idnits 2.17.1 draft-ietf-nfsv4-pnfs-block-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 17. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 1115. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1092. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1099. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1105. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 1) being 59 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year == Line 254 has weird spacing: '... opaque conte...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 25, 2008) is 5905 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NFSv4 Working Group David L. Black 3 Internet Draft Stephen Fridella 4 Expires: August 25, 2008 Jason Glasgow 5 Intended Status: Proposed Standard EMC Corporation 6 February 25, 2008 8 pNFS Block/Volume Layout 9 draft-ietf-nfsv4-pnfs-block-06.txt 11 Status of this Memo 13 By submitting this Internet-Draft, each author represents that 14 any applicable patent or other IPR claims of which he or she is 15 aware have been or will be disclosed, and any of which he or she 16 becomes aware will be disclosed, in accordance with Section 6 of 17 BCP 79. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF), its areas, and its working groups. Note that 21 other groups may also distribute working documents as Internet- 22 Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as "work in progress." 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/ietf/1id-abstracts.txt 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html 35 This Internet-Draft will expire in September 2007. 37 Abstract 39 Parallel NFS (pNFS) extends NFSv4 to allow clients to directly access 40 file data on the storage used by the NFSv4 server. This ability to 41 bypass the server for data access can increase both performance and 42 parallelism, but requires additional client functionality for data 43 access, some of which is dependent on the class of storage used. The 44 main pNFS operations draft specifies storage-class-independent 45 extensions to NFS; this draft specifies the additional extensions 46 (primarily data structures) for use of pNFS with block and volume 47 based storage. 49 Conventions used in this document 51 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 52 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 53 document are to be interpreted as described in RFC-2119 [RFC2119]. 55 Table of Contents 57 1. Introduction...................................................3 58 1.1. General Definitions.......................................3 59 1.2. XDR Description of NFSv4.1 block layout...................4 60 2. Block Layout Description.......................................5 61 2.1. Background and Architecture...............................5 62 2.2. GETDEVICELIST and GETDEVICEINFO...........................6 63 2.2.1. Volume Identification................................6 64 2.2.2. Volume Topology......................................7 65 2.2.3. GETDEVICELIST and GETDEVICEINFO deviceid4............9 66 2.3. Data Structures: Extents and Extent Lists................10 67 2.3.1. Layout Requests and Extent Lists....................12 68 2.3.2. Layout Commits......................................13 69 2.3.3. Layout Returns......................................14 70 2.3.4. Client Copy-on-Write Processing.....................14 71 2.3.5. Extents are Permissions.............................16 72 2.3.6. End-of-file Processing..............................17 73 2.3.7. Layout Hints........................................18 74 2.3.8. Client Fencing......................................18 75 2.4. Crash Recovery Issues....................................20 76 2.5. Recalling resources: CB_RECALL_ANY.......................21 77 2.6. Transient and Permanent Errors...........................21 78 3. Security Considerations.......................................22 79 4. Conclusions...................................................23 80 5. IANA Considerations...........................................23 81 6. Acknowledgments...............................................23 82 7. References....................................................24 83 7.1. Normative References.....................................24 84 7.2. Informative References...................................24 85 Authors' Addresses...............................................24 86 Intellectual Property Statement..................................25 87 Disclaimer of Validity...........................................25 88 Copyright Statement..............................................26 89 Acknowledgment...................................................26 91 1. Introduction 93 Figure 1 shows the overall architecture of a pNFS system: 95 +-----------+ 96 |+-----------+ +-----------+ 97 ||+-----------+ | | 98 ||| | NFSv4.1 + pNFS | | 99 +|| Clients |<------------------------------>| Server | 100 +| | | | 101 +-----------+ | | 102 ||| +-----------+ 103 ||| | 104 ||| | 105 ||| +-----------+ | 106 ||| |+-----------+ | 107 ||+----------------||+-----------+ | 108 |+-----------------||| | | 109 +------------------+|| Storage |------------+ 110 +| Systems | 111 +-----------+ 113 Figure 1 pNFS Architecture 115 The overall approach is that pNFS-enhanced clients obtain sufficient 116 information from the server to enable them to access the underlying 117 storage (on the Storage Systems) directly. See the pNFS portion of 118 [NFSV4.1] for more details. This draft is concerned with access from 119 pNFS clients to Storage Systems over storage protocols based on 120 blocks and volumes, such as the SCSI protocol family (e.g., parallel 121 SCSI, FCP for Fibre Channel, iSCSI, SAS, and FCoE). This class of 122 storage is referred to as block/volume storage. While the Server to 123 Storage System protocol is not of concern for interoperability here, 124 it will typically also be a block/volume protocol when clients use 125 block/ volume protocols. 127 1.1. General Definitions 129 The following definitions are provided for the purpose of providing 130 an appropriate context for the reader. 132 Byte 134 This document defines a byte as an octet, i.e. a datum exactly 8 135 bits in length. 137 Client 139 The "client" is the entity that accesses the NFS server's 140 resources. The client may be an application which contains the 141 logic to access the NFS server directly. The client may also be 142 the traditional operating system client that provides remote file 143 system services for a set of applications. 145 Server 147 The "Server" is the entity responsible for coordinating client 148 access to a set of file systems and is identified by a Server 149 owner. 151 1.2. XDR Description 153 This document contains the XDR ([XDR]) description of the NFSv4.1 154 block layout protocol. The XDR description is embeded in this 155 document in a way that makes it simple for the reader to extract into 156 ready to compile form. The reader can feed this document into the 157 following shell script to produce the machine readable XDR 158 description of the NFSv4.1 block layout: 160 #!/bin/sh 161 grep "^ *///" | sed 's?^ *///??' 163 I.e. if the above script is stored in a file called "extract.sh", and 164 this document is in a file called "spec.txt", then the reader can do: 166 sh extract.sh < spec.txt > nfs4_block_layout_spec.x 168 The effect of the script is to remove both leading white space and a 169 sentinel sequence of "///" from each matching line. 171 The XDR header description, with the sentinel sequence follows, with 172 additional pieces throughout the document: 174 ////* 175 /// * This file was machine generated for 176 /// * draft-ietf-nfsv4-pnfs-block-06 177 /// * Last updated Tue Jan 29 02:57:06 CST 2008 178 /// */ 179 ////* 180 /// * Copyright (C) The IETF Trust (2007-2008) 181 /// * All Rights Reserved. 182 /// * 183 /// * Copyright (C) The Internet Society (1998-2006). 184 /// * All Rights Reserved. 185 /// */ 186 /// 187 ////* 188 /// * nfs4_block_layout_prot.x 189 /// */ 190 /// 191 ///%#include "nfsv41.h" 192 /// 194 2. Block Layout Description 196 2.1. Background and Architecture 198 The fundamental storage abstraction supported by block/volume storage 199 is a storage volume consisting of a sequential series of fixed size 200 blocks. This can be thought of as a logical disk; it may be realized 201 by the Storage System as a physical disk, a portion of a physical 202 disk or something more complex (e.g., concatenation, striping, RAID, 203 and combinations thereof) involving multiple physical disks or 204 portions thereof. 206 A pNFS layout for this block/volume class of storage is responsible 207 for mapping from an NFS file (or portion of a file) to the blocks of 208 storage volumes that contain the file. The blocks are expressed as 209 extents with 64 bit offsets and lengths using the existing NFSv4 210 offset4 and length4 types. Clients must be able to perform I/O to 211 the block extents without affecting additional areas of storage 212 (especially important for writes), therefore extents MUST be aligned 213 to 512-byte boundaries, and SHOULD be aligned to the block size used 214 by the NFSv4 server in managing the actual file system (4 kilobytes 215 and 8 kilobytes are common block sizes). This block size is 216 available as the NFSv4.1 layout_blksize attribute. [NFSV4.1] 218 The pNFS operation for requesting a layout (LAYOUTGET) includes the 219 "layoutiomode4 loga_iomode" argument which indicates whether the 220 requested layout is for read-only use or read-write use. A read-only 221 layout may contain holes that are read as zero, whereas a read-write 222 layout will contain allocated, but un-initialized storage in those 223 holes (read as zero, can be written by client). This draft also 224 supports client participation in copy on write (e.g. for file systems 225 with snapshots) by providing both read-only and un-initialized 226 storage for the same range in a layout. Reads are initially 227 performed on the read-only storage, with writes going to the un- 228 initialized storage. After the first write that initializes the un- 229 initialized storage, all reads are performed to that now-initialized 230 writeable storage, and the corresponding read-only storage is no 231 longer used. 233 2.2. GETDEVICELIST and GETDEVICEINFO 235 2.2.1. Volume Identification 237 Storage Systems such as storage arrays can have multiple physical 238 network ports that need not be connected to a common network, 239 resulting in a pNFS client having simultaneous multipath access to 240 the same storage volumes via different ports on different networks. 241 The networks may not even be the same technology - for example, 242 access to the same volume via both iSCSI and Fibre Channel is 243 possible, hence network addresses are difficult to use for volume 244 identification. For this reason, this pNFS block layout identifies 245 storage volumes by content, for example providing the means to match 246 (unique portions of) labels used by volume managers. Any block pNFS 247 system using this layout MUST support a means of content-based unique 248 volume identification that can be employed via the data structure 249 given here. 251 ///struct pnfs_block_sig_component4 { /* disk signature component */ 252 /// int64_t sig_offset; /* byte offset of component 253 /// on volume*/ 254 /// opaque contents<>; /* contents of this component 255 /// of the signature */ 256 ///}; 257 /// 259 Note that the opaque "contents" field in the 260 "pnfs_block_sig_component4" structure MUST NOT be interpreted as a 261 zero-terminated string, as it may contain embedded zero-valued bytes. 262 There are no restrictions on alignment (e.g., neither sig_offset nor 263 the length are required to be multiples of 4). The sig_offset is a 264 signed quantity which when positive represents an byte offset from 265 the start of the volume, and when negative represents an byte offset 266 from the end of the volume. 268 Negative offsets are permitted in order to simplify the client 269 implementation on systems where the device label is found at a fixed 270 offset from the end of the volume. If the server uses negative 271 offsets to describe the signature, then the client and server MUST 272 NOT see different volume sizes. Negative offsets SHOULD NOT be used 273 in systems that dynamically resize volumes unless care is taken to 274 ensure that the device label is always present at the offset from the 275 end of the volume as seen by the clients. 277 A signature is an array of up to "PNFS_BLOCK_MAX_SIG_COMP" (defined 278 below) signature components. The client MUST NOT assume that all 279 signature components are colocated within a single sector on a block 280 device. 282 The pNFS client block layout driver uses this volume identification 283 to map pnfs_block_volume_type4 PNFS_BLOCK_VOLUME_SIMPLE deviceid4s to 284 its local view of a LUN. 286 2.2.2. Volume Topology 288 The pNFS block server volume topology is expressed as an arbitrary 289 combination of base volume types enumerated in the following data 290 structures. 292 ///enum pnfs_block_volume_type4 { 293 /// PNFS_BLOCK_VOLUME_SIMPLE = 0, /* volume maps to a single 294 /// LU */ 295 /// PNFS_BLOCK_VOLUME_SLICE = 1, /* volume is a slice of 296 /// another volume */ 297 /// PNFS_BLOCK_VOLUME_CONCAT = 2, /* volume is a 298 /// concatenation of 299 /// multiple volumes */ 300 /// PNFS_BLOCK_VOLUME_STRIPE = 3 /* volume is striped across 301 /// multiple volumes */ 302 ///}; 303 /// 304 ///const PNFS_BLOCK_MAX_SIG_COMP = 16; /* maximum components per 305 /// signature */ 306 ///struct pnfs_block_simple_volume_info4 { 307 ///pnfs_block_sig_component4 ds; 308 /// /* disk signature */ 309 ///}; 310 /// 311 /// 312 ///struct pnfs_block_slice_volume_info4 { 313 /// offset4 start; /* offset of the start of the 314 /// slice in bytes */ 315 /// length4 length; /* length of slice in bytes */ 316 /// uint32_t volume; /* array index of sliced 317 /// volume */ 318 ///}; 319 /// 320 ///struct pnfs_block_concat_volume_info4 { 321 /// uint32_t volumes<>; /* array index of volumes 322 /// which are concatenated */ 323 ///}; 324 /// 325 ///struct pnfs_block_stripe_volume_info4 { 326 /// length4 stripe_unit; /* size of stripe in bytes */ 327 /// uint32_t volumes<>; /* array indices of volumes 328 /// which are striped across -- 329 /// MUST be same size */ 330 ///}; 331 /// 332 ///union pnfs_block_volume4 switch (pnfs_block_volume_type4 type) { 333 /// case PNFS_BLOCK_VOLUME_SIMPLE: 334 /// pnfs_block_simple_volume_info4 simple_info; 335 /// case PNFS_BLOCK_VOLUME_SLICE: 336 /// pnfs_block_slice_volume_info4 slice_info; 337 /// case PNFS_BLOCK_VOLUME_CONCAT: 338 /// pnfs_block_concat_volume_info4 concat_info; 339 /// case PNFS_BLOCK_VOLUME_STRIPE: 340 /// pnfs_block_stripe_volume_info4 stripe_info; 341 ///}; 342 /// 343 ///struct pnfs_block_deviceaddr4 { 344 /// pnfs_block_volume4 volumes<>; /* array of volumes */ 345 ///}; 346 /// 347 The "pnfs_block_deviceaddr4" data structure is a structure that 348 allows arbitrarily complex nested volume structures to be encoded. 349 The types of aggregations that are allowed are stripes, 350 concatenations, and slices. Note that the volume topology expressed 351 in the pnfs_block_deviceaddr4 data structure will always resolve to a 352 set of pnfs_block_volume_type4 PNFS_BLOCK_VOLUME_SIMPLE. The array 353 of volumes is ordered such that the root of the volume hierarchy is 354 the last element of the array. Concat, slice and stripe volumes MUST 355 refer to volumes defined by lower indexed elements of the array. 357 The "pnfs_block_device_addr4" data structure is returned by the 358 server as the storage-protocol-specific opaque field da_addr_body in 359 the "device_addr4" structure by a successful GETDEVICELIST operation. 360 [NFSV4.1]. 362 As noted above, all device_addr4 structures eventually resolve to a 363 set of volumes of type PNFS_BLOCK_VOLUME_SIMPLE. These volumes are 364 each uniquely identified by a set of signature components. 365 Complicated volume hierarchies may be composed of dozens of volumes 366 each with several signature components, thus the device address may 367 require several kilobytes. The client SHOULD be prepared to allocate 368 a large buffer to contain the result. In the case of the server 369 returning NFS4ERR_TOOSMALL the client SHOULD allocate a buffer of at 370 least gdir_mincount_bytes to contain the expected result and retry 371 the GETDEVICEINFO request. 373 2.2.3. GETDEVICELIST and GETDEVICEINFO deviceid4 375 The server in response to a GETDEVICELIST request typically will 376 return a single "deviceid4" in the gdlr_deviceid_list array. This is 377 because the deviceid4 when passed to GETDEVICEINFO will return a 378 "device_addr4" which encodes the entire volume hierarchy. In the 379 case of copy-on-write file systems, the "gdlr_deviceid_list" array 380 may contain two deviceid4's, one referencing the read-only volume 381 hierarchy, and one referencing the writable volume hierarchy. There 382 is no required ordering of the readable and writable ids in the array 383 as the volumes are uniquely identified by their deviceid4, and are 384 referred to by layouts using the deviceid4. Another example of the 385 server returning multiple device items occurs when the file handle 386 represents the root of a name space spanning multiple physical file 387 systems on the server, each with a different volume hierarchy. In 388 this example a server implementation may return either a list of 389 deviceids used by each of the physical file systems, or it may return 390 an empty list. 392 Each deviceid4 returned by a successful GETDEVICELIST operation is a 393 shorthand id used to reference the whole volume topology. These 394 device ids, as well as device ids return in extents of a LAYOUTGET 395 operation, can be used as input to the GETDEVICEINFO operation. 396 Decoding the "pnfs_block_deviceaddr4" results in a flat ordering of 397 data blocks mapped to PNFS_BLOCK_VOLUME_SIMPLE volumes. Combined 398 with the mapping to a client LUN described in 2.2.1 Volume 399 Identification, a logical volume offset can be mapped to a block on a 400 pNFS client LUN. [NFSV4.1] 402 2.3. Data Structures: Extents and Extent Lists 404 A pNFS block layout is a list of extents within a flat array of data 405 blocks in a logical volume. The details of the volume topology can 406 be determined by using the GETDEVICEINFO operation (see discussion of 407 volume identification, section 2.2 above). The block layout 408 describes the individual block extents on the volume that make up the 409 file. The offsets and length contained in an extent are specified in 410 units of bytes. 412 ///enum pnfs_block_extent_state4 { 413 /// PNFS_BLOCK_READWRITE_DATA = 0, /* the data located by this 414 /// extent is valid 415 /// for reading and writing. */ 416 /// PNFS_BLOCK_READ_DATA = 1, /* the data located by this 417 /// extent is valid for reading 418 /// only; it may not be 419 /// written. */ 420 /// PNFS_BLOCK_INVALID_DATA = 2, /* the location is valid; the 421 /// data is invalid. It is a 422 /// newly (pre-) allocated 423 /// extent. There is physical 424 /// space on the volume. */ 425 /// PNFS_BLOCK_NONE_DATA = 3 /* the location is invalid. It 426 /// is a hole in the file. 427 /// There is no physical space 428 /// on the volume. */ 429 ///}; 430 /// 431 ///struct pnfs_block_extent4 { 432 /// deviceid4 vol_id; /* id of logical volume on 433 /// which extent of file is 434 /// stored. */ 435 /// offset4 file_offset; /* the starting byte offset in 436 /// the file */ 437 /// length4 extent_length; /* the size in bytes of the 438 /// extent */ 439 /// offset4 storage_offset; /* the starting byte offset in 440 /// the volume */ 441 /// pnfs_block_extent_state4 es; /* the state of this extent */ 442 ///}; 443 /// 444 ///struct pnfs_block_layout4 { 445 /// pnfs_block_extent4 extents<>; /* extents which make up this 446 /// layout. */ 447 ///}; 448 /// 450 The block layout consists of a list of extents which map the logical 451 regions of the file to physical locations on a volume. The "storage 452 offset" field within each extent identifies a location on the logical 453 volume specified by the "vol_id" field in the extent. The vol_id 454 itself is shorthand for the whole topology of the logical volume on 455 which the file is stored. The client is responsible for translating 456 this logical offset into an offset on the appropriate underlying SAN 457 logical unit. In most cases all extents in a layout will reside on 458 the same volume and thus have the same vol_id. In the case of copy 459 on write file systems, the PNFS_BLOCK_READ_DATA extents may have a 460 different vol_id from the writable extents. 462 Each extent maps a logical region of the file onto a portion of the 463 specified logical volume. The file_offset, extent_length, and es 464 fields for an extent returned from the server are valid for all 465 extents. In contrast, the interpretation of the storage_offset field 466 depends on the value of es as follows (in increasing order): 468 o PNFS_BLOCK_READ_WRITE_DATA means that storage_offset is valid, and 469 points to valid/initialized data that can be read and written. 471 o PNFS_BLOCK_READ_DATA means that storage_offset is valid and points 472 to valid/ initialized data which can only be read. Write 473 operations are prohibited; the client may need to request a read- 474 write layout. 476 o PNFS_BLOCK_INVALID_DATA means that storage_offset is valid, but 477 points to invalid un-initialized data. This data must not be 478 physically read from the disk until it has been initialized. A 479 read request for a PNFS_BLOCK_INVALID_DATA extent must fill the 480 user buffer with zeros, unless the extent is covered by a 481 PNFS_BLOCK_READ_DATA extent of a copy-on-write file system. Write 482 requests must write whole server-sized blocks to the disk; bytes 483 not initialized by the user must be set to zero. Any write to 484 storage in a PNFS_BLOCK_INVALID_DATA extent changes the written 485 portion of the extent to PNFS_BLOCK_READ_WRITE_DATA; the pNFS 486 client is responsible for reporting this change via LAYOUTCOMMIT. 488 o PNFS_BLOCK_NONE_DATA means that storage_offset is not valid, and 489 this extent may not be used to satisfy write requests. Read 490 requests may be satisfied by zero-filling as for 491 PNFS_BLOCK_INVALID_DATA. PNFS_BLOCK_NONE_DATA extents may be 492 returned by requests for readable extents; they are never returned 493 if the request was for a writeable extent. 495 An extent list lists all relevant extents in increasing order of the 496 file_offset of each extent; any ties are broken by increasing order 497 of the extent state (es). 499 2.3.1. Layout Requests and Extent Lists 501 Each request for a layout specifies at least three parameters: file 502 offset, desired size, and minimum size. If the status of a request 503 indicates success, the extent list returned must meet the following 504 criteria: 506 o A request for a readable (but not writeable) layout returns only 507 PNFS_BLOCK_READ_DATA or PNFS_BLOCK_NONE_DATA extents (but not 508 PNFS_BLOCK_INVALID_DATA or PNFS_BLOCK_READ_WRITE_DATA extents). 510 o A request for a writeable layout returns 511 PNFS_BLOCK_READ_WRITE_DATA or PNFS_BLOCK_INVALID_DATA extents (but 512 not PNFS_BLOCK_NONE_DATA extents). It may also return 513 PNFS_BLOCK_READ_DATA extents only when the offset ranges in those 514 extents are also covered by PNFS_BLOCK_INVALID_DATA extents to 515 permit writes. 517 o The first extent in the list MUST contain the requested starting 518 offset. 520 o The total size of extents within the requested range MUST cover at 521 least the minimum size. One exception is allowed: the total size 522 MAY be smaller if only readable extents were requested and EOF is 523 encountered. 525 o Extents in the extent list MUST be logically contiguous for a 526 read-only layout. For a read-write layout, the set of writable 527 extents (i.e., excluding PNFS_BLOCK_READ_DATA extents) MUST be 528 logically contiguous. Every PNFS_BLOCK_READ_DATA extent in a 529 read-write layout MUST be covered by one or more 530 PNFS_BLOCK_INVALID_DATA extents. This overlap of 531 PNFS_BLOCK_READ_DATA and PNFS_BLOCK_INVALID_DATA extents is the 532 only permitted extent overlap. 534 o Extents MUST be ordered in the list by starting offset, with 535 PNFS_BLOCK_READ_DATA extents preceding PNFS_BLOCK_INVALID_DATA 536 extents in the case of equal file_offsets. 538 2.3.2. Layout Commits 540 struct pnfs_block_layoutupdate4 { 542 pnfs_block_extent4 commit_list<>; /* list of extents which now 543 contain valid data. */ 545 }; 547 The "pnfs_block_layoutupdate4" structure is used by the client as the 548 block-protocol specific argument in a LAYOUTCOMMIT operation. The 549 "commit_list" field is an extent list covering regions of the file 550 layout that were previously in the PNFS_BLOCK_INVALID_DATA state, but 551 have been written by the client and should now be considered in the 552 PNFS_BLOCK_READ_WRITE_DATA state. The es field of each extent in the 553 commit_list MUST be set to PNFS_BLOCK_READ_WRITE_DATA. The extents 554 in the commit list MUST be disjoint and MUST be sorted by 555 file_offset. The storage_offset field is unused. Implementers 556 should be aware that a server may be unable to commit regions at a 557 granularity smaller than a file-system block (typically 4KB or 8KB). 558 As noted above, the block-size that the server uses is available as 559 an NFSv4 attribute, and any extents included in the "commit_list" 560 MUST be aligned to this granularity and have a size that is a 561 multiple of this granularity. If the client believes that its 562 actions have moved the end-of-file into the middle of a block being 563 committed, the client MUST write zeroes from the end-of-file to the 564 end of that block before committing the block. Failure to do so may 565 result in junk (uninitialized data) appearing in that area if the 566 file is subsequently extended by moving the end-of-file. 568 2.3.3. Layout Returns 570 The LAYOUTRETURN operation is done without any block layout specific 571 data. When the LAYOUTRETURN operation specifies a 572 LAYOUTRETURN4_FILE_return type, then the layoutreturn_file4 data 573 structure specifies the region of the file layout that is no longer 574 needed by the client. The opaque "lrf_body" field of the 575 "layoutreturn_file4" data structure MUST have length zero. A 576 LAYOUTRETURN operation represents an explicit release of resources by 577 the client, usually done for the purpose of avoiding unnecessary 578 CB_LAYOUTRECALL operations in the future. The client may return 579 disjoint regions of the file by using multiple LAYOUTRETURN 580 operations within a single COMPOUND operation. 582 Note that the block/volume layout supports unilateral layout 583 revocation. When a layout is unilaterally revoked by the server, 584 usually due to the client's lease time expiring, or a delegation 585 being recalled, or the client failing to return a layout in a timely 586 manner, it is important for the sake of correctness that any in- 587 flight I/Os that the client issued before the layout was revoked are 588 rejected at the storage. For the block/volume protocol, this is 589 possible by fencing a client with an expired layout timer from the 590 physical storage. Note, however, that the granularity of this 591 operation can only be at the host/logical-unit level. Thus, if one 592 of a client's layouts is unilaterally revoked by the server, it will 593 effectively render useless *all* of the client's layouts for files 594 located on the storage units comprising the logical volume. This may 595 render useless the client's layouts for files in other file systems. 597 2.3.4. Client Copy-on-Write Processing 599 Copy-on-write is a mechanism used to support file and/or file system 600 snapshots. When writing to unaligned regions, or to regions smaller 601 than a file system block, the writer must copy the portions of the 602 original file data to a new location on disk. This behavior can 603 either be implemented on the client or the server. The paragraphs 604 below describe how a pNFS block layout client implements access to a 605 file which requires copy-on-write semantics. 607 Distinguishing the PNFS_BLOCK_READ_WRITE_DATA and 608 PNFS_BLOCK_READ_DATA extent types in combination with the allowed 609 overlap of PNFS_BLOCK_READ_DATA extents with PNFS_BLOCK_INVALID_DATA 610 extents allows copy-on-write processing to be done by pNFS clients. 612 In classic NFS, this operation would be done by the server. Since 613 pNFS enables clients to do direct block access, it is useful for 614 clients to participate in copy-on-write operations. All block/volume 615 pNFS clients MUST support this copy-on-write processing. 617 When a client wishes to write data covered by a PNFS_BLOCK_READ_DATA 618 extent, it MUST have requested a writable layout from the server; 619 that layout will contain PNFS_BLOCK_INVALID_DATA extents to cover all 620 the data ranges of that layout's PNFS_BLOCK_READ_DATA extents. More 621 precisely, for any file_offset range covered by one or more 622 PNFS_BLOCK_READ_DATA extents in a writable layout, the server MUST 623 include one or more PNFS_BLOCK_INVALID_DATA extents in the layout 624 that cover the same file_offset range. When performing a write to 625 such an area of a layout, the client MUST effectively copy the data 626 from the PNFS_BLOCK_READ_DATA extent for any partial blocks of 627 file_offset and range, merge in the changes to be written, and write 628 the result to the PNFS_BLOCK_INVALID_DATA extent for the blocks for 629 that file_offset and range. That is, if entire blocks of data are to 630 be overwritten by an operation, the corresponding 631 PNFS_BLOCK_READ_DATA blocks need not be fetched, but any partial- 632 block writes must be merged with data fetched via 633 PNFS_BLOCK_READ_DATA extents before storing the result via 634 PNFS_BLOCK_INVALID_DATA extents. For the purposes of this 635 discussion, "entire blocks" and "partial blocks" refer to the 636 server's file-system block size. Storing of data in a 637 PNFS_BLOCK_INVALID_DATA extent converts the written portion of the 638 PNFS_BLOCK_INVALID_DATA extent to a PNFS_BLOCK_READ_WRITE_DATA 639 extent; all subsequent reads MUST be performed from this extent; the 640 corresponding portion of the PNFS_BLOCK_READ_DATA extent MUST NOT be 641 used after storing data in a PNFS_BLOCK_INVALID_DATA extent. If a 642 client writes only a portion of an extent, the extent may be split at 643 block aligned boundaries. 645 When a client wishes to write data to a PNFS_BLOCK_INVALID_DATA 646 extent that is not covered by a PNFS_BLOCK_READ_DATA extent, it MUST 647 treat this write identically to a write to a file not involved with 648 copy-on-write semantics. Thus, data must be written in at least 649 block size increments, aligned to multiples of block sized offsets, 650 and unwritten portions of blocks must be zero filled. 652 In the LAYOUTCOMMIT operation that normally sends updated layout 653 information back to the server, for writable data, some 654 PNFS_BLOCK_INVALID_DATA extents may be committed as 655 PNFS_BLOCK_READ_WRITE_DATA extents, signifying that the storage at 656 the corresponding storage_offset values has been stored into and is 657 now to be considered as valid data to be read. PNFS_BLOCK_READ_DATA 658 extents are not committed to the server. For extents that the client 659 receives via LAYOUTGET as PNFS_BLOCK_INVALID_DATA and returns via 660 LAYOUTCOMMIT as PNFS_BLOCK_READ_WRITE_DATA, the server will 661 understand that the PNFS_BLOCK_READ_DATA mapping for that extent is 662 no longer valid or necessary for that file. 664 2.3.5. Extents are Permissions 666 Layout extents returned to pNFS clients grant permission to read or 667 write; PNFS_BLOCK_READ_DATA and PNFS_BLOCK_NONE_DATA are read-only 668 (PNFS_BLOCK_NONE_DATA reads as zeroes), PNFS_BLOCK_READ_WRITE_DATA 669 and PNFS_BLOCK_INVALID_DATA are read/write, (PNFS_BLOCK_INVALID_DATA 670 reads as zeros, any write converts it to PNFS_BLOCK_READ_WRITE_DATA). 671 This is the only client means of obtaining permission to perform 672 direct I/O to storage devices; a pNFS client MUST NOT perform direct 673 I/O operations that are not permitted by an extent held by the 674 client. Client adherence to this rule places the pNFS server in 675 control of potentially conflicting storage device operations, 676 enabling the server to determine what does conflict and how to avoid 677 conflicts by granting and recalling extents to/from clients. 679 Block/volume class storage devices are not required to perform read 680 and write operations atomically. Overlapping concurrent read and 681 write operations to the same data may cause the read to return a 682 mixture of before-write and after-write data. Overlapping write 683 operations can be worse, as the result could be a mixture of data 684 from the two write operations; data corruption can occur if the 685 underlying storage is striped and the operations complete in 686 different orders on different stripes. A pNFS server can avoid these 687 conflicts by implementing a single writer XOR multiple readers 688 concurrency control policy when there are multiple clients who wish 689 to access the same data. This policy SHOULD be implemented when 690 storage devices do not provide atomicity for concurrent read/write 691 and write/write operations to the same data. 693 If a client makes a layout request that conflicts with an existing 694 layout delegation, the request will be rejected with the error 695 NFS4ERR_LAYOUTTRYLATER. This client is then expected to retry the 696 request after a short interval. During this interval the server 697 SHOULD recall the conflicting portion of the layout delegation from 698 the client that currently holds it. This reject-and-retry approach 699 does not prevent client starvation when there is contention for the 700 layout of a particular file. For this reason a pNFS server SHOULD 701 implement a mechanism to prevent starvation. One possibility is that 702 the server can maintain a queue of rejected layout requests. Each 703 new layout request can be checked to see if it conflicts with a 704 previous rejected request, and if so, the newer request can be 705 rejected. Once the original requesting client retries its request, 706 its entry in the rejected request queue can be cleared, or the entry 707 in the rejected request queue can be removed when it reaches a 708 certain age. 710 NFSv4 supports mandatory locks and share reservations. These are 711 mechanisms that clients can use to restrict the set of I/O operations 712 that are permissible to other clients. Since all I/O operations 713 ultimately arrive at the NFSv4 server for processing, the server is 714 in a position to enforce these restrictions. However, with pNFS 715 layouts, I/Os will be issued from the clients that hold the layouts 716 directly to the storage devices that host the data. These devices 717 have no knowledge of files, mandatory locks, or share reservations, 718 and are not in a position to enforce such restrictions. For this 719 reason the NFSv4 server MUST NOT grant layouts that conflict with 720 mandatory locks or share reservations. Further, if a conflicting 721 mandatory lock request or a conflicting open request arrives at the 722 server, the server MUST recall the part of the layout in conflict 723 with the request before granting the request. 725 2.3.6. End-of-file Processing 727 The end-of-file location can be changed in two ways: implicitly as 728 the result of a WRITE or LAYOUTCOMMIT beyond the current end-of-file, 729 or explicitly as the result of a SETATTR request. Typically, when a 730 file is truncated by an NFSv4 client via the SETATTR call, the server 731 frees any disk blocks belonging to the file which are beyond the new 732 end-of-file byte, and MUST write zeros to the portion of the new end- 733 of-file block beyond the new end-of-file byte. These actions render 734 any pNFS layouts which refer to the blocks that are freed or written 735 semantically invalid. Therefore, the server MUST recall from clients 736 the portions of any pNFS layouts which refer to blocks that will be 737 freed or written by the server before processing the truncate 738 request. These recalls may take time to complete; as explained in 739 [NFSv4.1], if the server cannot respond to the client SETATTR request 740 in a reasonable amount of time, it SHOULD reply to the client with 741 the error NFS4ERR_DELAY. 743 Blocks in the PNFS_BLOCK_INVALID_DATA state which lie beyond the new 744 end-of-file block present a special case. The server has reserved 745 these blocks for use by a pNFS client with a writable layout for the 746 file, but the client has yet to commit the blocks, and they are not 747 yet a part of the file mapping on disk. The server MAY free these 748 blocks while processing the SETATTR request. If so, the server MUST 749 recall any layouts from pNFS clients which refer to the blocks before 750 processing the truncate. If the server does not free the 751 PNFS_BLOCK_INVALID_DATA blocks while processing the SETATTR request, 752 it need not recall layouts which refer only to the PNFS_BLOCK_INVALID 753 DATA blocks. 755 When a file is extended implicitly by a WRITE or LAYOUTCOMMIT beyond 756 the current end-of-file, or extended explicitly by a SETATTR request, 757 the server need not recall any portions of any pNFS layouts. 759 2.3.7. Layout Hints 761 The SETATTR operation supports a layout hint attribute [NFSv4.1]. 762 When the client sets a layout hint (data type layouthint4) with a 763 layout type of LAYOUT4_BLOCK_VOLUME (the loh_type field), the 764 loh_body field contains a value of data type pnfs_block_layouthint4. 766 ///struct pnfs_block_layouthint4 { 767 /// uint64_t maximum_io_time; /* maximum i/o time in seconds 768 /// */ 769 ///}; 770 /// 772 The block layout client uses the layout hint data structure to 773 communicate to the server the maximum time that it may take an I/O to 774 execute on the client. Clients using block layouts it MUST set the 775 layout hint attribute before using LAYOUTGET operations. 777 2.3.8. Client Fencing 779 The pNFS block protocol must handle situations in which a system 780 failure, typically a network connectivity issue, requires the server 781 to unilaterally revoke extents from one client in order to transfer 782 the extents to another client. The pNFS server implementation MUST 783 ensure that when resources are transferred to another client, they 784 are not used by the client originally owning them, and this must be 785 ensured against any possible combination of partitions and delays 786 among all of the participants to the protocol (server, storage and 787 client). Two approaches to guaranteeing this isolation are possible 788 and are discussed below. 790 One implementation choice for fencing the block client from the block 791 storage is the use of LUN (Logical Unit Number) masking or mapping at 792 the storage systems or storage area network to disable access by the 793 client to be isolated. This requires server access to a management 794 interface for the storage system and authorization to perform LUN 795 masking and management operations. For example, SMI-S [SMIS] 796 provides a means to discover and mask LUNs, including a means of 797 associating clients with the necessary World Wide Names or Initiator 798 names to be masked. 800 In the absence of support for LUN masking, the server has to rely on 801 the clients to implement a timed lease I/O fencing mechanism. 802 Because clients do not know if the server is using LUN masking, in 803 all cases the client MUST implement timed lease fencing. In timed 804 lease fencing we define two time periods, the first, "lease_time" is 805 the length of a lease as defined by the server's lease_time attribute 806 (see [NFSV4.1]), and the second, "maximum_io_time" is the maximum 807 time it can take for a client I/O to the storage system to either 808 complete or fail; this value is often 30 seconds or 60 seconds, but 809 may be longer in some environments. If the maximum client I/O time 810 cannot be bounded, the client MUST use a value of all 1s as the 811 maximum_io_time. 813 The client MUST use SETATTR with a layout hint of type 814 LAYOUT4_BLOCK_VOLUME to inform the server of its maximum_I/O time 815 prior to issuing the first LAYOUTGET operation. The maximum io time 816 hint is a per client attribute, and as such the server SHOULD 817 maintain the value set by each client. A server which implements 818 fencing via LUN masking SHOULD accept any maximum io time value from 819 a client. A server which does not implement fencing may return an 820 error NFS4ERR_INVAL to the SETATTR operation. Such a server SHOULD 821 return NFS4ERR_INVAL when a client sends an unbounded maximum I/O 822 time (all 1s), or when the maximum I/O time is significantly greater 823 than that of other clients using block layouts with pNFS. 825 When a client receives the error NFS4ERR_INVAL in response to the 826 SETATTR operation for a layout hint, the client MUST NOT use the 827 LAYOUTGET operation. After responding with NFS4ERR_INVAL to the 828 SETATTR for layout hint, the server MUST return the error 829 NFS4ERR_LAYOUTUNAVAILABLE to all subsequent LAYOUTGET operations from 830 that client. Thus the server, by returning either NFS4ERR_INVAL or 831 NFS4_OK determines whether or not a client with a large, or an 832 unbounded maximum I/O time may use pNFS. 834 Using the lease time and the maximum i/o time values, we specify the 835 behavior of the client and server as follows. 837 When a client receives layout information via a LAYOUTGET operation, 838 those layouts are valid for at most "lease_time" seconds from when 839 the server granted them. A layout is renewed by any successful 840 SEQUEUNCE operation, or whenever a new stateid is created or updated 841 (see the section "Lease Renewal" of [NFSV4.1]). If the layout lease 842 is not renewed prior to expiration, the client MUST cease to use the 843 layout after "lease_time" seconds from when it either sent the 844 original LAYOUTGET command, or sent the last operation renewing the 845 lease. In other words, the client may not issue any I/O to blocks 846 specified by an expired layout. In the presence of large 847 communication delays between the client and server it is even 848 possible for the lease to expire prior to the server response 849 arriving at the client. In such a situation the client MUST NOT use 850 the expired layouts, and SHOULD revert to using standard NFSv41 READ 851 and WRITE operations. Furthermore, the client must be configured 852 such that I/O operations complete within the "maximum_io_time" even 853 in the presence of multipath drivers that will retry I/Os via 854 multiple paths. 856 As stated in the section "Dealing with Lease Expiration on the 857 Client" of [NFSV4.1], if any SEQUENCE operation is successful, but 858 sr_status_flag has SEQ4_STATUS_EXPIRED_ALL_STATE_REVOKED, 859 SEQ4_STATUS_EXPIRED_SOME_STATE_REVOKED, or 860 SEQ4_STATUS_ADMIN_STATE_REVOKED set, the client MUST immediately 861 cease to use all layouts and device id to device address mappings 862 associated with the corresponding server. 864 In the absence of known two way communication between the client and 865 the server on the fore channel, the server must wait for at least the 866 time period "lease_time" plus "maximum_io_time" before transferring 867 layouts from the original client to any other client. The server, 868 like the client, must take a conservative approach, and start the 869 lease expiration timer from the time that it received the operation 870 which last renewed the lease. 872 2.4. Crash Recovery Issues 874 When the server crashes while the client holds a writable layout, and 875 the client has written data to blocks covered by the layout, and the 876 blocks are still in the PNFS_BLOCK_INVALID_DATA state, the client has 877 two options for recovery. If the data that has been written to these 878 blocks is still cached by the client, the client can simply re-write 879 the data via NFSv4, once the server has come back online. However, 880 if the data is no longer in the client's cache, the client MUST NOT 881 attempt to source the data from the data servers. Instead, it should 882 attempt to commit the blocks in question to the server during the 883 server's recovery grace period, by sending a LAYOUTCOMMIT with the 884 "loca_reclaim" flag set to true. This process is described in detail 885 in [NFSv4.1] section 18.42.4. 887 2.5. Recalling resources: CB_RECALL_ANY 889 The server may decide that it cannot hold all of the state for 890 layouts without running out of resources. In such a case, it is free 891 to recall individual layouts using CB_LAYOUTRECALL to reduce the 892 load, or it may choose to request that the client return any layout. 894 For the block layout we define the following bit 896 const RCA4_BLK_LAYOUT_RECALL_ANY_LAYOUTS = 4; 898 When the server sends a CB_RECALL_ANY request to a client specifying 899 the RCA4_BLK_LAYOUT_RECALL_ANY_LAYOUTS bit in craa_type_mask, the 900 client should immediately respond with NFS4_OK, and then 901 asynchronously return complete file layouts until the number of files 902 with layouts cached on the client is less the craa_object_to_keep. 904 The block layout does not currently use bits 5, 6 or 7. If any of 905 these bits are set, the client should return NFS4ERR_INVAL. 907 2.6. Transient and Permanent Errors 909 The server may respond to LAYOUTGET with a variety of error statuses. 910 These errors can convey transient conditions or more permanent 911 conditions that are unlikely to be resolved soon. 913 The transient errors, NFS4ERR_RECALLCONFLICT and NFS4ERR_TRYLATER are 914 used to indicate that the server cannot immediately grant the layout 915 to the client. In the former case this is because the server has 916 recently issued a CB_LAYOUTRECALL to the requesting client, whereas 917 in the case of NFS4ERR_TRYLATER, the server cannot grant the request 918 possibly due to sharing conflicts with other clients. In either 919 case, a reasonable approach for the client is to wait several 920 milliseconds and retry the request. The client SHOULD track the 921 number of retries, and if forward progress is not made, the client 922 SHOULD send the READ or WRITE operation directly to the server. 924 The error NFS4ERR_LAYOUTUNAVAILABLE may be returned by the server if 925 layouts are not supported for the requested file or its containing 926 file system. The server may also return this error code if the 927 server is the progress of migrating the file from secondary storage, 928 or for any other reason which causes the server to be unable to 929 supply the layout. As a result of receiving 930 NFS4ERR_LAYOUTUNAVAILABLE, the client SHOULD send future READ and 931 WRITE requests directly to the server. It is expected that a client 932 will not cache the file's layoutunavailable state forever, particular 933 if the file is closed, and thus eventually, the client MAY reissue a 934 LAYOUTGET operation. 936 3. Security Considerations 938 Typically, SAN disk arrays and SAN protocols provide access control 939 mechanisms (access-logics, lun masking, etc.) which operate at the 940 granularity of individual hosts. The functionality provided by such 941 mechanisms makes it possible for the server to "fence" individual 942 client machines from certain physical disks---that is to say, to 943 prevent individual client machines from reading or writing to certain 944 physical disks. Finer-grained access control methods are not 945 generally available. For this reason, certain security 946 responsibilities are delegated to pNFS clients for block/volume 947 layouts. Block/volume storage systems generally control access at a 948 volume granularity, and hence pNFS clients have to be trusted to only 949 perform accesses allowed by the layout extents they currently hold 950 (e.g., and not access storage for files on which a layout extent is 951 not held). In general, the server will not be able to prevent a 952 client which holds a layout for a file from accessing parts of the 953 physical disk not covered by the layout. Similarly, the server will 954 not be able to prevent a client from accessing blocks covered by a 955 layout that it has already returned. This block-based level of 956 protection must be provided by the client software. 958 An alternative method of block/volume protocol use is for the storage 959 devices to export virtualized block addresses, which do reflect the 960 files to which blocks belong. These virtual block addresses are 961 exported to pNFS clients via layouts. This allows the storage device 962 to make appropriate access checks, while mapping virtual block 963 addresses to physical block addresses. In environments where the 964 security requirements are such that client-side protection from 965 access to storage outside of the layout is not sufficient pNFS 966 block/volume storage layouts for pNFS SHOULD NOT be used, unless the 967 storage device is able to implement the appropriate access checks, 968 via use of virtualized block addresses, or other means. 970 This also has implications for some NFSv4 functionality outside pNFS. 971 For instance, if a file is covered by a mandatory read-only lock, the 972 server can ensure that only readable layouts for the file are granted 973 to pNFS clients. However, it is up to each pNFS client to ensure 974 that the readable layout is used only to service read requests, and 975 not to allow writes to the existing parts of the file. Since 976 block/volume storage systems are generally not capable of enforcing 977 such file-based security, in environments where pNFS clients cannot 978 be trusted to enforce such policies, pNFS block/volume storage 979 layouts SHOULD NOT be used. 981 Access to block/volume storage is logically at a lower layer of the 982 I/O stack than NFSv4, and hence NFSv4 security is not directly 983 applicable to protocols that access such storage directly. Depending 984 on the protocol, some of the security mechanisms provided by NFSv4 985 (e.g., encryption, cryptographic integrity) may not be available, or 986 may be provided via different means. At one extreme, pNFS with 987 block/volume storage can be used with storage access protocols (e.g., 988 parallel SCSI) that provide essentially no security functionality. 989 At the other extreme, pNFS may be used with storage protocols such as 990 iSCSI that provide significant functionality. It is the 991 responsibility of those administering and deploying pNFS with a 992 block/volume storage access protocol to ensure that appropriate 993 protection is provided to that protocol (physical security is a 994 common means for protocols not based on IP). In environments where 995 the security requirements for the storage protocol cannot be met, 996 pNFS block/volume storage layouts SHOULD NOT be used. 998 When security is available for a storage protocol, it is generally at 999 a different granularity and with a different notion of identity than 1000 NFSv4 (e.g., NFSv4 controls user access to files, iSCSI controls 1001 initiator access to volumes). The responsibility for enforcing 1002 appropriate correspondences between these security layers is placed 1003 upon the pNFS client. As with the issues in the first paragraph of 1004 this section, in environments where the security requirements are 1005 such that client-side protection from access to storage outside of 1006 the layout is not sufficient, pNFS block/volume storage layouts 1007 SHOULD NOT be used. 1009 4. Conclusions 1011 This draft specifies the block/volume layout type for pNFS and 1012 associated functionality. 1014 5. IANA Considerations 1016 There are no IANA considerations in this document. All pNFS IANA 1017 Considerations are covered in [NFSV4.1]. 1019 6. Acknowledgments 1021 7. This draft draws extensively on the authors' familiarity with the 1022 mapping functionality and protocol in EMC's HighRoad system 1023 [HighRoad]. The protocol used by HighRoad is called FMP (File 1024 Mapping Protocol); it is an add-on protocol that runs in parallel 1025 with file system protocols such as NFSv3 to provide pNFS-like 1026 functionality for block/volume storage. While drawing on HighRoad 1027 FMP, the data structures and functional considerations in this draft 1028 differ in significant ways, based on lessons learned and the 1029 opportunity to take advantage of NFSv4 features such as COMPOUND 1030 operations. The design to support pNFS client participation in copy- 1031 on-write is based on text and ideas contributed by Craig Everhart 1032 (formerly with IBM).References 1034 7.1. Normative References 1036 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1037 Requirement Levels", BCP 14, RFC 2119, March 1997. 1039 [NFSV4.1] Shepler, S., Eisler, M., and Noveck, D. ed., "NFSv4 Minor 1040 Version 1", draft-ietf-nfsv4-minorversion1-14.txt, Internet 1041 Draft, July 2007. 1043 [XDR] Eisler, M., "XDR: External Data Representation Standard", 1044 STD 67, RFC 4506, May 2006. 1046 7.2. Informative References 1048 [HighRoad] EMC Corporation, "EMC Celerra HighRoad", EMC C819.1 white 1049 paper, available at: 1050 http://www.emc.com/pdf/products/celerra_file_server/HighRoad_wp.pdf 1051 link checked 29 August 2006. 1053 [SMIS] SNIA, "SNIA Storage Management Initiative Specification", 1054 version 1.0.2, available at: 1055 http://www.snia.org/smi/tech_activities/smi_spec_pr/spec/SMIS_1_0_2_f 1056 inal.pdf 1058 Authors' Addresses 1060 David L. Black 1061 EMC Corporation 1062 176 South Street 1063 Hopkinton, MA 01748 1065 Phone: +1 (508) 293-7953 1066 Email: black_david@emc.com 1067 Stephen Fridella 1068 EMC Corporation 1069 228 South Street 1070 Hopkinton, MA 01748 1072 Phone: +1 (508) 249-3528 1073 Email: fridella_stephen@emc.com 1075 Jason Glasgow 1076 EMC Corporation 1077 32 Coslin Drive 1078 Southboro, MA 01772 1080 Phone: +1 (508) 305 8831 1081 Email: glasgow_jason@emc.com 1083 Intellectual Property Statement 1085 The IETF takes no position regarding the validity or scope of any 1086 Intellectual Property Rights or other rights that might be claimed to 1087 pertain to the implementation or use of the technology described in 1088 this document or the extent to which any license under such rights 1089 might or might not be available; nor does it represent that it has 1090 made any independent effort to identify any such rights. Information 1091 on the procedures with respect to rights in RFC documents can be 1092 found in BCP 78 and BCP 79. 1094 Copies of IPR disclosures made to the IETF Secretariat and any 1095 assurances of licenses to be made available, or the result of an 1096 attempt made to obtain a general license or permission for the use of 1097 such proprietary rights by implementers or users of this 1098 specification can be obtained from the IETF on-line IPR repository at 1099 http://www.ietf.org/ipr. 1101 The IETF invites any interested party to bring to its attention any 1102 copyrights, patents or patent applications, or other proprietary 1103 rights that may cover technology that may be required to implement 1104 this standard. Please address the information to the IETF at ietf- 1105 ipr@ietf.org. 1107 Disclaimer of Validity 1109 This document and the information contained herein are provided on an 1110 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1111 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 1112 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 1113 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 1114 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1115 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1117 Copyright Statement 1119 Copyright (C) The IETF Trust (2008). 1121 This document is subject to the rights, licenses and restrictions 1122 contained in BCP 78, and except as set forth therein, the authors 1123 retain all their rights. 1125 Acknowledgment 1127 Funding for the RFC Editor function is currently provided by the 1128 Internet Society.