Home > Linux, Networking Security, Systems, Unix > resolved – how to check nfs version in linux

resolved – how to check nfs version in linux

September 11th, 2012


To know nfs version in linux/solaris:

  • On the nfs server side, you can run a nfsstat -s to check. The used version of nfs will have data summary other than 0% ones, as the following:

[email protected]# nfsstat -s
Server rpc stats:
calls badcalls badauth badclnt xdrcall
28 0 0 0 0

Server nfs v3:
null getattr setattr lookup access readlink
3 11% 4 14% 0 0% 1 3% 4 14% 0 0%
read write create mkdir symlink mknod
0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
remove rmdir rename link readdir readdirplus
0 0% 0 0% 0 0% 0 0% 0 0% 2 7%
fsstat fsinfo pathconf commit
9 33% 4 14% 0 0% 0 0%

  • On the nfs server, we can also have a checking on what versions(2/3/4) and transport protocols(tcp/udp) the nfs supported with the command “rpcinfo -p localhost|grep nfs”:

root@doxer# rpcinfo -p localhost|grep nfs
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs

  • On the nfs client hosts, you can run a nfsstat -c to check the version the client is using. As always, the used version of nfs will have data summary other than 0% ones, as the following:

[email protected]# nfsstat -c

Client rpc:
Connection oriented:
calls badcalls badxids timeouts newcreds badverfs
1219760 322812 0 0 0 0
timers cantconn nomem interrupts
0 322808 0 0
Connectionless:
calls badcalls retrans badxids timeouts newcreds
0 0 0 0 0 0
badverfs timers nomem cantsend
0 0 0 0

Client nfs:
calls badcalls clgets cltoomany
753081 28 753081 0
Version 2: (0 calls)
null getattr setattr root lookup readlink
0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
read wrcache write create remove rename
0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
link symlink mkdir rmdir readdir statfs
0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
Version 3: (748700 calls)
null getattr setattr lookup access readlink
0 0% 140588 18% 61939 8% 184611 24% 150266 20% 8 0%
read write create mkdir symlink mknod
35415 4% 58540 7% 11703 1% 562 0% 248 0% 0 0%
remove rmdir rename link readdir readdirplus
3264 0% 0 0% 9 0% 0 0% 1165 0% 1219 0%
fsstat fsinfo pathconf commit
33435 4% 7160 0% 3309 0% 55259 7%

Client nfs_acl:
Version 2: (0 calls)
null getacl setacl getattr access
0 0% 0 0% 0 0% 0 0% 0 0%
Version 3: (4382 calls)
null getacl setacl
0 0% 4382 100% 0 0%

  • Also, you can run nfsstat -m on nfs client hosts to print information about each of the mounted NFS file systems(the output info has nfs version indicated also):

[email protected] # nfsstat -m
/apps/uriman/tmp from doxer:/export/was/trncsc_cell_urimantmp
Flags: vers=3,proto=tcp,sec=none,hard,intr,link,symlink,acl,rsize=32768,wsize=32768,retrans=5,timeo=600
Attr cache: acregmin=3,acregmax=60,acdirmin=30,acdirmax=60

PS:

  • Here’s more about output analytic of nfsstat:

The client- and server-side implementations of NFS compile per-call statistics of NFS service usage at both the RPC and application layers. nfsstat -c displays the client-side statistics while nfsstat -s shows the server tallies. With no arguments, nfsstat prints out both sets of statistics:

Code View: Scroll / Show All
% nfsstat -s 
Server rpc:
Connection oriented:
calls       badcalls    nullrecv    badlen      xdrcall     dupchecks   
10733943    0           0           0           0           1935861     
dupreqs     
0           
Connectionless:
calls       badcalls    nullrecv    badlen      xdrcall     dupchecks   
136499      0           0           0           0           0           
dupreqs     
0           

Server nfs:
calls       badcalls    
10870161    14          
Version 2: (1716 calls)
null        getattr     setattr     root        lookup      readlink    
48 2%       0 0%        0 0%        0 0%        1537 89%    13 0%       
read        wrcache     write       create      remove      rename      
0 0%        0 0%        0 0%        0 0%        0 0%        0 0%        
link        symlink     mkdir       rmdir       readdir     statfs      
0 0%        0 0%        0 0%        0 0%        111 6%      7 0%        
Version 3: (10856042 calls)
null        getattr     setattr     lookup      access      readlink    
136447 1%   4245200 39% 95412 0%    1430880 13% 2436623 22% 74093 0%    
read        write       create      mkdir       symlink     mknod       
376522 3%   277812 2%   165838 1%   25497 0%    24480 0%    0 0%        
remove      rmdir       rename      link        readdir     readdirplus 
359460 3%   33293 0%    8211 0%     69484 0%    69898 0%    876367 8%   
fsstat      fsinfo      pathconf    commit      
1579 0%     7698 0%     4253 0%     136995 1%   
Server nfs_acl:
Version 2: (2357 calls)
null        getacl      setacl      getattr     access      
0 0%        5 0%        0 0%        2170 92%    182 7%      
Version 3: (10046 calls)
null        getacl      setacl      
0 0%        10039 99%   7 0%

 

The server-side RPC fields indicate if there are problems removing the packets from the NFS service end point. The kernel reports statistics on connection-oriented RPC and connectionless RPC separately. The fields detail each kind of problem:

calls

The NFS calls value represents the total number of NFS Version 2, NFS Version 3, NFS ACL Version 2 and NFS ACL Version 3 RPC calls made to this server from all clients. The RPC calls value represents the total number of NFS, NFS ACL, and NLM RPC calls made to this server from all clients. RPC calls made for other services, such as NIS, are not included in this count.

badcalls

These are RPC requests that were rejected out of hand by the server’s RPC mechanism, before the request was passed to the NFS service routines in the kernel. An RPC call will be rejected if there is an authentication failure, where the calling client does not present valid credentials.

nullrecv

Not used in Solaris. Its value is always 0.

badlen/xdrcall

The RPC request received by the server was too short (badlen) or the XDR headers in the packet are malformed (xdrcall ). Most likely this is due to a malfunctioning client. It is rare, but possible, that the packet could have been truncated or damaged by a network problem. On a local area network, it’s rare to have XDR headers damaged, but running NFS over a wide-area network could result in malformed requests. We’ll look at ways of detecting and correcting packet damage on wide-area networks in Section 18.4.

dupchecks/dupreqs

The dupchecksfield indicates the number of RPC calls that were looked up in the duplicate request cache. The dupreqs field indicates the number of RPC calls that were actually found to be duplicates. Duplicate requests occur as a result of client retransmissions. A large number of dupreqs usually indicates that the server is not replying fast enough to its clients. Idempotent requests can be replayed without ill effects, therefore not all RPCs have to be looked up on the duplicate request cache. This explains why the dupchecks field does not match the calls field.

The statistics for each NFS version are reported independently, showing the total number of NFS calls made to this server using each version of the protocol. A version-specific breakdown by procedure of the calls handled is also provided. Each of the call types corresponds to a procedure within the NFS RPC and NFS_ACL RPC services.

The null procedure is included in every RPC program for pinging the RPC server. The null procedure returns no value, but a successful return from a call to null ensures that the network is operational and that the server host is alive. rpcinfo calls the null procedure to check RPC server health. The automounter (see Chapter 9) calls the null procedure of all NFS servers in parallel when multiple machines are listed for a single mount point. The automounter and rpcinfo should account for the total null calls reported by nfsstat.

Client-side RPC statistics include the number of calls of each type made to all servers, while the client NFS statistics indicate how successful the client machine is in reaching NFS servers:

Code View: Scroll / Show All
% nfsstat -c 
Client rpc:
Connection oriented:
calls       badcalls    badxids     timeouts    newcreds    badverfs    
1753584     1412        18          64          0           0           
timers      cantconn    nomem       interrupts  
0           1317        0           18          
Connectionless:
calls       badcalls    retrans     badxids     timeouts    newcreds    
12443       41          334         80          166         0           
badverfs    timers      nomem       cantsend    
0           4321        0           206         

Client nfs:
calls       badcalls    clgets      cltoomany   
1661217     23          1661217     3521        
Version 2: (234258 calls)
null        getattr     setattr     root        lookup      readlink    
0 0%        37 0%       0 0%        0 0%        184504 78%  811 0%      
read        wrcache     write       create      remove      rename      
49 0%       0 0%        24301 10%   3 0%        2 0%        0 0%        
link        symlink     mkdir       rmdir       readdir     statfs      
0 0%        0 0%        12 0%       12 0%       24500 10%   27 0%       
Version 3: (1011525 calls)
null        getattr     setattr     lookup      access      readlink    
0 0%        417691 41%  14598 1%    223609 22%  47438 4%    695 0%      
read        write       create      mkdir       symlink     mknod       
56347 5%    221334 21%  1565 0%     106 0%      48 0%       0 0%        
remove      rmdir       rename      link        readdir     readdirplus 
807 0%      14 0%       676 0%      24 0%       475 0%      5204 0%     
fsstat      fsinfo      pathconf    commit      
8 0%        10612 1%    95 0%       10179 1%    

Client nfs_acl:
Version 2: (411477 calls)
null        getacl      setacl      getattr     access      
0 0%        181399 44%  0 0%        185858 45%  44220 10%   
Version 3: (3957 calls)
null        getacl      setacl      
0 0%        3957 100%   0 0%

 

In addition to the total number of NFS calls made and the number of rejected NFS calls (badcalls), the client-side statistics indicate if NFS calls are being delayed due to a lack of client RPC handles. Client RPC handles are opaque pointers used by the kernel to hold server connection information. In SunOS 4.x, the number of client handles was fixed, causing the NFS call to block until client handles became available. In Solaris, client handles are allocated dynamically. The kernel maintains a cache of up to 16 client handles, which are reused to speed up communication with the server. The clgets count indicates the number of times a client handle has been requested. If the NFS call cannot find an unused client handle in the cache, it will not block until one frees up. Instead, it will create a brand new client handle and proceed. This count is reflected by cltoomany. The client handle is destroyed when the reply to the NFS call arrives. This count is of little use to system administrators since nothing can be done to increase the cache size and reduce the number of misses.

Included in the client RPC statistics are counts for various failures experienced while trying to send NFS requests to a server:

calls

Total number of calls made to all NFS servers.

badcalls

Number of RPC calls that returned an error. The two most common RPC failures are timeouts and interruptions, both of which increment the badcalls counter. The connection-oriented RPC statistics also increment the interrupts counter. There is no equivalent counter for connectionless RPC statistics. If a server reply is not received within the RPC timeout period, an RPC error occurs. If the RPC call is interrupted, as it may be if a filesystem is mounted with the intr option, then an RPC interrupt code is returned to the caller. nfsstat also reports the badcalls count in the NFS statistics. NFS call failures do not include RPC timeouts or interruptions, but do include other RPC failures such as authentication errors (which will be counted in both the NFS and RPC level statistics).

badxids

The number of bad XIDs. The XID in an NFS request is a serial number that uniquely identifies the request. When a request is retransmitted, it retains the same XID through the entire timeout and retransmission cycle. With the Solaris multithreaded kernel, it is possible for the NFS client to have several RPC requests outstanding at any time, to any number of NFS servers. When a response is received from an NFS server, the client matches the XID in the response to an RPC call in progress. If an XID is seen for which there is no active RPC call — because the client already received a response for that XID — then the client increments badxid. A high badxid count, therefore, indicates that the server is receiving some retransmitted requests, but is taking a long time to reply to all NFS requests. This scenario is explored in Section 18.1.

timeouts

Number of calls that timed out waiting for a server’s response. For hard-mounted filesystems, calls that time out are retransmitted, with a new timeout period that may be longer than the previous one. However, calls made on soft-mounted filesystems may eventually fail if the retransmission count is exceeded, so that the call counts obey the relationship:

timeout + badcalls >= retrans

 

The final retransmission of a request on a soft-mounted filesystem increments badcalls (as previously explained). For example, if a filesystem is mounted with retrans=5, the client reissues the same request five times before noting an RPC failure. All five requests are counted in timeout, since no replies are received. Of the failed attempts, four are counted in the retrans statistic and the last shows up in badcalls.

newcreds

Number of times client authentication information had to be refreshed. This statistic only applies if a secure RPC mechanism has been integrated with the NFS service.

badverfs

Number of times server replies could not be authenticated. The number of times the client could not guarantee that the server was who it says it was. These are likely due to packet retransmissions more than security breaches, as explained later in this section.

timers

Number of times the starting RPC call timeout value was greater than or equal to the minimum specified timeout value for the call. Solaris attempts to dynamically tune the initial timeout based on the history of calls to the specific server. If the server has been sluggish in its reponse to this type of RPC call, the timeout will be greater than if the server had been replying normally. It makes sense to wait longer before retransmitting for the first time, since history indicates that this server is slow to reply. Most client implementations use an exponential back-off strategy that doubles or quadruples the timeout after each retransmission up to an implementation-specific limit.

cantconn

Number of times a connection-oriented RPC call failed due to a failure to establish a connection to the server. The reasons why connections cannot be created are varied; one example is the server may not be running the nfsd daemon.

nomem

Number of times a call failed due to lack of resources. The host is low in memory and cannot allocate enough temporary memory to handle the request.

interrupts

Number of times a connection-oriented RPC call was interrupted by a signal before completing. This counter applies to connection-oriented RPC calls only. Interrupted connection and connectionless RPC calls also increment badcalls.

retrans

Number of calls that were retransmitted because no response was received from the NFS server within the timeout period. This is only reported for RPC over connectionless transports. An NFS client that is experiencing poor server response will have a large number of retransmitted calls.

cantsend

Number of times a request could not be sent. This counter is incremented when network plumbing problems occur. This will mostly occur when no memory is available to allocate buffers in the various network layer modules, or the request is interrupted while the client is waiting to queue the request downstream. Thenomem and interrupts counters report statistics encountered in the RPC software layer, while the cantsend counter reports statistics gathered in the kernel TLI layer.

The statistics shown by nfsstat are cumulative from the time the machine was booted, or the last time they were zeroed using nfsstat -z:

nfsstat -z      Resets all counters.
nfsstat -sz     Zeros server-side RPC and NFS statistics.
nfsstat -cz     Zeros client-side RPC and NFS statistics. 
nfsstat -crz    Zeros client-side RPC statistics only.

 

Only the superuser can reset the counters.

nfsstat provides a very coarse look at NFS activity and is limited in its usefulness for resolving performance problems. Server statistics are collected for all clients, while in many cases it is important to know the distribution of calls from each client. Similarly, client-side statistics are aggregated for all NFS servers.

However, you can still glean useful information from nfsstat. Consider the case where a client reports a high number of bad verifiers. The high badverfs count is most likely an indication that the client is having to retransmit its secure RPC requests. As explained in Section 12.1, every secure RPC call has a unique credential and verifier with a unique timestamp (in the case of AUTH_DES) or a unique sequence number (in the case of RPCSEC_GSS). The client expects the server to include this verifier (or some form of it) in its reply, so that the client can verify that it is indeed obtaining the reply from the server it called.

Consider the scenario where the client makes a secure RPC call using AUTH_DES, using timestamp T1 to generate its verifier. If no reply is received within the timeout period, the client retransmits the request, using timestamp T1+delta to generate its verifier (bumping up the retrans count). In the meantime, the server replies to the original request using timestamp T1 to generate its verifier:

Code View: Scroll / Show All
RPC call (T1)               --->
                         ** time out **
RPC call (retry: T1+delta)  --->
                            <--- Server reply to first RPC call (T1 verifier)

 

The reply to the client’s original request will cause the verifier check to fail because the client now expects T1+delta in the verifier, not T1. This consequently bumps up thebadverf count. Fortunately, the Solaris client will wait for more replies to its retransmissions and, if the reply passes the verifier test, an NFS authentication error will be avoided. Bad verifiers are not a big problem, unless the count gets too high, especially when the system starts experiencing NFS authentication errors. Increasing the NFS timeoon the mount or automounter map may help alleviate this problem. Note also that this is less of a problem with TCP than UDP. Analysis of situations such as this will be the focus of Section 16.1Chapter 17, and Chapter 18.

For completeness, we should mention that verifier failures can also be caused when the security content expires before the response is received. This is rare but possible. It usually occurs when you have a network partition that is longer than the lifetime of the security context. Another cause might be a significant time skew between the client and server, as well as a router with a ghost packet stored, that fires after being delayed for a very long time. Note that this is not a problem with TCP.


support_me
Amounts
Categories: Linux, Networking Security, Systems, Unix Tags:
  1. No comments yet.
  1. No trackbacks yet.