nfssrv Module Parameters

This section describes NFS parameters for the nfssrv module.

nfssrv:nfs_portmon

Description

Controls some security checking that the NFS server can do to attempt to enforce integrity on the part of its clients. It can check to see whether the source port from which a request was sent was a reserved port. This is a port whose number is less than 1024. For BSD based systems, these ports are reserved to processes being run by root. This checking can prevent users from writing their own RPC-based applications to defeat the access checking that the NFS client uses.

Data Type

Integer (32–bit)

Default

0 (checking disabled)

Range

0 (checking disabled), 1 (checking enabled)

Units

Boolean values

Dynamic?

Yes

Validation

None

When to Change

Use this parameter to prevent malicious users from gaining access to files by using the NFS server that they would not ordinarily have access to. However, the reserved port notion is not universally supported. Thus, the security aspects of the check are very weak. Also, not all NFS client implementations bind their transport endpoints to a port number in the reserved range, so interoperability problems might result if the checking is enabled.

Stability Level

Evolving

nfssrv:rfs_write_async

Description

Controls the behavior of the NFS version 2 server when it processes WRITE requests. The NFS version 2 protocol mandates that all modified data and metadata associated with the WRITE request reside on stable storage before the server can respond to the client. NFS version 2 WRITE requests are limited to 8192 bytes of data. Thus, each WRITE request might cause multiple small writes to the storage subsystem. This can cause a performance problem.

One trick to accelerate NFS version 2 WRITEs is to take advantage of a client behavior. Clients tend to send out WRITE requests in batches. The server can take advantage of this behavior by clustering together the different WRITE requests into a single request to the underlying file system. Thus, the data to be written to the storage subsystem can be written in fewer, larger requests. This can increase the throughput for WRITE requests tremendously.

Data Type

Integer (32–bit)

Default

1 (clustering enabled)

Range

0 (clustering disabled), 1 (clustering enabled)

Units

Boolean values

Dynamic?

Yes

Validation

None

When to Change

Some very small NFS clients, particularly PC clients, might not batch WRITE requests. Thus, the behavior required from the clients might not exist, and the clustering in the NFS version 2 server might just add overhead and slow down performance instead of increasing it.

Stability Level

Evolving

nfssrv:nfsauth_ch_cache_max

Description

Controls the size of the cache of client handles that contact the NFS authentication server. This server authenticates NFS clients to determine whether they are allowed access to the file handle that they are trying to use.

Data Type

Integer (32–bit)

Default

16

Range

0 to 2³¹ - 1

Units

Client handles

Dynamic?

Yes

Validation

None

When to Change

This cache is not dynamic, so attempts to allocate a client handle when all are busy will fail. This results in requests being dropped by the NFS server because they could not be authenticated. Most of the time, this is not a problem because the NFS client just times out and retransmits the request. However, for soft-mounted file systems on the client, the client might time out, not retry the request, and then return an error to the application. This might have been avoided by ensuring that the size of the cache on the server is large enough to handle the load.

Stability Level

Unstable

nfssrv:exi_cache_time

Description

Controls the duration of time that entries are held in the NFS authentication cache before being purged due to memory pressure in the system.

Data Type

Long integer (32 bits on 32–bit platforms and 64 bits on 64–bit platforms)

Default

3600 seconds (1 hour)

Range

0 to 2³¹ - 1 on 32–bit platforms

0 to 2⁶³ - 1 on 64–bit platforms

Units

Seconds

Dynamic?

Yes

Validation

None

When to Change

The size of the NFS authentication cache can be adjusted by varying the minimum age of entries that can get purged from the cache. The size of the cache should be controlled so that it is not allowed to grow too large, thus using system resources that are not allowed to be released due to this aging process.

Stability Level

Evolving