idnits 2.17.1 draft-ietf-nfsv4-rfc5666bis-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 27, 2017) is 2581 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-08) exists of draft-ietf-nfsv4-rpcrdma-bidirection-05 -- Obsolete informational reference (is this intentional?): RFC 793 (Obsoleted by RFC 9293) -- Obsolete informational reference (is this intentional?): RFC 5661 (Obsoleted by RFC 8881) -- Obsolete informational reference (is this intentional?): RFC 5666 (Obsoleted by RFC 8166) -- Obsolete informational reference (is this intentional?): RFC 5667 (Obsoleted by RFC 8267) Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network File System Version 4 C. Lever, Ed. 3 Internet-Draft Oracle 4 Obsoletes: 5666 (if approved) W. Simpson 5 Intended status: Standards Track Red Hat 6 Expires: September 28, 2017 T. Talpey 7 Microsoft 8 March 27, 2017 10 Remote Direct Memory Access Transport for Remote Procedure Call, Version 11 One 12 draft-ietf-nfsv4-rfc5666bis-11 14 Abstract 16 This document specifies a protocol for conveying Remote Procedure 17 Call (RPC) messages on physical transports capable of Remote Direct 18 Memory Access (RDMA). It requires no revision to application RPC 19 protocols or the RPC protocol itself. This document obsoletes RFC 20 5666. 22 Requirements Language 24 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 25 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 26 document are to be interpreted as described in [RFC2119]. 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at http://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on September 28, 2017. 45 Copyright Notice 47 Copyright (c) 2017 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 This document may contain material from IETF Documents or IETF 61 Contributions published or made publicly available before November 62 10, 2008. The person(s) controlling the copyright in some of this 63 material may not have granted the IETF Trust the right to allow 64 modifications of such material outside the IETF Standards Process. 65 Without obtaining an adequate license from the person(s) controlling 66 the copyright in such materials, this document may not be modified 67 outside the IETF Standards Process, and derivative works of it may 68 not be created outside the IETF Standards Process, except to format 69 it for publication as an RFC or to translate it into languages other 70 than English. 72 Table of Contents 74 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 75 1.1. Remote Procedure Calls On RDMA Transports . . . . . . . . 3 76 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 77 2.1. Remote Procedure Calls . . . . . . . . . . . . . . . . . 4 78 2.2. Remote Direct Memory Access . . . . . . . . . . . . . . . 7 79 3. RPC-Over-RDMA Protocol Framework . . . . . . . . . . . . . . 9 80 3.1. Transfer Models . . . . . . . . . . . . . . . . . . . . . 9 81 3.2. Message Framing . . . . . . . . . . . . . . . . . . . . . 10 82 3.3. Managing Receiver Resources . . . . . . . . . . . . . . . 11 83 3.4. XDR Encoding With Chunks . . . . . . . . . . . . . . . . 13 84 3.5. Message Size . . . . . . . . . . . . . . . . . . . . . . 19 85 4. RPC-Over-RDMA In Operation . . . . . . . . . . . . . . . . . 22 86 4.1. XDR Protocol Definition . . . . . . . . . . . . . . . . . 23 87 4.2. Fixed Header Fields . . . . . . . . . . . . . . . . . . . 27 88 4.3. Chunk Lists . . . . . . . . . . . . . . . . . . . . . . . 29 89 4.4. Memory Registration . . . . . . . . . . . . . . . . . . . 32 90 4.5. Error Handling . . . . . . . . . . . . . . . . . . . . . 33 91 4.6. Protocol Elements No Longer Supported . . . . . . . . . . 36 92 4.7. XDR Examples . . . . . . . . . . . . . . . . . . . . . . 37 94 5. RPC Bind Parameters . . . . . . . . . . . . . . . . . . . . . 38 95 6. Upper Layer Binding Specifications . . . . . . . . . . . . . 40 96 6.1. DDP-Eligibility . . . . . . . . . . . . . . . . . . . . . 40 97 6.2. Maximum Reply Size . . . . . . . . . . . . . . . . . . . 42 98 6.3. Additional Considerations . . . . . . . . . . . . . . . . 42 99 6.4. Upper Layer Protocol Extensions . . . . . . . . . . . . . 43 100 7. Protocol Extensibility . . . . . . . . . . . . . . . . . . . 43 101 7.1. Conventional Extensions . . . . . . . . . . . . . . . . . 43 102 8. Security Considerations . . . . . . . . . . . . . . . . . . . 44 103 8.1. Memory Protection . . . . . . . . . . . . . . . . . . . . 44 104 8.2. RPC Message Security . . . . . . . . . . . . . . . . . . 45 105 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 48 106 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 49 107 10.1. Normative References . . . . . . . . . . . . . . . . . . 49 108 10.2. Informative References . . . . . . . . . . . . . . . . . 50 109 Appendix A. Changes Since RFC 5666 . . . . . . . . . . . . . . . 52 110 A.1. Changes To The Specification . . . . . . . . . . . . . . 52 111 A.2. Changes To The Protocol . . . . . . . . . . . . . . . . . 52 112 Appendix B. Acknowledgments . . . . . . . . . . . . . . . . . . 53 113 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 53 115 1. Introduction 117 This document specifies the RPC-over-RDMA Version One protocol, based 118 on existing implementations of RFC 5666 and experience gained through 119 deployment. This document obsoletes RFC 5666. 121 The new specification clarifies text that is subject to multiple 122 interpretations, and removes support for unimplemented RPC-over-RDMA 123 Version One protocol elements. It clarifies the role of Upper Layer 124 Bindings and describes what they are to contain. 126 In addition, this document describes current practice using 127 RPCSEC_GSS [RFC7861] on RDMA transports. 129 The protocol version number has not been changed because the protocol 130 specified in this document fully interoperates with implementations 131 of the RPC-over-RDMA Version One protocol specified in [RFC5666]. 133 1.1. Remote Procedure Calls On RDMA Transports 135 Remote Direct Memory Access (RDMA) [RFC5040] [RFC5041] [IB] is a 136 technique for moving data efficiently between end nodes. By 137 directing data into destination buffers as it is sent on a network, 138 and placing it via direct memory access by hardware, the benefits of 139 faster transfers and reduced host overhead are obtained. 141 Open Network Computing Remote Procedure Call (ONC RPC, often 142 shortened in NFSv4 documents to RPC) [RFC5531] is a remote procedure 143 call protocol that runs over a variety of transports. Most RPC 144 implementations today use UDP [RFC0768] or TCP [RFC0793]. On UDP, 145 RPC messages are encapsulated inside datagrams, while on a TCP byte 146 stream, RPC messages are delineated by a record marking protocol. An 147 RDMA transport also conveys RPC messages in a specific fashion that 148 must be fully described if RPC implementations are to interoperate. 150 RDMA transports present semantics different from either UDP or TCP. 151 They retain message delineations like UDP, but provide reliable and 152 sequenced data transfer like TCP. They also provide an offloaded 153 bulk transfer service not provided by UDP or TCP. RDMA transports 154 are therefore appropriately viewed as a new transport type by RPC. 156 In this context, the Network File System (NFS) protocols as described 157 in [RFC1094], [RFC1813], [RFC7530], [RFC5661], and future NFSv4 minor 158 versions are all obvious beneficiaries of RDMA transports. A 159 complete problem statement is presented in [RFC5532]. Many other 160 RPC-based protocols can also benefit. 162 Although the RDMA transport described herein can provide relatively 163 transparent support for any RPC application, this document also 164 describes mechanisms that can optimize data transfer even further, 165 when RPC applications are willing to exploit awareness of RDMA as the 166 transport. 168 2. Terminology 170 2.1. Remote Procedure Calls 172 This section highlights key elements of the Remote Procedure Call 173 [RFC5531] and External Data Representation [RFC4506] protocols, upon 174 which RPC-over-RDMA Version One is constructed. Strong grounding 175 with these protocols is recommended before reading this document. 177 2.1.1. Upper Layer Protocols 179 Remote Procedure Calls are an abstraction used to implement the 180 operations of an "Upper Layer Protocol," or ULP. The term Upper 181 Layer Protocol refers to an RPC Program and Version tuple, which is a 182 versioned set of procedure calls that comprise a single well-defined 183 API. One example of an Upper Layer Protocol is the Network File 184 System Version 4.0 [RFC7530]. 186 In this document, the term "RPC consumer" refers to an implementation 187 of an Upper Layer Protocol running on a client. 189 2.1.2. Requesters And Responders 191 Like a local procedure call, every Remote Procedure Call (RPC) has a 192 set of "arguments" and a set of "results". A calling context is not 193 allowed to proceed until the procedure's results are available to it. 194 Unlike a local procedure call, the called procedure is executed 195 remotely rather than in the local application's context. 197 The RPC protocol as described in [RFC5531] is fundamentally a 198 message-passing protocol between one or more clients (where RPC 199 consumers are running) and a server (where a remote execution context 200 is available to process RPC transactions on behalf of those 201 consumers). 203 ONC RPC transactions are made up of two types of messages: 205 CALL Message 206 A CALL message, or "Call", requests that work be done. A Call is 207 designated by the value zero (0) in the message's msg_type field. 208 An arbitrary unique value is placed in the message's xid field in 209 order to match this CALL message to a corresponding REPLY message. 211 REPLY Message 212 A REPLY message, or "Reply", reports the results of work requested 213 by a Call. A Reply is designated by the value one (1) in the 214 message's msg_type field. The value contained in the message's 215 xid field is copied from the Call whose results are being 216 reported. 218 The RPC client endpoint acts as a "requester". It serializes an RPC 219 Call's arguments and conveys them to a server endpoint via an RPC 220 Call message. This message contains an RPC protocol header, a header 221 describing the requested upper layer operation, and all arguments. 223 The RPC server endpoint acts as a "responder". It deserializes Call 224 arguments, and processes the requested operation. It then serializes 225 the operation's results into another byte stream. This byte stream 226 is conveyed back to the requester via an RPC Reply message. This 227 message contains an RPC protocol header, a header describing the 228 upper layer reply, and all results. 230 The requester deserializes the results and allows the original caller 231 to proceed. At this point the RPC transaction designated by the xid 232 in the Call message is complete, and the xid is retired. 234 In summary, CALL messages are sent by requesters to responders to 235 initiate RPC transactions. REPLY messages are sent by responders to 236 requesters to complete the processing on an RPC transaction. 238 2.1.3. RPC Transports 240 The role of an "RPC transport" is to mediate the exchange of RPC 241 messages between requesters and responders. An RPC transport bridges 242 the gap between the RPC message abstraction and the native operations 243 of a particular network transport. 245 RPC-over-RDMA is a connection-oriented RPC transport. When a 246 connection-oriented transport is used, clients initiate transport 247 connections, while servers wait passively for incoming connection 248 requests. 250 2.1.4. External Data Representation 252 One cannot assume that all requesters and responders represent data 253 objects the same way internally. RPC uses eXternal Data 254 Representation, or XDR, to translate native data types and serialize 255 arguments and results [RFC4506]. 257 The XDR protocol encodes data independent of the endianness or size 258 of host-native data types, allowing unambiguous decoding of data on 259 the receiving end. RPC Programs are specified by writing an XDR 260 definition of their procedures, argument data types, and result data 261 types. 263 XDR assumes that the number of bits in a byte (octet) and their order 264 are the same on both endpoints and on the physical network. The 265 smallest indivisible unit of XDR encoding is a group of four octets 266 in little-endian order. XDR also flattens lists, arrays, and other 267 complex data types so they can be conveyed as a stream of bytes. 269 A serialized stream of bytes that is the result of XDR encoding is 270 referred to as an "XDR stream." A sending endpoint encodes native 271 data into an XDR stream and then transmits that stream to a receiver. 272 A receiving endpoint decodes incoming XDR byte streams into its 273 native data representation format. 275 2.1.4.1. XDR Opaque Data 277 Sometimes a data item must be transferred as-is, without encoding or 278 decoding. The contents of such a data item are referred to as 279 "opaque data." XDR encoding places the content of opaque data items 280 directly into an XDR stream without altering it in any way. Upper 281 Layer Protocols or applications perform any needed data translation 282 in this case. Examples of opaque data items include the content of 283 files, or generic byte strings. 285 2.1.4.2. XDR Round-up 287 The number of octets in a variable-length data item precedes that 288 item in an XDR stream. If the size of an encoded data item is not a 289 multiple of four octets, octets containing zero are added after the 290 end of the item as it is encoded so that the next encoded data item 291 in the XDR stream starts on a four-octet boundary. The encoded size 292 of the item is not changed by the addition of the extra octets. 293 These extra octets are never exposed to Upper Layer Protocols. 295 This technique is referred to as "XDR round-up," and the extra octets 296 are referred to as "XDR round-up padding". 298 2.2. Remote Direct Memory Access 300 RPC requesters and responders can be made more efficient if large RPC 301 messages are transferred by a third party such as intelligent network 302 interface hardware (data movement offload), and placed in the 303 receiver's memory so that no additional adjustment of data alignment 304 has to be made (direct data placement). Remote Direct Memory Access 305 (RDMA) transports enable both optimizations. 307 2.2.1. Direct Data Placement 309 Typically, RPC implementations copy the contents of RPC messages into 310 a buffer before being sent. An efficient RPC implementation sends 311 bulk data without copying it into a separate send buffer first. 313 However, socket-based RPC implementations are often unable to receive 314 data directly into its final place in memory. Receivers often need 315 to copy incoming data to finish an RPC operation; sometimes, only to 316 adjust data alignment. 318 In this document, "RDMA" refers to the physical mechanism an RDMA 319 transport utilizes when moving data. Although this may not be 320 efficient, before an RDMA transfer a sender may copy data into an 321 intermediate buffer before an RDMA transfer. After an RDMA transfer, 322 a receiver may copy that data again to its final destination. 324 This document uses the term "direct data placement" (or DDP) to refer 325 to any optimized data transfer where it is unnecessary for a 326 receiving host's CPU to copy transferred data to another location 327 after it has been received. 329 Just as [RFC5666] did, this document focuses on the use of RDMA Read 330 and Write operations to achieve both data movement offload and Direct 331 Data Placement. However, not all RDMA-based data transfer qualifies 332 as Direct Data Placement, and DDP can be achieved using non-RDMA 333 mechanisms. 335 2.2.2. RDMA Transport Requirements 337 To achieve good performance during receive operations, RDMA 338 transports require that RDMA consumers provision resources in advance 339 to receive incoming messages. 341 An RDMA consumer might provide receive buffers in advance by posting 342 an RDMA Receive Work Request for every expected RDMA Send from a 343 remote peer. These buffers are provided before the remote peer posts 344 RDMA Send Work Requests, thus this is often referred to as "pre- 345 posting" buffers. 347 An RDMA Receive Work Request remains outstanding until hardware 348 matches it to an in-bound Send operation. The resources associated 349 with that Receive must be retained in host memory, or "pinned," until 350 the Receive completes. 352 Given these basic tenets of RDMA transport operation, the RPC-over- 353 RDMA Version One protocol assumes each transport provides the 354 following abstract operations. A more complete discussion of these 355 operations is found in [RFC5040]. 357 Registered Memory 358 Registered memory is a region of memory that is assigned a 359 steering tag that temporarily permits access by the RDMA provider 360 to perform data transfer operations. The RPC-over-RDMA Version 361 One protocol assumes that each region of registered memory MUST be 362 identified with a steering tag of no more than 32 bits and memory 363 addresses of up to 64 bits in length. 365 RDMA Send 366 The RDMA provider supports an RDMA Send operation, with completion 367 signaled on the receiving peer after data has been placed in a 368 pre-posted buffer. Sends complete at the receiver in the order 369 they were issued at the sender. The amount of data transferred by 370 a single RDMA Send operation is limited by the size of the remote 371 peer's pre-posted buffers. 373 RDMA Receive 374 The RDMA provider supports an RDMA Receive operation to receive 375 data conveyed by incoming RDMA Send operations. To reduce the 376 amount of memory that must remain pinned awaiting incoming Sends, 377 the amount of pre-posted memory is limited. Flow-control to 378 prevent overrunning receiver resources is provided by the RDMA 379 consumer (in this case, the RPC-over-RDMA Version One protocol). 381 RDMA Write 382 The RDMA provider supports an RDMA Write operation to place data 383 directly into a remote memory region. The local host initiates an 384 RDMA Write, and completion is signaled there. No completion is 385 signaled on the remote peer. The local host provides a steering 386 tag, memory address, and length of the remote peer's memory 387 region. 389 RDMA Writes are not ordered with respect to one another, but are 390 ordered with respect to RDMA Sends. A subsequent RDMA Send 391 completion obtained at the write initiator guarantees that prior 392 RDMA Write data has been successfully placed in the remote peer's 393 memory. 395 RDMA Read 396 The RDMA provider supports an RDMA Read operation to place peer 397 source data directly into the read initiator's memory. The local 398 host initiates an RDMA Read, and completion is signaled there. No 399 completion is signaled on the remote peer. The local host 400 provides steering tags, memory addresses, and a length for the 401 remote source and local destination memory region. 403 The local host signals Read completion to the remote peer as part 404 of a subsequent RDMA Send message. The remote peer can then 405 release steering tags and subsequently free associated source 406 memory regions. 408 The RPC-over-RDMA Version One protocol is designed to be carried over 409 RDMA transports that support the above abstract operations. This 410 protocol conveys information sufficient for an RPC peer to direct an 411 RDMA provider to perform transfers containing RPC data and to 412 communicate their result(s). 414 3. RPC-Over-RDMA Protocol Framework 416 3.1. Transfer Models 418 A "transfer model" designates which endpoint exposes its memory, and 419 which is responsible for initiating transfer of data. To enable RDMA 420 Read and Write operations, for example, an endpoint first exposes 421 regions of its memory to a remote endpoint, which initiates these 422 operations against the exposed memory. 424 Read-Read 425 Requesters expose their memory to the responder, and the responder 426 exposes its memory to requesters. The responder reads, or pulls, 427 RPC arguments or whole RPC calls from each requester. Requesters 428 pull RPC results or whole RPC relies from the responder. 430 Write-Write 431 Requesters expose their memory to the responder, and the responder 432 exposes its memory to requesters. Requesters write, or push, RPC 433 arguments or whole RPC calls to the responder. The responder 434 pushes RPC results or whole RPC relies to each requester. 436 Read-Write 437 Requesters expose their memory to the responder, but the responder 438 does not expose its memory. The responder pulls RPC arguments or 439 whole RPC calls from each requester. The responder pushes RPC 440 results or whole RPC relies to each requester. 442 Write-Read 443 The responder exposes its memory to requesters, but requesters do 444 not expose their memory. Requesters push RPC arguments or whole 445 RPC calls to the responder. Requesters pull RPC results or whole 446 RPC relies from the responder. 448 [RFC5666] specifies the use of both the Read-Read and the Read-Write 449 Transfer Model. All current RPC-over-RDMA Version One 450 implementations use only the Read-Write Transfer Model. Therefore, 451 protocol elements that enable the Read-Read Transfer Model have been 452 removed from the RPC-over-RDMA Version One specification in this 453 document. Transfer Models other than the Read-Write model may be 454 used in future versions of RPC-over-RDMA. 456 3.2. Message Framing 458 On an RPC-over-RDMA transport, each RPC message is encapsulated by an 459 RPC-over-RDMA message. An RPC-over-RDMA message consists of two XDR 460 streams. 462 RPC Payload Stream 463 The "Payload stream" contains the encapsulated RPC message being 464 transferred by this RPC-over-RDMA message. This stream always 465 begins with the XID field of the encapsulated RPC message. 467 Transport Stream 468 The "Transport stream" contains a header that describes and 469 controls the transfer of the Payload stream in this RPC-over-RDMA 470 message. This header is analogous to the record marking used for 471 RPC over TCP but is more extensive, since RDMA transports support 472 several modes of data transfer. 474 In its simplest form, an RPC-over-RDMA message consists of a 475 Transport stream followed immediately by a Payload stream conveyed 476 together in a single RDMA Send. To transmit large RPC messages, a 477 combination of one RDMA Send operation and one or more other RDMA 478 operations is employed. 480 RPC-over-RDMA framing replaces all other RPC framing (such as TCP 481 record marking) when used atop an RPC-over-RDMA association, even 482 when the underlying RDMA protocol may itself be layered atop a 483 transport with a defined RPC framing (such as TCP). 485 It is however possible for RPC-over-RDMA to be dynamically enabled in 486 the course of negotiating the use of RDMA via an Upper Layer Protocol 487 exchange. Because RPC framing delimits an entire RPC request or 488 reply, the resulting shift in framing must occur between distinct RPC 489 messages, and in concert with the underlying transport. 491 3.3. Managing Receiver Resources 493 It is critical to provide RDMA Send flow control for an RDMA 494 connection. If any pre-posted receive buffer on the connection is 495 not large enough to accept an incoming RDMA Send, or if a pre-posted 496 receive buffer is not available to accept an incoming RDMA Send, the 497 RDMA connection can be terminated. This is different than 498 conventional TCP/IP networking, in which buffers are allocated 499 dynamically as messages are received. 501 The longevity of an RDMA connection mandates that sending endpoints 502 respect the resource limits of peer receivers. To ensure messages 503 can be sent and received reliably, there are two operational 504 parameters for each connection. 506 3.3.1. RPC-over-RDMA Credits 508 Flow control for RDMA Send operations directed to the responder is 509 implemented as a simple request/grant protocol in the RPC-over-RDMA 510 header associated with each RPC message. 512 An RPC-over-RDMA Version One credit is the capability to handle one 513 RPC-over-RDMA transaction. Each RPC-over-RDMA message sent from 514 requester to responder requests a number of credits from the 515 responder. Each RPC-over-RDMA message sent from responder to 516 requester informs the requester how many credits the responder has 517 granted. The requested and granted values are carried in each RPC- 518 over-RDMA message's rdma_credit field (see Section 4.2.3). 520 Practically speaking, the critical value is the granted value. A 521 requester MUST NOT send unacknowledged requests in excess of the 522 responder's granted credit limit. If the granted value is exceeded, 523 the RDMA layer may signal an error, possibly terminating the 524 connection. The granted value MUST NOT be zero, since such a value 525 would result in deadlock. 527 RPC calls complete in any order, but the current granted credit limit 528 at the responder is known to the requester from RDMA Send ordering 529 properties. The number of allowed new requests the requester may 530 send is then the lower of the current requested and granted credit 531 values, minus the number of requests in flight. Advertised credit 532 values are not altered when individual RPCs are started or completed. 534 The requested and granted credit values MAY be adjusted to match the 535 needs or policies in effect on either peer. For instance, a 536 responder may reduce the granted credit value to accommodate the 537 available resources in a Shared Receive Queue. The responder MUST 538 ensure that an increase in receive resources is effected before the 539 next reply message is sent. 541 A requester MUST maintain enough receive resources to accommodate 542 expected replies. Responders have to be prepared for there to be no 543 receive resources available on requesters with no pending RPC 544 transactions. 546 Certain RDMA implementations may impose additional flow control 547 restrictions, such as limits on RDMA Read operations in progress at 548 the responder. Accommodation of such restrictions is considered the 549 responsibility of each RPC-over-RDMA Version One implementation. 551 3.3.2. Inline Threshold 553 An "inline threshold" value is the largest message size (in octets) 554 that can be conveyed in one direction between peer implementations 555 using RDMA Send and Receive. The inline threshold value is the 556 minimum of how large a message the sender can post via an RDMA Send 557 operation, and how large a message the receiver can accept via an 558 RDMA Receive operation. Each connection has two inline threshold 559 values: one for messages flowing from requester-to-responder 560 (referred to as the "call inline threshold"), and one for messages 561 flowing from responder-to-requester (referred to as the "reply inline 562 threshold"). 564 Unlike credit limits, inline threshold values are not advertised to 565 peers via the RPC-over-RDMA Version One protocol, and there is no 566 provision for inline threshold values to change during the lifetime 567 of an RPC-over-RDMA Version One connection. 569 3.3.3. Initial Connection State 571 When a connection is first established, peers might not know how many 572 receive resources the other has, nor how large the other peer's 573 inline thresholds are. 575 As a basis for an initial exchange of RPC requests, each RPC-over- 576 RDMA Version One connection provides the ability to exchange at least 577 one RPC message at a time, whose Call and Reply messages are no more 578 1024 bytes in size. A responder MAY exceed this basic level of 579 configuration, but a requester MUST NOT assume more than one credit 580 is available, and MUST receive a valid reply from the responder 581 carrying the actual number of available credits, prior to sending its 582 next request. 584 Receiver implementations MUST support inline thresholds of 1024 585 bytes, but MAY support larger inline thresholds values. An 586 indepedent mechanism for discovering a peer's inline thresholds 587 before a connection is established may be used to optimize the use of 588 RDMA Send and Receive operations. In the absense of such a 589 mechanism, senders and receives MUST assume the inline thresholds are 590 1024 bytes. 592 3.4. XDR Encoding With Chunks 594 When a Direct Data Placement capability is available, the transport 595 places the contents of one or more XDR data items directly into the 596 receiver's memory, separately from the transfer of other parts of the 597 containing XDR stream. 599 3.4.1. Reducing An XDR Stream 601 RPC-over-RDMA Version One provides a mechanism for moving part of an 602 RPC message via a data transfer distinct from an RDMA Send/Receive 603 pair. The sender removes one or more XDR data items from the Payload 604 stream. They are conveyed via other mechanisms, such as one or more 605 RDMA Read or Write operations. As the receiver decodes an incoming 606 message, it skips over directly placed data items. 608 The portion of an XDR stream that is split out and moved separately 609 is referred to as a "chunk". In some contexts, data in an RPC-over- 610 RDMA header that describes these split out regions of memory may also 611 be referred to as a "chunk". 613 A Payload stream after chunks have been removed is referred to as a 614 "reduced" Payload stream. Likewise, a data item that has been 615 removed from a Payload stream to be transferred separately is 616 referred to as a "reduced" data item. 618 3.4.2. DDP-Eligibility 620 Not all XDR data items benefit from Direct Data Placement. For 621 example, small data items or data items that require XDR unmarshaling 622 by the receiver do not benefit from DDP. In addition, it is 623 impractical for receivers to prepare for every possible XDR data item 624 in a protocol to be transferred in a chunk. 626 To maintain interoperability on an RPC-over-RDMA transport, a 627 determination must be made of which few XDR data items in each Upper 628 Layer Protocol are allowed to use Direct Data Placement. 630 This is done by additional specifications that describe how Upper 631 Layer Protocols employ Direct Data Placement. An "Upper Layer 632 Binding specification," or ULB, identifies which specific individual 633 XDR data items in an Upper Layer Protocol MAY be transferred via 634 Direct Data Placement. Such data items are referred to as "DDP- 635 eligible." All other XDR data items MUST NOT be reduced. 637 Detailed requirements for Upper Layer Bindings are provided in 638 Section 6. 640 3.4.3. RDMA Segments 642 When encoding a Payload stream that contains a DDP-eligible data 643 item, a sender may choose to reduce that data item. When it chooses 644 to do so, the sender does not place the item into the Payload stream. 645 Instead, the sender records in the RPC-over-RDMA header the location 646 and size of the memory region containing that data item. 648 The requester provides location information for DDP-eligible data 649 items in both RPC Calls and Replies. The responder uses this 650 information to retrieve arguments contained in the specified region 651 of the requester's memory, or place results in that memory region. 653 An "RDMA segment," or "plain segment," is an RPC-over-RDMA Transport 654 header data object that contains the precise co-ordinates of a 655 contiguous memory region that is to be conveyed separately from the 656 Payload stream. Plain segments contain the following information: 658 Handle 659 Steering tag (STag) or R_key generated by registering this memory 660 with the RDMA provider. 662 Length 663 The length of the RDMA segment's memory region, in octets. An 664 "empty segment" is an RDMA segment with the value zero (0) in its 665 length field. 667 Offset 668 The offset or beginning memory address of the RDMA segment's 669 memory region. 671 See [RFC5040] for further discussion of the meaning and use of these 672 fields. 674 3.4.4. Chunks 676 In RPC-over-RDMA Version One, a "chunk" refers to a portion of the 677 Payload stream that is moved independently of the RPC-over-RDMA 678 Transport header and Payload stream. Chunk data is removed from the 679 sender's Payload stream, transferred via separate operations, and 680 then re-inserted into the receiver's Payload stream to form a 681 complete RPC message. 683 Each chunk consists of one or more RDMA segments. Each RDMA segment 684 represents a single contiguous piece of that chunk. A requester MAY 685 divide a chunk into RDMA segments using any boundaries that are 686 convenient. The length of a chunk is the sum of the lengths of the 687 RDMA segments that comprise it. 689 The RPC-over-RDMA Version One transport protocol does not place a 690 limit on chunk size. However, each Upper Layer Protocol may cap the 691 amount of data that can be transferred by a single RPC (for example, 692 NFS has "rsize" and "wsize", which restrict the payload size of NFS 693 READ and WRITE operations). The responder can use such limits to 694 sanity check chunk sizes before using them in RDMA operations. 696 3.4.4.1. Counted Arrays 698 If a chunk contains a counted array data type, the count of array 699 elements MUST remain in the Payload stream, while the array elements 700 MUST be moved to the chunk. For example, when encoding an opaque 701 byte array as a chunk, the count of bytes stays in the Payload 702 stream, while the bytes in the array are removed from the Payload 703 stream and transferred within the chunk. 705 Individual array elements appear in a chunk in their entirety. For 706 example, when encoding an array of arrays as a chunk, the count of 707 items in the enclosing array stays in the Payload stream, but each 708 enclosed array, including its item count, is transferred as part of 709 the chunk. 711 3.4.4.2. Optional-data 713 If a chunk contains an optional-data data type, the "is present" 714 field MUST remain in the Payload stream, while the data, if present, 715 MUST be moved to the chunk. 717 3.4.4.3. XDR Unions 719 A union data type should never be made DDP-eligible, but one or more 720 of its arms may be DDP-eligible. 722 3.4.4.4. Chunk Round-up 724 Except in special cases (covered in Section 3.5.3), a chunk MUST 725 contain exactly one XDR data item. This makes it straightforward to 726 reduce variable-length data items without affecting the XDR alignment 727 of data items in the Payload stream. 729 When a variable-length XDR data item is reduced, the sender MUST 730 remove XDR round-up padding for that data item from the Payload 731 stream, so that data items remaining in the Payload stream begin on 732 four-byte alignment. 734 3.4.5. Read Chunks 736 A "Read chunk" represents an XDR data item that is to be pulled from 737 the requester to the responder. 739 A Read chunk is a list of one or more RDMA read segments. An RDMA 740 read segment consists of a Position field followed by a plain 741 segment. See Section 4.1.2 for details. 743 Position 744 The byte offset in the unreduced Payload stream where the receiver 745 re-inserts the data item conveyed in a chunk. The Position value 746 MUST be computed from the beginning of the unreduced Payload 747 stream, which begins at Position zero. All RDMA read segments 748 belonging to the same Read chunk have the same value in their 749 Position field. 751 While constructing an RPC-over-RDMA Call message, a requester 752 registers memory regions that contain data to be transferred via RDMA 753 Read operations. It advertises the co-ordinates of these regions in 754 the RPC-over-RDMA Transport header of the RPC Call. 756 After receiving an RPC Call sent via an RDMA Send operation, a 757 responder transfers the chunk data from the requester using RDMA Read 758 operations. The responder reconstructs the transferred chunk data by 759 concatenating the contents of each RDMA segment, in list order, into 760 the received Payload stream at the Position value recorded in that 761 RDMA segment. 763 Put another way, the responder inserts the first RDMA segment in a 764 Read chunk into the Payload stream at the byte offset indicated by 765 its Position field. RDMA segments whose Position field value match 766 this offset are concatenated afterwards, until there are no more RDMA 767 segments at that Position value. 769 The Position field in a read segment indicates where the containing 770 Read chunk starts in the Payload stream. The value in this field 771 MUST be a multiple of four. All segments in the same Read chunk 772 share the same Position value, even if one or more of the RDMA 773 segments have a non-four-byte aligned length. 775 3.4.5.1. Decoding Read Chunks 777 While decoding a received Payload stream, whenever the XDR offset in 778 the Payload stream matches that of a Read chunk, the responder 779 initiates an RDMA Read to pull the chunk's data content into 780 registered local memory. 782 The responder acknowledges its completion of use of Read chunk source 783 buffers when it sends an RPC Reply to the requester. The requester 784 may then release Read chunks advertised in the request. 786 3.4.5.2. Read Chunk Round-up 788 When reducing a variable-length argument data item, the requester 789 SHOULD NOT include the data item's XDR round-up padding in the chunk. 790 The length of a Read chunk is determined as follows: 792 o If the requester chooses to include round-up padding in a Read 793 chunk, the chunk's total length MUST be the sum of the encoded 794 length of the data item and the length of the round-up padding. 795 The length of the data item that was encoded into the Payload 796 stream remains unchanged. 798 The sender can increase the length of the chunk by adding another 799 RDMA segment containing only the round-up padding, or it can do so 800 by extending the final RDMA segment in the chunk. 802 o If the sender chooses not to include round-up padding in the 803 chunk, the chunk's total length MUST be the same as the encoded 804 length of the data item. 806 3.4.6. Write Chunks 808 While constructing an RPC Call message, a requester prepares memory 809 regions in which to receive DDP-eligible result data items. A "Write 810 chunk" represents an XDR data item that is to be pushed from a 811 responder to a requester. It is made up of an array of one or more 812 plain segments. 814 Write chunks are provisioned by a requester long before the responder 815 has prepared the reply Payload stream. A requester often does not 816 know the actual length of the result data items to be returned, since 817 the result does not yet exist. Thus it MUST register Write chunks 818 long enough to accommodate the maximum possible size of each returned 819 data item. 821 In addition, the XDR position of DDP-eligible data items in the 822 reply's Payload stream is not predictable when a requester constructs 823 a Call message. Therefore RDMA segments in a Write chunk do not have 824 a Position field. 826 For each Write chunk provided by a requester, the responder pushes 827 data to the requester, contiguously and in segment array order, until 828 the result data item has been completely written to the requester. 829 The responder MUST copy the segment count and all segments from the 830 requester-provided Write chunk into the Reply's Transport header. As 831 it does so, the responder updates each segment length field to 832 reflect the actual amount of data that is being returned in that 833 segment. The responder then sends the RPC Reply via an RDMA Send 834 operation. 836 An "empty Write chunk" is a Write chunk with a zero segment count. 837 By definition, the length of an empty Write chunk is zero. An 838 "unused Write chunk" has a non-zero segment count, but all of its 839 segments are empty segments. 841 3.4.6.1. Decoding Write Chunks 843 After receiving the RPC Reply, the requester reconstructs the 844 transferred data by concatenating the contents of each segment, in 845 array order, into RPC Reply XDR stream at the known XDR position of 846 the associated DDP-eligible result data item. 848 3.4.6.2. Write Chunk Round-up 850 When provisioning a Write chunk for a variable-length result data 851 item, the requester SHOULD NOT include additional space for XDR 852 round-up padding. A responder MUST NOT write XDR round-up padding 853 into a Write chunk, even if the requester made space available for 854 it. Therefore, when returning a single variable-length result data 855 item, a returned Write chunk's total length MUST be the same as the 856 encoded length of the result data item. 858 3.5. Message Size 860 A receiver of RDMA Send operations is required by RDMA to have 861 previously posted one or more adequately sized buffers. Memory 862 savings are achieved on both requesters and responders by posting 863 small Receive buffers. However, not all RPC messages are small. 865 3.5.1. Short Messages 867 RPC messages are frequently smaller than typical inline thresholds. 868 For example, the NFS version 3 GETATTR operation is only 56 bytes: 20 869 bytes of RPC header, plus a 32-byte file handle argument and 4 bytes 870 for its length. The reply to this common request is about 100 bytes. 872 Since all RPC messages conveyed via RPC-over-RDMA require an RDMA 873 Send operation, the most efficient way to send an RPC message that is 874 smaller than the inline threshold is to append the Payload stream 875 directly to the Transport stream. An RPC-over-RDMA header with a 876 small RPC Call or Reply message immediately following is transferred 877 using a single RDMA Send operation. No other operations are needed. 879 An RPC-over-RDMA transaction using Short Messages: 881 Requester Responder 882 | RDMA Send (RDMA_MSG) | 883 Call | ------------------------------> | 884 | | 885 | | Processing 886 | | 887 | RDMA Send (RDMA_MSG) | 888 | <------------------------------ | Reply 890 3.5.2. Chunked Messages 892 If DDP-eligible data items are present in a Payload stream, a sender 893 MAY reduce some or all of these items by removing them from the 894 Payload stream. The sender uses a separate mechanism to transfer the 895 reduced data items. The Transport stream with the reduced Payload 896 stream immediately following is then transferred using a single RDMA 897 Send operation 898 After receiving the Transport and Payload streams of a Chunked RPC- 899 over-RDMA Call message, the responder uses RDMA Read operations to 900 move reduced data items in Read chunks. Before sending the Transport 901 and Payload streams of a Chunked RPC-over-RDMA Reply message, the 902 responder uses RDMA Write operations to move reduced data items in 903 Write and Reply chunks. 905 An RPC-over-RDMA transaction with a Read chunk: 907 Requester Responder 908 | RDMA Send (RDMA_MSG) | 909 Call | ------------------------------> | 910 | RDMA Read | 911 | <------------------------------ | 912 | RDMA Response (arg data) | 913 | ------------------------------> | 914 | | 915 | | Processing 916 | | 917 | RDMA Send (RDMA_MSG) | 918 | <------------------------------ | Reply 920 An RPC-over-RDMA transaction with a Write chunk: 922 Requester Responder 923 | RDMA Send (RDMA_MSG) | 924 Call | ------------------------------> | 925 | | 926 | | Processing 927 | | 928 | RDMA Write (result data) | 929 | <------------------------------ | 930 | RDMA Send (RDMA_MSG) | 931 | <------------------------------ | Reply 933 3.5.3. Long Messages 935 When a Payload stream is larger than the receiver's inline threshold, 936 the Payload stream is reduced by removing DDP-eligible data items and 937 placing them in chunks to be moved separately. If there are no DDP- 938 eligible data items in the Payload stream, or the Payload stream is 939 still too large after it has been reduced, the RDMA transport MUST 940 use RDMA Read or Write operations to convey the Payload stream 941 itself. This mechanism is referred to as a "Long Message." 942 To transmit a Long Message, the sender conveys only the Transport 943 stream with an RDMA Send operation. The Payload stream is not 944 included in the Send buffer in this instance. Instead, the requester 945 provides chunks that the responder uses to move the Payload stream. 947 Long RPC Call 948 To send a Long RPC-over-RDMA Call message, the requester provides 949 a special Read chunk that contains the RPC Call's Payload stream. 950 Every RDMA segment in this Read chunk MUST contain zero in its 951 Position field. Thus this chunk is known as a "Position Zero Read 952 chunk." 954 Long RPC Reply 955 To send a Long RPC-over-RDMA Reply message, the requester provides 956 a single special Write chunk in advance, known as the "Reply 957 chunk", that will contain the RPC Reply's Payload stream. The 958 requester sizes the Reply chunk to accommodate the maximum 959 expected reply size for that Upper Layer operation. 961 Though the purpose of a Long Message is to handle large RPC messages, 962 requesters MAY use a Long Message at any time to convey an RPC Call. 964 A responder chooses which form of reply to use based on the chunks 965 provided by the requester. If Write chunks were provided and the 966 responder has a DDP-eligible result, it first reduces the reply 967 Payload stream. If a Reply chunk was provided and the reduced 968 Payload stream is larger than the reply inline threshold, the 969 responder MUST use the requester-provided Reply chunk for the reply. 971 XDR data items may appear in these special chunks without regard to 972 their DDP-eligibility. As these chunks contain a Payload stream, 973 such chunks MUST include appropriate XDR round-up padding to maintain 974 proper XDR alignment of their contents. 976 An RPC-over-RDMA transaction using a Long Call: 978 Requester Responder 979 | RDMA Send (RDMA_NOMSG) | 980 Call | ------------------------------> | 981 | RDMA Read | 982 | <------------------------------ | 983 | RDMA Response (RPC call) | 984 | ------------------------------> | 985 | | 986 | | Processing 987 | | 988 | RDMA Send (RDMA_MSG) | 989 | <------------------------------ | Reply 991 An RPC-over-RDMA transaction using a Long Reply: 993 Requester Responder 994 | RDMA Send (RDMA_MSG) | 995 Call | ------------------------------> | 996 | | 997 | | Processing 998 | | 999 | RDMA Write (RPC reply) | 1000 | <------------------------------ | 1001 | RDMA Send (RDMA_NOMSG) | 1002 | <------------------------------ | Reply 1004 4. RPC-Over-RDMA In Operation 1006 Every RPC-over-RDMA Version One message has a header that includes a 1007 copy of the message's transaction ID, data for managing RDMA flow 1008 control credits, and lists of RDMA segments describing chunks. All 1009 RPC-over-RDMA header content is contained in the Transport stream, 1010 and thus MUST be XDR encoded. 1012 RPC message layout is unchanged from that described in [RFC5531] 1013 except for the possible reduction of data items that are moved by 1014 separate operations. 1016 The RPC-over-RDMA protocol passes RPC messages without regard to 1017 their type (CALL or REPLY). Apart from restrictions imposed by 1018 upper-layer bindings, each endpoint of a connection MAY send RDMA_MSG 1019 or RDMA_NOMSG message header types at any time (subject to credit 1020 limits). 1022 4.1. XDR Protocol Definition 1024 This section contains a description of the core features of the RPC- 1025 over-RDMA Version One protocol, expressed in the XDR language 1026 [RFC4506]. 1028 This description is provided in a way that makes it simple to extract 1029 into ready-to-compile form. The reader can apply the following shell 1030 script to this document to produce a machine-readable XDR description 1031 of the RPC-over-RDMA Version One protocol. 1033 1035 #!/bin/sh 1036 grep '^ *///' | sed 's?^ /// ??' | sed 's?^ *///$??' 1038 1040 That is, if the above script is stored in a file called "extract.sh" 1041 and this document is in a file called "spec.txt" then the reader can 1042 do the following to extract an XDR description file: 1044 1046 sh extract.sh < spec.txt > rpcrdma_corev1.x 1048 1050 4.1.1. Code Component License 1052 Code components extracted from this document must include the 1053 following license text. When the extracted XDR code is combined with 1054 other complementary XDR code which itself has an identical license, 1055 only a single copy of the license text need be preserved. 1057 1059 /// /* 1060 /// * Copyright (c) 2010, 2016 IETF Trust and the persons 1061 /// * identified as authors of the code. All rights reserved. 1062 /// * 1063 /// * The authors of the code are: 1064 /// * B. Callaghan, T. Talpey, and C. Lever 1065 /// * 1066 /// * Redistribution and use in source and binary forms, with 1067 /// * or without modification, are permitted provided that the 1068 /// * following conditions are met: 1069 /// * 1070 /// * - Redistributions of source code must retain the above 1071 /// * copyright notice, this list of conditions and the 1072 /// * following disclaimer. 1073 /// * 1074 /// * - Redistributions in binary form must reproduce the above 1075 /// * copyright notice, this list of conditions and the 1076 /// * following disclaimer in the documentation and/or other 1077 /// * materials provided with the distribution. 1078 /// * 1079 /// * - Neither the name of Internet Society, IETF or IETF 1080 /// * Trust, nor the names of specific contributors, may be 1081 /// * used to endorse or promote products derived from this 1082 /// * software without specific prior written permission. 1083 /// * 1084 /// * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS 1085 /// * AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED 1086 /// * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1087 /// * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 1088 /// * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 1089 /// * EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 1090 /// * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 1091 /// * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 1092 /// * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 1093 /// * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 1094 /// * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 1095 /// * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 1096 /// * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 1097 /// * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 1098 /// * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 1099 /// */ 1100 /// 1102 1104 4.1.2. RPC-Over-RDMA Version One XDR 1106 XDR data items defined in this section encodes the Transport Header 1107 Stream in each RPC-over-RDMA Version One message. Comments identify 1108 items that cannot be changed in subsequent versions. 1110 1112 /// /* 1113 /// * Plain RDMA segment (Section 3.4.3) 1114 /// */ 1115 /// struct xdr_rdma_segment { 1116 /// uint32 handle; /* Registered memory handle */ 1117 /// uint32 length; /* Length of the chunk in bytes */ 1118 /// uint64 offset; /* Chunk virtual address or offset */ 1119 /// }; 1120 /// 1121 /// /* 1122 /// * RDMA read segment (Section 3.4.5) 1123 /// */ 1124 /// struct xdr_read_chunk { 1125 /// uint32 position; /* Position in XDR stream */ 1126 /// struct xdr_rdma_segment target; 1127 /// }; 1128 /// 1129 /// /* 1130 /// * Read list (Section 4.3.1) 1131 /// */ 1132 /// struct xdr_read_list { 1133 /// struct xdr_read_chunk entry; 1134 /// struct xdr_read_list *next; 1135 /// }; 1136 /// 1137 /// /* 1138 /// * Write chunk (Section 3.4.6) 1139 /// */ 1140 /// struct xdr_write_chunk { 1141 /// struct xdr_rdma_segment target<>; 1142 /// }; 1143 /// 1144 /// /* 1145 /// * Write list (Section 4.3.2) 1146 /// */ 1147 /// struct xdr_write_list { 1148 /// struct xdr_write_chunk entry; 1149 /// struct xdr_write_list *next; 1150 /// }; 1151 /// 1152 /// /* 1153 /// * Chunk lists (Section 4.3) 1154 /// */ 1155 /// struct rpc_rdma_header { 1156 /// struct xdr_read_list *rdma_reads; 1157 /// struct xdr_write_list *rdma_writes; 1158 /// struct xdr_write_chunk *rdma_reply; 1159 /// /* rpc body follows */ 1160 /// }; 1161 /// 1162 /// struct rpc_rdma_header_nomsg { 1163 /// struct xdr_read_list *rdma_reads; 1164 /// struct xdr_write_list *rdma_writes; 1165 /// struct xdr_write_chunk *rdma_reply; 1166 /// }; 1167 /// 1168 /// /* Not to be used */ 1169 /// struct rpc_rdma_header_padded { 1170 /// uint32 rdma_align; 1171 /// uint32 rdma_thresh; 1172 /// struct xdr_read_list *rdma_reads; 1173 /// struct xdr_write_list *rdma_writes; 1174 /// struct xdr_write_chunk *rdma_reply; 1175 /// /* rpc body follows */ 1176 /// }; 1177 /// 1178 /// /* 1179 /// * Error handling (Section 4.5) 1180 /// */ 1181 /// enum rpc_rdma_errcode { 1182 /// ERR_VERS = 1, /* Value fixed for all versions */ 1183 /// ERR_CHUNK = 2 1184 /// }; 1185 /// 1186 /// /* Structure fixed for all versions */ 1187 /// struct rpc_rdma_errvers { 1188 /// uint32 rdma_vers_low; 1189 /// uint32 rdma_vers_high; 1190 /// }; 1191 /// 1192 /// union rpc_rdma_error switch (rpc_rdma_errcode err) { 1193 /// case ERR_VERS: 1194 /// rpc_rdma_errvers range; 1195 /// case ERR_CHUNK: 1196 /// void; 1197 /// }; 1198 /// 1199 /// /* 1200 /// * Procedures (Section 4.2.4) 1201 /// */ 1202 /// enum rdma_proc { 1203 /// RDMA_MSG = 0, /* Value fixed for all versions */ 1204 /// RDMA_NOMSG = 1, /* Value fixed for all versions */ 1205 /// RDMA_MSGP = 2, /* Not to be used */ 1206 /// RDMA_DONE = 3, /* Not to be used */ 1207 /// RDMA_ERROR = 4 /* Value fixed for all versions */ 1208 /// }; 1209 /// 1210 /// /* The position of the proc discriminator field is 1211 /// * fixed for all versions */ 1212 /// union rdma_body switch (rdma_proc proc) { 1213 /// case RDMA_MSG: 1214 /// rpc_rdma_header rdma_msg; 1215 /// case RDMA_NOMSG: 1216 /// rpc_rdma_header_nomsg rdma_nomsg; 1217 /// case RDMA_MSGP: /* Not to be used */ 1218 /// rpc_rdma_header_padded rdma_msgp; 1219 /// case RDMA_DONE: /* Not to be used */ 1220 /// void; 1221 /// case RDMA_ERROR: 1222 /// rpc_rdma_error rdma_error; 1223 /// }; 1224 /// 1225 /// /* 1226 /// * Fixed header fields (Section 4.2) 1227 /// */ 1228 /// struct rdma_msg { 1229 /// uint32 rdma_xid; /* Position fixed for all versions */ 1230 /// uint32 rdma_vers; /* Position fixed for all versions */ 1231 /// uint32 rdma_credit; /* Position fixed for all versions */ 1232 /// rdma_body rdma_body; 1233 /// }; 1235 1237 4.2. Fixed Header Fields 1239 The RPC-over-RDMA header begins with four fixed 32-bit fields that 1240 control the RDMA interaction. 1242 The first three words are individual fields in the rdma_msg 1243 structure. The fourth word is the first word of the rdma_body union 1244 which acts as the discriminator for the switched union. The contents 1245 of this field are described in Section 4.2.4. 1247 These four fields must remain with the same meanings and in the same 1248 positions in all subsequent versions of the RPC-over-RDMA protocol. 1250 4.2.1. Transaction ID (XID) 1252 The XID generated for the RPC Call and Reply. Having the XID at a 1253 fixed location in the header makes it easy for the receiver to 1254 establish context as soon as each RPC-over-RDMA message arrives. 1255 This XID MUST be the same as the XID in the RPC message. The 1256 receiver MAY perform its processing based solely on the XID in the 1257 RPC-over-RDMA header, and thereby ignore the XID in the RPC message, 1258 if it so chooses. 1260 4.2.2. Version Number 1262 For RPC-over-RDMA Version One, this field MUST contain the value one 1263 (1). Rules regarding changes to this transport protocol version 1264 number can be found in Section 7. 1266 4.2.3. Credit Value 1268 When sent with an RPC Call message, the requested credit value is 1269 provided. When sent with an RPC Reply message, the granted credit 1270 value is returned. Further discussion of how the credit value is 1271 determined can be found in Section 3.3. 1273 4.2.4. Procedure Number 1275 o RDMA_MSG = 0 indicates that chunk lists and a Payload stream 1276 follow. The format of the chunk lists is discussed below. 1278 o RDMA_NOMSG = 1 indicates that after the chunk lists there is no 1279 Payload stream. In this case, the chunk lists provide information 1280 to allow the responder to transfer the Payload stream using 1281 explicit RDMA operations. 1283 o RDMA_MSGP = 2 is reserved. 1285 o RDMA_DONE = 3 is reserved. 1287 o RDMA_ERROR = 4 is used to signal an encoding error in the RPC- 1288 over-RDMA header. 1290 An RDMA_MSG procedure conveys the Transport stream and the Payload 1291 stream via an RDMA Send operation. The Transport stream contains the 1292 four fixed fields, followed by the Read and Write lists and the Reply 1293 chunk, though any or all three MAY be marked as not present. The 1294 Payload stream then follows, beginning with its XID field. If a Read 1295 or Write chunk list is present, a portion of the Payload stream has 1296 been excised and is conveyed via separate operations. 1298 An RDMA_NOMSG procedure conveys the Transport stream via an RDMA Send 1299 operation. The Transport stream contains the four fixed fields, 1300 followed by the Read and Write chunk lists and the Reply chunk. 1301 Though any of these MAY be marked as not present, one MUST be present 1302 and MUST hold the Payload stream for this RPC-over-RDMA message. If 1303 a Read or Write chunk list is present, a portion of the Payload 1304 stream has been excised and is conveyed via separate operations. 1306 An RDMA_ERROR procedure conveys the Transport stream via an RDMA Send 1307 operation. The Transport stream contains the four fixed fields, 1308 followed by formatted error information. No Payload stream is 1309 conveyed in this type of RPC-over-RDMA message. 1311 A requester MUST NOT send an RPC-over-RDMA header with the RDMA_ERROR 1312 procedure. A responder MUST silently discard RDMA_ERROR procedures. 1314 A gather operation on each RDMA Send operation can be used to combine 1315 the Transport and Payload streams, which might have been constructed 1316 in separate buffers. However, the total length of the gathered send 1317 buffers MUST NOT exceed the inline threshold. 1319 4.3. Chunk Lists 1321 The chunk lists in an RPC-over-RDMA Version One header are three XDR 1322 optional-data fields that follow the fixed header fields in RDMA_MSG 1323 and RDMA_NOMSG procedures. Read Section 4.19 of [RFC4506] carefully 1324 to understand how optional-data fields work. Examples of XDR encoded 1325 chunk lists are provided in Section 4.7 as an aid to understanding. 1327 Often, an RPC-over-RDMA message has no associated chunks. In this 1328 case, all three chunk lists are marked empty (not present). 1330 4.3.1. Read List 1332 Each RDMA_MSG or RDMA_NOMSG procedure has one "Read list." The Read 1333 list is a list of zero or more RDMA Read segments, provided by the 1334 requester, that are grouped by their Position fields into Read 1335 chunks. Each Read chunk advertises the location of argument data the 1336 responder is to pull from the requester. The requester has removed 1337 the data items in these chunks from the call's Payload stream. 1339 A requester may transmit the Payload stream of an RPC Call message 1340 using a Position Zero Read chunk. If the RPC Call has no argument 1341 data that is DDP-eligible and the Position Zero Read chunk is not 1342 being used, the requester leaves the Read list empty. 1344 Responders MUST leave the Read list empty in all replies. 1346 4.3.1.1. Matching Read Chunks to Arguments 1348 When reducing a DDP-eligible argument data item, a requester records 1349 the XDR stream offset of that data item in the Read chunk's Position 1350 field. The responder can then tell unambiguously where that chunk is 1351 to be re-inserted into the received Payload stream to form a complete 1352 RPC Call. 1354 4.3.2. Write List 1356 Each RDMA_MSG or RDMA_NOMSG procedure has one "Write list." The 1357 Write list is a list of zero or more Write chunks, provided by the 1358 requester. Each Write chunk is an array of plain segments, thus the 1359 Write list is a list of counted arrays. 1361 If an RPC Reply has no possible DDP-eligible result data items, the 1362 requester leaves the Write list empty. When a requester provides a 1363 Write list, the responder MUST push data corresponding to DDP- 1364 eligible result data items to requester memory referenced in the 1365 Write list. The responder removes these data items from the reply's 1366 Payload stream. 1368 4.3.2.1. Matching Write Chunks To Results 1370 A requester constructs the Write list for an RPC transaction before 1371 the responder has formulated its reply. When there is only one DDP- 1372 eligible result data item, the requester inserts only a single Write 1373 chunk in the Write list. If the returned Write chunk is not an 1374 unused Write chunk, the requester knows with certainty which result 1375 data item is contained in it. 1377 When a requester has provided multiple Write chunks, the responder 1378 fills in each Write chunk with one DDP-eligible result until either 1379 there are no more DDP-eligible results, or no more Write chunks. 1381 The requester might not be able to predict in advance which DDP- 1382 eligible data item goes in which chunk. Thus the requester is 1383 responsible for allocating and registering Write chunks large enough 1384 to accommodate the largest result data item that might be associated 1385 with each chunk in the Write list. 1387 As a requester decodes a reply Payload stream, it is clear from the 1388 contents of the Reply which Write chunk contains which result data 1389 item. 1391 4.3.2.2. Unused Write Chunks 1393 There are occasions when a requester provides a non-empty Write chunk 1394 but the responder is not able to use it. For example, an Upper Layer 1395 Protocol may define a union result where some arms of the union 1396 contain a DDP-eligible data item while other arms do not. The 1397 responder is required to use requester-provided Write chunks in this 1398 case, but if the responder returns a result that uses an arm of the 1399 union that has no DDP-eligible data item, that Write chunk remains 1400 unconsumed. 1402 If there is a subsequent DDP-eligible result data item in the Reply, 1403 it MUST be placed in that unconsumed Write chunk. Therefore the 1404 requester MUST provision each Write chunk so it can be filled with 1405 the largest DDP-eligible data item that can be placed in it. 1407 If this is the last or only Write chunk available and it remains 1408 unconsumed, the responder MUST return this Write chunk as an unused 1409 Write chunk (see Section 3.4.6). The responder sets the segment 1410 count to a value matching the requester-provided Write chunk, but 1411 returns only empty segments in that Write chunk. 1413 Unused Write chunks, or unused bytes in Write chunk segments, are 1414 returned to the RPC consumer as part of RPC completion. Even if a 1415 responder indicates that a Write chunk is not consumed, the responder 1416 may have written data into one or more segments before choosing not 1417 to return that data item. The requester MUST NOT assume that the 1418 memory regions backing a Write chunk have not been modified. 1420 4.3.2.3. Empty Write Chunks 1422 To force a responder to return a DDP-eligible result inline, a 1423 requester employs the following mechanism: 1425 o When there is only one DDP-eligible result item in a Reply, the 1426 requester provides an empty Write list. 1428 o When there are multiple DDP-eligible result data items and a 1429 requester prefers that a data item is returned inline, the 1430 requester provides an empty Write chunk for that item (see xref 1431 target="sec:write-chunks" />). The responder MUST return the 1432 corresponding result data item inline, and must return an empty 1433 Write chunk in that Write list position in the Reply. 1435 As always, a requester and responder must prepare for a Long Reply to 1436 be used if the resulting RPC Reply might be too large to be conveyed 1437 in an RDMA Send. 1439 4.3.3. Reply Chunk 1441 Each RDMA_MSG or RDMA_NOMSG procedure has one "Reply chunk." The 1442 Reply chunk is a Write chunk, provided by the requester. The Reply 1443 chunk is a single counted array of plain segments. 1445 A requester MUST provide a Reply chunk whenever the maximum possible 1446 size of the reply message is larger than the inline threshold for 1447 messages from responder to requester. The Reply chunk MUST be large 1448 enough to contain a Payload stream (RPC message) of this maximum 1449 size. If the Transport stream and reply Payload stream together are 1450 smaller than the reply inline threshold, the responder MAY return it 1451 as a Short message rather than using the requester-provided Reply 1452 chunk. 1454 When a requester has provided a Reply chunk in a Call message, the 1455 responder MUST copy that chunk into the associated Reply. The copied 1456 Reply chunk in the Reply is modified to reflect the actual amount of 1457 data that is being returned in the Reply chunk. 1459 4.4. Memory Registration 1461 RDMA requires that data is transferred between only registered memory 1462 regions at the source and destination. All protocol headers as well 1463 as separately transferred data chunks must reside in registered 1464 memory. 1466 Since the cost of registering and de-registering memory can be a 1467 significant proportion of the cost of an RPC-over-RDMA transaction, 1468 it is important to minimize registration activity. For memory that 1469 is targeted by RDMA Send and Receive operations, a local-only 1470 registration is sufficient and can be left in place during the life 1471 of a connection without any risk of data exposure. 1473 4.4.1. Registration Longevity 1475 Data transferred via RDMA Read and Write can reside in a memory 1476 allocation not in the control of the RPC-over-RDMA transport. These 1477 memory allocations can persist outside the bounds of an RPC 1478 transaction. They are registered and invalidated as needed, as part 1479 of each RPC transaction. 1481 The requester endpoint must ensure that memory regions associated 1482 with each RPC transaction are properly fenced from responders before 1483 allowing Upper Layer access to the data contained in them. Moreover, 1484 the requester must not access these memory regions while the 1485 responder has access to them. 1487 This includes memory regions that are associated with canceled RPCs. 1488 A responder cannot know that the requester is no longer waiting for a 1489 reply, and might proceed to read or even update memory that the 1490 requester might have released for other use. 1492 4.4.2. Communicating DDP-Eligibility 1494 The interface by which an Upper Layer Protocol implementation 1495 communicates the eligibility of a data item locally to its local RPC- 1496 over-RDMA endpoint is not described by this specification. 1498 Depending on the implementation and constraints imposed by Upper 1499 Layer Bindings, it is possible to implement reduction transparently 1500 to upper layers. Such implementations may lead to inefficiencies, 1501 either because they require the RPC layer to perform expensive 1502 registration and de-registration of memory "on the fly", or they may 1503 require using RDMA chunks in reply messages, along with the resulting 1504 additional handshaking with the RPC-over-RDMA peer. 1506 However, these issues are internal and generally confined to the 1507 local interface between RPC and its upper layers, one in which 1508 implementations are free to innovate. The only requirement, beyond 1509 constraints imposed by the Upper Layer Binding, is that the resulting 1510 RPC-over-RDMA protocol sent to the peer is valid for the upper layer. 1512 4.4.3. Registration Strategies 1514 The choice of which memory registration strategies to employ is left 1515 to requester and responder implementers. To support the widest array 1516 of RDMA implementations, as well as the most general steering tag 1517 scheme, an Offset field is included in each RDMA segment. 1519 While zero-based offset schemes are available in many RDMA 1520 implementations, their use by RPC requires individual registration of 1521 each memory region. For such implementations, this can be a 1522 significant overhead. By providing an offset in each chunk, many 1523 pre-registration or region-based registrations can be readily 1524 supported. 1526 4.5. Error Handling 1528 A receiver performs basic validity checks on the RPC-over-RDMA header 1529 and chunk contents before it passes the RPC message to the RPC layer. 1530 If an incoming RPC-over-RDMA message is not as long as a minimal size 1531 RPC-over-RDMA header (28 bytes), the receiver cannot trust the value 1532 of the XID field, and therefore MUST silently discard the message 1533 before performing any parsing. If other errors are detected in the 1534 RPC-over-RDMA header of a Call message, a responder MUST send an 1535 RDMA_ERROR message back to the requester. If errors are detected in 1536 the RPC-over-RDMA header of a Reply message, a requester MUST 1537 silently discard the message. 1539 To form an RDMA_ERROR procedure: The rdma_xid field MUST contain the 1540 same XID that was in the rdma_xid field in the failing request; The 1541 rdma_vers field MUST contain the same version that was in the 1542 rdma_vers field in the failing request; The rdma_proc field MUST 1543 contain the value RDMA_ERROR; The rdma_err field contains a value 1544 that reflects the type of error that occurred, as described below. 1546 An RDMA_ERROR procedure indicates a permanent error. Receipt of this 1547 procedure completes the RPC transaction associated with XID in the 1548 rdma_xid field. A receiver MUST silently discard an RDMA_ERROR 1549 procedure that it cannot decode. 1551 4.5.1. Header Version Mismatch 1553 When a responder detects an RPC-over-RDMA header version that it does 1554 not support (currently this document defines only Version One), it 1555 MUST reply with an RDMA_ERROR procedure and set the rdma_err value to 1556 ERR_VERS, also providing the low and high inclusive version numbers 1557 it does, in fact, support. 1559 4.5.2. XDR Errors 1561 A receiver might encounter an XDR parsing error that prevents it from 1562 processing the incoming Transport stream. Examples of such errors 1563 include an invalid value in the rdma_proc field, an RDMA_NOMSG 1564 message that has no chunk lists, or the contents of the rdma_xid 1565 field might not match the contents of the XID field in the 1566 accompanying RPC message. If the rdma_vers field contains a 1567 recognized value, but an XDR parsing error occurs, the responder MUST 1568 reply with an RDMA_ERROR procedure and set the rdma_err value to 1569 ERR_CHUNK. 1571 When a responder receives a valid RPC-over-RDMA header but the 1572 responder's Upper Layer Protocol implementation cannot parse the RPC 1573 arguments in the RPC Call message, the responder SHOULD return an RPC 1574 Reply with status GARBAGE_ARGS, using an RDMA_MSG procedure. This 1575 type of parsing failure might be due to mismatches between chunk 1576 sizes or offsets and the contents of the Payload stream, for example. 1578 4.5.3. Responder RDMA Operational Errors 1580 In RPC-over-RDMA Version One, the responder initiates RDMA Read and 1581 Write operations that target the requester's memory. Problems might 1582 arise as the responder attempts to use requester-provided resources 1583 for RDMA operations. For example: 1585 o Usually, chunks can be validated only by using their contents to 1586 perform data transfers. If chunk contents are invalid (say, a 1587 memory region is no longer registered, or a chunk length exceeds 1588 the end of the registered memory region), a Remote Access Error 1589 occurs. 1591 o If a requester's receive buffer is too small, the responder's Send 1592 operation completes with a Local Length Error. 1594 o If the requester-provided Reply chunk is too small to accommodate 1595 a large RPC Reply, a Remote Access error occurs. A responder 1596 might detect this problem before attempting to write past the end 1597 of the Reply chunk. 1599 RDMA operational errors are typically fatal to the connection. To 1600 avoid a retransmission loop and repeated connection loss that 1601 deadlocks the connection, once the requester has re-established a 1602 connection, the responder should send an RDMA_ERROR reply with an 1603 rdma_err value of ERR_CHUNK to indicate that no RPC-level reply is 1604 possible for that XID. 1606 4.5.4. Other Operational Errors 1608 While a requester is constructing a Call message, an unrecoverable 1609 problem might occur that prevents the requester from posting further 1610 RDMA Work Requests on behalf of that message. As with other 1611 transports, if a requester is unable to construct and transmit a Call 1612 message, the associated RPC transaction fails immediately. 1614 After a requester has received a reply, if it is unable to invalidate 1615 a memory region due to an unrecoverable problem, the requester MUST 1616 close the connection to fence that memory from the responder before 1617 the associated RPC transaction is complete. 1619 While a responder is constructing a Reply message or error message, 1620 an unrecoverable problem might occur that prevents the responder from 1621 posting further RDMA Work Requests on behalf of that message. If a 1622 responder is unable to construct and transmit a Reply or error 1623 message, the responder MUST close the connection to signal to the 1624 requester that a reply was lost. 1626 4.5.5. RDMA Transport Errors 1628 The RDMA connection and physical link provide some degree of error 1629 detection and retransmission. iWARP's Marker PDU Aligned (MPA) layer 1630 (when used over TCP), Stream Control Transmission Protocol (SCTP), as 1631 well as the InfiniBand link layer all provide Cyclic Redundancy Check 1632 (CRC) protection of the RDMA payload, and CRC-class protection is a 1633 general attribute of such transports. 1635 Additionally, the RPC layer itself can accept errors from the 1636 transport, and recover via retransmission. RPC recovery can handle 1637 complete loss and re-establishment of a transport connection. 1639 The details of reporting and recovery from RDMA link layer errors are 1640 described in specific link layer APIs and operational specifications, 1641 and are outside the scope of this protocol specification. See 1642 Section 8 for further discussion of the use of RPC-level integrity 1643 schemes to detect errors. 1645 4.6. Protocol Elements No Longer Supported 1647 The following protocol elements are no longer supported in RPC-over- 1648 RDMA Version One. Related enum values and structure definitions 1649 remain in the RPC-over-RDMA Version One protocol for backwards 1650 compatibility. 1652 4.6.1. RDMA_MSGP 1654 The specification of RDMA_MSGP in Section 3.9 of [RFC5666] is 1655 incomplete. To fully specify RDMA_MSGP would require: 1657 o Updating the definition of DDP-eligibility to include data items 1658 that may be transferred, with padding, via RDMA_MSGP procedures 1660 o Adding full operational descriptions of the alignment and 1661 threshold fields 1663 o Discussing how alignment preferences are communicated between two 1664 peers without using CCP 1666 o Describing the treatment of RDMA_MSGP procedures that convey Read 1667 or Write chunks 1669 The RDMA_MSGP message type is beneficial only when the padded data 1670 payload is at the end of an RPC message's argument or result list. 1671 This is not typical for NFSv4 COMPOUND RPCs, which often include a 1672 GETATTR operation as the final element of the compound operation 1673 array. 1675 Without a full specification of RDMA_MSGP, there has been no fully 1676 implemented prototype of it. Without a complete prototype of 1677 RDMA_MSGP support, it is difficult to assess whether this protocol 1678 element has benefit, or can even be made to work interoperably. 1680 Therefore, senders MUST NOT send RDMA_MSGP procedures. When 1681 receiving an RDMA_MSGP procedure, responders SHOULD reply with an 1682 RDMA_ERROR procedure, setting the rdma_err field to ERR_CHUNK; 1683 requesters MUST silently discard the message. 1685 4.6.2. RDMA_DONE 1687 Because no implementation of RPC-over-RDMA Version One uses the Read- 1688 Read transfer model, there is never a need to send an RDMA_DONE 1689 procedure. 1691 Therefore, senders MUST NOT send RDMA_DONE messages. Receivers MUST 1692 silently discard RDMA_DONE messages. 1694 4.7. XDR Examples 1696 RPC-over-RDMA chunk lists are complex data types. In this section, 1697 illustrations are provided to help readers grasp how chunk lists are 1698 represented inside an RPC-over-RDMA header. 1700 A plain segment is the simplest component, being made up of a 32-bit 1701 handle (H), a 32-bit length (L), and 64-bits of offset (OO). Once 1702 flattened into an XDR stream, plain segments appear as 1704 HLOO 1706 An RDMA read segment has an additional 32-bit position field. RDMA 1707 read segments appear as 1709 PHLOO 1711 A Read chunk is a list of RDMA read segments. Each RDMA read segment 1712 is preceded by a 32-bit word containing a one if a segment follows, 1713 or a zero if there are no more segments in the list. In XDR form, 1714 this would look like 1716 1 PHLOO 1 PHLOO 1 PHLOO 0 1718 where P would hold the same value for each RDMA read segment 1719 belonging to the same Read chunk. 1721 The Read List is also a list of RDMA read segments. In XDR form, 1722 this would look like a Read chunk, except that the P values could 1723 vary across the list. An empty Read List is encoded as a single 1724 32-bit zero. 1726 One Write chunk is a counted array of plain segments. In XDR form, 1727 the count would appear as the first 32-bit word, followed by an HLOO 1728 for each element of the array. For instance, a Write chunk with 1729 three elements would look like 1731 3 HLOO HLOO HLOO 1733 The Write List is a list of counted arrays. In XDR form, this is a 1734 combination of optional-data and counted arrays. To represent a 1735 Write List containing a Write chunk with three segments and a Write 1736 chunk with two segments, XDR would encode 1738 1 3 HLOO HLOO HLOO 1 2 HLOO HLOO 0 1740 An empty Write List is encoded as a single 32-bit zero. 1742 The Reply chunk is a Write chunk. Since it is an optional-data 1743 field, however, there is a 32-bit field in front of it that contains 1744 a one if the Reply chunk is present, or a zero if it is not. After 1745 encoding, a Reply chunk with 2 segments would look like 1747 1 2 HLOO HLOO 1749 Frequently a requester does not provide any chunks. In that case, 1750 after the four fixed fields in the RPC-over-RDMA header, there are 1751 simply three 32-bit fields that contain zero. 1753 5. RPC Bind Parameters 1755 In setting up a new RDMA connection, the first action by a requester 1756 is to obtain a transport address for the responder. The means used 1757 to obtain this address, and to open an RDMA connection, is dependent 1758 on the type of RDMA transport, and is the responsibility of each RPC 1759 protocol binding and its local implementation. 1761 RPC services normally register with a portmap or rpcbind service 1762 [RFC1833], which associates an RPC Program number with a service 1763 address. This policy is no different with RDMA transports. However, 1764 a different and distinct service address (port number) might 1765 sometimes be required for Upper Layer Protocol operation with RPC- 1766 over-RDMA. 1768 When mapped atop the iWARP transport [RFC5040] [RFC5041], which uses 1769 IP port addressing due to its layering on TCP and/or SCTP, port 1770 mapping is trivial and consists merely of issuing the port in the 1771 connection process. The NFS/RDMA protocol service address has been 1772 assigned port 20049 by IANA, for both iWARP/TCP and iWARP/SCTP 1773 [RFC5667]. 1775 When mapped atop InfiniBand [IB], which uses a Group Identifier 1776 (GID)-based service endpoint naming scheme, a translation MUST be 1777 employed. One such translation is defined in the InfiniBand Port 1778 Addressing Annex [IBPORT], which is appropriate for translating IP 1779 port addressing to the InfiniBand network. Therefore, in this case, 1780 IP port addressing may be readily employed by the upper layer. 1782 When a mapping standard or convention exists for IP ports on an RDMA 1783 interconnect, there are several possibilities for each upper layer to 1784 consider: 1786 o One possibility is to have the responder register its mapped IP 1787 port with the rpcbind service under the netid (or netids) defined 1788 here. An RPC-over-RDMA-aware requester can then resolve its 1789 desired service to a mappable port, and proceed to connect. This 1790 is the most flexible and compatible approach, for those upper 1791 layers that are defined to use the rpcbind service. 1793 o A second possibility is to have the responder's portmapper 1794 register itself on the RDMA interconnect at a "well known" service 1795 address (on UDP or TCP, this corresponds to port 111). A 1796 requester could connect to this service address and use the 1797 portmap protocol to obtain a service address in response to a 1798 program number, e.g., an iWARP port number, or an InfiniBand GID. 1800 o Alternately, the requester could simply connect to the mapped 1801 well-known port for the service itself, if it is appropriately 1802 defined. By convention, the NFS/RDMA service, when operating atop 1803 such an InfiniBand fabric, uses the same 20049 assignment as for 1804 iWARP. 1806 Historically, different RPC protocols have taken different approaches 1807 to their port assignment. Therefore, the specific method is left to 1808 each RPC-over-RDMA-enabled Upper Layer Binding, and not addressed in 1809 this document. 1811 In Section 9, this specification defines two new "netid" values, to 1812 be used for registration of upper layers atop iWARP [RFC5040] 1813 [RFC5041] and (when a suitable port translation service is available) 1814 InfiniBand [IB]. Additional RDMA-capable networks MAY define their 1815 own netids, or if they provide a port translation, MAY share the one 1816 defined in this document. 1818 6. Upper Layer Binding Specifications 1820 An Upper Layer Protocol is typically defined independently of any 1821 particular RPC transport. An Upper Layer Binding specification (ULB) 1822 provides guidance that helps the Upper Layer Protocol interoperate 1823 correctly and efficiently over a particular transport. For RPC-over- 1824 RDMA Version One, an Upper Layer Binding may provide: 1826 o A taxonomy of XDR data items that are eligible for Direct Data 1827 Placement 1829 o Constraints on which Upper Layer procedures may be reduced, and on 1830 how many chunks may appear in a single RPC request 1832 o A method for determining the maximum size of the reply Payload 1833 stream for all procedures in the Upper Layer Protocol 1835 o An rpcbind port assignment for operation of the RPC Program and 1836 Version on an RPC-over-RDMA transport 1838 Each RPC Program and Version tuple that utilizes RPC-over-RDMA 1839 Version One needs to have an Upper Layer Binding specification. 1841 6.1. DDP-Eligibility 1843 An Upper Layer Binding designates some XDR data items as eligible for 1844 Direct Data Placement. As an RPC-over-RDMA message is formed, DDP- 1845 eligible data items can be removed from the Payload stream and placed 1846 directly in the receiver's memory. 1848 An XDR data item should be considered for DDP-eligibility if there is 1849 a clear benefit to moving the contents of the item directly from the 1850 sender's memory to the receiver's memory. Criteria for DDP- 1851 eligibility include: 1853 o The XDR data item is frequently sent or received, and its size is 1854 often much larger than typical inline thresholds. 1856 o If the XDR data item is a result, its maximum size must be 1857 predictable in advance by the requester. 1859 o Transport-level processing of the XDR data item is not needed. 1860 For example, the data item is an opaque byte array, which requires 1861 no XDR encoding and decoding of its content. 1863 o The content of the XDR data item is sensitive to address 1864 alignment. For example, pullup would be required on the receiver 1865 before the content of the item can be used. 1867 o The XDR data item does not contain DDP-eligible data items. 1869 In addition to defining the set of data items that are DDP-eligible, 1870 an Upper Layer Binding may also limit the use of chunks to particular 1871 Upper Layer procedures. If more than one data item in a procedure is 1872 DDP-eligible, the Upper Layer Binding may also limit the number of 1873 chunks that a requester can provide for a particular Upper Layer 1874 procedure. 1876 Senders MUST NOT reduce data items that are not DDP-eligible. Such 1877 data items MAY, however, be moved as part of a Position Zero Read 1878 chunk or a Reply chunk. 1880 The programming interface by which an Upper Layer implementation 1881 indicates the DDP-eligibility of a data item to the RPC transport is 1882 not described by this specification. The only requirements are that 1883 the receiver can re-assemble the transmitted RPC-over-RDMA message 1884 into a valid XDR stream, and that DDP-eligibility rules specified by 1885 the Upper Layer Binding are respected. 1887 There is no provision to express DDP-eligibility within the XDR 1888 language. The only definitive specification of DDP-eligibility is an 1889 Upper Layer Binding. 1891 In general a DDP-eligibility violation occurs when: 1893 o A requester reduces a non-DDP-eligible argument data item. The 1894 responder MUST NOT process this Call message, and MUST report the 1895 violation as described in Section 4.5.2. 1897 o A responder reduces a non-DDP-eligible result data item. The 1898 requester MUST terminate the pending RPC transaction and report an 1899 appropriate permanent error to the RPC consumer. 1901 o A responder does not reduce a DDP-eligible result data item into 1902 an available Write chunk. The requester MUST terminate the 1903 pending RPC transaction and report an appropriate permanent error 1904 to the RPC consumer. 1906 6.2. Maximum Reply Size 1908 A requester provides resources for both a Call message and its 1909 matching Reply message. A requester forms the Call message itself, 1910 thus can compute the exact resources needed for it. 1912 A requester must allocate resources for the Reply message (an RPC- 1913 over-RDMA credit, a Receive buffer, and possibly a Write list and 1914 Reply chunk) before the responder has formed the actual reply. To 1915 accommodate all possible replies for the procedure in the Call 1916 message, a requester must allocate reply resources based on the 1917 maximum possible size of the expected Reply message. 1919 If there are procedures in the Upper Layer Protocol for which there 1920 is no clear reply size maximum, the Upper Layer Binding needs to 1921 specify a dependable means for determining the maximum. 1923 6.3. Additional Considerations 1925 There may be other details provided in an Upper Layer Binding. 1927 o An Upper Layer Binding may recommend inline threshold values or 1928 other transport-related parameters for RPC-over-RDMA Version One 1929 connections bearing that Upper Layer Protocol. 1931 o An Upper Layer Protocol may provide a means to communicate these 1932 transport-related parameters between peers. Note that RPC-over- 1933 RDMA Version One does not specify any mechanism for changing any 1934 transport-related parameter after a connection has been 1935 established. 1937 o Multiple Upper Layer Protocols may share a single RPC-over-RDMA 1938 Version One connection when their Upper Layer Bindings allow the 1939 use of RPC-over-RDMA Version One and the rpcbind port assignments 1940 for the Protocols allow connection sharing. In this case, the 1941 same transport parameters (such as inline threshold) apply to all 1942 Protocols using that connection. 1944 Each Upper Layer Binding needs to be designed to allow correct 1945 interoperation without regard to the transport parameters actually in 1946 use. Furthermore, implementations of Upper Layer Protocols must be 1947 designed to interoperate correctly regardless of the connection 1948 parameters in effect on a connection. 1950 6.4. Upper Layer Protocol Extensions 1952 An RPC Program and Version tuple may be extensible. For instance, 1953 there may be a minor versioning scheme that is not reflected in the 1954 RPC version number. Or, the Upper Layer Protocol may allow 1955 additional features to be specified after the original RPC program 1956 specification was ratified. 1958 Upper Layer Bindings are provided for interoperable RPC Programs and 1959 Versions by extending existing Upper Layer Bindings to reflect the 1960 changes made necessary by each addition to the existing XDR. 1962 7. Protocol Extensibility 1964 The RPC-over-RDMA header format is specified using XDR, unlike the 1965 message header used with RPC over TCP. To maintain a high degree of 1966 interoperability among implementations of RPC-over-RDMA, any change 1967 to this XDR requires a protocol version number change. New versions 1968 of RPC-over-RDMA may be published as separate protocol specifications 1969 without updating this document. 1971 The first four fields in every RPC-over-RDMA header must remain 1972 aligned at the same fixed offsets for all versions of the RPC-over- 1973 RDMA protocol. The version number must be in a fixed place to enable 1974 implementations to detect protocol version mismatches. 1976 For version mismatches to be reported in a fashion that all future 1977 version implementations can reliably decode, the rdma_proc field must 1978 remain in a fixed place, the value of ERR_VERS must always remain the 1979 same, and the field placement in struct rpc_rdma_errvers must always 1980 remain the same. 1982 7.1. Conventional Extensions 1984 Introducing new capabilities to RPC-over-RDMA Version One is limited 1985 to the adoption of conventions that make use of existing XDR (defined 1986 in this document) and allowed abstract RDMA operations. Because no 1987 mechanism for detecting optional features exists in RPC-over-RDMA 1988 Version One, implementations must rely on Upper Layer Protocols to 1989 communicate the existence of such extensions. 1991 Such extensions must be specified in a Standards Track document with 1992 appropriate review by the nfsv4 Working Group and the IESG. An 1993 example of a conventional extension to RPC-over-RDMA Version One is 1994 the specification of backward direction message support to enable 1995 NFSv4.1 callback operations, described in 1996 [I-D.ietf-nfsv4-rpcrdma-bidirection]. 1998 8. Security Considerations 2000 8.1. Memory Protection 2002 A primary consideration is the protection of the integrity and 2003 confidentiality of local memory by an RPC-over-RDMA transport. The 2004 use of an RPC-over-RDMA transport protocol MUST NOT introduce 2005 vulnerabilities to system memory contents nor to memory owned by user 2006 processes. 2008 It is REQUIRED that any RDMA provider used for RPC transport be 2009 conformant to the requirements of [RFC5042] in order to satisfy these 2010 protections. These protections are provided by the RDMA layer 2011 specifications, and in particular, their security models. 2013 8.1.1. Protection Domains 2015 The use of Protection Domains to limit the exposure of memory regions 2016 to a single connection is critical. Any attempt by an endpoint not 2017 participating in that connection to re-use memory handles needs to 2018 result in immediate failure of that connection. Because Upper Layer 2019 Protocol security mechanisms rely on this aspect of Reliable 2020 Connection behavior, strong authentication of remote endpoints is 2021 recommended. 2023 8.1.2. Handle Predictability 2025 Unpredictable memory handles should be used for any operation 2026 requiring advertised memory regions. Advertising a continuously 2027 registered memory region allows a remote host to read or write to 2028 that region even when an RPC involving that memory is not under way. 2029 Therefore implementations should avoid advertising persistently 2030 registered memory. 2032 8.1.3. Memory Fencing 2034 Requesters should register memory regions for remote access only when 2035 they are about to be the target of an RPC operation that involves an 2036 RDMA Read or Write. 2038 Registered memory regions should be invalidated as soon as related 2039 RPC operations are complete. Invalidation and DMA unmapping of 2040 memory regions should be complete before message integrity checking 2041 is done, and before the RPC consumer is allowed to continue execution 2042 and use or alter the contents of a memory region. 2044 An RPC transaction on a requester might be terminated before a reply 2045 arrives if the RPC consumer exits unexpectedly (for example it is 2046 signaled or a segmentation fault occurs). When an RPC terminates 2047 abnormally, memory regions associated with that RPC should be 2048 invalidated appropriately before the regions are released to be 2049 reused for other purposes on the requester. 2051 8.1.4. Denial of Service 2053 A detailed discussion of denial of service exposures that can result 2054 from the use of an RDMA transport is found in Section 6.4 of 2055 [RFC5042]. 2057 A responder is not obliged to pull Read chunks that are unreasonably 2058 large. The responder can use an RDMA_ERROR response to terminate 2059 RPCs with unreadable Read chunks. If a responder transmits more data 2060 than a requester is prepared to receive in a Write or Reply chunk, 2061 the RNICs typically terminate the connection. For further 2062 discussion, see Section 4.5. Such repeated chunk errors can deny 2063 service to other users sharing the connection from the errant 2064 requester. 2066 An RPC-over-RDMA transport implemention is not responsible for 2067 throttling the RPC request rate, other than to keep the number of 2068 concurrent RPC transactions at or under the number of credits granted 2069 per connection. This is explained in Section 3.3.1. A sender can 2070 trigger a self denial of service by exceeding the credit grant 2071 repeatedly. 2073 When an RPC has been canceled due to a signal or premature exit of an 2074 application process, a requester may invalidate the RPC's Write and 2075 Reply chunks. Invalidation prevents the subsequent arrival of the 2076 responder's reply from altering the memory regions associated with 2077 those chunks after the memory has been reused. 2079 On the requester, a malfunctioning application or a malicious user 2080 can create a situation where RPCs are continuously initiated and then 2081 aborted, resulting in responder replies that terminate the underlying 2082 RPC-over-RDMA connection repeatedly. Such situations can deny 2083 service to other users sharing the connection from that requester. 2085 8.2. RPC Message Security 2087 ONC RPC provides cryptographic security via the RPCSEC_GSS framework 2088 [RFC7861]. RPCSEC_GSS implements message authentication 2089 (rpc_gss_svc_none), per-message integrity checking 2090 (rpc_gss_svc_integrity), and per-message confidentiality 2091 (rpc_gss_svc_privacy) in the layer above RPC-over-RDMA. The latter 2092 two services require significant computation and movement of data on 2093 each endpoint host. Some performance benefits enabled by RDMA 2094 transports can be lost. 2096 8.2.1. RPC-Over-RDMA Protection At Lower Layers 2098 Performance loss is expected when RPCSEC_GSS integrity or privacy 2099 services are in use on any RPC transport. Protection below the RPC 2100 transport is often more appropriate in performance-sensitive 2101 deployments, especially if it, too, can be offloaded. Certain 2102 configurations of IPsec can be co-located in RDMA hardware, for 2103 example, without change to RDMA consumers and little loss of data 2104 movement efficiency. Such arrangements can also provide a higher 2105 degree of privacy by hiding endpoint identity or altering the 2106 frequency at which messages are exchanged, at a performance cost. 2108 The use of protection in a lower layer MAY be negotiated through the 2109 use of an RPCSEC_GSS security flavor defined in [RFC7861] in 2110 conjunction with the Channel Binding mechanism [RFC5056] and IPsec 2111 Channel Connection Latching [RFC5660]. Use of such mechanisms is 2112 REQUIRED where integrity or confidentiality is desired and where 2113 efficiency is required. 2115 8.2.2. RPCSEC_GSS On RPC-Over-RDMA Transports 2117 Not all RDMA devices and fabrics support the above protection 2118 mechanisms. Also, per-message authentication is still required on 2119 NFS clients where multiple users access NFS files. In these cases, 2120 RPCSEC_GSS can protect NFS traffic conveyed on RPC-over-RDMA 2121 connections. 2123 RPCSEC_GSS extends the ONC RPC protocol [RFC5531] without changing 2124 the format of RPC messages. By observing the conventions described 2125 in this section, an RPC-over-RDMA transport can convey RPCSEC_GSS- 2126 protected RPC messages interoperably. 2128 As part of the ONC RPC protocol, protocol elements of RPCSEC_GSS that 2129 appear in the Payload stream of an RPC-over-RDMA message (such as 2130 control messages exchanged as part of establishing or destroying a 2131 security context, or data items that are part of RPCSEC_GSS 2132 authentication material) MUST NOT be reduced. 2134 8.2.2.1. RPCSEC_GSS Context Negotiation 2136 Some NFS client implementations use a separate connection to 2137 establish a GSS context for NFS operation. These clients use TCP and 2138 the standard NFS port (2049) for context establishment. To enable 2139 the use of RPCSEC_GSS with NFS/RDMA, an NFS server MUST also provide 2140 a TCP-based NFS service on port 2049. 2142 8.2.2.2. RPC-Over-RDMA With RPCSEC_GSS Authentication 2144 The RPCSEC_GSS authentication service has no impact on the DDP- 2145 eligibity of data items in an Upper Layer Protocol. 2147 However, RPCSEC_GSS authentication material appearing in an RPC 2148 message header can be larger than, say, an AUTH_SYS authenticator. 2149 In particular, when an RPCSEC_GSS pseudoflavor is in use, a requester 2150 needs to accommodate a larger RPC credential when marshaling Call 2151 messages, and to provide for a maximum size RPCSEC_GSS verifier when 2152 allocating reply buffers and Reply chunks. 2154 RPC messages, and thus Payload streams, are made larger as a result. 2155 Upper Layer Protocol operations that fit in a Short Message when a 2156 simpler form of authentication is in use might need to be reduced, or 2157 conveyed via a Long Message, when RPCSEC_GSS authentication is in 2158 use. It is more likely that a requester provides both a Read list 2159 and a Reply chunk in the same RPC-over-RDMA header to convey a Long 2160 call and provision a receptacle for a Long reply. More frequent use 2161 of Long messages can impact transport efficiency. 2163 8.2.2.3. RPC-Over-RDMA With RPCSEC_GSS Integrity Or Privacy 2165 The RPCSEC_GSS integrity service enables endpoints to detect 2166 modification of RPC messages in flight. The RPCSEC_GSS privacy 2167 service prevents all but the intended recipient from viewing the 2168 cleartext content of RPC arguments and results. RPCSEC_GSS integrity 2169 and privacy services are end-to-end. They protect RPC arguments and 2170 results from application to server endpoint, and back. 2172 The RPCSEC_GSS integrity and encryption services operate on whole RPC 2173 messages after they have been XDR encoded for transmit, and before 2174 they have been XDR decoded after receipt. Both sender and receiver 2175 endpoints use intermediate buffers to prevent exposure of encrypted 2176 data or unverified cleartext data to RPC consumers. After 2177 verification, encryption, and message wrapping has been performed, 2178 the transport layer MAY use RDMA data transfer between these 2179 intermediate buffers. 2181 The process of reducing a DDP-eligible data item removes the data 2182 item and its XDR padding from the encoded XDR stream. XDR padding of 2183 a reduced data item is not transferred in an RPC-over-RDMA message. 2184 After reduction, the Payload stream contains fewer octets then the 2185 whole XDR stream did beforehand. XDR padding octets are often zero 2186 bytes, but they don't have to be. Thus reducing DDP-eligible items 2187 affects the result of message integrity verification or encryption. 2189 Therefore a sender MUST NOT reduce a Payload stream when RPCSEC_GSS 2190 integrity or encryption services are in use. Effectively, no data 2191 item is DDP-eligible in this situation, and Chunked Messages cannot 2192 be used. In this mode, an RPC-over-RDMA transport operates in the 2193 same manner as a transport that does not support direct data 2194 placement. 2196 When a RPCSEC_GSS integrity or privacy service is in use, a requester 2197 provides both a Read list and a Reply chunk in the same RPC-over-RDMA 2198 header to convey a Long call and provision a receptacle for a Long 2199 reply. 2201 8.2.2.4. Protecting RPC-Over-RDMA Transport Headers 2203 Like the base fields in an ONC RPC message (XID, call direction, and 2204 so on), the contents of an RPC-over-RDMA message's Transport stream 2205 are not protected by RPCSEC_GSS. This exposes XIDs, connection 2206 credit limits, and chunk lists (but not the content of the data items 2207 they refer to) to malicious behavior, which could redirect data that 2208 is transferred by the RPC-over-RDMA message, result in spurious 2209 retransmits, or trigger connection loss. 2211 In particular, if an attacker alters the information contained in the 2212 chunk lists of an RPC-over-RDMA header, data contained in those 2213 chunks can be redirected to other registered memory regions on 2214 requesters. An attacker might alter the arguments of RDMA Read and 2215 RDMA Write operations on the wire to similar effect. If such 2216 alterations occurs, the use of RPCSEC_GSS integrity or privacy 2217 services enable a requester to detect unexpected material in a 2218 received RPC message. 2220 Encryption at lower layers, as described in Section 8.2.1, protects 2221 the content of the Transport stream. To address attacks on RDMA 2222 protocols themselves, RDMA transport implementations should conform 2223 to [RFC5042]. 2225 9. IANA Considerations 2227 A set of RPC "netids" for resolving RPC-over-RDMA services is 2228 specified by this document. This is unchanged from [RFC5666]. 2230 The RPC-over-RDMA transport has been assigned an RPC "netid", which 2231 is an rpcbind [RFC1833] string used to describe the underlying 2232 protocol in order for RPC to select the appropriate transport 2233 framing, as well as the format of the service addresses and ports. 2235 The following "netid" registry strings are defined for this purpose: 2237 NC_RDMA "rdma" 2238 NC_RDMA6 "rdma6" 2240 The "rdma" netid is to be used when IPv4 addressing is employed by 2241 the underlying transport, and "rdma6" for IPv6 addressing. The netid 2242 assignment policy and registry are defined in [RFC5665]. 2244 These netids MAY be used for any RDMA network satisfying the 2245 requirements of Section 2.2.2, and able to identify service endpoints 2246 using IP port addressing, possibly through use of a translation 2247 service as described in Section 5. 2249 The use of the RPC-over-RDMA protocol has no effect on RPC Program 2250 numbers or existing registered port numbers. However, new port 2251 numbers MAY be registered for use by RPC-over-RDMA-enabled services, 2252 as appropriate to the new networks over which the services will 2253 operate. 2255 For example, the NFS/RDMA service defined in [RFC5667] has been 2256 assigned the port 20049 in the IANA registry. This is distinct from 2257 the port number defined for NFS on TCP, which is assigned the port 2258 2049 in the IANA registry. NFS clients use the same RPC Program 2259 number for NFS (100003) when using either transport [RFC5531]. 2261 [RFC5666] was listed as the reference for the nfsrdma port 2262 assignments. This document updates [RFC5666], but neither this 2263 document nor [RFC5666] specifies these port assignments. Therefore 2264 this document should not be listed as the reference for the nfsrdma 2265 port assignments. 2267 10. References 2269 10.1. Normative References 2271 [RFC1833] Srinivasan, R., "Binding Protocols for ONC RPC Version 2", 2272 RFC 1833, DOI 10.17487/RFC1833, August 1995, 2273 . 2275 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2276 Requirement Levels", BCP 14, RFC 2119, 2277 DOI 10.17487/RFC2119, March 1997, 2278 . 2280 [RFC4506] Eisler, M., Ed., "XDR: External Data Representation 2281 Standard", STD 67, RFC 4506, DOI 10.17487/RFC4506, May 2282 2006, . 2284 [RFC5042] Pinkerton, J. and E. Deleganes, "Direct Data Placement 2285 Protocol (DDP) / Remote Direct Memory Access Protocol 2286 (RDMAP) Security", RFC 5042, DOI 10.17487/RFC5042, October 2287 2007, . 2289 [RFC5056] Williams, N., "On the Use of Channel Bindings to Secure 2290 Channels", RFC 5056, DOI 10.17487/RFC5056, November 2007, 2291 . 2293 [RFC5531] Thurlow, R., "RPC: Remote Procedure Call Protocol 2294 Specification Version 2", RFC 5531, DOI 10.17487/RFC5531, 2295 May 2009, . 2297 [RFC5660] Williams, N., "IPsec Channels: Connection Latching", 2298 RFC 5660, DOI 10.17487/RFC5660, October 2009, 2299 . 2301 [RFC5665] Eisler, M., "IANA Considerations for Remote Procedure Call 2302 (RPC) Network Identifiers and Universal Address Formats", 2303 RFC 5665, DOI 10.17487/RFC5665, January 2010, 2304 . 2306 [RFC7861] Adamson, A. and N. Williams, "Remote Procedure Call (RPC) 2307 Security Version 3", RFC 7861, DOI 10.17487/RFC7861, 2308 November 2016, . 2310 10.2. Informative References 2312 [I-D.ietf-nfsv4-rpcrdma-bidirection] 2313 Lever, C., "Bi-directional Remote Procedure Call On RPC- 2314 over-RDMA Transports", draft-ietf-nfsv4-rpcrdma- 2315 bidirection-05 (work in progress), June 2016. 2317 [IB] InfiniBand Trade Association, "InfiniBand Architecture 2318 Specifications", . 2320 [IBPORT] InfiniBand Trade Association, "IP Addressing Annex", 2321 . 2323 [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, 2324 DOI 10.17487/RFC0768, August 1980, 2325 . 2327 [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, 2328 RFC 793, DOI 10.17487/RFC0793, September 1981, 2329 . 2331 [RFC1094] Nowicki, B., "NFS: Network File System Protocol 2332 specification", RFC 1094, DOI 10.17487/RFC1094, March 2333 1989, . 2335 [RFC1813] Callaghan, B., Pawlowski, B., and P. Staubach, "NFS 2336 Version 3 Protocol Specification", RFC 1813, 2337 DOI 10.17487/RFC1813, June 1995, 2338 . 2340 [RFC5040] Recio, R., Metzler, B., Culley, P., Hilland, J., and D. 2341 Garcia, "A Remote Direct Memory Access Protocol 2342 Specification", RFC 5040, DOI 10.17487/RFC5040, October 2343 2007, . 2345 [RFC5041] Shah, H., Pinkerton, J., Recio, R., and P. Culley, "Direct 2346 Data Placement over Reliable Transports", RFC 5041, 2347 DOI 10.17487/RFC5041, October 2007, 2348 . 2350 [RFC5532] Talpey, T. and C. Juszczak, "Network File System (NFS) 2351 Remote Direct Memory Access (RDMA) Problem Statement", 2352 RFC 5532, DOI 10.17487/RFC5532, May 2009, 2353 . 2355 [RFC5661] Shepler, S., Ed., Eisler, M., Ed., and D. Noveck, Ed., 2356 "Network File System (NFS) Version 4 Minor Version 1 2357 Protocol", RFC 5661, DOI 10.17487/RFC5661, January 2010, 2358 . 2360 [RFC5662] Shepler, S., Ed., Eisler, M., Ed., and D. Noveck, Ed., 2361 "Network File System (NFS) Version 4 Minor Version 1 2362 External Data Representation Standard (XDR) Description", 2363 RFC 5662, DOI 10.17487/RFC5662, January 2010, 2364 . 2366 [RFC5666] Talpey, T. and B. Callaghan, "Remote Direct Memory Access 2367 Transport for Remote Procedure Call", RFC 5666, 2368 DOI 10.17487/RFC5666, January 2010, 2369 . 2371 [RFC5667] Talpey, T. and B. Callaghan, "Network File System (NFS) 2372 Direct Data Placement", RFC 5667, DOI 10.17487/RFC5667, 2373 January 2010, . 2375 [RFC7530] Haynes, T., Ed. and D. Noveck, Ed., "Network File System 2376 (NFS) Version 4 Protocol", RFC 7530, DOI 10.17487/RFC7530, 2377 March 2015, . 2379 Appendix A. Changes Since RFC 5666 2381 A.1. Changes To The Specification 2383 The following alterations have been made to the RPC-over-RDMA Version 2384 One specification. The section numbers below refer to [RFC5666]. 2386 o Section 2 has been expanded to introduce and explain key RPC 2387 [RFC5531], XDR [RFC4506], and RDMA [RFC5040] terminology. These 2388 terms are now used consistently throughout the specification. 2390 o Section 3 has been re-organized and split into sub-sections to 2391 help readers locate specific requirements and definitions. 2393 o Sections 4 and 5 have been combined to improve the organization of 2394 this information. 2396 o The optional Connection Configuration Protocol has never been 2397 implemented. The specification of CCP has been deleted from this 2398 specification. 2400 o A section consolidating requirements for Upper Layer Bindings has 2401 been added. 2403 o An XDR extraction mechanism is provided, along with full 2404 copyright, matching the approach used in [RFC5662]. 2406 o The "Security Considerations" section has been expanded to include 2407 a discussion of how RPC-over-RDMA security depends on features of 2408 the underlying RDMA transport. 2410 o A subsection describing the use of RPCSEC_GSS [RFC7861] with RPC- 2411 over-RDMA Version One has been added. 2413 A.2. Changes To The Protocol 2415 Although the protocol described herein interoperates with existing 2416 implementations of [RFC5666], the following changes have been made 2417 relative to the protocol described in that document: 2419 o Support for the Read-Read transfer model has been removed. Read- 2420 Read is a slower transfer model than Read-Write. As a result, 2421 implementers have chosen not to support it. Removal of Read-Read 2422 simplifies explanatory text, and the RDMA_DONE procedure is no 2423 longer part of the protocol. 2425 o The specification of RDMA_MSGP in [RFC5666] is not adequate, 2426 although some incomplete implementations exist. Even if an 2427 adequate specification were provided and an implementation was 2428 produced, benefit for protocols such as NFSv4.0 [RFC7530] is 2429 doubtful. Therefore the RDMA_MSGP message type is no longer 2430 supported. 2432 o Technical issues with regard to handling RPC-over-RDMA header 2433 errors have been corrected. 2435 o Specific requirements related to implicit XDR round-up and complex 2436 XDR data types have been added. 2438 o Explicit guidance is provided related to sizing Write chunks, 2439 managing multiple chunks in the Write list, and handling unused 2440 Write chunks. 2442 o Clear guidance about Send and Receive buffer sizes has been 2443 introduced. This enables better decisions about when a Reply 2444 chunk must be provided. 2446 Appendix B. Acknowledgments 2448 The editor gratefully acknowledges the work of Brent Callaghan and 2449 Tom Talpey on the original RPC-over-RDMA Version One specification 2450 [RFC5666]. 2452 Dave Noveck provided excellent review, constructive suggestions, and 2453 consistent navigational guidance throughout the process of drafting 2454 this document. Dave also contributed much of the organization and 2455 content of Section 7 and helped the authors understand the 2456 complexities of XDR extensibility. 2458 The comments and contributions of Karen Deitke, Dai Ngo, Chunli 2459 Zhang, Dominique Martinet, and Mahesh Siddheshwar are accepted with 2460 great thanks. The editor also wishes to thank Bill Baker, Greg 2461 Marsden, and Matt Benjamin for their support of this work. 2463 The extract.sh shell script and formatting conventions were first 2464 described by the authors of the NFSv4.1 XDR specification [RFC5662]. 2466 Special thanks go to Transport Area Director Spencer Dawkins, nfsv4 2467 Working Group Chair and document shepherd Spencer Shepler, and nfsv4 2468 Working Group Secretary Thomas Haynes for their support. 2470 Authors' Addresses 2471 Charles Lever (editor) 2472 Oracle Corporation 2473 1015 Granger Avenue 2474 Ann Arbor, MI 48104 2475 USA 2477 Phone: +1 248 816 6463 2478 Email: chuck.lever@oracle.com 2480 William Allen Simpson 2481 Red Hat 2482 1384 Fontaine 2483 Madison Heights, MI 48071 2484 USA 2486 Email: william.allen.simpson@redhat.com 2488 Tom Talpey 2489 Microsoft Corp. 2490 One Microsoft Way 2491 Redmond, WA 98052 2492 USA 2494 Phone: +1 425 704-9945 2495 Email: ttalpey@microsoft.com