Last Modified: 2003-01-21
o NFS version 4
Advance the protocol along the standards track, coordinating the development of test suites to provide a high level of implementation quality. The ONC RPC standards that NFSv4 references must also be advanced. This includes work to make NFSv4 and the underlying ONC RPC protocol compatible with IPv6. Specifically, we will advance RFC 3010, RFC 1831, RFC 1833 and RFC 2203 to Draft Standard. The working group will help advance related security RFCs, specifically through the definition of a method to advance APIs.
o Replication and Migration
The original working group defined a mechanism for NFS clients and servers to support replication and migration of data transparently to an application. Left undefined in the initial work was the server back end migration and replication mechanism. The working group will produce a draft submission of a replication/migration protocol that supports NFS Version 4 clients - needed to create and maintain replicated filesystems as well as migrating filesystems from one location to another - and servers for consideration as Proposed Standard.
o Management
The working group will produce a draft submission for consideration as Proposed Standard of a management MIBs to provide better management and administration capabilities for NFS and ONC RPC.
o Minor Versions
NFS Version 4 contains within it the capability for minor versioning. Some discussions within the working group suggest addressing additional requirements over the original charter. The WG will work to identify additional requirements for NFSv4 and determine if they are appropriate and worthwhile for a minor version. This work may lead to proposals for additional work items. If it does a specific proposal to add these work items to the charter will be forwarded to the IESG and IAB.
| Done | Issue strawman Internet-Draft for v4 | |
| Done | Submit Initial Internet-Draft of requirements document | |
| Done | Submit Final Internet-Draft of requirements document | |
| Done | AD reassesses WG charter | |
| Done | Submit v4 Internet-Draft sufficient to begin prototype implementations | |
| Done | Begin Interoperability testing of prototype implementations | |
| Done | Submit NFS version 4 to IESG for consideration as a Proposed Standard. | |
| Done | Conduct final Interoperability tests | |
| Done | Conduct full Interoperability tests for all NFSv4 features | |
| Done | Update API advancement draft | |
| Done | Form core design team to work on NFS V4 migration/replication requirements and protocol | |
| Done | Submit revised NFS Version 4 specification (revision to RFC 3010) to IESG for consideration as a Proposed Standard | |
| OCT 02 | ADs to submit API advancement internet draft as informational RFC (needed to advance GSSAPI to Draft Standard to allow advancement of NFS Version 4) | |
| OCT 02 | Strawman NFS V4 replication/migration protocol proposal submitted as an ID | |
| NOV 02 | Internet draft on NFS V4 migration/replication requirements | |
| NOV 02 | AD review of NFS V4 migration/replication requirements draft | |
| DEC 02 | Creation of internet draft on ONC RPC MIB | |
| DEC 02 | Revision of internet draft on NFS MIB | |
| DEC 02 | Depending on results of AD review of NFS Version 4 migration/replication requirements document, review scope of task | |
| FEB 03 | Submit related Proposed Standards required by NFS Version 4 for consideration as Draft Standards to IESG - RFCs 1831, 1833, 2203, 2078, 2744, RFC 1964, & 2847 | |
| MAR 03 | Continued interoperability testing of NFS Version 4 | |
| MAY 03 | Document full Interoperability tests for all NFSv4 features | |
| MAY 03 | Interoperability tests of NFS V4 migration/replication | |
| MAY 03 | Submit an NFS V4 migration/replication protocol to IESG for consideration as a Proposed Standard | |
| MAY 03 | Submit ONC RPC and NFS MIBs to IESG for consideration as Proposed Standards | |
| JUN 03 | Submit report on results of interoperability testing | |
| AUG 03 | Submit revised NFS Version 4 Proposed Standard for consideration as Draft Standard to IESG |
| RFC | Status | Title |
|---|---|---|
| RFC2623 | PS | NFS Version 2 and Version 3 Security Issues and the NFS Protocol's Use of RPCSEC_GSS and Kerberos V5 |
| RFC2624 | I | NFS Version 4 Design Considerations |
| RFC3010 | PS | NFS version 4 |
list.NFS Version 4 Working Group IETF 56 San Francisco minutes Network File System Version 4 (nfsv4) ------------------------------------- Chair(s): Robert Thurlow <Robert.Thurlow@eng.sun.com> Brian Pawlowski <beepy@netapp.com> Document Editor: Spencer Shepler <shepler@eng.sun.com> AGENDA: Tuesday March 18 0900-1130 (2.5 hours) Welcome and Introduction (Pawlowski) 5 min Agenda bash etc. - BLUE SHEETS - NOTE WELL - Status of drafts Connectathon results and issues (Shepler) 10 min Where's RFC3010bis? (Shepler) 5 min Minor revisions to NFSv4 (Thurlow) 20 min Recent drafts (Eisler) 40 min - XDR update: draft-ietf-nfsv4-rfc1832bis-00.txt - SECINFO changes: draft-eisler-nfsv4-secinfo-00.txt - Credential Cache GSS Mech: draft-eisler-nfsv4-ccm-00.txt Migration/replication status (Thurlow) 10 min From Repl/Mig to a global namespace (Thurlow) 20 min NFS and RDMA/RDDP work (Pawlowski) 10 min Review of work items (Shepler/Pawlowski) 15 min - API GSSAPI advancement - MIB draft resurrection - RPC/XDR/RPCSEC_GSS RFC plans Open discussion (Pawlowski) 10 m Wrapup (Pawlowski) 5 m MINUTES beepy welcomed, blue sheets and noted well. Agenda bashed mercilessly. Spencer Shepler reported on RFC 3010 revision. Waiting for 48 hour author review - RFC3010bis - in RFC editor's queue. Connectathon 2003 - good results, had 5 implementations there, did some recovery testingand Kerberos testting/GSSAPI. We've hit stride with twice a year off cycle testing, June and October, for implementations.. Next testing is first week of June in Ann Arbor, MI; another bake-a-thon event October in Austin. Rob Thurlow reported on minor revisioning. Minor version is defined by the base specification. What remains is policy for management of minor revisions from a working group perspective. Rob defined minor revisions bounding (new minor version does not eliminate previous version support, client server will negotiate down version). Can add new ops within COMPOUND, add mode bits, attributes. But our policy in when to spin and why a new revision. Rob discussed asynchronous feature driven minor versioning sort of vs. a train model. People are tending towards the "train model". Rob slides mention all this. This discussion will be pursued on the WG alias. Train model procedure to be defined and vetted within context of IETF. sob entered with IETF feedback and move to reduce number of working groups in transport area. NFS V4 has options on how to handle minor versions. Brent Callaghan questioned a 1 year train model with length of IETF process - sob suggested the IETF process is fast enough for a well working working group. Mike Eislers's drafts: XDR - want to raise it to full standard, needed some work to come into line with current RFCs, mainly ISOC copyright and IANA considerations, trademark updates, etc. Can find change bars on Mike's URL. Comment from Scott - will we require some level of review before things get revised? Mike will add text. SECINFO changes - issues from alias. 1) Needs args analogous to LOOKUP, but can't access a parent directory like LOOKUPP - this will be SECINFO_NO_NAME, subargs "current" and "parent". Need to provide a way to do this. 2) Need to be able to cross a boundary between security domains 3) Need to permit SECINFO to encode more flavors than a few explicitly listed. Question: do we want a style more analogous to LOOKUP/LOOKUPP and use SECINFOP and SECINFOC instead? No, probably better this way for minor rev. Question: can we not do domain crossing? Can, but it's not fully specified; this will clarify. Question: why do we not just apply this work to currfh? A: want to limit the ops which have to handle NFS4ERR_WRONGSEC. (Eisler had paused during his security presentation and resumed when David Black returned to get some feedback.) CCM - waited for David Black. Want to be able to use a cheaper security mechanism when we're using IPSec/TLS/SSH underneath. Want to authenticate heavily just once, bind to the secure transport, and cache the creds. -00 draft obsolete - it was proposed that we change to a simpler wrapper mechanism, and that was accepted. Issues: MUST specify channel bindings for end-to-end security? Without, can have man-in-the-middle attacks before client and server authentication, in theory. Problem: no channel bindings are defined in deployed secure transports. Proposal: SHOULD rather than MUST for channel bindings, SHOULD let users set policy to require it, and CCM should negotiate it. David Black - agrees that channel bindings are not a MUST. TLS, FCIP both deal with a nonce handshake to do simpler binding to transport. FCIP needs it because it does not try to do authentication in-band. Mike: promote this as a WG item. David: strongly agree, because we need this badly for RDDP. David Black and Eisler discussed fine points. David said that one thing on alias was not covered: what about another issue of reuse of cached credentials reused over another TCP connection - a crucial difference between iSCSI use and proposed CCM work. David said iSCSI binds the credentials to a TCP connection maintaining the IPsec context (disallowing migration). Eisler agrees. Julian Satran jumped in a bit - a nonce, Eisler to follow up with Julian. David suggests FCIP plays this sort of game. Mike to follow up. Eisler feels other than issues WG feels it is worthwhile pursuing. David strongly seconds that. In context of RDDP tie in. Rob Thurlow summarized migration/replication. Discussed state of current draft. Trying to come up with a protocol good enoughbut not to complex. Related to replication/migration is thinking ona global name space. The AFS attack. See Rob's slides. AFS users seeking one global name space and delegated management for local control of portions of the name space. Automounter has proven an inadequate solution (not generally applicable). Rob listed the limitations of Automounter. Current V4 protocol does not provide mechanism for enumerating the replicas of a given file system. Only provides list of possibilities. (which is not the same thing). beepy vectored into a little history as to why we avoided swallowing the AFS whale at the start of the NFS Version 4 work. AFS solved the heterogeneous distributed file system problem by dictating a single solution that made everything look the same. Treading carefully in this space. Rob Thurlow to carefully investigate delivery date of Informational RFC describing Sun use of LDAP for naming (Automounter). RDDP work items (beepy) - RDDP or RDMA promotes direct data placement by a smart NIC directly into application buffers. Our charter now includes us producing a problem statement and a requirements document for NFS and related technologies' use of RDDP and RDMA. Main reason to stop there is because there is not yet an RDDP protocol, and we don't want to wag the dog. After AD review, we will hope to consider making changes to NFS or RPC or both to make use of the protocol. Next action: form a subgroup to whack this together. Beepy - other documents. To take NFSv4 to Draft, we need to move a bunch of normative references ahead, either ourselves or in cooperation with other groups. GSS-API C and Java bindings are being worked now, need to conference with Scott Bradner. Need to get re-engaged with MIBs and other Other issues: >From Mike Eisler - RPC program # registration - retrieved document from IANA - but no progress. Rob needs to follow up. David Black and Mike Eisler thanked Sun for sponsoring the IETF. Shepler proposes high bandwidth one day meeting in June in connection with testing event at UMich. beepy RTFM the IESG web page. The group ended with a big thank you to our outgoing Area Director Scott Bradner for his guidance and support throughout the development of the V4 protocol. |