Re: nfs4.1 and nconnect - is this supported?

public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed

From: guy keren <guy@vastdata.com>
To: Rick Macklem <rmacklem@uoguelph.ca>,
	linux-nfs <linux-nfs@vger.kernel.org>
Subject: Re: nfs4.1 and nconnect - is this supported?
Date: Thu, 15 Jul 2021 23:25:26 +0300	[thread overview]
Message-ID: <9e025239-bff4-3fbe-a167-342e58475b35@vastdata.com> (raw)
In-Reply-To: <YQXPR0101MB09687CF25C779E1E6ECEFF5ADD129@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>

On 7/15/21 5:43 PM, Rick Macklem wrote:
> guy keren <guy@vastdata.com> wrote:
>> hi,
>>
>> i wonder if the linux client's nfs nconnect feature was designed to
>> support NFS4.1 (or higher) versions? according to our experimentation,
>> the linux client seems to just alternate messages between the multiple
>> RPC/TCP connections, and does not seem to adhere to the NFS 4.1 protocol
>> requirement, that when using multiple connections, the client needs to
>> use BIND_CONN_TO_SESSION when trying to user a 2nd connection with the
>> same NFS4.1 session.
>>
>> was this done on purpose? or is this configuration not supported by
>> linux client's 'nconnect'? or am i missing something?
> Yep, you're missing something.
>
> Snippet from RFC 5661 pg. 43:
>     If the client specifies no state
>     protection (Section 18.35) when the session is created, then when
>     SEQUENCE is transmitted on a different connection, the connection is
>     automatically associated with the fore channel of the session
>     specified in the SEQUENCE operation.
>
> As such, BIND_CONN_TO_SESSION is only required to associate the
> backchannel to the connection.
>
> rick

thanks for pointing this out, rick - i forgot about this feature.


does it mean that 'nconnect' cannot work with MACHCRED or SSV client 
authentication then?

will it work with kerberos (which does authenticate the client machine 
normally, as far as i know)?


thanks,

--guy

     prev parent reply	other threads:[~2021-07-15 20:25 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-15 13:16 nfs4.1 and nconnect - is this supported? guy keren
2021-07-15 14:43 ` Rick Macklem
2021-07-15 20:25   ` guy keren [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9e025239-bff4-3fbe-a167-342e58475b35@vastdata.com \
    --to=guy@vastdata.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=rmacklem@uoguelph.ca \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox