N04_NFS

IBM Systems &Technology Group

N04_NFS February, 2007 © 2007 IBM Corporation

N04_NFS

NFS Protocol


© 2007 IBM Corporation2 N04_NFS February, 2007

The N series as a File Server

AIX

N series



OSI Layer

NFS is an application, running in OSI layer 7

N series support NFS versions 2, 3, and 4

Layer 7

Layer 6

Layer 5

Layer 4

Layer 3

Layer 2

Layer 1

Application

Presentation

Session

Transport

Network

Data Link

Physical Link



Supports 3 Different Versions of NFS

Version 2 Version 3 Version 4

Based on RFC1094 Based on RFC1813 Based on RFC3530Uses RPC protocol based on RFC 1057

Uses RPC protocol based on RFC 1057

Uses compound RPC protocol based on RFC 1831

Supports 32 bit file size

Supports 32-64 bit file size

Supports 32-64 bit file size

Stateless Stateless Stateful, no dependency on NFS v2 & v3



Exports– A file on the N series where the access permissions for resources

and targets are specified

Mount– A UNIX command that allows you to attach exported resources to a

mount point

Netgroup– Network groups database that describes network groups used for

access permission checking during mount requests

Subnet– A group of individual hosts that can be addressed through one

broadcast domain

What are Exports, Mount, Netgroup, and Subnet?



Exports and Mounts

The N series– /etc/exports file contains directories and files exported by the N

series to clients• Contains up to 10,240 entries with no limit to size of entry• Entry can span multiple lines• Entry consists of pathname and options• Enabled with the exportfs command or when volumes are created,

renamed, destroyed, or an upgrade is performed

Client– Mount command is used to attach a file system to the file system

hierarchy• Requires a mount point, usually a directory• Mounted directories are unmounted with the umount command• Mounted resources are included in the mount table (/etc/mnttab)



DNS subdomains– A secondary domain

Host (Client)– A host (client) is any computer with assigned IP address that has permission

to mount resources from a storage server. Hostnames can be configured in the /etc/hosts and /etc/hosts.equiv files

Netgroup– /etc/netgroup file defines groups of host (clients) that the appliance uses for

processing access permission during remote mounts

Subnet– Portions of a network sharing common address format. Subnets are shown

in the /etc/exports file as follows:”[network] IPAdd [netmask] netmask"

List of Targets from the Filer’s Point of View



List of Resources Which can be Exported

Volumes– File system that consists of one or more raid groups

Qtrees– Logical directory that resides in a volume

Directories– Containers of files

Files– Collection of data, records or information



How to Configure NFS ? Options Command

options nfs.udp.enable on– When enabled, NFS uses UDP

as transport

options nfs.webnfs.enable off– Enables web-nfs

options nfs.export.pos.timeout 36000– Time out value for granted

NFS requests (value is in seconds)

options nfs.mountd.trace off– Allows mount traces to be logged



General Rules for Exporting Resources

Specify complete path name, must begin with /vol prefix– Example: /vol/vol0/home

Cannot export /vol; which is not a complete path name to a file, directory, or volume

When you export a resource to multiple targets, separate the target names with a colon (:)– Example: /vol/vol0/home –rw=venus:mars



Specific Rules for Exporting Resources (continued)

Export each volume separately

Storage appliance must resolve host names using dns, nisor /etc/hosts

Export ancestors and descendants

ONTAP determines permissions by matching the longest prefix

When providing an admin host during setup, and it is a different DNS name, use Fully Qualified Domain Name



Configuring /etc/exports from CLI

Volumes automatically exported if– Volume is created

vol create volnfs 2– Volume is renamed

vol rename volnfs vol2nfsQtrees exported by– Using exportfs command

– Modifying the /etc/exports file



The exportfs Commandexportfs [ -afiuv ] [ -o options ] [ pathname ]exportfs [ -c ] host pathname [ ro | rw | root ]– Checks access cache for host permission

exportfs -s pathname– Verifies the path to which a volume is exported

exportfs -d– Reverts the access cache to the format prior to 7.0

exportfs -r– Ensures only persistent exports are loaded

exportfs -h– Displays help menu for all options



Sample Output of Exports



Exporting Resources to a Client (Host)

Requires IP address or host name of the client in the /etc/exports file

Export the directory /vol/vol0/home to the client host1, with IP address of 123.45.67.89 and assign read-write permissions

– blue5200A>exportfs –o rw=123.45.67.89 /vol/vol0/homeor

– blue5200A>exportfs –o rw=host1 /vol/vol0/home



Exporting Resources to a Subnet

Requires IP addresses and netmask values

Specified with the –root, -rw and –ro options

/vol/vtest/v50 –rw=123.45.67.0/24/vol/vtest/v50 –rw=“123.45.67.0 255.255.255.0”/vol/vtest/v50 –root=123.45.67.0/24/vol/vtest/v50 –ro=“123.45.67.0 255.255.255.0”



Exporting Resources to a Netgroup

Format of a netgroup entry– (hostname, username, domainname)

Create /etc/netgroup file with group names

Example– netA (host1,,) (host2,,)– netB (hostA,,) (hostB,,)– netC netA netB

Assign access permissions and include in /etc/exports file

Example– /vol/vol0 –rw=netA– /vol/vol0/home –ro=netB



Access Restrictions

Access restrictions specify– Which host can mount a resource

– Whether access is read-write (rw) or read-only (ro)

– Whether the root user on the client can access the resource

– Whether files can be created with the SETUID bit

– The UID of the user accessing the resource



Types of Access Restrictions

The root option– Determines the UID for the root user on the client

The rw option– Gives read-write access to specified hosts, if no host is

specified, all hosts have read-write access

The ro option– Gives read-only access to specified hosts, if no host is

specified, all hosts have read only access

The anon option– Determines the UID of the root user on the client



How the Access Rules Work

ExampleIf the /etc/exports file contains

/vol/vol65 -ro=host1:host3,rw=host2,root=host2

then• Only host1,host2,and host3 can access /vol/vol65

• Read/Write access is granted to host2

• Read Only access is granted to both host1 and host3

• Root access is granted to host2



Specifying Root Restrictions

To give all clients root access• /vol/volnfs/qnfs –anon=0

To give all users root access • /vol/volnfs/qnfs –anon=root

To deny root access to all clients• /vol/volnfs/qnfs –anon=65535

Mixed root access• /vol/volnfs/qnfs –root=hostA:hostB,anon=65535



Specifying rw and ro Restrictions

All hosts mount rw– /vol/volnfs/qnfsSome hosts mount rw– /vol/volnfs/qnfs –rw=host1:host2:host3

• Only the listed hosts can mount this resource

All hosts mount ro– /vol/volnfs/qnfs –roSome hosts mount read-only– /vol/volnfs/qnfs –ro=host1:host2:host3

• Only the listed hosts can mount the resource read only



Mounting Resources from a N series

At the client– Create a directory (mount point)

• <host>mkdir /nfsmountTo make the mounted directory persistent across reboots, edit the /etc/vfstab file to include the following entries: – filer:/vol/vol0/home - /nfsmount nfs rw 0– The entry above automatically mounts the directory. User can only

make changes to content in /vol/vol0/home after mounting the directory

To mount the filer directory, use the mount command from the command line as follows:– mount <filer>:/vol/vol0/home /nfsmount



Verifying Exported Files and Directories

On the N series:– exportfs (without option displays the exported files)

On a UNIX system– mount (without option displays mounted files)

– showmount –e filer_x• Displays list of mounts available from filer_X



Configuring NFS with FilerView



Configuring New Exports with FilerView



Configuring New Exports with FilerView (continued)









Manage Exports with FilerView



Manage Exports with FilerView (continued)








N04_NFS February, 2007 © 2007 IBM Corporation

Questions or Comments?

Documents

N04_NFS