall write performance of parallel file systems by using direct, parallel I/O for large write requests and the NFSv4 storage protocol for small write requests. To switch between them, we added a write threshold to the layout driver. Write requests smaller than the threshold follow the slower NFSv4 data path. Write requests larger than the threshold follow the faster layout driver data path. D. Hildebrand, L. Ward, and P. Honeyman, "Large Files, Small Writes, and pNFS," in Proc. of the 20th ACM International Conf. on Supercomputing, Cairns, Australia, 2006.
We improved the performance and scalability of pNFS file-based access with parallel file systems. Our design, named Direct-pNFS, augmented the file-based architecture to enable file-based pNFS clients to bypass intermediate data servers and access heterogeneous data stores directly. Direct access is possible by ensuring file-based layouts match the data layout in the underlying file system and giving pNFS clients the tools to effectively interpret and utilize this information. Experiments with Direct-pNFS demonstrate I/O throughput that equals or outperforms the exported parallel file system across a range of workloads. D. Hildebrand and P. Honeyman, "Direct-pNFS: Simple, Transparent, and Versatile Access to Parallel File Systems," CITI Technical Report 06-8, October 2006.
We developed prototype implementations of pNFS operations:
- OP_GETDEVICELIST,
- OP_GETDEVICEINFO,
- OP_LAYOUTGET,
- OP_LAYOUTCOMMIT,
- OP_LAYOUTRETURN and
- OP_CB_LAYOUTRECALL
We continue to test the ability of our prototype to send direct I/O data to data servers.
Milestones
At the September 2006 NFSv4 Bake-a-thon, hosted by CITI, we continued to test the ability of CITI's Linux pNFS client to operate with multiple layouts, and the ability of CITI's Linux pNFS server to export pNFS capable underlying file systems.
We demonstrated the Linux pNFS client support for multiple layouts by copying files between multiple pNFS back ends.
The following pNFS implementations were tested.
File Layout
- Clients: Linux, Solaris
- Servers: Network Appliance, Linux IBM GPFS, DESY dCache, Solaris, PVFS2
Object layout
- Client: Linux
- Servers: Linux, Panasas
Block layout
- Client: Linux
- Server: EMC
PVFS2 layout
- Client: Linux
- Server: Linux
Activities
Our current Linux pNFS implementation uses a single whole file layout. We are extending the layout cache on the client and layout management on the server to support multiple layouts and small byte ranges.
In cooperation with EMC, we continue to develop a block layout driver module for the generic pNFS client.
We continue to measure I/O performance.
We joined the Ultralight project and are testing pNFS I/O using pNFS clients on 10 GbE against pNFS clusters on 1 GbE. The Linux pNFS client included in the Ultralight kernel and distributed to Ultralight sites, providing opportunities for future long-haul WAN testing.
Task 2. Client Migration
Migration of client from one mount/metadata server to another to be demonstrated. This demonstration may be replicated at LANL depending on success of this work.
Status
When a file system moves, the old server notifies clients with NFS4ERR_MOVED. Clients then reclaim state held on the old server by engaging in reboot recovery with the new server. For cluster file systems, server-to-server state transfer lets clients avoid the reclaim.
We redesigned state bookkeeping to ensure that state created on NFSv4 servers exporting the same cluster file system will not collide.
Server reboot recovery requires servers to save the clientid of active clients in stable storage. The present server implementation does this by writing directly to a filesystem via the vfs layer. A new server instance reads the state from stable storage, again directly via the vfs. We are rewriting this implementation to use a pipefs upcall/downcall interface instead of directly using the vfs layer, and are expanding the interface to support an upcall/downcall of all a clients in-memory state. The userland daemon can then support server-to-server state transfer to the cooresponding daemon on a new server. We have a prototype of the new upcall/down call interface, and have yet to prototype the server-to-server state transfer.
It remains to inform clients that state established with the old server remains valid on the new server. The IETF NFSv4 working group is considering solutions for the NFSv4.1 protocol, but NFSv4.0 clients will not have support for this feature. We will therefore need to provide Linux specific implementation support - perhaps a mount option or a /proc flag, or simply to try to use an old clientid against a new server on migration.
Task 3. Lock Analysis
Analysis of caching and lock coherency, demonstration of caching and lock performance with scaling, under various levels of conflict, using byte range locks (looking at lock splitting issues etc.).
Background
The NFSv4 protocol supports three different lock-like operations: opens, byte-range locks, and delegations.
Opens
Unlike previous versions of NFS, NFSv4 has an on-the-wire OPEN operation.
The OPEN call includes the expected access mode, which may be read, write, or both. But it also includes a "deny" mode, which may be read, write, or both, or none. The server fails any open which whose access mode overlaps the deny mode of an existing open, or whose deny mode overlaps the access mode of an existing open.
Deny modes are not currently used by UNIX-like clients, our main focus, so we don't study this case.
However, all clients still do perform an OPEN each time an application opens a file, for several reasons: to ensure correct behavior in the presence of Windows clients, to request delegations, and to establish the state necessary to get posix byte-range locks, among other reasons.
All versions of NFS also tie data caching to open and close: data is flushed before close, and attributes revalidated before open, in such a way as to guarantee that the data seen after an open will always reflect writes any other client performed using file descriptors that were closed before the open.
POSIX byte-range locks
POSIX byte-range locks are managed by applications using fcntl(). Each lock request has a byte-range and a type of read or write. Read locks conflict only with write locks, whereas write locks conflict with any other locks. Applications may perform read locks only on files which they have open for read, and write locks only on files which they have open for write.
Byte-range locks are normally advisory; that is, they do not conflict with IO operations. Such mandatory locking is supported by many unix-like operating systems, appears to be rarely used.
The NLM sideband protocol enables byte-range locks for versions of NFS earlier than NFSv4. NFSv4 incorporates byte-range locking into the main protocol. This makes it possible to support mandatory byte-range locking, but support for mandatory byte-range locking over NFSv4 is not supported by the linux implementation, and no support is planned at this time.
As with opens, byte-range locks also affect data caching: unlocks are not allowed to succeed until modified data in the locked range is written to the server, and locks must revalidate file data. Thus writes performed under a lock has been unlocked will be visible to any reader that locks the region after the unlock.
Delegations
A server may optionally return a "delegation" with the response to any open call. Delegations may be of type read or write. Servers must guarantee that no client ever holds a read delegation for on a file that another client has open for write, or has a write delegation for. Similarly no client may hold a write delegation on a file that another client has open for read.
A server is never required to give out a delegation. Also, it may ask for the delegation back at any time, at which point the client is required to do what is necessary to establish on the server any opens or locks which it has performed locally before returning the delegation. Once returned, the client cannot regain the delegation without performing another open.
An NFS client is not normally synchronously notified of changes performed by another client, but as long as a client holds a delegation, the above rules guarantee that it will be. In theory it might be possible for applications to take advantage of this increased cache consistency. However, this is not useful in practice since a server is never required to give out a delegation. Also, a server can ask for a delegation back at any time.
Thus clients do not expose the existence of delegations to applications the way they do opens and locks. Instead, clients use delegations to provide increased performance: delegations allows clients to perform open and lock calls locally--in the case of a read delegation, read opens and read locks may be performed without contacting the server, and in the case of a write delegation, any opens and locks may be performed without contacting the server. This also relieves the client of the responsibility to flush dirty data and revalidate data caches.
When a server recalls a delegation, the client is required to perform opens, locks, and writes to the server as necessary to inform the server of any state that the client has established only locally. Conflicting opens will be delayed until this process is completed.
Results
Lacking examples of real-world lock-intensive workloads, we have performed a few microbenchmarks to measure such things as the cost of acquiring a single lock with and without a delegation.
Hardware
solo machine / NFS client:
IBM/Lenovo Thinkpad T43 2GHz Pentium M CPU 512 MB RAM 1000bT NIC 5400 RPM Ultra-ATA 80GB HD running 2.6.17-CITI
NFS server:
1GHz Athlon 64 3000+ CPU 512 MB RAM 1000bT NIC 7200 RPM SATA-II 80GB HD
Whole-file locks across multiple files, with and without delegations
whole-file locking
1. Mount the filesystem. 2. Open a single file (unrelated to any below). 3. Open N files. 4. Get N locks, one lock per file. 5. Close all opened files. 6. Unmount the filesystem.
Two timings are produced for each run: the first is total elapsed time for steps 3 and 3; the second is average time elapsed for step 4.
For the tests without delegations, we turn off file leases on the server, which has the effect of preventing the server from giving out any read delegations. For comparison purposes, we also run the same test on a local filesystem (XXX: ext3?).
Note that step 2 is required because the server is sometimes unable to give out a delegation on the first open it receives, for technical reasons having to do with the way delegations work in the NFSv4 protocol.
The most obvious result is that, as hoped, locks have much lower latency when performed in the presence of a delegation; the latency is, in fact, nearly identical to that in the local case.
We have not attempted to understand the growth in latency as the number of files increases. We expect the explanation to not be related specifically to locking.
(XXX: More pertinent to the scalability question would be network load (count rpc's in each case) and server load (look at cpu load or whatever on the server)).
Locking multiple byte ranges on the same file
byte-range locking
Recalling delegations with cached locks
delegation recall with locks
In this test, a client acquires N read locks on a single delegated file and holds them. We then open that file for write on the server, and time the open.
Note that the open cannot succeed until the client has established all N of its cached locks on the server and returned the delegation.
(XXX: No idea what to conclude here.)
Time to acquire a newly available lock
local herd-time
When an unlock or downgrade makes a lock available to waiting processes, even when we know that not all will be able to grant the lock.
The addition to the locking code of an unrelated feature necessary for NFSv4 has made it desireable to modify the code so that it wakes only processes that will be able to acquire the lock.
To measure the effect of this change, we had N processes request an exclusive whole-file lock on a single file that was already locked by another processes. We then unlocked the file, and measured two times: the time until the first waiting processes succesfully acquired the lock, and the time till all the processes have retried the lock, failed, and gone back to sleep.
We also ran the test with our "fair queueing" patch applied, in which case we measure only the time till one of the waiters has acquired the lock (since the other waiters are not woken in this case).
The result shows that with less than 100 waiting processes, the patched kernel is able to grant the lock to the first waiter more quickly than the unpatched kernel could.
However, for larger N the time for the patched kernel to grant the acquired lock appears to be more than the time for the unpatched kernel to grant the lock and return all waiting processes to the waitqueue. We do not yet understand the reasons for this.
(XXX: Are these times the result of one trial? What's the variance like?)
demonstration of caching and lock performance with scaling sounds sorta like the various timing tests we already have.. "scaling" -- multiclient stuff? you'd talked about polling strategies before? ..under various levels of conflict "conflict"? like recalled delegations when you have local locks? .. or do they just mean "what happens when locklists get long?" local/NFS byte-range numbers and herdtime numbers byte-range locks (look at, e.g., lock-splitting issues) can/should we try to come up with a more-representative case than a 30M file, perhaps? local/NFS byte-range and whole-file numbers
tests with atro.citi.umich.edu as server -- local/NFS whole-file locking -- local/NFS byte-range locking -- local/NFS delegation recall with locks -- local/NFS recalling multiple delegations -- NFS cost of delegated OPEN -- local herd-time: timing unlock-to-locklist-quiescence
various testing minions in CVS: CVSROOT=/afs/citi.umich.edu/projects/CVS-richterd module: nfs/TESTING err.. little tool info
random garbage.
-- ?.. don't like this test overmuch. -d // VFS herd-thru: how many lock/write/unlocks per second with N processes?
-- ? NFS herd-thru: how many lock/write/unlocks per second with N processes? (no delegations) tests client polling strategy
-- ? NFS herd-time-1: what's time from unlock-to-locklist-quiescence with N processes? (no delegations) tests client polling strategy
-- ? kinda covered already. -d // byte-range: lock whole file, then unlock 1 byte. compare to normal whole-file unlock.
? -- how long does it take to recall 1 delegation from 1 guy vs. recalling 1 delegation from 100 guys? (svr: apikia; clts: pugna, atro, bogo, dragonwell, guangzhou, shenzhen, l99(?), la1(?), spin(?), rip(?)) ? -- how long does it take to recall 1 delegation from 1 guy vs. recalling 100 delegations from 1 guy? well, how do we trigger all those recalls simultaneously? ? -- how do we test cost-of-recall? maybe estimate and recommend decent delay-factor on the server and try it (is it better to have the server stall for X ms in order to save client 20X ms from generic ERR_DELAY pause?) maybe recommend possibility of making it adaptive? (e.g., factor in per-client RTT, "good behavior", etc) but what's the advantage if we just refuse to grant after that one break? -- since we must avoid ping-ponging when, e.g., two guys are both appending to a logfile --> if serially breaking a bunch of delegations all at once, we get to do them in (numFiles * X ms) instead of ~ (numFiles * 20X ms) .. to avoid the Opera-startup-problem, just implement the "i-don't-break-my-own" + "upgrade-delegation-type" and forget about delays altogether?
Task 4. Directory Delegations
Analysis of directory delegations – how well does it work and when, when does it totally not work.
Background
Directory delegations promise to extend the usefulness of dentry caching in two ways. First, the client is no longer forced to revalidate the dentry cache after a timeout. Second, while positive caching can be treated as a hint, negative caching without cache invalidation violates open-to-close semantics. Directory delegations allow the client to cache negative results.
For example, if a client opens a file that does not exist, it issues an OPEN RPC that fails. But a subsequent open of the same file might succeed, if the file is created in the interim. Open-to-close semantics requires that the newly created file be seen by the client, so the earlier negative result can not be cached. Consequently, subsequent opens of the same non-existent file also require OPEN RPC calls being sent to the server. This example is played out repeatedly when the shell searches for executables in PATH or when the linker searches for shared libraries in LD_LIBRARY_PATH.
With directory delegations, the server callback mechanism can guarantee that no entries have been added or modified in a cached directory, which allows consistent negative caching and eliminates repeated checks for non-existent files.
Status
We implemented directory delegations in the Linux NFSv4 client and server.
Our server implementation follows the file delegations architecture. We extended the lease API in the Linux VFS to support read-only leases on directories and NFS-specific lease-breaking semantics.
We implemented a /proc interface on the server to enable or disable directory delegation at run time. At startup, the client queries the server for directory delegation support.
The server has hooks for a policy layer to control the granting of directory delegations. (No policy is implemented yet.) When and whether to acquire delegations is also a client concern.
Testing
We are testing delegation grant and recall in a test rig with one or two clients. Testing consists mostly of comparing NFS operation-counts when directory delegations is enabled or disabled.
Tests range from simple UNIX utilities — ls, find, touch — to hosting a CVS repository or compiling with shared libraries and header files on NFS servers. Tests will become more specific.
We have extended PyNFS to support directory delegations. So far, the support is basic and the tests are trivial. Tests will become more specific.
We are designing mechanisms that allow simulation experiments to compare delegation policies on NFSv4 network traces.
Task 5. NFS Server Load
How do you specify/measure NFS Server load?
Status
To frame the task, consider identical symmetric servers with a cluster file system back end and a task running on one of them. Can we compare the load on the servers to determine whether there would be a benefit to migrating a client from one to the other?
Answering this question requires that we define a model of load based on measurable quanta.
Given a model, the next step is to write a tool that collects the factors that influence load and to measure how well the model accurately predicts performance.
Goals
If an application is running at less than peak performance, the load model should tell us whether the bottleneck is in the server, the client, or elsewhere.
If the bottleneck is in the server, one option for improving application performance is replacing server components with faster ones. Another option is to add servers. A third option is to migrate the application to a lightly-loaded server.
* Actually, the second option is fruitless without the third.
Factors that influence server load
Disks
The rate at which a single file in a server file system can be depends on many factors, including characteristics of the disk hardware (rotation speed, access latency, etc.), the disk controller, the bus, the layout of files on the disk, the size of the transfer, and the degree of caching. The overall bandwidth of a file system also depends on the degree of striping and distribution of requests across disks.
The iostat command can reveal a bottleneck due to server disks if seek or transfer rates approach maximum values. For a given server configuration, these values can be measured directly. It might be possible to predict these values for a given hardware ensemble.
CPU
Server threads compete with one another and with the operating system for access to the CPU. Excess offered load can exhaust the availability of server threads.
* how would we know if this were to happen? * would it suffice to simply allocate more threads? * or are there pathological cases to consider?
Overall CPU utilization can be measured, also with iostat, but there may be other factors influencing the allocation of CPU to server threads. For example, excessive pressure on the memory or interrupt subsystem can force the operating system to intervene.
Interrupts
Interrupt rates can be measured with
* i forget :-(
For a given hardware configuration, a threshold can be measured experimentally.
Memory
The memory subsystem is complex and varies among operating systems. Applications compete with one another for virtual memory. Often, they also compete with the file system, which uses the virtual memory subsystem for its in-memory cache.
Often, excess demand for memory is reflected by early eviction of pages in virtual memory. The vmstat command shows the pageout rate, which does not measure early eviction, but does reflect overall memory pressure.
Network
Network utilization is the ratio of delivered bandwidth to maximum available bandwidth. Maximum available bandwidth is a property of network hardware. Delivered bandwidth can be measured with the netstat command.
Full-duplex network technologies can deliver maximal bandwidth in both directions, while half-duplex network technologies are limited to delivering the sum of the two directions.
* i believe that ius a true statement ...
Measuring load
Each measured value can be expressed as a ratio between 0 (idle) and 1 (at capacity). For each value, there is a program that consumes the corresponding resource.
The overall performance of a server can be tested by measuring NFS performance directly with microbenchmarks. Candidate microbenchmarks include NULL RPC, and small READ RPC, large READ RPC, small WRITE RPC, and large WRITE RPC.
The usefulness of a measured value can be tested by comparing microbenchmark performance as the resource is consumed.
It is useful to sample the instantaneous values, and to track them over time with a damping function that shows the averages over the last second, minute, five minutes, etc.
How do we check usefulness of this information?
boot with reduced resources somehow, see if increasing resources increases performance as predicted?
Disk bandwidth
vary size of raid arrays, bandwidth of disk interfaces?
Or run another process that soaks up some percentage of bandwidth??
CPU load
CPU throttling??
Just try different totally random machines? Vary workload? How do we get a light vs. heavy workload?
How do we measure performance of each? Increasing clients until we see performance degredation due to server bottlenecks would be obvious thing to do....)
Measures of load
what do we use to determine if our measure of load is correct?
- single rpc latency measured from a client?
- time to complete some other task, measured from a single client (not actually involved in loading the server)?
- rpc's per second?
Configuration parameters on server that can be varied
- number of server threads
- number of connections per server thread
- request queue lengths (# of bytes waiting in tcp socket)
Some special situations that can be problems (from Chuck)
- reboot recovery: everyone is recovering at once.
- mount storms: a lab full of clients may all mount at once, or a cluster job may trigger automount from all clients at once.
Possible benchmark sources, for this and locking scalability
postmark
looks pretty primitive: mixture of reads, writes, creates, unlinks. No locks.
filebench
also no locking. Haven't figured out exactly what the various loads do. Is there actually an active developer community?
See Bull.net's list?
- Bonnie++
- FStress
- dbench: simulates filesystem activity created by a samba server running the proprietary SMB benchmark "netbench". Maybe not so useful.
- Do-it-ourselves modify postmark or filebench? set up a mailserver (e.g.), send it fake mail. get traces from working servers
* Dean: Not sure what you guys are looking for here ("...for this..."), but iozone can use locks and nothing will stress out your server like IOR since it can scale to 1000s of clients. If you are looking for metadata tests, LLNL and other labs have some (mdtest, etc) Look at http://lbs.sourceforge.net/, http://www.llnl.gov/asci/purple/benchmarks/limited/, http://www.cs.dartmouth.edu/pario/examples.html, http://www.llnl.gov/icc/lc/siop/downloads/download.html)