tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search     info

RFC 7532

 
 
 

Namespace Database (NSDB) Protocol for Federated File Systems

Part 3 of 3, p. 42 to 65
Prev RFC Part

 


prevText      Top      Up      ToC       Page 42 
5.  NSDB Operations

   The operations defined by the protocol can be described as several
   sub-protocols that are used by entities within a federation to
   perform different roles.

   The first of these sub-protocols defines how the state of an NSDB
   node can be initialized and updated.  The primary use of this sub-
   protocol is by an administrator to add, edit, or delete filesets,
   their properties, and their fileset locations.

   The second of these sub-protocols defines the queries that are sent
   to an NSDB node in order to perform resolution (or to find other
   information about the data stored within that NSDB node) and the
   responses returned by the NSDB node.  The primary use of this sub-
   protocol is by a fileserver in order to perform resolution, but it
   may also be used by an administrator to query the state of the
   system.

   The first and second sub-protocols are defined as LDAP operations,
   using the schema defined in the previous section.  If each NSDB node
   is a standard LDAP server, then, in theory, it is unnecessary to
   describe the LDAP operations in detail because the operations are
   ordinary LDAP operations to query and update records.  However, we do
   not require that an NSDB node implement a complete LDAP service.
   Therefore, we define the minimum level of LDAP functionality required
   to implement an NSDB node.

   The NSDB sub-protocols are defined in Section 5.1 and Section 5.2.
   The descriptions of LDAP messages in these sections use the LDAP Data
   Interchange Format (LDIF) [RFC2849].  In order to differentiate
   constant and variable strings in the LDIF specifications, variables
   are prefixed by a $ character and use all uppercase characters.  For
   example, a variable named FOO would be specified as $FOO.

   This document uses the term "NSDB client" to refer to an LDAP client
   that uses either of the NSDB sub-protocols.

   The third sub-protocol defines the queries and other requests that
   are sent to a fileserver in order to get information from it or to
   modify the state of the fileserver in a manner related to the
   federation protocols.  The primary purpose of this protocol is for an
   administrator to create or delete a junction or discover related
   information about a particular fileserver.

   The third sub-protocol is defined as an Open Network Computing (ONC)
   Remote Procedure Call (RPC) protocol.  The reason for using ONC RPC

Top      Up      ToC       Page 43 
   instead of LDAP is that all fileservers support ONC RPC, but some do
   not support an LDAP directory server.

   The ONC RPC administration protocol is defined in [RFC7533].

5.1.  NSDB Operations for Administrators

   The admin entity initiates and controls the commands to manage
   fileset and namespace information.  The protocol used for
   communicating between the admin entity and each NSDB node MUST be the
   LDAPv3 [RFC4510] protocol.

   The names we assign to these operations are entirely for the purpose
   of exposition in this document and are not part of the LDAP dialogs.

5.1.1.  Create an FSN

   This operation creates a new FSN in the NSDB by adding a new fedfsFsn
   entry in the NSDB's LDAP directory.

   A fedfsFsn entry contains a fedfsFsnUuid.  The administrator chooses
   the fedfsFsnUuid by the process described in Section 2.12.  A
   fedfsFsn entry also contains a fedfsFsnTTL.  The fedfsFsnTTL is
   chosen by the administrator as described in Section 2.8.3.

5.1.1.1.  LDAP Request

   This operation is implemented using the LDAP ADD request described by
   the LDIF below.

           dn: fedfsFsnUuid=$FSNUUID,$NCE
           changeType: add
           objectClass: fedfsFsn
           fedfsFsnUuid: $FSNUUID
           fedfsFsnTTL: $TTL

   For example, if $FSNUUID is "e8c4761c-eb3b-4307-86fc-f702da197966",
   $TTL is "300" seconds, and $NCE is "o=fedfs", the operation would be:

           dn: fedfsFsnUuid=e8c4761c-eb3b-4307-86fc-f702da197966,o=fedfs
           changeType: add
           objectClass: fedfsFsn
           fedfsFsnUuid: e8c4761c-eb3b-4307-86fc-f702da197966
           fedfsFsnTTL: 300

Top      Up      ToC       Page 44 
5.1.2.  Delete an FSN

   This operation deletes an FSN by removing a fedfsFsn entry in the
   NSDB's LDAP directory.

   If the FSN entry being deleted has child FSL entries, this function
   MUST return an error.  This ensures that the NSDB will not contain
   any orphaned FSL entries.  A compliant LDAP implementation will meet
   this requirement since Section 4.8 of [RFC4511] defines the LDAP
   delete operation to only be capable of removing leaf entries.

   Note that the FSN delete function removes the fileset only from a
   federation namespace (by removing the records for that FSN from the
   NSDB node that receives this request).  The fileset and its data are
   not deleted.  Any junction that has this FSN as its target may
   continue to point to this non-existent FSN.  A dangling reference may
   be detected when a fileserver tries to resolve a junction that refers
   to the deleted FSN.

5.1.2.1.  LDAP Request

   This operation is implemented using the LDAP DELETE request described
   by the LDIF below.

           dn: fedfsFsnUuid=$FSNUUID,$NCE
           changeType: delete

   For example, if $FSNUUID is "e8c4761c-eb3b-4307-86fc-f702da197966"
   and $NCE is "o=fedfs", the operation would be:

           dn: fedfsFsnUuid=e8c4761c-eb3b-4307-86fc-f702da197966,o=fedfs
           changeType: delete

5.1.3.  Create an FSL

   This operation creates a new FSL for the given FSN by adding a new
   fedfsFsl entry in the NSDB's LDAP directory.

   A fedfsFsl entry contains a fedfsFslUuid and fedfsFsnUuid.  The
   administrator chooses the fedfsFslUuid.  The process for choosing the
   fedfsFslUuid is described in Section 2.12.  The fedfsFsnUuid is the
   UUID of the FSL's FSN.

   The administrator will also set additional attributes depending on
   the FSL type.

Top      Up      ToC       Page 45 
5.1.3.1.  LDAP Request

   This operation is implemented using the LDAP ADD request described by
   the LDIF below (Note: the LDIF shows the creation of an NFS FSL.)

           dn: fedfsFslUuid=$FSLUUID,fedfsFsnUuid=$FSNUUID,$NCE
           changeType: add
           objectClass: fedfsNfsFsl
           fedfsFslUuid: $FSLUUID
           fedfsFsnUuid: $FSNUUID
           fedfsNfsURI: nfs://$HOST:$PORT//$PATH
           fedfsNfsCurrency: $CURRENCY
           fedfsNfsGenFlagWritable: $WRITABLE
           fedfsNfsGenFlagGoing: $GOING
           fedfsNfsGenFlagSplit: $SPLIT
           fedfsNfsTransFlagRdma: $RDMA
           fedfsNfsClassSimul: $CLASS_SIMUL
           fedfsNfsClassHandle:$CLASS_HANDLE
           fedfsNfsClassFileid:$CLASS_FILEID
           fedfsNfsClassWritever:$CLASS_WRITEVER
           fedfsNfsClassChange: $CLASS_CHANGE
           fedfsNfsClassReaddir: $CLASS_READDIR
           fedfsNfsReadRank: $READ_RANK
           fedfsNfsReadOrder: $READ_ORDER
           fedfsNfsWriteRank: $WRITE_RANK
           fedfsNfsWriteOrder: $WRITE_ORDER
           fedfsNfsVarSub: $VAR_SUB
           fedfsNfsValidFor: $TIME
           fedfsAnnotation: $ANNOTATION
           fedfsDescr: $DESCR

   For example, if $FSNUUID is "e8c4761c-eb3b-4307-86fc-f702da197966",
   $FSLUUID is "ba89a802-41a9-44cf-8447-dda367590eb3", $HOST is
   "server.example.com", $PORT is "20049", $PATH is stored in the file
   "/tmp/fsl_path", $CURRENCY is "0" (an up-to-date copy), the FSL is
   writable, but not going, split, or accessible via Remote Direct
   Memory Access (RDMA), the simultaneous-use class is "1", the handle
   class is "0", the fileid class is "1", the write-verifier class is
   "1", the change class is "1", the readdir class is "9", the read rank
   is "7", the read order is "8", the write rank is "5", the write order
   is "6", variable substitution is false, $TIME is "300" seconds,
   $ANNOTATION is ""foo" = "bar"", $DESC is "This is a description.",
   and $NCE is "o=fedfs", the operation would be (for readability, the
   DN is split into two lines):

Top      Up      ToC       Page 46 
           dn: fedfsFslUuid=ba89a802-41a9-44cf-8447-dda367590eb3,
            fedfsFsnUuid=e8c4761c-eb3b-4307-86fc-f702da197966,o=fedfs
           changeType: add
           objectClass: fedfsNfsFsl
           fedfsFslUuid: ba89a802-41a9-44cf-8447-dda367590eb3
           fedfsFsnUuid: e8c4761c-eb3b-4307-86fc-f702da197966
           fedfsNfsURI: nfs://server.example.com:20049//tmp/fsl_path
           fedfsNfsCurrency: 0
           fedfsNfsGenFlagWritable: TRUE
           fedfsNfsGenFlagGoing: FALSE
           fedfsNfsGenFlagSplit: FALSE
           fedfsNfsTransFlagRdma: FALSE
           fedfsNfsClassSimul: 1
           fedfsNfsClassHandle: 0
           fedfsNfsClassFileid: 1
           fedfsNfsClassWritever: 1
           fedfsNfsClassChange: 1
           fedfsNfsClassReaddir: 9
           fedfsNfsReadRank: 7
           fedfsNfsReadOrder: 8
           fedfsNfsWriteRank: 5
           fedfsNfsWriteOrder: 6
           fedfsNfsVarSub: FALSE
           fedfsNfsValidFor: 300
           fedfsAnnotation: "foo" = "bar"
           fedfsDescr: This is a description.

5.1.3.2.  Selecting fedfsNfsFsl Values

   The fedfsNfsFSl object class is used to describe NFSv4-accessible
   filesets.  For the reasons described in Section 2.8.4, administrators
   SHOULD choose reasonable values for all LDAP attributes of an
   NFSv4-accessible fedfsNfsFsl even though some of these LDAP
   attributes are not explicitly contained in an NFSv4 fs_locations
   attribute.

   When the administrator is unable to choose reasonable values for the
   LDAP attributes not explicitly contained in an NFSv4 fs_locations
   attribute, the values in the following table are RECOMMENDED.

Top      Up      ToC       Page 47 
   +-------------------------+----------+------------------------------+
   | LDAP attribute          | LDAP     | Notes                        |
   |                         | value    |                              |
   +-------------------------+----------+------------------------------+
   | fedfsNfsCurrency        | negative | Indicates that the server    |
   |                         | value    | does not know the currency   |
   |                         |          | (see Section 11.10.1 of      |
   |                         |          | [RFC5661]).                  |
   | fedfsNfsGenFlagWritable | FALSE    | Leaving unset is not harmful |
   |                         |          | (see Section 11.10.1 of      |
   |                         |          | [RFC5661]).                  |
   | fedfsNfsGenFlagGoing    | FALSE    | NFS client will detect a     |
   |                         |          | migration event if the FSL   |
   |                         |          | becomes unavailable.         |
   | fedfsNfsGenFlagSplit    | TRUE     | Safe to assume that the FSL  |
   |                         |          | is split.                    |
   | fedfsNfsTransFlagRdma   | TRUE     | NFS client will detect if    |
   |                         |          | RDMA access is available.    |
   | fedfsNfsClassSimul      | 0        | 0 is treated as non-matching |
   |                         |          | (see Section 11.10.1 of      |
   |                         |          | [RFC5661]).                  |
   | fedfsNfsClassHandle     | 0        | See fedfsNfsClassSimul note. |
   | fedfsNfsClassFileid     | 0        | See fedfsNfsClassSimul note. |
   | fedfsNfsClassWritever   | 0        | See fedfsNfsClassSimul note. |
   | fedfsNfsClassChange     | 0        | See fedfsNfsClassSimul note. |
   | fedfsNfsClassReaddir    | 0        | See fedfsNfsClassSimul note. |
   | fedfsNfsReadRank        | 0        | Highest value ensures FSL    |
   |                         |          | will be tried.               |
   | fedfsNfsReadOrder       | 0        | See fedfsNfsReadRank note.   |
   | fedfsNfsWriteRank       | 0        | See fedfsNfsReadRank note.   |
   | fedfsNfsWriteOrder      | 0        | See fedfsNfsReadRank note.   |
   | fedfsNfsVarSub          | FALSE    | NFSv4 does not define        |
   |                         |          | variable substitution in     |
   |                         |          | paths.                       |
   | fedfsNfsValidFor        | 0        | Indicates no appropriate     |
   |                         |          | refetch interval (see        |
   |                         |          | Section 11.10.2 of           |
   |                         |          | [RFC5661]).                  |
   +-------------------------+----------+------------------------------+

5.1.4.  Delete an FSL

   This operation deletes an FSL record.  The admin requests the NSDB
   node storing the fedfsFsl to delete it from its database.  This
   operation does not result in fileset data being deleted on any
   fileserver.

Top      Up      ToC       Page 48 
5.1.4.1.  LDAP Request

   The admin sends an LDAP DELETE request to the NSDB node to remove the
   FSL.

           dn: fedfsFslUuid=$FSLUUID,fedfsFsnUuid=$FSNUUID,$NCE
           changeType: delete

   For example, if $FSNUUID is "e8c4761c-eb3b-4307-86fc-f702da197966",
   $FSLUUID is "ba89a802-41a9-44cf-8447-dda367590eb3", and $NCE is
   "o=fedfs", the operation would be (for readability, the DN is split
   into two lines):

           dn: fedfsFslUuid=ba89a802-41a9-44cf-8447-dda367590eb3,
            fedfsFsnUuid=e8c4761c-eb3b-4307-86fc-f702da197966,o=fedfs
           changeType: delete

5.1.5.  Update an FSL

   This operation updates the attributes of a given FSL.  This command
   results in a change in the attributes of the fedfsFsl at the NSDB
   node maintaining this FSL.  The values of the fedfsFslUuid and
   fedfsFsnUuid attributes MUST NOT change during an FSL update.

5.1.5.1.  LDAP Request

   The admin sends an LDAP MODIFY request to the NSDB node to update the
   FSL.

           dn: fedfsFslUuid=$FSLUUID,fedfsFsnUuid=$FSNUUID,$NCE
           changeType: modify
           replace: $ATTRIBUTE-TYPE

   For example, if $FSNUUID is "e8c4761c-eb3b-4307-86fc-f702da197966",
   $FSLUUID is "ba89a802-41a9-44cf-8447-dda367590eb3", $NCE is
   "o=fedfs", and the administrator wished to change the NFS read rank
   to 10, the operation would be (for readability, the DN is split into
   two lines):

           dn: fedfsFslUuid=ba89a802-41a9-44cf-8447-dda367590eb3,
            fedfsFsnUuid=e8c4761c-eb3b-4307-86fc-f702da197966,o=fedfs
           changeType: modify
           replace: fedfsNfsReadClass
           fedfsNfsReadRank: 10

Top      Up      ToC       Page 49 
5.2.  NSDB Operations for Fileservers

5.2.1.  NSDB Container Entry (NCE) Enumeration

   To find the NCEs for the NSDB nsdb.example.com, a fileserver would do
   the following:

        nce_list = empty
        connect to the LDAP directory at nsdb.example.com
        for each namingContext value $BAR in the root DSE
            /* $BAR is a DN */
            query for a fedfsNceDN value at $BAR
            /*
             * The RFC 4516 LDAP URL for this search would be
             *
             *  ldap://nsdb.example.com:389/$BAR?fedfsNceDN??
             *                      (objectClass=fedfsNsdbContainerInfo)
             *
             */
            if a fedfsNceDN value is found
                add the value to the nce_list

5.2.2.  Lookup FSLs for an FSN

   Using an LDAP search, the fileserver can obtain all of the FSLs for a
   given FSN.  The FSN's fedfsFsnUuid is used as the search key.  The
   following examples use the LDAP Uniform Resource Identifier (URI)
   format defined in [RFC4516].

   To obtain a list of all FSLs for $FSNUUID on the NSDB named
   $NSDBNAME, the following search can be used (for readability, the URI
   is split into two lines):

       for each $NCE in nce_list
           ldap://$NSDBNAME/fedfsFsnUuid=$FSNUUID,$NCE??one?
               (objectClass=fedfsFsl)

   This search is for the children of the object with DN
   "fedfsFsnUuid=$FSNUUID,$NCE" with a filter for
   "objectClass=fedfsFsl".  The scope value of "one" restricts the
   search to the entry's children (rather than the entire subtree below
   the entry), and the filter ensures that only FSL entries are
   returned.

   For example, if $NSDBNAME is "nsdb.example.com", $FSNUUID is
   "e8c4761c-eb3b-4307-86fc-f702da197966", and $NCE is "o=fedfs", the
   search would be (for readability, the URI is split into three lines):

Top      Up      ToC       Page 50 
       ldap://nsdb.example.com/
               fedfsFsnUuid=e8c4761c-eb3b-4307-86fc-f702da197966,o=fedfs
               ??one?(objectClass=fedfsFsl)

   The following search can be used to obtain only the NFS FSLs for
   $FSNUUID on the NSDB named $NSDBNAME (for readability, the URI is
   split into two lines):

       for each $NCE in nce_list
           ldap://$NSDBNAME/fedfsFsnUuid=$FSNUUID,$NCE??one?
               (objectClass=fedfsNfsFsl)

   This also searches for the children of the object with DN
   "fedfsFsnUuid=$FSNUUID,$NCE", but the filter for "objectClass =
   fedfsNfsFsl" restricts the results to only NFS FSLs.

   For example, if $NSDBNAME is nsdb.example.com, $FSNUUID is "e8c4761c-
   eb3b-4307-86fc-f702da197966", and $NCE is "o=fedfs", the search would
   be (for readability, the URI is split into three lines):

       ldap://nsdb.example.com/
               fedfsFsnUuid=e8c4761c-eb3b-4307-86fc-f702da197966,o=fedfs
               ??one?(objectClass=fedfsNfsFsl)

   The fileserver will generate a referral based on the set of FSLs
   returned by these queries using the process described in
   Section 2.8.4.

5.3.  NSDB Operations and LDAP Referrals

   The LDAPv3 protocol defines an LDAP referral mechanism that allows an
   LDAP server to redirect an LDAP client.  LDAPv3 defines two types of
   LDAP referrals: the Referral type defined in Section 4.1.10 of
   [RFC4511] and the SearchResultReference type defined in Section 4.5.3
   of [RFC4511].  In both cases, the LDAP referral lists one or more
   URIs for services that can be used to complete the operation.  In the
   remainder of this document, the term "LDAP referral" is used to
   indicate either of these types.

   If an NSDB operation results in an LDAP referral, the NSDB client MAY
   follow the LDAP referral.  An NSDB client's decision to follow an
   LDAP referral is implementation and configuration dependent.  For
   example, an NSDB client might be configured to follow only those LDAP
   referrals that were received over a secure channel or only those that
   target an NSDB that supports encrypted communication.  If an NSDB
   client chooses to follow an LDAP referral, the NSDB client MUST
   process the LDAP referral and prevent looping as described in
   Section 4.1.10 of [RFC4511].

Top      Up      ToC       Page 51 
6.  Security Considerations

   Both the NFSv4 and LDAPv3 protocols provide security mechanisms.
   When used in conjunction with the federated file system protocols
   described in this document, the use of these mechanisms is
   RECOMMENDED.  Specifically, the use of RPCSEC_GSS [RFC2203], which is
   built on the Generic Security Service Application Program Interface
   (GSS-API) [RFC2743], is RECOMMENDED on all NFS connections between a
   file-access client and fileserver.  The security considerations
   sections of the NFSv4.0 [RFC7530] and NFSv4.1 [RFC5661]
   specifications contain special considerations for the handling of
   GETATTR operations for the fs_locations and fs_locations_info
   attributes.

   NSDB nodes and NSDB clients MUST implement support for TLS [RFC5246],
   as described in [RFC4513].  For all LDAP connections established by
   the federated file system protocols, the use of TLS is RECOMMENDED.

   If an NSDB client chooses to follow an LDAP referral, the NSDB client
   SHOULD authenticate the LDAP referral's target NSDB using the target
   NSDB's credentials (not the credentials of the NSDB that generated
   the LDAP referral).  The NSDB client SHOULD NOT follow an LDAP
   referral that targets an NSDB for which it does not know the NSDB's
   credentials.

   Within a federation, there are two types of components an attacker
   may compromise: a fileserver and an NSDB.

   If an attacker compromises a fileserver, the attacker can interfere
   with a file-access client's file system input/output (I/O) operations
   (e.g., by returning fictitious data in the response to a read
   request) or can fabricate a referral.  The attacker's abilities are
   the same regardless of whether or not the federation protocols are in
   use.  While the federation protocols do not give the attacker
   additional capabilities, they are additional targets for attack.  The
   LDAP protocol described in Section 5.2 SHOULD be secured using the
   methods described above to defeat attacks on a fileserver via this
   channel.

   If an attacker compromises an NSDB, the attacker will be able to
   forge FSL information and thus poison the fileserver's referral
   information.  Therefore, an NSDB should be as secure as the
   fileservers that query it.  The LDAP operations described in
   Section 5 SHOULD be secured using the methods described above to
   defeat attacks on an NSDB via this channel.

Top      Up      ToC       Page 52 
   A fileserver binds anonymously when performing NSDB operations.
   Thus, the contents and distinguished names of FSN and FSL records are
   required to be readable by anyone who can bind anonymously to an NSDB
   service.  Section 2.12 presents the security considerations in the
   choice of the type of UUID used in these records.

   It should be noted that the federation protocols do not directly
   provide access to file system data.  The federation protocols only
   provide a mechanism for building a namespace.  All data transfers
   occur between a file-access client and fileserver just as they would
   if the federation protocols were not in use.  As a result, the
   federation protocols do not require new user authentication and
   authorization mechanisms or require a fileserver to act as a proxy
   for a client.

7.  IANA Considerations

7.1.  Registry for the fedfsAnnotation Key Namespace

   This document defines the fedfsAnnotation key in Section 4.2.1.6.
   The fedfsAnnotation key namespace is managed by IANA.  IANA has
   created and now maintains a new registry entitled "FedFS Annotation
   Keys".  The location of this registry is under a new heading called
   "Federated File System (FedFS) Parameters".  The URL address is
   <http://www.iana.org/assignments/fedfs-parameters>.

   Future registrations are to be administered by IANA using the "First
   Come First Served" policy defined in [RFC5226].  Registration
   requests MUST include the key (a valid UTF-8 string of any length), a
   brief description of the key's purpose, and an email contact for the
   registration.  For viewing, the registry should be sorted
   lexicographically by key.  There are no initial assignments for this
   registry.

7.2.  Registry for FedFS Object Identifiers

   Using the process described in [RFC2578], one of the authors was
   assigned the Internet Private Enterprise Numbers range
   1.3.6.1.4.1.31103.x.  Within this range, the subrange
   1.3.6.1.4.1.31103.1.x is permanently dedicated for use by the
   federated file system protocols.  Unassigned OIDs in this range MAY
   be used for Private Use or Experimental Use as defined in [RFC5226].
   New permanent FedFS OID assignments MUST NOT be made using OIDs in
   this range.

Top      Up      ToC       Page 53 
   IANA has created and now maintains a new registry entitled "FedFS
   Object Identifiers" for the purpose of recording the allocations of
   FedFS Object Identifiers (OIDs) specified by this document.  No
   future allocations in this registry are allowed.

   The location of this registry is under the heading "Federated File
   System (FedFS) Parameters", created in Section 7.1.  The URL address
   is <http://www.iana.org/assignments/fedfs-parameters>.

   For viewing, the registry has been sorted numerically by OID value.
   The contents of the "FedFS Object Identifiers" registry are given in
   Table 1.

   Note: A descriptor designated below as "historic" reserves an OID
   used in a past version of the NSDB protocol.  Registering such OIDs
   retains compatibility among existing implementations of the NSDB
   protocol.  This document does not otherwise refer to historic OIDs.

Top      Up      ToC       Page 54 
   +---------------------------+--------------------------+-----------+
   | OID                       | Description              | Reference |
   +---------------------------+--------------------------+-----------+
   | 1.3.6.1.4.1.31103.1.1     | fedfsUuid                | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.2     | fedfsNetAddr             | historic  |
   | 1.3.6.1.4.1.31103.1.3     | fedfsNetPort             | historic  |
   | 1.3.6.1.4.1.31103.1.4     | fedfsFsnUuid             | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.5     | fedfsNsdbName            | historic  |
   | 1.3.6.1.4.1.31103.1.6     | fedfsNsdbPort            | historic  |
   | 1.3.6.1.4.1.31103.1.7     | fedfsNcePrefix           | historic  |
   | 1.3.6.1.4.1.31103.1.8     | fedfsFslUuid             | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.9     | fedfsFslHost             | historic  |
   | 1.3.6.1.4.1.31103.1.10    | fedfsFslPort             | historic  |
   | 1.3.6.1.4.1.31103.1.11    | fedfsFslTTL              | historic  |
   | 1.3.6.1.4.1.31103.1.12    | fedfsAnnotation          | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.13    | fedfsDescr               | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.14    | fedfsNceDN               | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.15    | fedfsFsnTTL              | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.100   | fedfsNfsPath             | historic  |
   | 1.3.6.1.4.1.31103.1.101   | fedfsNfsMajorVer         | historic  |
   | 1.3.6.1.4.1.31103.1.102   | fedfsNfsMinorVer         | historic  |
   | 1.3.6.1.4.1.31103.1.103   | fedfsNfsCurrency         | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.104   | fedfsNfsGenFlagWritable  | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.105   | fedfsNfsGenFlagGoing     | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.106   | fedfsNfsGenFlagSplit     | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.107   | fedfsNfsTransFlagRdma    | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.108   | fedfsNfsClassSimul       | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.109   | fedfsNfsClassHandle      | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.110   | fedfsNfsClassFileid      | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.111   | fedfsNfsClassWritever    | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.112   | fedfsNfsClassChange      | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.113   | fedfsNfsClassReaddir     | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.114   | fedfsNfsReadRank         | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.115   | fedfsNfsReadOrder        | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.116   | fedfsNfsWriteRank        | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.117   | fedfsNfsWriteOrder       | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.118   | fedfsNfsVarSub           | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.119   | fedfsNfsValidFor         | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.120   | fedfsNfsURI              | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.1001  | fedfsNsdbContainerInfo   | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.1002  | fedfsFsn                 | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.1003  | fedfsFsl                 | RFC 7532  |
   | 1.3.6.1.4.1.31103.1.1004  | fedfsNfsFsl              | RFC 7532  |
   +---------------------------+--------------------------+-----------+

                                  Table 1

Top      Up      ToC       Page 55 
7.3.  LDAP Descriptor Registration

   In accordance with Sections 3.4 and 4 of [RFC4520], the object
   identifier descriptors defined in this document (listed below) have
   been registered via the Expert Review process.

   Subject:  Request for LDAP Descriptor Registration
   Person & email address to contact for further information:  See
      "Author/Change Controller"
   Specification:  RFC 7532
   Author/Change Controller:  IESG (iesg@ietf.org)

   Object Identifier:  1.3.6.1.4.1.31103.1.1
   Descriptor (short name):  fedfsUuid
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.2
   Descriptor (short name):  fedfsNetAddr
   Usage:  attribute type (historic)

   Object Identifier:  1.3.6.1.4.1.31103.1.3
   Descriptor (short name):  fedfsNetPort
   Usage:  attribute type (historic)

   Object Identifier:  1.3.6.1.4.1.31103.1.4
   Descriptor (short name):  fedfsFsnUuid
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.5
   Descriptor (short name):  fedfsNsdbName
   Usage:  attribute type (historic)

   Object Identifier:  1.3.6.1.4.1.31103.1.6
   Descriptor (short name):  fedfsNsdbPort
   Usage:  attribute type (historic)

   Object Identifier:  1.3.6.1.4.1.31103.1.7
   Descriptor (short name):  fedfsNcePrefix
   Usage:  attribute type (historic)

   Object Identifier:  1.3.6.1.4.1.31103.1.8
   Descriptor (short name):  fedfsFslUuid
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.9
   Descriptor (short name):  fedfsFslHost
   Usage:  attribute type (historic)

Top      Up      ToC       Page 56 
   Object Identifier:  1.3.6.1.4.1.31103.1.10
   Descriptor (short name):  fedfsFslPort
   Usage:  attribute type (historic)

   Object Identifier:  1.3.6.1.4.1.31103.1.11
   Descriptor (short name):  fedfsFslTTL
   Usage:  attribute type (historic)

   Object Identifier:  1.3.6.1.4.1.31103.1.12
   Descriptor (short name):  fedfsAnnotation
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.13
   Descriptor (short name):  fedfsDescr
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.14
   Descriptor (short name):  fedfsNceDN
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.15
   Descriptor (short name):  fedfsFsnTTL
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.100
   Descriptor (short name):  fedfsNfsPath
   Usage:  attribute type (historic)

   Object Identifier:  1.3.6.1.4.1.31103.1.101
   Descriptor (short name):  fedfsNfsMajorVer
   Usage:  attribute type (historic)

   Object Identifier:  1.3.6.1.4.1.31103.1.102
   Descriptor (short name):  fedfsNfsMinorVer
   Usage:  attribute type (historic)

   Object Identifier:  1.3.6.1.4.1.31103.1.103
   Descriptor (short name):  fedfsNfsCurrency
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.104
   Descriptor (short name):  fedfsNfsGenFlagWritable
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.105
   Descriptor (short name):  fedfsNfsGenFlagGoing
   Usage:  attribute type

Top      Up      ToC       Page 57 
   Object Identifier:  1.3.6.1.4.1.31103.1.106
   Descriptor (short name):  fedfsNfsGenFlagSplit
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.107
   Descriptor (short name):  fedfsNfsTransFlagRdma
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.108
   Descriptor (short name):  fedfsNfsClassSimul
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.109
   Descriptor (short name):  fedfsNfsClassHandle
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.110
   Descriptor (short name):  fedfsNfsClassFileid
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.111
   Descriptor (short name):  fedfsNfsClassWritever
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.112
   Descriptor (short name):  fedfsNfsClassChange
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.113
   Descriptor (short name):  fedfsNfsClassReaddir
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.114
   Descriptor (short name):  fedfsNfsReadRank
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.115
   Descriptor (short name):  fedfsNfsReadOrder
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.116
   Descriptor (short name):  fedfsNfsWriteRank
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.117
   Descriptor (short name):  fedfsNfsWriteOrder
   Usage:  attribute type

Top      Up      ToC       Page 58 
   Object Identifier:  1.3.6.1.4.1.31103.1.118
   Descriptor (short name):  fedfsNfsVarSub
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.119
   Descriptor (short name):  fedfsNfsValidFor
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.120
   Descriptor (short name):  fedfsNfsURI
   Usage:  attribute type

   Object Identifier:  1.3.6.1.4.1.31103.1.1001
   Descriptor (short name):  fedfsNsdbContainerInfo
   Usage:  object class

   Object Identifier:  1.3.6.1.4.1.31103.1.1002
   Descriptor (short name):  fedfsFsn
   Usage:  object class

   Object Identifier:  1.3.6.1.4.1.31103.1.1003
   Descriptor (short name):  fedfsFsl
   Usage:  object class

   Object Identifier:  1.3.6.1.4.1.31103.1.1004
   Descriptor (short name):  fedfsNfsFsl
   Usage:  object class

8.  Glossary

   Administrator:  A user with the necessary authority to initiate
      administrative tasks on one or more servers.

   Admin Entity:  A server or agent that administers a collection of
      fileservers and persistently stores the namespace information.

   File-Access Client:  Standard off-the-shelf, network-attached storage
      (NAS) client software that communicates with fileservers using a
      standard file-access protocol.

   Federation:  A set of fileserver collections and singleton
      fileservers that use a common set of interfaces and protocols in
      order to provide to file-access clients a federated namespace
      accessible through a file system access protocol.

   Fileserver:  A server that stores physical fileset data or refers
      file-access clients to other fileservers.  A fileserver provides
      access to its shared file system data via a file-access protocol.

Top      Up      ToC       Page 59 
   Fileset:  The abstraction of a set of files and the directory tree
      that contains them.  A fileset is the fundamental unit of data
      management in the federation.

      Note that all files within a fileset are descendants of one
      directory and that filesets do not span file systems.

   File System:  A self-contained unit of export for a fileserver and
      the mechanism used to implement filesets.  The fileset does not
      need to be rooted at the root of the file system, nor at the
      export point for the file system.

      A single file system MAY implement more than one fileset, if the
      file-access protocol and the fileserver permit this.

   File-Access Protocol:  A network file system access protocol such as
      NFSv3 [RFC1813], NFSv4 [RFC7530], or CIFS (Common Internet File
      System) [MS-SMB] [MS-SMB2] [MS-CIFS].

   FSL (Fileset Location):  The location of the implementation of a
      fileset at a particular moment in time.  An FSL MUST be something
      that can be translated into a protocol-specific description of a
      resource that a file-access client can access directly, such as an
      fs_locations attribute (for NFSv4) or a share name (for CIFS).

   FSN (Fileset Name):  A platform-independent and globally unique name
      for a fileset.  Two FSLs that implement replicas of the same
      fileset MUST have the same FSN, and if a fileset is migrated from
      one location to another, the FSN of that fileset MUST remain the
      same.

   Junction:  A file system object used to link a directory name in the
      current fileset with an object within another fileset.  The
      server-side "link" from a leaf node in one fileset to the root of
      another fileset.

   Namespace:  A filename/directory tree that a sufficiently authorized
      file-access client can observe.

   NSDB (Namespace Database) Service:  A service that maps FSNs to FSLs.
      The NSDB may also be used to store other information, such as
      annotations for these mappings and their components.

   NSDB Node:  The name or location of a server that implements part of
      the NSDB service and is responsible for keeping track of the FSLs
      (and related information) that implement a given partition of the
      FSNs.

Top      Up      ToC       Page 60 
   Referral:  A server response to a file-access client access that
      directs the client to evaluate the current object as a reference
      to an object at a different location (specified by an FSL) in
      another fileset and possibly hosted on another fileserver.  The
      client re-attempts the access to the object at the new location.

   Replica:  A redundant implementation of a fileset.  Each replica
      shares the same FSN but has a different FSL.

      Replicas may be used to increase availability or performance.
      Updates to replicas of the same fileset MUST appear to occur in
      the same order; therefore, each replica is self-consistent at any
      moment.

      We do not assume that updates to each replica occur
      simultaneously.  If a replica is offline or unreachable, the other
      replicas may be updated.

   Server Collection:  A set of fileservers administered as a unit.  A
      server collection may be administered with vendor-specific
      software.

      The namespace provided by a server collection could be part of the
      federated namespace.

   Singleton Server:  A server collection containing only one server; a
      stand-alone fileserver.

9.  References

9.1.  Normative References

   [RFC2079]  Smith, M., "Definition of an X.500 Attribute Type and an
              Object Class to Hold Uniform Resource Identifiers (URIs)",
              RFC 2079, January 1997,
              <http://www.rfc-editor.org/info/rfc2079>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC2203]  Eisler, M., Chiu, A., and L. Ling, "RPCSEC_GSS Protocol
              Specification", RFC 2203, September 1997,
              <http://www.rfc-editor.org/info/rfc2203>.

Top      Up      ToC       Page 61 
   [RFC2578]  McCloghrie, K., Ed., Perkins, D., Ed., and J.
              Schoenwaelder, Ed., "Structure of Management Information
              Version 2 (SMIv2)", STD 58, RFC 2578, April 1999,
              <http://www.rfc-editor.org/info/rfc2578>.

   [RFC2743]  Linn, J., "Generic Security Service Application Program
              Interface Version 2, Update 1", RFC 2743, January 2000,
              <http://www.rfc-editor.org/info/rfc2743>.

   [RFC2849]  Good, G., "The LDAP Data Interchange Format (LDIF) -
              Technical Specification", RFC 2849, June 2000,
              <http://www.rfc-editor.org/info/rfc2849>.

   [RFC3629]  Yergeau, F., "UTF-8, a transformation format of ISO
              10646", STD 63, RFC 3629, November 2003,
              <http://www.rfc-editor.org/info/rfc3629>.

   [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
              Resource Identifier (URI): Generic Syntax", STD 66, RFC
              3986, January 2005,
              <http://www.rfc-editor.org/info/rfc3986>.

   [RFC4122]  Leach, P., Mealling, M., and R. Salz, "A Universally
              Unique IDentifier (UUID) URN Namespace", RFC 4122, July
              2005, <http://www.rfc-editor.org/info/rfc4122>.

   [RFC4510]  Zeilenga, K., Ed., "Lightweight Directory Access Protocol
              (LDAP): Technical Specification Road Map", RFC 4510, June
              2006, <http://www.rfc-editor.org/info/rfc4510>.

   [RFC4511]  Sermersheim, J., Ed., "Lightweight Directory Access
              Protocol (LDAP): The Protocol", RFC 4511, June 2006,
              <http://www.rfc-editor.org/info/rfc4511>.

   [RFC4512]  Zeilenga, K., Ed., "Lightweight Directory Access Protocol
              (LDAP): Directory Information Models", RFC 4512, June
              2006, <http://www.rfc-editor.org/info/rfc4512>.

   [RFC4513]  Harrison, R., Ed., "Lightweight Directory Access Protocol
              (LDAP): Authentication Methods and Security Mechanisms",
              RFC 4513, June 2006,
              <http://www.rfc-editor.org/info/rfc4513>.

   [RFC4516]  Smith, M., Ed. and T. Howes, "Lightweight Directory Access
              Protocol (LDAP): Uniform Resource Locator", RFC 4516, June
              2006, <http://www.rfc-editor.org/info/rfc4516>.

Top      Up      ToC       Page 62 
   [RFC4517]  Legg, S., Ed., "Lightweight Directory Access Protocol
              (LDAP): Syntaxes and Matching Rules", RFC 4517, June 2006,
              <http://www.rfc-editor.org/info/rfc4517>.

   [RFC4519]  Sciberras, A., Ed., "Lightweight Directory Access Protocol
              (LDAP): Schema for User Applications", RFC 4519, June
              2006, <http://www.rfc-editor.org/info/rfc4519>.

   [RFC4520]  Zeilenga, K., "Internet Assigned Numbers Authority (IANA)
              Considerations for the Lightweight Directory Access
              Protocol (LDAP)", BCP 64, RFC 4520, June 2006,
              <http://www.rfc-editor.org/info/rfc4520>.

   [RFC4530]  Zeilenga, K., "Lightweight Directory Access Protocol
              (LDAP) entryUUID Operational Attribute", RFC 4530, June
              2006, <http://www.rfc-editor.org/info/rfc4530>.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              May 2008, <http://www.rfc-editor.org/info/rfc5226>.

   [RFC5234]  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
              Specifications: ABNF", STD 68, RFC 5234, January 2008,
              <http://www.rfc-editor.org/info/rfc5234>.

   [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security
              (TLS) Protocol Version 1.2", RFC 5246, August 2008,
              <http://www.rfc-editor.org/info/rfc5246>.

   [RFC5661]  Shepler, S., Ed., Eisler, M., Ed., and D. Noveck, Ed.,
              "Network File System (NFS) Version 4 Minor Version 1
              Protocol", RFC 5661, January 2010,
              <http://www.rfc-editor.org/info/rfc5661>.

   [RFC7530]  Haynes, T., Ed. and D. Noveck, Ed., "Network File System
              (NFS) Version 4 Protocol", RFC 7530, March 2015,
              <http://www.rfc-editor.org/info/rfc7530>.

9.2.  Informative References

   [AFS]      Howard, J., "An Overview of the Andrew File System",
              Proceedings of the USENIX Winter Technical Conference ,
              1988.

   [MS-CIFS]  Microsoft Corporation, "Common Internet File System (CIFS)
              Protocol Specification", MS-CIFS 24.0, May 2014.

Top      Up      ToC       Page 63 
   [MS-SMB]   Microsoft Corporation, "Server Message Block (SMB)
              Protocol Specification", MS-SMB 43.0, May 2014.

   [MS-SMB2]  Microsoft Corporation, "Server Message Block (SMB) Version
              2 Protocol Specification", MS-SMB2 46.0, May 2014.

   [RFC1813]  Callaghan, B., Pawlowski, B., and P. Staubach, "NFS
              Version 3 Protocol Specification", RFC 1813, June 1995,
              <http://www.rfc-editor.org/info/rfc1813>.

   [RFC2224]  Callaghan, B., "NFS URL Scheme", RFC 2224, October 1997,
              <http://www.rfc-editor.org/info/rfc2224>.

   [RFC3254]  Alvestrand, H., "Definitions for talking about
              directories", RFC 3254, April 2002,
              <http://www.rfc-editor.org/info/rfc3254>.

   [RFC5662]  Shepler, S., Ed., Eisler, M., Ed., and D. Noveck, Ed.,
              "Network File System (NFS) Version 4 Minor Version 1
              External Data Representation Standard (XDR) Description",
              RFC 5662, January 2010,
              <http://www.rfc-editor.org/info/rfc5662>.

   [RFC5716]  Lentini, J., Everhart, C., Ellard, D., Tewari, R., and M.
              Naik, "Requirements for Federated File Systems", RFC 5716,
              January 2010, <http://www.rfc-editor.org/info/rfc5716>.

   [RFC6641]  Everhart, C., Adamson, W., and J. Zhang, "Using DNS SRV to
              Specify a Global File Namespace with NFS Version 4", RFC
              6641, June 2012, <http://www.rfc-editor.org/info/rfc6641>.

   [RFC7533]  Lentini, J., Tewari, R., and C. Lever, Ed.,
              "Administration Protocol for Federated File Systems", RFC
              7533, March 2015,
              <http://www.rfc-editor.org/info/rfc7533>.

Top      Up      ToC       Page 64 
Acknowledgments

   Daniel Ellard contributed significant parts of this document.

   The authors and editor would like to thank Craig Everhart and Manoj
   Naik, who were co-authors of an earlier draft version of this
   document.  In addition, we would like to thank Andy Adamson, Paul
   Lemahieu, Mario Wurzl, and Robert Thurlow for helping to author this
   document.

   We would like to thank George Amvrosiadis, Trond Myklebust, Howard
   Chu, and Nicolas Williams for their comments and review.

   The editor gratefully acknowledges the IESG reviewers, whose
   constructive comments helped make this a much stronger document.

   Finally, we would like to thank Andy Adamson, Rob Thurlow, and Tom
   Haynes for helping to get this document out the door.

   The extract.sh shell script and formatting conventions were first
   described by the authors of the NFSv4.1 XDR specification [RFC5662].

Top      Up      ToC       Page 65 
Authors' Addresses

   James Lentini
   NetApp
   1601 Trapelo Rd, Suite 16
   Waltham, MA  02451
   United States

   Phone: +1 781-768-5359
   EMail: jlentini@netapp.com


   Renu Tewari
   IBM Almaden
   650 Harry Rd
   San Jose, CA  95120
   United States

   EMail: tewarir@us.ibm.com


   Charles Lever (editor)
   Oracle Corporation
   1015 Granger Avenue
   Ann Arbor, MI  48104
   United States

   Phone: +1 248-614-5091
   EMail: chuck.lever@oracle.com