AIX 5L Configuring TCP/IP (Unit 11) – NFS Concepts

NFS – Network File Systems (How to share data on a network)

Unit Objectives
———————–
Define NFS terminology and concepts
Describe the principles of mounting file systems
Identify the NFS daemons and their roles
Describe NFS authentication

Sharing Data on a Network
—————————————–
sys1, sys2, sys3 –> Data

Uses the principle of a mounted file system

Mount Points between file systems on two different systems on the network.
The application is refering to its local file system which points to data somewhere else on the network.

Network File Systems (NFS)
——————————————–
File sharing between heterogeneous systems in a TCP/IP netowrk
Transparent access to remote files and directories
Uses client/server technology

NFS Networking Protocols
—————————————-
Application NFS (open, close, read, write files)
Presentation XDR (platform differences are standardized flowing over the network)
Session RPC Library (Remote Procedure Call – network exchanges with stubs)
Transport TCP or UDP
Network IP
Data Link Interface – Ethernet, Token Ring
Physical Ethernet, Token Ring

Layered Architecture

Stateless
—————
The NFS protocol is stateless:
– Server does not remember anything about transactions
– Client is not notified when server is down
– No system recovery procedures

Exporting Server File Systems
———————————————
NFS Server (sys3) —- exporting /home/files
Exporting = List the directories on the NFS server that clients can access
NFS export

Local Mounting
———————–
hd4 /(root)
/home –> hd1
/usr –> hd2 (bin, lib, lpp, share, sbin)
/var –> hd9var (spool, adm, tmp)
/tmp –> hd3

A mount is a program that listens for entries into a directory and then provides the information that is being requested from the file system.

Note: You can simply type the “mount” command to see a list of all of the currently mounted file systems.

Remote Mounting
————————–
Create a mount point on a parent file system
NFS exported from the server the files to be made available

mount (from NFS Server) (to NFS Client mount point)
mount sys3/home/files /home/mntpt
Starts a program on the client that listens on the mount point

mount Table
——————–
# mount
sys3 /home/files /home/mntpt nfs3 Date Time rw

CacheFS
————–
Special Type of NFS mount CacheFS (on the disk, not in memory)
Only good with large files, reaccessing the same large files.

Virtual File Systems
——————————–
Method used to hide underlying storage media from application and user

Client
System Calls
vnode/vfs
AIX disk filesystem –> disk or
NFS client routines –> RPC/XDR –> UDP/IP

NFS Daemons
———————–
Client Activity Client Server
——————– ———— ———–
mount RPC call portmap rpc.mountd
open/read biod nfsd
close/write
fcntl() rpc.statd rpc.statd
rpc.lockd rpc.lockd
Note: Make sure these deamons are running.

portmap Daemon
————————–
The portmap daemon must run on all systems running RPC Servers

Client RPC request (mount) 1000005 1 udp
Server Portmap

program version protocol port service
100001 2 udp 1026 rstatd
100001 3 udp 1026 rstatd
100002 1 udp 1028 rusersd
100003 2 udp 2049 nfsd
100005 1 udp 795 mountd
…..

mountd Daemon
————————
Client (mount request) –> Server (call to portmap – port 111)
Server (returns mountd port#) –> Client

Client (mount request) –> Server (rpc.mountd, /etc/xtab(permission), kernel – passes file handle)

biod (Block I/O Daemon)
————————————
Client Side
biod –> cache (read-ahead, write-behind)
read-ahead – Reads more than requested if detects sequential access
write-behind – Accumulates writes if detects sequential writing and then writes it all at once.

nfsd Daemon
——————–
Client (file request) —> Kernel –> Server (nfsd, kernel, threads)
chnfs -b # (specifies the number of biod per mount on client side)
chnfs -n # (specifies the number of nfsd on the server side)

How NFS Shared Files Are Protected
——————————————————–
Mount read-only
UNIX Authorization
Access Control Lists (ACL)
Secure RPC
Lock Manager

UNIX Authorization – User
————————————–
Client (sys1)
/etc/passwd
team01 208, 1…(Problem: 208 matches different user on the server)
team02 209, 1…
Must maintain the same user name space on both client and server including
UID – User Id, GID – Group Id
vi /home/mntpt/file1

Server (sys3)
/etc/passwd
team04 208, 1…

ls -l /home/files
rwxrw— 208, 1 file1
rwxrw—208, 1 file2

Note: If you do not maintain a single user name space on all systems then you have to go back and change the uid and gid to be the same on all systems. That may mean that you have to change other users who may already have been assigned that uid or gid. Also you have to then go back and use the chuser commands for all the files for those users. (Not trivial)

UNIX Authentication – Root
—————————————-
Client (sys1)
/etc/passwd
root:!:0:0
UID=0

Server (sys3)
/etc/passwd
nobody:!:-2:-2::/home/nobody:/usr/bin/ksh

UID0 is mapped to UID-2 (nobody – reduced authority so that they don’t have root authority to the NFS server, this can be overwritten if needed.)

ls -l /home/files
rwxrw— 208, 1 file1
rwxrw—208, 1 file2

ACL Support in NFS (Default turned off)
———————————————————–
ACL – Access Control Lists (inode extentions in AIX) are supported between AIX NFS clients and servers
Implemented with a separate RPC protocol

NFS File Locking
————————–
NFS supports System V file locking as requested by applications using fcntl(), and lockf() library routines
Uses a separate RPC protocol and two daemons, rpc.lockd and rpc.statd
Implemented on both the client and server
File locking is stateful
Advisory locking only is supported

NFS File Lock Request
———————————–
See slide

Unit Summary
———————–
NFS clients access network remote files by remotely mounting an NFS server’s exported file systems, directories, or files
The NFS server daemons are portmap, mountd, nfsd, statd, and lockd
The NFS client daemons are portmap, biod, statd, and lockd
The cacheFS allows caching of files or file systems on a client
NFS authentication includes support for read-only file systems, Standard UNIX Authorization, AIX Access Control Lists, Secure RPC, and file and record locking on application request

Leave a Reply

Your email address will not be published. Required fields are marked *

*