Internet Engineering Task Force (IETF)                        J. Lentini
Request for Comments: 5716                                   C. Everhart
Category: Informational                                           NetApp
ISSN: 2070-1721                                                D. Ellard
                                                        BBN Technologies
                                                               R. Tewari
                                                                 M. Naik
                                                             IBM Almaden
                                                            January 2010
Internet Engineering Task Force (IETF)                        J. Lentini
Request for Comments: 5716                                   C. Everhart
Category: Informational                                           NetApp
ISSN: 2070-1721                                                D. Ellard
                                                        BBN Technologies
                                                               R. Tewari
                                                                 M. Naik
                                                             IBM Almaden
                                                            January 2010

Requirements for Federated File Systems




This document describes and lists the functional requirements of a federated file system and defines related terms.


Status of This Memo


This document is not an Internet Standards Track specification; it is published for informational purposes.


This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at


Copyright Notice


Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2010 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents ( in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.


Table of Contents


   1. Overview ........................................................3
      1.1. Requirements Language ......................................4
   2. Purpose .........................................................5
   3. Examples and Discussion .........................................5
      3.1. Create a Fileset and Its FSL(s) ............................5
           3.1.1. Creating a Fileset and an FSN .......................6
           3.1.2. Adding a Replica of a Fileset .......................6
      3.2. Junction Resolution ........................................7
      3.3. Junction Creation ..........................................9
   4. Glossary ........................................................9
   5. Proposed Requirements ..........................................11
      5.1. Basic Assumptions .........................................11
      5.2. Requirements ..............................................14
   6. Non-Requirements ...............................................20
   7. Security Considerations ........................................21
   8. References .....................................................22
      8.1. Normative References ......................................22
      8.2. Informative References ....................................23
   Appendix A.  Acknowledgments ......................................25
   1. Overview ........................................................3
      1.1. Requirements Language ......................................4
   2. Purpose .........................................................5
   3. Examples and Discussion .........................................5
      3.1. Create a Fileset and Its FSL(s) ............................5
           3.1.1. Creating a Fileset and an FSN .......................6
           3.1.2. Adding a Replica of a Fileset .......................6
      3.2. Junction Resolution ........................................7
      3.3. Junction Creation ..........................................9
   4. Glossary ........................................................9
   5. Proposed Requirements ..........................................11
      5.1. Basic Assumptions .........................................11
      5.2. Requirements ..............................................14
   6. Non-Requirements ...............................................20
   7. Security Considerations ........................................21
   8. References .....................................................22
      8.1. Normative References ......................................22
      8.2. Informative References ....................................23
   Appendix A.  Acknowledgments ......................................25
1. Overview
1. 概述

This document describes and lists the functional requirements of a federated file system and defines related terms.


We do not describe the mechanisms that might be used to implement this functionality except in cases where specific mechanisms, in our opinion, follow inevitably from the requirements. Our focus is on the interfaces between the entities of the system, not on the protocols or their implementations.


Today, there are collections of fileservers that inter-operate to provide a single namespace comprised of filesystem resources provided by different members of the collection, joined together with inter-filesystem references. The namespace can either be assembled at the fileservers, the clients, or by an external namespace service, and is often not easy or uniform to manage. The requirements in this document are meant to lead to a uniform server-based namespace that is capable of spanning a whole enterprise and that is easy to manage.


We define some terms to better describe the solution space. A "fileset" is the abstract view of a filesystem in a uniform namespace, and may be implemented behind that abstraction by one or more physical filesystems at any given time. Each fileset has a name called an "FSN" (fileset name), and each physical filesystem has a fileset location ("FSL"). A fileset is a directory tree containing files and directories, and it may also contain references to other filesets. These references are called "junctions". To provide location independence, a junction does not contain information about the location of the real resource(s), but instead contains an FSN that can be used to look up the location information. The service that can be used to map from the FSN to the FSL(s) is called a namespace database (NSDB) service. The NSDB provides a level of indirection from the virtual paths in the uniform namespace to the actual locations of files. By design, the NSDB does not store the junctions. This allows junction administration and NSDB administration to be separate roles.


The servers direct clients to the proper locations by existing mechanisms (e.g., the referrals mechanism within [RFC3530] and [RFC5661]). Updates to the locations make it possible to support migration and replication of physical filesystems that comprise the namespace, in a way that is transparent to filesystem applications.


Figure 1 shows an example of a federation. This federation has two members, named ALPHA and BETA. Federation members may contain an arbitrary number of fileservers and NSDB nodes; in this illustration, ALPHA and BETA each have three servers, one NSDB node, and are administered separately.


      +----------------------+       +----------------------+
      |  Federation Member   |       |  Federation Member   |
      |        ALPHA         |       |         BETA         |
      |                      |       |                      |
      |                      |       |                      |
      |    +------------+    |       |    +------------+    |
      |    |    NSDB    |    |       |    |    NSDB    |    |
      |    |            |    |       |    |            |    |
      |    +------------+    |       |    +------------+    |
      |                      |       |                      |
      |                      |       |                      |
      |                      |       |                      |
      |         +----------+ |       |         +----------+ |
      |         |          | |       |         |          | |
      |     +-- | Servers  | |       |     +-- | Servers  | |
      |     |   |          | |       |     |   |          | |
      | +-- |   |          | |       | +-- |   |          | |
      | |   |   +----------+ |       | |   |   +----------+ |
      | |   |          |     |       | |   |          |     |
      | |   +----------+     |       | |   +----------+     |
      | |          |         |       | |          |         |
      | +----------+         |       | +----------+         |
      +----------------------+       +----------------------+
      +----------------------+       +----------------------+
      |  Federation Member   |       |  Federation Member   |
      |        ALPHA         |       |         BETA         |
      |                      |       |                      |
      |                      |       |                      |
      |    +------------+    |       |    +------------+    |
      |    |    NSDB    |    |       |    |    NSDB    |    |
      |    |            |    |       |    |            |    |
      |    +------------+    |       |    +------------+    |
      |                      |       |                      |
      |                      |       |                      |
      |                      |       |                      |
      |         +----------+ |       |         +----------+ |
      |         |          | |       |         |          | |
      |     +-- | Servers  | |       |     +-- | Servers  | |
      |     |   |          | |       |     |   |          | |
      | +-- |   |          | |       | +-- |   |          | |
      | |   |   +----------+ |       | |   |   +----------+ |
      | |   |          |     |       | |   |          |     |
      | |   +----------+     |       | |   +----------+     |
      | |          |         |       | |          |         |
      | +----------+         |       | +----------+         |
      +----------------------+       +----------------------+

Figure 1


1.1. Requirements Language
1.1. 需求语言

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].


Note that this is a requirements document, and in many instances where these words are used in this document they refer to qualities of a specification for a system that satisfies the document, or requirements of a system that matches that specification. These cases are distinguished when there is potential for ambiguity.


2. Purpose
2. 意图

Our objective is to specify a set of protocols by which fileservers or collections of fileservers, with different administrators, can form a federation of fileservers and NSDB nodes that provides a namespace composed of the filesets hosted on the different fileservers and fileserver collections.


It should be possible, using a system that implements the protocols, to share a common namespace across all the fileservers in the federation. It should also be possible for different fileservers in the federation to project different namespaces and enable clients to traverse them.


Such a federation may contain an arbitrary number of NSDB nodes, each belonging to a different administrative entity, and each providing the mappings that define a part of a namespace. Such a federation may also have an arbitrary number of administrative entities, each responsible for administering a subset of the fileservers and NSDB nodes. Acting in concert, the administrators should be able to build and administer this multi-fileserver, multi-collection namespace.


It is not the intent of the federation to guarantee namespace consistency across all client views. Since different parts of the namespace may be administered by different entities, it is possible that a client could be accessing a stale area of the namespace managed by one entity because a part of the namespace above it, managed by another entity, has changed.


3. Examples and Discussion
3. 实例和讨论

In this section we provide examples and discussion of the basic operations facilitated by the federated file system protocol: creating a fileset, adding a replica of a fileset, resolving a junction, and creating a junction.


3.1. Create a Fileset and Its FSL(s)
3.1. 创建文件集及其FSL

A fileset is the abstraction of a set of files and the directory tree that contains them. The fileset abstraction is the fundamental unit of data management in the federation. This abstraction is implemented by an actual directory tree whose root location is specified by a fileset location (FSL).


In this section, we describe the basic requirements for starting with a directory tree and creating a fileset that can be used in the federation protocols. Note that we do not assume that the process of creating a fileset requires any transformation of the files or the


directory hierarchy. The only thing that is required by this process is assigning the fileset a fileset name (FSN) and expressing the location(s) of the implementation of the fileset as FSL(s).


There are many possible variations to this procedure, depending on how the FSN that binds the FSL is created, and whether other replicas of the fileset exist, are known to the federation, and need to be bound to the same FSN.


It is easiest to describe this in terms of how to create the initial implementation of the fileset, and then describe how to add replicas.


3.1.1. Creating a Fileset and an FSN
3.1.1. 创建文件集和FSN

1. Choose the NSDB node that will keep track of the FSL(s) and related information for the fileset.

1. 选择将跟踪文件集的FSL和相关信息的NSDB节点。

2. Request that the NSDB node register a new FSN for the fileset.

2. 请求NSDB节点为文件集注册新的FSN。

The FSN may either be chosen by the NSDB node or by the server. The latter case is used if the fileset is being restored, perhaps as part of disaster recovery, and the server wishes to specify the FSN in order to permit existing junctions that reference that FSN to work again.


At this point, the FSN exists, but its location is unspecified.


3. Send the FSN, the local volume path, the export path, and the export options for the local implementation of the fileset to the NSDB node. Annotations about the FSN or the location may also be sent.

3. 将文件集本地实现的FSN、本地卷路径、导出路径和导出选项发送到NSDB节点。还可以发送关于FSN或位置的注释。

The NSDB node records this information and creates the initial FSL for the fileset.


3.1.2. Adding a Replica of a Fileset
3.1.2. 添加文件集的副本

Adding a replica is straightforward: the NSDB node and the FSN are already known. The only remaining step is to add another FSL.


Note that the federation protocols do not include methods for creating or managing replicas: this is assumed to be a platform-dependent operation (at least at this time). The only requirement is that these fileset replicas be registered and unregistered with the NSDB.


3.2. Junction Resolution
3.2. 结分辨率

A fileset may contain references to other filesets. These references are represented by junctions. If a client requests access to a fileset object that is a junction, the server resolves the junction to discover the FSL(s) that implements the referenced fileset.


There are many possible variations to this procedure, depending on how the junctions are represented and how the information necessary to perform resolution is represented by the server.


Step 4 is the only step that interacts directly with the federation protocols. The rest of the steps may use platform-specific interfaces.


1. The server determines that the object being accessed is a junction.

1. 服务器确定正在访问的对象是连接。

2. Using the junction, the server does a local lookup to find the FSN of the target fileset.

2. 服务器使用连接进行本地查找,以查找目标文件集的FSN。

3. Using the FSN, the server finds the NSDB node responsible for the target object.

3. 服务器使用FSN查找负责目标对象的NSDB节点。

4. The server contacts that NSDB node and asks for the set of FSLs that implement the target FSN. The NSDB node responds with a set of FSLs.

4. 服务器联系该NSDB节点并请求实现目标FSN的FSL集。NSDB节点使用一组FSL进行响应。

5. The server converts one or more of the FSLs to the location type used by the client (e.g., a Network File System (NFSv4) fs_location, as described in [RFC3530]).

5. 服务器将一个或多个FSL转换为客户端使用的位置类型(例如,网络文件系统(NFSv4)fs_位置,如[RFC3530]中所述)。

6. The server redirects (in whatever manner is appropriate for the client) the client to the location(s).

6. 服务器将客户端重定向(以适合客户端的任何方式)到该位置。

These steps are illustrated in Figure 2. The client sends request 1 to server X, in federation member ALPHA, in an attempt to reference an object (which appears to the client as a directory). Server X recognizes that the referenced object is actually a junction that refers to a directory in a different fileset. Server X finds, from the FSN in the junction, that the NSDB responsible for knowing the location of the target of the junction is the NSDB of federation member BETA. Server X sends request 2 to the NSDB of BETA, asking for the current location of the directory. The NSDB sends response 3 to server X, telling the server that the directory is located on server Y. Server X sends response 4 to the client, indicating that the directory is in a "new" location on server Y. The client then sends request 5 to server Y, repeating the initial request.


Given the current requirements and definitions, this resolution method MUST work. However, there is no requirement that this is the only resolution method that can be used. This method may be used as the fallback when all else fails (or, for a simple implementation, it could be the only method). This is a degenerate implementation of the NSDB service as a simple composition of NSDB nodes; we expect that large federations will use more sophisticated methods to share the FSN and FSL information among multiple NSDB nodes.


          |               |
          |    Client     | >--------------------------+
          |               |                            |
          +---------------+                            |
            v   ^                                      |
      +-----+---+-------------+      +-----------------+-----+
      |     |   |   Federation|      |Federation       |     |
      |     |   |   member    |      |member           |     |
      |     |   |   ALPHA     |      |BETA             |     |
      |     |   |             |      |                 |     |
      |     |   |             |      |                 |     |
      |     |   |             |      |                 |     |
      |     |   |             |      |                 |     |
      |     |   |             |      |   +---------+   |     |
      |     |   |   +---------+------+-> |         |   |     |
      |     |   |   |         |      |   | NSDB Y  |   |     |
      |     |   |   |   +-----+------+-< |         |   |     |
      |     |   |   |   |     |      |   +---------+   |     |
      |     |   |   |   |     |      |                 |     |
      |     |   |   |   |     |      |                 |     |
      |     |   |   |   |     |      |                 |     |
      |    1|  4|  2|  3|     |      |                5|     |
      |     v   ^   ^   v     |      |                 v     |
      |   +---------------+   |      |   +---------------+   |
      |   |               |   |      |   |               |   |
      |   |   Server X    |   |      |   |   Server Y    |   |
      |   |               |   |      |   |               |   |
      |   +---------------+   |      |   +---------------+   |
      |                       |      |                       |
      +-----------------------+      +-----------------------+
          |               |
          |    Client     | >--------------------------+
          |               |                            |
          +---------------+                            |
            v   ^                                      |
      +-----+---+-------------+      +-----------------+-----+
      |     |   |   Federation|      |Federation       |     |
      |     |   |   member    |      |member           |     |
      |     |   |   ALPHA     |      |BETA             |     |
      |     |   |             |      |                 |     |
      |     |   |             |      |                 |     |
      |     |   |             |      |                 |     |
      |     |   |             |      |                 |     |
      |     |   |             |      |   +---------+   |     |
      |     |   |   +---------+------+-> |         |   |     |
      |     |   |   |         |      |   | NSDB Y  |   |     |
      |     |   |   |   +-----+------+-< |         |   |     |
      |     |   |   |   |     |      |   +---------+   |     |
      |     |   |   |   |     |      |                 |     |
      |     |   |   |   |     |      |                 |     |
      |     |   |   |   |     |      |                 |     |
      |    1|  4|  2|  3|     |      |                5|     |
      |     v   ^   ^   v     |      |                 v     |
      |   +---------------+   |      |   +---------------+   |
      |   |               |   |      |   |               |   |
      |   |   Server X    |   |      |   |   Server Y    |   |
      |   |               |   |      |   |               |   |
      |   +---------------+   |      |   +---------------+   |
      |                       |      |                       |
      +-----------------------+      +-----------------------+

Figure 2


3.3. Junction Creation
3.3. 连接创建

Given a local path and the FSN of a remote fileset, an administrator can create a junction from the local path to the remote fileset.


There are many possible variations to this procedure, depending on how the junctions are represented and how the information necessary to perform resolution is represented by the server.


Step 1 is the only step that uses the federation interfaces. The remaining step may use platform-specific interfaces.


1. The administrator requests the server create a junction to the FSN of the remote fileset at the given path.

1. 管理员请求服务器在给定路径处创建到远程文件集的FSN的连接。

2. The server inserts the junction to the FSN, at the given path, into the local filesystem.

2. 服务器在给定的路径上将FSN的连接插入本地文件系统。

4. Glossary
4. 术语汇编

Administrator: user with the necessary authority to initiate administrative tasks on one or more servers.


Admin Entity: A server or agent that administers a collection of fileservers and persistently stores the namespace information.


Client: Any client that accesses the fileserver data using a supported filesystem access protocol.


Federation: A set of server collections and singleton servers that use a common set of interfaces and protocols in order to provide to their clients a federated namespace accessible through a filesystem access protocol.


Fileserver: A server exporting a filesystem via a network filesystem access protocol.


Fileset: The abstraction of a set of files and the directory tree that contains them. A fileset is the fundamental unit of data management in the federation.


Note that all files within a fileset are descendants of one directory, and that filesets do not span filesystems.


Filesystem: A self-contained unit of export for a fileserver, and the mechanism used to implement filesets. The fileset does not need to be rooted at the root of the filesystem, nor at the export point for the filesystem.


A single filesystem MAY implement more than one fileset, if the client protocol and the fileserver permit this.


Filesystem Access Protocol: A network filesystem access protocol such as NFSv2 [RFC1094], NFSv3 [RFC1813], NFSv4 [RFC3530], or CIFS (Common Internet File System) [MS-SMB] [MS-SMB2] [MS-CIFS].


FSL (Fileset Location): The location of the implementation of a fileset at a particular moment in time. An FSL MUST be something that can be translated into a protocol-specific description of a resource that a client can access directly, such as an fs_location (for NFSv4), or share name (for CIFS). Note that not all FSLs need to be explicitly exported as long as they are contained within an exported path on the fileserver.


FSN (Fileset Name): A platform-independent and globally unique name for a fileset. Two FSLs that implement replicas of the same fileset MUST have the same FSN, and if a fileset is migrated from one location to another, the FSN of that fileset MUST remain the same.


Junction: A filesystem object used to link a directory name in the current fileset with an object within another fileset. The server-side "link" from a leaf node in one fileset to the root of another fileset.


Namespace: A filename/directory tree that a sufficiently authorized client can observe.


NSDB (Namespace Database) Service: A service that maps FSNs to FSLs. The NSDB may also be used to store other information, such as annotations for these mappings and their components.


NSDB Node: The name or location of a server that implements part of the NSDB service and is responsible for keeping track of the FSLs (and related info) that implement a given partition of the FSNs.


Referral: A server response to a client access that directs the client to evaluate the current object as a reference to an object at a different location (specified by an FSL) in another fileset, and possibly hosted on another fileserver. The client re-attempts the access to the object at the new location.


Replica: A replica is a redundant implementation of a fileset. Each replica shares the same FSN, but has a different FSL.


Replicas may be used to increase availability or performance. Updates to replicas of the same fileset MUST appear to occur in the same order, and therefore each replica is self-consistent at any moment.


We do not assume that updates to each replica occur simultaneously. If a replica is offline or unreachable, the other replicas may be updated.


Server Collection: A set of fileservers administered as a unit. A server collection may be administered with vendor-specific software.


The namespace provided by a server collection could be part of the federated namespace.


Singleton Server: A server collection containing only one server; a stand-alone fileserver.


5. Proposed Requirements
5. 拟议要求

The phrase "USING THE FEDERATION INTERFACES" implies that the subsequent requirement must be satisfied, in its entirety, via the federation interfaces.


Note that the requirements are described in terms of correct behavior by all entities. We do not address the requirements of the system in the presence of faults.


5.1. Basic Assumptions
5.1. 基本假设

Several of the requirements are so fundamental that we treat them as basic assumptions; if any of these assumptions are violated, the rest of the requirements must be reviewed in their entirety.


A1: The federation protocols do not require any changes to existing client-facing protocols, and MAY be extended to incorporate new client-facing protocols.


A2: A client SHOULD NOT require any a priori knowledge of the general structure or composition of the federation.


The client may require some specific knowledge in order to find and access an instance of the fileset that defines the root of its view of the namespace. As the client traverses the namespace, the client discovers the information it needs in order to locate the filesets it accesses.


A3: All requirements MUST be satisfiable via the federation protocols and the standard protocols used by the fileservers (i.e., NFS, CIFS, DNS, etc.).


USING THE FEDERATION INTERFACES, a federation operation that requires an interaction between two (or more) entities that are members of the federation MUST be possible without requiring any proprietary protocols.


A4: All the entities participating in a federation operation MUST be able to authenticate each other.


All principals (clients, users, administrator of a singleton or server collection, hosts, NSDB nodes, etc.) that can assume a role defined by the federation protocol can identify themselves to each other via an authentication mechanism. This mechanism is not defined or further described in this document.


The authority of a principal to request that a second principal perform a specific operation is ultimately determined by the second. Authorization may be partitioned by server collection or set of servers as well as by operation. For example, if a user has administrative privileges on one server in the federation, this does not imply that they have administrative privileges (or, for that matter, any privileges whatsoever) on any other server in the federation.


In order to access the functionality provided by the federation interfaces, it may be necessary to have elevated privileges or authorization. The authority required by different operations may be different. For example, the authority required to query the NSDB about the FSLs bound to an FSN may be different than the authority required to change the bindings of that FSN.


An operation attempted by an unauthorized entity MUST fail in a manner that indicates that the failure was due to insufficient authorization.


This document does not enumerate the authorization necessary for any operation.


A5: The federation protocols MUST NOT require changes to existing authentication/authorization mechanisms in use at the fileservers for client-facing protocols.


A user's view of the namespace may be limited by the authentication and authorization privileges it has on the different fileservers in the federation. As such, users may only be able to traverse the parts of the namespace to which they have access.


The federation protocols do not impose any restrictions on how users are represented within the federation. For example, a single enterprise could employ a common identity for users across the federation. A grid environment could utilize user mapping or translations across different administrative domains.


A6: In a federated system, we assume that an FSN MUST express, or can be used to discover, the following two pieces of information:


1. The location of the NSDB node that is responsible for knowing the filesystem location(s) (FSLs) of the named fileset.

1. 负责了解命名文件集的文件系统位置(FSLs)的NSDB节点的位置。

The NSDB node must be specified because there may be many NSDB nodes in a federation. We do not assume that any single entity knows the location of all of the NSDB nodes, and therefore exhaustive search is not an option.


There are several ways in which a fileserver can locate the NSDB node responsible for a given fileset. One approach, given a DNS infrastructure, is to specify the location of the NSDB node by the Fully-Qualified Domain Name (FQDN) of the server hosting the NSDB node. Another approach is to use a separate DNS-style hierarchy to resolve the location of the NSDB node.


2. The FSN identifier.

2. FSN标识符。

The FSN identifier is the index used by the NSDB node to identify the target fileset.


There are several ways to represent FSN identifiers. One approach could use 128-bit Universally Unique IDentifiers (UUIDs) as described in [RFC4122].


As an example, an FSN could be represented by a URL of the form nsdb:// where nsdb is the scheme name, is the FQDN of the server hosting the NSDB node, and UUID is the string representation of the identifier.

例如,一个FSN可以由以下形式的URL表示nsdb:// 其中nsdb是方案名称,nsdb.example.com是承载nsdb节点的服务器的FQDN,UUID是标识符的字符串表示形式。

Note that it is not assumed that it is always required for a server to contact the NSDB node specified by the FSN in order to find the FSLs. The relevant information stored in that NSDB node may also be cached local to the server or on a proxy NSDB node "near" the server.


A7: All federation servers and NSDB nodes are assumed to execute the federation protocols correctly. The behavior of the federation is undefined in the case of Byzantine behavior by any federation server or NSDB node.


A8: The locations of federation services (such as NSDBs and FSLs) can be specified in a manner such that they can be correctly interpreted by all members of the federation that will access them.


For example, if an NSDB node is specified by an FQDN, then this implies that every member of the federation that needs to access this NSDB node can resolve this FQDN to an IP address for that NSDB node. (It is not necessary that the FQDN always resolve to the same address; the same service may appear at different addresses on different networks.)


It is the responsibility of each federation member to ensure that the resources it wishes to expose have accessible network locations and that the necessary resolution mechanisms (i.e., DNS) are given the necessary data to perform the resolution correctly.


5.2. Requirements
5.2. 要求

R1: Requirements of each FSN:


a. Each FSN MUST be unique within the scope of its NSDB (so that the FSN is globally unique).

a. 每个FSN在其NSDB范围内必须是唯一的(因此FSN是全局唯一的)。

b. The FSN MUST be sufficiently descriptive to locate an instance of the fileset it names within the federation at any time.

b. FSN必须具有足够的描述性,以便随时在联合体中找到它命名的文件集的实例。

c. All FSNs MUST be invariant when their underlying filesystems move or are replicated; only mappings from FSN to FSL(s) change under these transformations.

c. 当底层文件系统移动或复制时,所有FSN必须保持不变;在这些转换下,只有从FSN到FSL的映射才会更改。

d. All files accessible from the global namespace MUST be part of a fileset that has an assigned FSN.

d. 从全局命名空间访问的所有文件都必须是具有指定FSN的文件集的一部分。

Not all filesets in the federation are required to have an FSN or be reachable by an FSL. Only those filesets that are the target of a junction (as described in R3) are required to have an FSN.


The FSN format MAY be of variable size. If the format is variable in size, fileserver implementations MAY have a maximum supported FSN size. By bounding the FSN size, some fileserver implementations might be able to efficiently organize FSNs in stable storage. For interoperability, the federation protocols SHOULD define an FSN size that all fileservers support.


R2: USING THE FEDERATION INTERFACES, it MUST be possible to create an FSN for a fileset, and it must be possible to bind an FSL to that FSN. These operations are NSDB operations and do not require any action on the part of a file server.


It is possible to create an FSN for a fileset that has not actually been created. It is also possible to bind a nonexistent FSL to an FSN. It is also possible to create a fileset without assigning it an FSN. The binding between an FSN and an FSL is defined entirely within the context of the NSDB; the servers do not "know" whether the filesets they host have been assigned FSNs (or, if so, what those FSNs are).


The requirement that filesets can exist prior to being assigned an FSN and the requirement that FSNs can exist independent of filesets are intended to simplify the construction of the namespace in a convenient manner. For example, they permit an admin to assign FSNs to existing filesets and thereby incorporate existing filesets into the namespace. They also permit the structure of the namespace to be defined prior to creation of the component filesets. In either case, it is the responsibility of the entity updating the NSDB with FSNs and FSN-to-FSL mappings to ensure that the namespace is constructed in a consistent manner. (The simplest way to accomplish this is to ensure that the FSN and FSN-to-FSL mappings are always recorded in the NSDB prior to the creation of any junctions that refer to that FSN.)


a. An administrator MAY specify the entire FSN (including both the NSDB node location and the identifier) of the newly created FSL, or the administrator MAY specify only the NSDB node and have the system choose the identifier.

a. 管理员可以指定新创建的FSL的整个FSN(包括NSDB节点位置和标识符),或者管理员可以仅指定NSDB节点并让系统选择标识符。

The admin can choose to specify the FSN explicitly in order to recreate a lost fileset with a given FSN (for example, as part of disaster recovery). It is an error to assign an FSN that is already in use by an active fileset.


Note that creating a replica of an existing filesystem is NOT accomplished by assigning the FSN of the filesystem you wish to replicate to a new filesystem.


b. USING THE FEDERATION INTERFACES, it MUST be possible to create a federation FSL by specifying a specific local volume, path, export path, and export options.

b. 使用联合接口,必须能够通过指定特定的本地卷、路径、导出路径和导出选项来创建联合FSL。

R3: USING THE FEDERATION INTERFACES, and given the FSN of a target fileset, it MUST be possible to create a junction to that fileset at a named place in another fileset.


After a junction has been created, clients that access the junction transparently interpret it as a reference to the FSL(s) that implement the FSN associated with the junction.


a. It SHOULD be possible to have more than one junction whose target is a given fileset. In other words, it SHOULD be possible to mount a fileset at multiple named places.

a. 应该可以有多个目标为给定文件集的连接。换句话说,应该可以在多个命名位置装载文件集。

b. If the fileset in which the junction is created is replicated, then the junction MUST eventually appear in all of its replicas.

b. 如果在其中创建连接的文件集已复制,则连接最终必须出现在其所有副本中。

The operation of creating a junction within a fileset is treated as an update to the fileset, and therefore obeys the general rules about updates to replicated filesets.


R4: USING THE FEDERATION INTERFACES, it MUST be possible to delete a specific junction from a fileset.


If a junction is deleted, clients who are already viewing the fileset referred to by the junction after traversing the junction MAY continue to view the old namespace. They might not discover that the junction no longer exists (or has been deleted and replaced with a new junction, possibly referring to a different FSN).


After a junction is deleted, another object with the same name (another junction, or an ordinary filesystem object) may be created.


The operation of deleting a junction within a fileset is treated as an update to the fileset, and therefore obeys the general rules about updates to replicated filesets.


R5: USING THE FEDERATION INTERFACES, it MUST be possible to invalidate an FSN.


a. If a junction refers to an FSN that is invalid, attempting to traverse the junction MUST fail.

a. 如果交叉点引用的FSN无效,则尝试穿越交叉点必须失败。

An FSN that has been invalidated MAY become valid again if the FSN is recreated (i.e., as part of a disaster recovery process).


If an FSN is invalidated, clients who are already viewing the fileset named by the FSN MAY continue to view the old namespace. They might not discover that the FSN is no longer valid until they try to traverse a junction that refers to it.


R6: USING THE FEDERATION INTERFACES, it MUST be possible to invalidate an FSL.


a. An invalid FSL MUST NOT be returned as the result of resolving a junction.

a. 解析连接时,不能返回无效的FSL。

An FSL that has been invalidated MAY become valid again if the FSL is recreated (i.e., as part of a disaster recovery process).


If an FSL is invalidated, clients who are already viewing the fileset implemented by the FSL MAY continue to use that FSL. They might not discover that the FSL is no longer valid until they try to traverse a junction that refers to the fileset implemented by the FSL.


Note that invalidating an FSL does not imply that the underlying export or share (depending on the file access protocol in use) is changed in any way -- it only changes the mappings from FSNs to FSLs on the NSDB.


R7: It MUST be possible for the federation of servers to provide multiple namespaces.




a. It MUST be possible to query the fileserver named in an FSL to discover whether a junction exists at a given path within that FSL.

a. 必须能够查询FSL中命名的文件服务器,以发现该FSL中给定路径上是否存在连接。

b. It MAY be possible to query the fileserver named in an FSL to discover the junctions, if any, in that FSL. If this feature is implemented, the fileserver SHOULD report each junction's path within the FSL and the targeted FSN.

b. 可以查询FSL中命名的文件服务器,以发现该FSL中的连接(如果有)。如果实现了此功能,文件服务器应该报告FSL和目标FSN中每个连接的路径。

R9: The projected namespace (and the objects named by the namespace) MUST be accessible to clients via at least one of the following standard filesystem access protocols:


a. The namespace SHOULD be accessible to clients via versions of the CIFS (Common Internet File System) protocol as described in [MS-SMB] [MS-SMB2] [MS-CIFS].

a. 客户端应可通过[MS-SMB][MS-SMB2][MS-CIFS]中所述的CIFS(通用Internet文件系统)协议版本访问命名空间。

b. The namespace SHOULD be accessible to clients via the NFSv4 protocol as described in [RFC3530].

b. 如[RFC3530]所述,客户端应可通过NFSv4协议访问该命名空间。

c. The namespace SHOULD be accessible to clients via the NFSv3 protocol as described in [RFC1813].

c. 如[RFC1813]中所述,客户端应该可以通过NFSv3协议访问该名称空间。

d. The namespace SHOULD be accessible to clients via the NFSv2 protocol as described in [RFC1094].

d. 如[RFC1094]所述,客户端应可通过NFSv2协议访问该命名空间。

It must be understood that some of these protocols, such as NFSv3 and NFSv2, have no innate ability to access a namespace of this kind. Where such protocols have been augmented with other protocols and mechanisms (such as autofs or amd for NFSv3) to provide an extended namespace, we propose that these protocols and mechanisms may be used, or extended, in order to satisfy the requirements given in this document, and different clients may use different mechanisms.

必须理解的是,其中一些协议,如NFSv3和NFSv2,没有访问此类名称空间的固有能力。如果此类协议已通过其他协议和机制(如autofs或amd for NFSv3)进行了扩展以提供扩展名称空间,我们建议可以使用或扩展这些协议和机制,以满足本文档中给出的要求,并且不同的客户机可以使用不同的机制。

R10: USING THE FEDERATION INTERFACES, it MUST be possible to modify the NSDB mapping from an FSN to a set of FSLs to reflect the migration from one FSL to another.


R11: FSL migration SHOULD have little or no impact on the clients, but this is not guaranteed across all federation members.


Whether FSL migration is performed transparently depends on whether the source and destination servers are able to do so. It is the responsibility of the administrator to recognize whether or not the migration will be transparent, and advise the system accordingly. The federation, in turn, MUST advise the servers to notify their clients, if necessary.


For example, on some systems, it may be possible to migrate a fileset from one system to another with minimal client impact because all client-visible metadata (inode numbers, etc.) are preserved during migration. On other systems, migration might be quite disruptive.


R12: USING THE FEDERATION INTERFACES, it MUST be possible to modify the NSDB mapping from an FSN to a set of FSLs to reflect the addition/removal of a replica at a given FSL.


R13: Replication SHOULD have little or no negative impact on the clients.


Whether FSL replication is performed transparently depends on whether the source and destination servers are able to do so. It is the responsibility of the administrator initiating the replication to recognize whether or not the replication will be transparent, and advise the federation accordingly. The federation MUST advise the servers to notify their clients, if necessary.


For example, on some systems, it may be possible to mount any FSL of an FSN read/write, while on other systems, there may be any number of read-only replicas but only one FSL that can be mounted as read/write.


R14: USING THE FEDERATION INTERFACES, it SHOULD be possible to annotate the objects and relations managed by the federation protocol with arbitrary name/value pairs.


These annotations are not used by the federation protocols -- they are intended for use by higher-level protocols. For example, an annotation that might be useful for a system administrator browsing the federation would be the "owner" of each FSN (i.e., "this FSN is for the home directory of Joe Smith"). As another example, the annotations may express hints used by the clients (such as priority information for NFSv4.1).

这些注释不是由联合协议使用的——它们是供更高级别的协议使用的。例如,对于浏览联盟的系统管理员可能有用的注释是每个FSN的“所有者”(即,“此FSN用于Joe Smith的主目录”)。作为另一个示例,注释可以表示客户端使用的提示(例如NFSv4.1的优先级信息)。

Both FSNs and FSLs may be annotated. For example, an FSN property might be "This is Joe Smith's home directory", and an FSL property might be "This instance of the FSN is at the remote backup site".

可对FSN和FSL进行注释。例如,FSN属性可能是“This is Joe Smith's home directory”,FSL属性可能是“This instance of the FSN is the remote backup site”。

a. USING THE FEDERATION INTERFACES, it MUST be possible to query the system to find the annotations for a junction.

a. 使用联合接口,必须能够查询系统以查找连接的注释。

b. USING THE FEDERATION INTERFACES, it MUST be possible to query the system to find the annotations for an FSN.

b. 使用联合接口,必须能够查询系统以查找FSN的注释。

c. USING THE FEDERATION INTERFACES, it MUST be possible to query the system to find the annotations for an FSL.

c. 使用联合接口,必须能够查询系统以查找FSL的注释。

R15: It MUST be possible for the federation to project a namespace with a common root.


a. It SHOULD be possible to define a root fileset that is exported by one or more fileservers in the federation as the top level of a namespace. (Corollary: There is one root fileset per namespace and it is possible to support multiple namespaces per federation.)

a. 应该可以将由联合体中的一个或多个文件服务器导出的根文件集定义为命名空间的顶级。(推论:每个名称空间有一个根文件集,并且每个联合体可以支持多个名称空间。)

b. It SHOULD be possible for a fileserver to locate an NSDB that stores the layout of a root fileset.

b. 文件服务器应该可以找到存储根文件集布局的NSDB。

c. It SHOULD be possible to access, store, and update information related to a root fileset using the federation protocols.

c. 应该可以使用联合协议访问、存储和更新与根文件集相关的信息。

d. It SHOULD be possible to replicate root fileset information across multiple repositories.

d. 应该可以跨多个存储库复制根文件集信息。

e. If a root fileset is defined, it SHOULD be possible to enable a fileserver to export that root fileset for client access.

e. 如果定义了根文件集,则应该可以使文件服务器导出该根文件集以供客户端访问。

f. If a root fileset is defined, it SHOULD be possible for multiple fileservers to project a common root with defined consistency semantics.

f. 如果定义了根文件集,则多个文件服务器应该可以使用定义的一致性语义投影公共根。

g. If a root fileset is defined, it SHOULD be stored using a compact representation that is compatible with heterogeneous fileserver implementations. The root fileset's internal format SHOULD contain enough information to generate any attributes, including referrals, required by the standard filesystem access protocols in R9.

g. 如果定义了根文件集,则应使用与异构文件服务器实现兼容的紧凑表示来存储它。根文件集的内部格式应该包含足够的信息来生成R9中标准文件系统访问协议所需的任何属性,包括引用。

6. Non-Requirements
6. 非要求

N1: It is not necessary for the namespace to be known by any specific fileserver.


In the same manner that clients do not need to have a priori knowledge of the structure of the namespace or its mapping onto federation members, the projected namespace can exist without individual fileservers knowing the entire organizational structure, or, indeed, without knowing exactly where in the projected namespace the filesets they host exist.


Fileservers do need to be able to handle referrals from other fileservers, but they do not need to know what path the client was accessing when the referral was generated.


N2: It is not necessary for updates and accesses to the NSDB data to occur in transaction or transaction-like contexts.


One possible requirement that is omitted from our current list is that updates and accesses to the data stored in the NSDB (or individual NSDB nodes) occur within a transaction context. We were not able to agree whether the benefits of transactions are worth the complexity they add (both to the specification and its eventual implementation), but this topic is open for discussion.


Below is the draft of a proposed requirement that provides transactional semantics:


There MUST be a way to ensure that sequences of operations, including observations of the namespace (including finding the locations corresponding to a set of FSNs) and changes to the namespace or related data stored in the system (including the creation, renaming, or deletion of junctions, and the creation, altering, or deletion of mappings between FSN and filesystem locations), can be performed in a manner that provides predictable semantics for the relationship between the observed values and the effect of the changes.


It MUST be possible to protect sequences of operations by transactions with NSDB-wide or server-wide Atomicity, Consistency, Isolation, and Durability (ACID) semantics.


7. Security Considerations
7. 安全考虑

Assuming the Internet threat model, the federated resolution mechanism described in this document MUST be implemented in such a way to prevent loss of CONFIDENTIALITY, DATA INTEGRITY, and PEER ENTITY AUTHENTICATION, as described in [RFC3552].


CONFIDENTIALITY may be violated if an unauthorized party is able to eavesdrop on the communication between authorized servers and NSDB nodes and thereby learn the locations or other information about FSNs that they would not be authorized to discover via direct queries. DATA INTEGRITY may be compromised if a third party is able to undetectably alter the contents of the communication between servers and NSDB nodes. PEER ENTITY AUTHENTICATION is defeated if one server can masquerade as another server without proper authority, or if an arbitrary host can masquerade as a NSDB node.


Well-established techniques for providing authenticated channels may be used to defeat these attacks, and the protocol MUST support at least one of them.


For example, if Lightweight Directory Access Protocol (LDAP) is used to implement the query mechanism [RFC4510], then Transport Layer Security (TLS) may be used to provide both authentication and integrity [RFC5246] [RFC4513]. If the query protocol is implemented on top of Open Network Computing / Remote Procedure Call (ONC/RPC), then RPCSEC_GSS may be used to fill the same role [RFC2203] [RFC2743].


A federation could contain multiple Public Key Infrastructure (PKI) trust anchors [RFC5280]. The federation protocols SHOULD define a mechanism for managing a fileserver's NSDB trust anchors [TA-MGMT-REQS]. A general purpose trust anchor management protocol [TAMP] would be appropriate, though it might be desirable for the federation protocols to facilitate trust anchor management by, for example, using trust anchor interchange formats [TA-FORMAT].


It is useful to note that the requirements described in this document lead naturally to a system with distributed authorization, which has scalability and manageability benefits.


FSNs are likely to be long-lived resources. Therefore, the privilege to create FSNs SHOULD be carefully controlled. To assist in determining if an FSN is referenced by a junction somewhere in the federation, the NSDB records SHOULD include non-authoritative informational annotations recording the locations of any such junctions. These annotations are non-authoritative because a


junction might be created, deleted, or modified by an individual that does not have permission to modify the NSDB records.


8. References
8. 工具书类
8.1. Normative References
8.1. 规范性引用文件

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC3530] Shepler, S., Callaghan, B., Robinson, D., Thurlow, R., Beame, C., Eisler, M., and D. Noveck, "Network File System (NFS) version 4 Protocol", RFC 3530, April 2003.

[RFC3530]Shepler,S.,Callaghan,B.,Robinson,D.,Thurlow,R.,Beame,C.,Eisler,M.,和D.Noveck,“网络文件系统(NFS)版本4协议”,RFC 3530,2003年4月。

[RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, July 2003.

[RFC3552]Rescorla,E.和B.Korver,“关于安全考虑的RFC文本编写指南”,BCP 72,RFC 3552,2003年7月。

[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally Unique IDentifier (UUID) URN Namespace", RFC 4122, July 2005.

[RFC4122]Leach,P.,Mealling,M.和R.Salz,“通用唯一标识符(UUID)URN名称空间”,RFC 4122,2005年7月。

[RFC4510] Zeilenga, K., "Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map", RFC 4510, June 2006.


[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008.

[RFC5280]Cooper,D.,Santesson,S.,Farrell,S.,Boeyen,S.,Housley,R.,和W.Polk,“Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件”,RFC 52802008年5月。

[RFC5661] Shepler, S., Eisler, M., and D. Noveck, "Network File System Version 4 Minor Version 1", RFC 5661, January 2010.

[RFC5661]Shepler,S.,Eisler,M.,和D.Noveck,“网络文件系统版本4次要版本1”,RFC 56612010年1月。

8.2. Informative References
8.2. 资料性引用

[MS-CIFS] Microsoft Corporation, "Common Internet File System (CIFS) Protocol Specification", MS-CIFS 2.0, November 2009.

[MS-CIFS]微软公司,“通用互联网文件系统(CIFS)协议规范”,MS-CIFS 2.0,2009年11月。

[MS-SMB] Microsoft Corporation, "Server Message Block (SMB) Protocol Specification", MS-SMB 17.0, November 2009.

[MS-SMB]微软公司,“服务器消息块(SMB)协议规范”,MS-SMB 17.012009年11月。

[MS-SMB2] Microsoft Corporation, "Server Message Block (SMB) Version 2 Protocol Specification", MS-SMB2 19.0, November 2009.

[MS-SMB2]微软公司,“服务器消息块(SMB)第2版协议规范”,MS-SMB2 19.012009年11月。

[RFC1094] Nowicki, B., "NFS: Network File System Protocol specification", RFC 1094, March 1989.


[RFC1813] Callaghan, B., Pawlowski, B., and P. Staubach, "NFS Version 3 Protocol Specification", RFC 1813, June 1995.

[RFC1813]Callaghan,B.,Pawlowski,B.,和P.Staubach,“NFS版本3协议规范”,RFC 1813,1995年6月。

[RFC2203] Eisler, M., Chiu, A., and L. Ling, "RPCSEC_GSS Protocol Specification", RFC 2203, September 1997.

[RFC2203]Eisler,M.,Chiu,A.,和L.Ling,“RPCSEC_GSS协议规范”,RFC 2203,1997年9月。

[RFC2743] Linn, J., "Generic Security Service Application Program Interface Version 2, Update 1", RFC 2743, January 2000.

[RFC2743]Linn,J.,“通用安全服务应用程序接口版本2,更新1”,RFC 2743,2000年1月。

[RFC4513] Harrison, R., "Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms", RFC 4513, June 2006.


[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008.

[RFC5246]Dierks,T.和E.Rescorla,“传输层安全(TLS)协议版本1.2”,RFC 5246,2008年8月。

[TA-FORMAT] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor Format", Work in Progress, October 2009.


[TA-MGMT-REQS] Reddy, R. and C. Wallace, "Trust Anchor Management Requirements", Work in Progress, September 2009.


[TAMP] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor Management Protocol (TAMP)", Work in Progress, December 2009.


Appendix A. Acknowledgments

We would like to thank Robert Thurlow of Sun Microsystems for helping to author this document.

我们要感谢Sun Microsystems的Robert Thurlow帮助编写本文档。

We would also like to thank Peter McCann and Nicolas Williams for their comments and suggestions.

我们还要感谢Peter McCann和Nicolas Williams的评论和建议。

Authors' Addresses


James Lentini NetApp 1601 Trapelo Rd, Suite 16 Waltham, MA 02451 US


   Phone: +1 781-768-5359
   Phone: +1 781-768-5359

Craig Everhart NetApp 7301 Kit Creek Rd Research Triangle Park, NC 27709 US

美国北卡罗来纳州基特克里克路三角研究公园Craig Everhart NetApp 7301号,邮编27709

   Phone: +1 919-476-5320
   Phone: +1 919-476-5320

Daniel Ellard BBN Technologies 10 Moulton Street Cambridge, MA 02138 US

Daniel Ellard BBN Technologies美国马萨诸塞州剑桥莫尔顿街10号,邮编02138

   Phone: +1 617-873-8000
   Phone: +1 617-873-8000

Renu Tewari IBM Almaden 650 Harry Rd San Jose, CA 95120 US



Manoj Naik IBM Almaden 650 Harry Rd San Jose, CA 95120 US

美国加利福尼亚州圣何塞哈利路650号Manoj Naik IBM Almaden 95120