IBM Systems &Technology Group

NFS Protocol

N04_NFS

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

The N series as a File Server

N series

AIX

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

OSI Layer
NFS is an application, running in OSI layer 7
N series support NFS versions 2, 3, and 4

N04_NFS

Layer 7

Application

Layer 6

Presentation

Layer 5

Session

Layer 4

Transport

Layer 3

Network

Layer 2

Data Link

Layer 1

Physical Link

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Supports 3 Different Versions of NFS

Version 2

Version 3

Version 4

Based on RFC1094

Based on RFC1813

Based on RFC3530

Uses RPC protocol

based on RFC 1057

Uses RPC protocol

based on RFC 1057

Uses compound RPC

protocol based on
RFC 1831

Supports 32 bit file

size

Supports 32-64 bit file Supports 32-64 bit file

size
size

Stateless

Stateless

N04_NFS

Stateful,
no dependency on
NFS v2 & v3

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

What are Exports, Mount, Netgroup, and Subnet?

Exports
A file on the N series where the access permissions for resources
and targets are specified

Mount
A UNIX command that allows you to attach exported resources to a
mount point

Netgroup
Network groups database that describes network groups used for
access permission checking during mount requests

Subnet
A group of individual hosts that can be addressed through one
broadcast domain

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Exports and Mounts

The N series
/etc/exports file contains directories and files exported by the N
series to clients

Contains up to 10,240 entries with no limit to size of entry

Entry can span multiple lines
Entry consists of pathname and options
Enabled with the exportfs command or when volumes are created,
renamed, destroyed, or an upgrade is performed

Client
Mount command is used to attach a file system to the file system
hierarchy
Requires a mount point, usually a directory
Mounted directories are unmounted with the umount command
Mounted resources are included in the mount table (/etc/mnttab)
6

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

List of Targets from the Filers Point of View

DNS subdomains
A secondary domain

Host (Client)
A host (client) is any computer with assigned IP address that has permission
to mount resources from a storage server. Hostnames can be configured in
the /etc/hosts and /etc/hosts.equiv files

Netgroup
/etc/netgroup file defines groups of host (clients) that the appliance uses for
processing access permission during remote mounts

Subnet
Portions of a network sharing common address format. Subnets are shown
in the /etc/exports file as follows:[network] IPAdd [netmask] netmask"
7

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

List of Resources Which can be Exported

Volumes
File system that consists of one or more raid groups

Qtrees
Logical directory that resides in a volume

Directories
Containers of files

Files
Collection of data, records or information

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

How to Configure NFS ? Options Command

options nfs.udp.enable

on

When enabled, NFS uses UDP

as transport

options nfs.webnfs.enable

off

Enables web-nfs

options nfs.export.pos.timeout

36000

Time out value for granted

NFS requests (value is in seconds)

options nfs.mountd.trace

off

Allows mount traces to be logged

9

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

General Rules for Exporting Resources

Specify complete path name, must begin with /vol prefix
Example: /vol/vol0/home

Cannot export /vol; which is not a complete path name to

a file, directory, or volume
When you export a resource to multiple targets, separate
the target names with a colon (:)
Example: /vol/vol0/home rw=venus:mars

10

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Specific Rules for Exporting Resources (continued)

Export each volume separately
Storage appliance must resolve host names using dns, nis
or /etc/hosts
Export ancestors and descendants
ONTAP determines permissions by matching the longest
prefix
When providing an admin host during setup, and it is a
different DNS name, use Fully Qualified Domain Name

11

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Configuring /etc/exports from CLI

Volumes automatically exported if
Volume is created
vol create volnfs 2
Volume is renamed
vol rename volnfs vol2nfs

Qtrees exported by
Using exportfs command
Modifying the /etc/exports file

12

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

The exportfs Command

exportfs [ -afiuv ] [ -o options ] [ pathname ]
exportfs [ -c ] host pathname [ ro | rw | root ]
Checks access cache for host permission

exportfs -s pathname
Verifies the path to which a volume is exported

exportfs -d
Reverts the access cache to the format prior to 7.0

exportfs -r
Ensures only persistent exports are loaded

exportfs -h
Displays help menu for all options

13

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Sample Output of Exports

14

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Exporting Resources to a Client (Host)

Requires IP address or host name of the client in the
/etc/exports file
Export the directory /vol/vol0/home to the client host1,
with IP address of 123.45.67.89 and assign read-write
permissions
blue5200A>exportfs o rw=123.45.67.89 /vol/vol0/home
or
blue5200A>exportfs o rw=host1 /vol/vol0/home

15

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Exporting Resources to a Subnet

Requires IP addresses and netmask values
Specified with the root, -rw and ro options
/vol/vtest/v50
/vol/vtest/v50
/vol/vtest/v50
/vol/vtest/v50

16

N04_NFS

rw=123.45.67.0/24
rw=123.45.67.0 255.255.255.0
root=123.45.67.0/24
ro=123.45.67.0 255.255.255.0

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Exporting Resources to a Netgroup

Format of a netgroup entry
(hostname, username, domainname)

Create /etc/netgroup file with group names

Example
netA (host1,,) (host2,,)
netB (hostA,,) (hostB,,)
netC netA netB

Assign access permissions and include in /etc/exports file

Example
/vol/vol0 rw=netA
/vol/vol0/home ro=netB
17

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Access Restrictions
Access restrictions specify
Which host can mount a resource
Whether access is read-write (rw) or read-only (ro)
Whether the root user on the client can access the resource
Whether files can be created with the SETUID bit
The UID of the user accessing the resource

18

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Types of Access Restrictions

The root option
Determines the UID for the root user on the client

The rw option
Gives read-write access to specified hosts, if no host is
specified, all hosts have read-write access

The ro option
Gives read-only access to specified hosts, if no host is
specified, all hosts have read only access

The anon option

Determines the UID of the root user on the client
19

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

How the Access Rules Work

Example
If the /etc/exports file contains
/vol/vol65 -ro=host1:host3,rw=host2,root=host2

then
Only host1,host2,and host3 can access /vol/vol65
Read/Write access is granted to host2
Read Only access is granted to both host1 and host3
Root access is granted to host2

20

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Specifying Root Restrictions

To give all clients root access
/vol/volnfs/qnfs anon=0

To give all users root access

/vol/volnfs/qnfs anon=root

To deny root access to all clients

/vol/volnfs/qnfs anon=65535

Mixed root access

/vol/volnfs/qnfs root=hostA:hostB,anon=65535

21

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Specifying rw and ro Restrictions

All hosts mount rw
/vol/volnfs/qnfs

Some hosts mount rw

/vol/volnfs/qnfs rw=host1:host2:host3
Only the listed hosts can mount this resource

All hosts mount ro

/vol/volnfs/qnfs ro

Some hosts mount read-only

/vol/volnfs/qnfs ro=host1:host2:host3
Only the listed hosts can mount the resource read only

22

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Mounting Resources from a N series

At the client
Create a directory (mount point)
<host>mkdir /nfsmount

To make the mounted directory persistent across reboots,

edit the /etc/vfstab file to include the following entries:
filer:/vol/vol0/home - /nfsmount nfs rw 0
The entry above automatically mounts the directory. User can only
make changes to content in /vol/vol0/home after mounting the
directory

To mount the filer directory, use the mount command from

the command line as follows:
mount <filer>:/vol/vol0/home /nfsmount

23

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Verifying Exported Files and Directories

On the N series:
exportfs (without option displays the exported files)

On a UNIX system
mount (without option displays mounted files)

showmount e filer_x
Displays list of mounts available from filer_X

24

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Configuring NFS with FilerView

25

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Configuring New Exports with FilerView

26

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Configuring New Exports with FilerView (continued)

27

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Configuring New Exports with FilerView (continued)

28

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Configuring New Exports with FilerView (continued)

29

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Manage Exports with FilerView

30

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Manage Exports with FilerView (continued)

31

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Manage Exports with FilerView (continued)

32

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Manage Exports with FilerView (continued)

33

N04_NFS

February, 2007

2007 IBM Corporation

IBM Systems &Technology Group

Questions or Comments?

N04_NFS

February, 2007

2007 IBM Corporation