Ipv6PlanningDocument

From Linux NFS

Revision as of 18:16, 15 September 2009 by Chucklever (Talk | contribs)
Jump to: navigation, search

Contents

NFS on IPv6 Working Document

This article contains a rough implementation roadmap for IPv6 support in the Linux NFS client and server.

Project Goals

This effort will provide support in the Linux NFS client and server implementations for IPv6 networking. This includes all current versions of the NFS protocol (2, 3 and 4) and any supported auxiliary protocols (MNT, NLM, NSM, NFS_ACL, NFSv4 callback, rpcbind). User space support (idmapd, gssd, svcgssd, statd, sm-notify, mount/umount/showmount, mountd, exportfs) is also included.

In order to provide an interoperating implementation, kernel and user space RPC implementations will also be upgraded to support Transport-Independent RPC (TI-RPC). This includes the sunrpc.ko module, the IP socket-based transport capability, the in-kernel GSSD implementation, rpcbind/portmaper, libtirpc, and rpcsecgss/gssglue/krb5.

The addition of IPv6 support should not effect the behavior or performance of bog standard IPv4 NFS installations.

For now, we assume that IPv4 will always be present. Communication between separate components on the same host will continue to use IPv4 loopback.

What Is Taking So Long?

Before support for NFS over IPv6 can be introduced, some major infrastructure overhaul has been required.

The NFS client's mount stack has been converted to using an in-kernel MNT client; mount options are now passed to the kernel via a C string instead of in a versioned binary blob. There are several advantages to using a C string here, but the main benefit for IPv6 support is that we can easily support larger addresses and additional mount options without co-ordinating a version change between the kernel and the mount command.

An RPC transport capability switch has been added to the kernel (both client and server) to enable IPv6-capable network transports. Support for TI-RPC has been introduced to the Linux user space via libtirpc and rpcbind.

The TI-RPC library presents some special challenges. First, it was implemented against the streams API, not for sockets. We took our port from the FreeBSD port, which was converted to use sockets. In addition, more contemporary versions of TI-RPC exist but are licensed under CDDL, which is not compatible with GPL. The stock Sun implementation is now about 15 years old. There are no longer any engineers at Sun with implementation experience in this area, and the documentation and specifications are incomplete, to say the least, so much of this has been done by guesswork and extensive source code archaeology. Finally, TI-RPC is close, but not perfectly API- and ABI-compatible with legacy RPC implementations such as the one in glibc.

The mount command was also challenging because the nfs-utils code base is over a decade old, but there are no unit tests or requirements documents that explain exactly how its features are supposed to work. The Linux mount command implements some features (such as probing the server to see what transport protocols and NFS versions are supported) that are difficult to implement using stock TI-RPC library calls. At least two complete re-implementations of the RPCB_GETADDR/PMAP_GETPORT RPC calls have to be implemented to support these legacy features, as TI-RPC hides much of this complexity.

Lack of adequate documentation of legacy feature requirements has been a major stumbling block. The man pages are either not complete, or are not specific about certain behaviors. There is little or no documentation of specific use cases for which these features are designed. In addition, it has been difficult to locate general IPv6 expertise.

As you can tell, these pre-requisites are already a substantial amount of development effort.

Work To Date

As of September, 2009, the following items have been completed upstream:

  • implementation of a new transport capability switch in the kernel's RPC client and server implementation
  • support for additional address families in the kernel's RPC client and server implementation and server-side authentication cache
  • support for IPv6 networking in the IP socket transport in the kernel's RPC client and server implementation
  • support for IPv6 and rpcbind protocol version 4 (port-only) in the kernel's rpcbind client implementation
  • NFS mount command split out of the stock Linux mount command into a subcommand
  • conversion of the NFS mount operation to send mount options via a C string instead of a binary blob
  • support for port-only rpcbind v4 GETADDR requests in the mount.nfs command
  • support for AF_INET6 family addresses in the NFS client and server implementation
  • support for IPv6 server address parsing in the NFS client
  • support for IPv6 in the client's NFSv4 callback service
  • replacement of Linux's user space portmapper implementation with a port of rpcbind
  • introduction of a port of libtirpc to user space
  • support for IPv6 in the Linux kernel's lockd and NSM implementation
  • support for IPv6 and netids in the mount.nfs command
  • support for IPv6 in gssd
  • support for IPv6 in rpc.nfsd

Now In Prototype

  • support for IPv6 and TI-RPC for NSM reboot notification (sm-notify command and rpc.statd daemon)
  • support for IPv6 in the kernel's NFS server
  • support for IPv6 and TI-RPC for server-side MNT protocol (rpc.mountd and exportfs)

Remaining To Do

  • TCP wrapper support for IPv6
  • full documentation for using IPv6 with the NFS client and server
  • support for IPv6 in Linux port of Kerberos
  • support for IPv6 in svcgssd
  • harden libtirpc
  • audit kernel RPCSEC GSSAPI implementation for IPv6 requirements
  • audit rpc.idmapd implementation for IPv6 requirements
  • support IPv6 addresses during NFSv4 migration events
  • complete review of work to date with eye towards eliminating code duplication
  • support in lockd for multiple caller_names
  • full support for site- and link-local IPv6 addresses

[Red Hat bugzilla 463530] tracks efforts to incorporate this upstream work into RHEL 6.

Future Work

  • support native IPv6 (no IPv4 present at all)
  • reimplement libtirpc, rpcbind, and rpcgen from scratch
  • support specifying a netid instead of a protocol name via a mount option
  • implement rpcbind service in the kernel
  • replace legacy RPC implementation in glibc with libtirpc
  • merge librpcsecgss into libtirpc

Corner Cases

  • how to deal with netids in the kernel (no way to invoke getnetconfig)
  • kernel support for AF_UNIX sockets (to support authenticated access to rpcbind)

Rough Test Plan

NetApp, Oracle and now Red Hat meet during NFS Connectathon and bake-a-thon events to perform IPV6 interoperability testing between prototype NetApp filers and systems running Linux and Solaris. So far we have focused on running the Connectathon suite over IPv6, with additional specific tests for NSM lock recovery and NFSv4 delegation callback. We have also spent some effort to make sure that version and transport protocol fallback work for NFSv2/v3 mounts.

See also: SGI NFS Test Tools

Personal tools