On Sat, 2013-06-22 at 18:42 +0000, Myklebust, Trond wrote: > On Sat, 2013-06-22 at 11:22 -0400, Chuck Lever wrote: > > On Jun 22, 2013, at 10:59 AM, James <purpleidea@xxxxxxxxx> wrote: > > > > > Dear NFS experts, I have a few questions: > > > > > > 1) Concerning the NFSv4 clientaddr option, I'm curious about the > > > technical details of why the server needs a callback address, and what > > > to do if the client isn't directly routable? (eg: behind NAT) I am > > > thinking of the situation with *many* clients. > > > > If a callback path is not available, the server will not grant delegations to the client. Delegation is simply a performance optimization. Normal operation can proceed. > > > > > Also, what ports need to be open on the client? Does it need to respond > > > to "NEW" traffic, or only "ESTABLISHED" or ? > > > > Typically the client will choose a port at random. The client's callback address and port are provided to the server by the NFSv4 SETCLIENTID operation. > > > > The server tests the provided callback arguments with a CB_NULL request (and a new TCP connection) either at mount time or when a client application first opens a file on that server. If the arguments do not result in a successful CB_NULL, the server simply disables delegation for that client. > > > > You can fix the port the client uses, if you have a firewall in place and want to leave an open port. A kernel command-line parameter is used on the client: > > > > nfs.callback_tcpport= > > [NFS] set the TCP port on which the NFSv4 callback > > channel should listen. > > > > Although, these days, it may be a per-namespace thing. A quick browse of the documentation wasn't revealing. Thank you Chuck, Trond for your prompt replies, it really helped me have a productive weekend of hacking. > > Kernel parameters cannot be per-namespace; containers don't boot a > separate kernel. > > Note that if you have compiled nfs as a module, you will want to do > something along the lines of: > > echo "options nfs callback_tcpport=<port>" >>/etc/modprobe.d/options-local.conf This is very useful to know. Is there any way to specify this as a mount option? Will NFSv4.1 silently ignore this and use the same RPC connection if I include it for both 4.0, and 4.1 machines? Cheers, James > > Also note that this requirement is for NFSv4 only. NFSv4.1 callbacks use > the same connection as the outgoing RPC calls, and so support callbacks > through NAT without requiring you to open for incoming connections. >
Attachment:
signature.asc
Description: This is a digitally signed message part