From: Brent Callaghan (Brent.Callaghan@eng.sun.com)
Date: 06/04/98-04:47:02 PM Z
Date: Thu, 4 Jun 1998 13:47:02 -0800 (PDT) From: Brent Callaghan <Brent.Callaghan@eng.sun.com> Subject: Proxying NFS v4 Message-ID: <Roam.1.1.896993222.14734.brent@jurassic> A nice feature of the HTTP protocol is the ability to use a proxy server - most commonly to cache pages and reduce internet traffic, though a proxy can also provide other services such as SOCKS, VPN, logging, content filtering, etc. When you configure your browser to talk to a proxy, all URLs are sent to the proxy which then interprets the URL and figures out which protocol to use, the target site, etc. The NFS protocol doesn't lend itself to this kind of proxying. You can send NFS requests through a connection proxy like SOCKS, but there's no easy way to support higher-level proxying like that of HTTP. I cannot send an NFS request to a proxy asking that it be redirected to another server. The most compelling need for NFS proxying is to utilize the proxy as a shared cache. Where there is a common interest in a small number of filesystems (perhaps the branch office of a large company) the hit rate on the cache can be high and there can be great savings in latency to data, connection costs, and central server offloading. The most straightforward way to make a proxyable v4 would be to add an optional redirection header to each request containing the server's address and port. This does raise some issues though: - Security schemes are designed to prevent "man in the middle" attacks. If the "man in the middle" is the proxy server, then it may be prevented from responding from the cache or interpreting the contents of the request. If security is negotiated between the client and server then the proxy may not be able to provide any caching service. This problem exists for HTTP over SSL. If security is negotiated between the client and proxy then the security scheme must also be proxyable. There's also the issue of whether the server trusts the proxy to protect cached data from unauthorized access. - Should the proxy cache writes ? This would have obvious benefits if writes can be buffered on a proxy and perhaps cancelled if the file is then removed. The proxy might also improve availability if it could handle changes while the server or server connection is down. There are some tricky issues though: resolving conflicts with the server (multiple proxies may cache incompatible changes while the server is down), how are write errors reported to users ? (e.g. no disk space). We won't have time to resolve these questions in a v4 timeframe, though it would be useful if v4 could include some kind of proxy header that would provide the necessary protocol support while we work out the implementation details. I'd be grateful for any opinions, ideas, or issues with proxying NFS. Thanks Brent
This archive was generated by hypermail 2.1.2 : 03/04/05-01:45:47 AM Z CST