From: "J. Bruce Fields" <bfields@fieldses.org>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: Trond Myklebust <trond.myklebust@primarydata.com>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: Re: [RFC PATCH 2/5] NFS: Add a mount option to specify number of TCP connections to use
Date: Thu, 4 May 2017 15:58:20 -0400 [thread overview]
Message-ID: <20170504195820.GC7023@fieldses.org> (raw)
In-Reply-To: <D44951CC-9107-425C-9A77-2F513805E93B@oracle.com>
On Thu, May 04, 2017 at 02:55:06PM -0400, Chuck Lever wrote:
>
> > On May 4, 2017, at 1:45 PM, J. Bruce Fields <bfields@fieldses.org> wrote:
> >
> > On Thu, May 04, 2017 at 01:38:35PM -0400, Chuck Lever wrote:
> >>
> >>> On May 4, 2017, at 1:36 PM, bfields@fieldses.org wrote:
> >>>
> >>> On Thu, May 04, 2017 at 12:01:29PM -0400, Chuck Lever wrote:
> >>>>
> >>>>> On May 4, 2017, at 9:45 AM, Chuck Lever <chuck.lever@oracle.com> wrote:
> >>>>>
> >>>>> - Testing with a Linux server shows that the basic NFS/RDMA pieces
> >>>>> work, but any OPEN operation gets NFS4ERR_GRACE, forever, when I use
> >>>>> nconnect > 1. I'm looking into it.
> >>>>
> >>>> Reproduced with NFSv4.1, TCP, and nconnect=2.
> >>>>
> >>>> 363 /*
> >>>> 364 * RFC5661 18.51.3
> >>>> 365 * Before RECLAIM_COMPLETE done, server should deny new lock
> >>>> 366 */
> >>>> 367 if (nfsd4_has_session(cstate) &&
> >>>> 368 !test_bit(NFSD4_CLIENT_RECLAIM_COMPLETE,
> >>>> 369 &cstate->session->se_client->cl_flags) &&
> >>>> 370 open->op_claim_type != NFS4_OPEN_CLAIM_PREVIOUS)
> >>>> 371 return nfserr_grace;
> >>>>
> >>>> Server-side instrumentation confirms:
> >>>>
> >>>> May 4 11:28:29 klimt kernel: nfsd4_open: has_session returns true
> >>>> May 4 11:28:29 klimt kernel: nfsd4_open: RECLAIM_COMPLETE is false
> >>>> May 4 11:28:29 klimt kernel: nfsd4_open: claim_type is 0
> >>>>
> >>>> Network capture shows the RPCs are interleaved between the two
> >>>> connections as the client establishes its lease, and that appears
> >>>> to be confusing the server.
> >>>>
> >>>> C1: NULL -> NFS4_OK
> >>>> C1: EXCHANGE_ID -> NFS4_OK
> >>>> C2: CREATE_SESSION -> NFS4_OK
> >>>> C1: RECLAIM_COMPLETE -> NFS4ERR_CONN_NOT_BOUND_TO_SESSION
> >>>
> >>> What security flavors are involved? I believe the correct behavior
> >>> depends on whether gss is in use or not.
> >>
> >> The mount options are "sec=sys" but both sides have a keytab.
> >> So the lease management operations are done with krb5i.
> >
> > OK. I'm pretty sure the client needs to send BIND_CONN_TO_SESSION
> > before step C1.
> >
> > My memory is that over auth_sys you're allowed to treat any SEQUENCE
> > over a new connection as implicitly binding that connection to the
> > referenced session, but over krb5 the server's required to return that
> > NOT_BOUND error if the server skips the BIND_CONN_TO_SESSION.
>
> Ah, that would explain why nconnect=[234] is working against my
> Solaris 12 server: no keytab on that server means lease management
> is done using plain-old AUTH_SYS.
>
> Multiple connections are now handled entirely by the RPC layer,
> and are opened and used at rpc_clnt creation time. The NFS client
> is not aware (except for allowing more than one connection to be
> used) and relies on its own recovery mechanisms to deal with
> exceptions that might arise. IOW it doesn't seem to know that an
> extra BC2S is needed, nor does it know where in the RPC stream
> to insert that operation.
>
> Seems to me a good approach would be to handle server trunking
> discovery and lease establishment using a single connection, and
> then open more connections. A conservative approach might actually
> hold off on opening additional connections until there are enough
> RPC transactions being initiated in parallel to warrant it. Or, if
> @nconnect > 1, use a single connection to perform lease management,
> and open @nconnect additional connections that handle only per-
> mount I/O activity.
>
>
> > I think CREATE_SESSION is allowed as long as the principals agree, and
> > that's why the call at C2 succeeds. Seems a little weird, though.
>
> Well, there's no SEQUENCE operation in that COMPOUND. No session
> or connection to use there, I think the principal and client ID
> are the only way to recognize the target of the operation?
I'm just not clear why the explicit BIND_CONN_TO_SESSION is required in
the gss case.
Actually, it's not gss exactly, it's the state protection level:
If, when the client ID was created, the client opted for
SP4_NONE state protection, the client is not required to use
BIND_CONN_TO_SESSION to associate the connection with the
session, unless the client wishes to associate the connection
with the backchannel. When SP4_NONE protection is used, simply
sending a COMPOUND request with a SEQUENCE operation is
sufficient to associate the connection with the session
specified in SEQUENCE.
Anyway.
--b.
next prev parent reply other threads:[~2017-05-04 19:58 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-28 17:25 [RFC PATCH 0/5] Fun with the multipathing code Trond Myklebust
2017-04-28 17:25 ` [RFC PATCH 1/5] SUNRPC: Allow creation of RPC clients with multiple connections Trond Myklebust
2017-04-28 17:25 ` [RFC PATCH 2/5] NFS: Add a mount option to specify number of TCP connections to use Trond Myklebust
2017-04-28 17:25 ` [RFC PATCH 3/5] NFSv4: Allow multiple connections to NFSv4.x (x>0) servers Trond Myklebust
2017-04-28 17:25 ` [RFC PATCH 4/5] pNFS: Allow multiple connections to the DS Trond Myklebust
2017-04-28 17:25 ` [RFC PATCH 5/5] NFS: Display the "nconnect" mount option if it is set Trond Myklebust
2017-05-04 13:45 ` [RFC PATCH 2/5] NFS: Add a mount option to specify number of TCP connections to use Chuck Lever
2017-05-04 13:53 ` Chuck Lever
2017-05-04 16:01 ` Chuck Lever
2017-05-04 17:36 ` J. Bruce Fields
2017-05-04 17:38 ` Chuck Lever
2017-05-04 17:45 ` J. Bruce Fields
2017-05-04 18:55 ` Chuck Lever
2017-05-04 19:58 ` J. Bruce Fields [this message]
2017-05-04 20:40 ` Trond Myklebust
2017-05-04 20:42 ` bfields
2017-04-28 17:45 ` [RFC PATCH 0/5] Fun with the multipathing code Chuck Lever
2017-04-28 18:08 ` Trond Myklebust
2017-04-29 17:53 ` Chuck Lever
2017-05-04 19:09 ` Anna Schumaker
2019-01-09 19:39 ` Olga Kornievskaia
2019-01-09 20:38 ` Trond Myklebust
2019-01-09 22:18 ` Olga Kornievskaia
-- strict thread matches above, loose matches on Subject: below --
2017-05-02 16:38 [PATCH 0/3] Fix up a couple of issues around layout handling Trond Myklebust
2017-05-02 16:38 ` [RFC PATCH 1/5] SUNRPC: Allow creation of RPC clients with multiple connections Trond Myklebust
2017-05-02 16:38 ` [PATCH 1/3] pNFS: Don't clear the layout return info if there are segments to return Trond Myklebust
2017-05-02 16:38 ` [RFC PATCH 2/5] NFS: Add a mount option to specify number of TCP connections to use Trond Myklebust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170504195820.GC7023@fieldses.org \
--to=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.