NFS Version 4

The NFS version 4 (NFS4) protocol is an improvement over the much older NFS version 3 protocol.

Versions

There are currently three minor versions of NFS4: 4.0, 4.1 and 4.2. Client and server typically negotiate the highest common minor version to use.

For stability reasons we recommend to use version 4.0. The ITS NAS only supports 4.0.

Security

NFS supports a choice of four security flavors for a share. The relative I/O and CPU load roughly indicate the penalty for the increased security:

Flavor Security Relative I/O Core Load @ 1Gb
sys IP based, typically via IP ranges or netgroups, data not encrypted 100% 0%
krb5 Access authenticated with kerberos, data not encrypted 66% 5%
krb5i Access authenticated with kerberos, data integrity ensured but not encrypted 66% 30%
krb5p Access authenticated with kerberos, data encrypted and integrity ensured 66% 40%

Shares on isginf managed file servers are generally exported with krb5:krb5i:krb5p while the ITS NAS currently only exports with krb5.

It is generally recommended to use version krb5p except for the ITS NAS which only supports krb5.

Recommended Mount Options

For shares on all isginf managed file servers use the following mount options:

mount -t nfs -o nfsvers=4,minorversion=0,sec=krb5p server:/path

For automounter maps or the NIS map entry field in LDAP the entry should be formatted as follows

-nfsvers=4,minorversion=0,sec=krb5p,fstype=nfs server:/path

ITS NAS (SpectrumScale)

When manually mounting a share use the following mount options:

mount -t nfs -o nfsvers=4,minorversion=0,sec=krb5 inf.nas.ethz.ch:/fs1201/infk_...

For automounter maps or the NIS map entry field in LDAP the entry should be formatted as follows for maximum compatibility

-nfsvers=4,minorversion=0,sec=krb5,fstype=nfs inf.nas.ethz.ch:/fs1201/infk_...

Page URL: https://isg.inf.ethz.ch/bin/view/Main/HelpDesktopsAndLaptopsLinuxNfs4
2024-12-04
© 2024 Eidgenössische Technische Hochschule Zürich