NFS Version 4
The NFS version 4 (NFS4) protocol is an improvement over the much older NFS version 3 protocol.
Versions
There are currently three minor versions of NFS4: 4.0, 4.1 and 4.2. Client and server typically negotiate the highest common minor version to use.
For stability reasons we recommend to use version
4.0
. The
ITS NAS only supports
4.0
.
Security
NFS supports a choice of four security flavors for a share. The relative I/O and CPU load roughly indicate the penalty for the increased security:
Flavor |
Security |
Relative I/O |
Core Load @ 1Gb |
sys |
IP based, typically via IP ranges or netgroups, data not encrypted |
100% |
0% |
krb5 |
Access authenticated with kerberos, data not encrypted |
66% |
5% |
krb5i |
Access authenticated with kerberos, data integrity ensured but not encrypted |
66% |
30% |
krb5p |
Access authenticated with kerberos, data encrypted and integrity ensured |
66% |
40% |
Shares on
isginf managed file servers are generally exported with
krb5:krb5i:krb5p
while the
ITS NAS currently only exports with
krb5
.
It is generally recommended to use version
krb5p
except for the
ITS NAS which only supports
krb5
.
Recommended Mount Options
For shares on all
isginf managed file servers use the following mount options:
mount -t nfs -o nfsvers=4,minorversion=0,sec=krb5p server:/path
For automounter maps or the
NIS map entry field in LDAP the entry should be formatted as follows
-nfsvers=4,minorversion=0,sec=krb5p,fstype=nfs server:/path
ITS NAS (SpectrumScale)
When manually mounting a share use the following mount options:
mount -t nfs -o nfsvers=4,minorversion=0,sec=krb5 inf.nas.ethz.ch:/fs1201/infk_...
For automounter maps or the
NIS map entry field in LDAP the entry should be formatted as follows for maximum compatibility
-nfsvers=4,minorversion=0,sec=krb5,fstype=nfs inf.nas.ethz.ch:/fs1201/infk_...