Summary

We have seen the introduction of the NFS distributed file system. NFS is centered around the idea of simple and fast recovery in the face of server failure and achieves this end through careful protocol design. Idempotency of operations is essential; because a client can safely replay a failed operation, it is OK to do so whether or not the server has executed the request.

We also have seen how the introduction of caching into a multiple-client, single-server system can complicate things. In particular, the system must resolve the cache consistency problem in order to behave reasonably. However, NFS does so in a slight ad hoc fashion which can occasionally result in observably weird behavior. Finally, we saw how server caching can be tricky: writes to the server must be forced to stable storage before returning success (otherwise data can be lost).

We haven’t talked about other issues that are certainly relevant, notably security. Security in early NFS implementations was remarkably lax; it was rather easy for any user on a client to masquerade as other users and thus gain access to virtually any file. Subsequent integration with more serious authentication services (e.g., Kerberos“Kerberos: An Authentication Service for Computer Networks” by B. Clifford Neu- man, Theodore Ts’o. IEEE Communications, 32(9):33-38, September 1994. Kerberos is an early and hugely influential authentication service. We probably should write a book chapter about it some- time…) have addressed these obvious deficiencies.

ASIDE: KEY NFS TERMS

• The key to realizing the main goal of fast and simple crash recovery in NFS is in the design of a stateless protocol. After a crash, the server can quickly restart and begin serving requests again; clients just retry requests until they succeed.
• Making requests idempotent is a central aspect of the NFS protocol. An operation is idempotent when the effect of performing it multiple times is equivalent to performing it once. In NFS, idempotency enables client retry without worry and unifies client lost-message retransmission and how the client handles server crashes.
• Performance concerns dictate the need for client-side caching and write buffering, but introduces a cache consistency problem.
• NFS implementations provide an engineering solution to cache consistency through multiple means: a flush-on-close (close-to-open) approach ensures that when a file is closed, its contents are forced to the server, enabling other clients to observe the updates to it. An attribute cache reduces the frequency of checking with the server whether a file has changed (via GETATTR requests).
• NFS servers must commit writes to persistent media before returning success; otherwise, data loss can arise.
• To support NFS integration into the operating system, Sun introduced the VFS/Vnode interface, enabling multiple file system implementations to coexist in the same operating system.