NFS Version 4
The NFS version 4 (NFS4) protocol is an improvement over the much older NFS version 3 protocol.
Versions
There are currently three minor versions of NFS4: 4.0, 4.1 and 4.2. Client and server typically negotiate the highest common minor version to use.
For stability reasons we recommend to use version
4.0. The
ITS NAS only supports
4.0.
Security
NFS supports a choice of four security flavors for a share. The relative I/O and CPU load roughly indicate the penalty for the increased security:
| Flavor |
Security |
Relative I/O |
Core Load @ 1Gb |
sys |
IP based, typically via IP ranges or netgroups, data not encrypted |
100% |
0% |
krb5 |
Access authenticated with kerberos, data not encrypted |
66% |
5% |
krb5i |
Access authenticated with kerberos, data integrity ensured but not encrypted |
66% |
30% |
krb5p |
Access authenticated with kerberos, data encrypted and integrity ensured |
66% |
40% |
Shares on
isginf managed file servers are generally exported with
krb5:krb5i:krb5p while the
ITS NAS currently only exports with
krb5.
It is generally recommended to use version
krb5p except for the
ITS NAS which only supports
krb5.
Recommended Mount Options
For shares on all
isginf managed file servers use the following mount options:
mount -t nfs -o nfsvers=4,minorversion=0,sec=krb5p server:/path
For automounter maps or the
NIS map entry field in LDAP the entry should be formatted as follows
-nfsvers=4,minorversion=0,sec=krb5p,fstype=nfs server:/path
ITS NAS (SpectrumScale)
When manually mounting a share use the following mount options:
mount -t nfs -o nfsvers=4,minorversion=0,sec=krb5 inf.nas.ethz.ch:/fs1201/infk_...
For automounter maps or the
NIS map entry field in LDAP the entry should be formatted as follows for maximum compatibility
-nfsvers=4,minorversion=0,sec=krb5,fstype=nfs inf.nas.ethz.ch:/fs1201/infk_...
