1

Chapter 5:

Distributed File

Systems

2

Distributed file system - enables programs to store/access remote files

- from any computer on a network. Performance & reliability experienced for access to files stored at a server:

- comparable to file stored on local disk. Basic distributed file service implementations: Sun Network File Systems (NFS) Andrew File System (AFS)

Introduction

3

Storage systems and their properties

First generation of DS (1974-95):- file systems (e.g. NFS) - only networked storage systems.

Advent of distributed object systems (CORBA, Java) and the web

- file systems has become more complex.

Introduction (Cont).

4

Fig. 8.1: Storage systems and their properties

Sharing Persis-tence

Distributedcache/replicas

Consistencymaintenance

Example

Main memory RAM

File system UNIX file system

Distributed file system Sun NFS

Web Web server

Distributed shared memory Ivy (DSM, Ch. 18)

Remote objects (RMI/ORB) CORBA

Persistent object store 1 CORBA PersistentObject Service

Peer-to-peer storage system OceanStore (Ch. 10)

1

1

1

2

Types of consistency between copies:1 - strict one-copy consistency√ - approximate consistency, slightly weaker guaranteesX - no automatic consistency2: considerably weaker guarantees

5

What is a file system?Introduction (Cont).

Persistent stored data sets Hierarchic name space visible to all processes API with the following characteristics:

Share data between users, with access control - access and update operations on persistently

stored data sets - sequential access model (with additional random facilities)Concurrent access:-certainly for read-only accessOther features:

- mountable file stores

6

Figure 8.2File system modules

Directory module: relates file names to file IDs

File module: relates file IDs to particular files

Access control module: checks permission for operation requested

File access module: reads or writes file data or attributes

Block module: accesses and allocates disk blocks

Device module: disk I/O and buffering

7

updated by system:

What is a file system?

updated by owner:

Fig. 8.3: File attribute record structureFile length

Creation timestampRead timestampWrite timestamp

Attribute timestampReference count

OwnerFile type

Access control list

E.g. for UNIX: rw-rw-r--

8

TranparenciesAccess: Same operationsLocation: Same name space after relocation

of files or processesMobility: Automatic relocation of files is

possiblePerformance: Satisfactory performance across

a specified range of system loadsScaling: Service can be expanded to meet

additional loads

Concurrency propertiesIsolationFile-level or record-level lockingOther forms of concurrency control to minimise

contention

Replication propertiesFile service maintains multiple identical copies

of files• Load-sharing between servers makes

service more scalable• Local access has better response (lower

latency)• Fault toleranceFull replication is difficult to implement.Caching (of all or part of a file) gives most of

the benefits (except fault tolerance)

Heterogeneity propertiesService can be accessed by clients running on

(almost) any OS or hardware platform.Design must be compatible with the file

systems of different OSesService interfaces must be open - precise

specifications of APIs are published.

Fault toleranceService must continue to operate even when

clients make errors or crash.• at-most-once semantics• at-least-once semantics

• requires idempotent operations

Service must resume after a server machine crashes.

If the service is replicated, it can continue to operate even during a server crash.

ConsistencyUnix offers one-copy update semantics for

operations on local files - caching is completely transparent.

Difficult to achieve the same for distributed file systems while maintaining good performance and scalability.

SecurityMust maintain access control and privacy as

for local files.• based on identity of user making request• identities of remote users must be

authenticated• privacy requires secure communication

Service interfaces are open to all processes not excluded by a firewall.• vulnerable to impersonation and other

attacks

EfficiencyGoal for distributed file systems is usually

performance comparable to local file system.

Distributed File System Requirements

• Transparency• Concurrency• Replication• Heterogeneity• Fault tolerance• Consistency• Security• Efficiency..

Distributed File System Requirements

• File system is the most heavily loaded service in internet, so its functionality and performance are critical.

• The design should support many transparencies• Access transparency: Clients should be unaware of distribution of

files, i.e., a single command should be used to access local and remote files.

• Location transparency: Clients should see the same name space of a file irrespective of its location.

• Mobility transparency: Change in location of file should not affect user. Change should automatically be detected by administration tables.

• Performance transparency: Performance of the client should be satisfactory, when load varies on the service.

• Scaling transparency: service should be extendable to deal with a wide range of loads. 9

File Service Architecture• A file service architecture has three divisions of

responsibilities:Flat file service: Concerned with the implementing

operations on the contents of the file. UFIDs (Unique File Identifies) are used to refer to files. UFIDs also differentiate between directory and file.

Directory Service: For mapping between text names of files and their UFIDs.

Client Module: A client module runs in each client computer . It integrates and extends operations of flat file service and directory service under a single interface. 10

11

Fig. 8.5:Model File Service Architecture

Client computer Server computer

Applicationprogram

Applicationprogram

Client module

Flat file service

Directory service

LookupAddNameUnNameGetNames

ReadWriteCreateDeleteGetAttributesSetAttributes

12

FileId

A unique identifier for files anywhere in the network.

Server Operations For The Model File Service

Flat file service

Read(FileId, i, n) -> Data

Write(FileId, i, Data)Create() -> FileIdDelete(FileId)

GetAttributes(FileId) -

> Attr

SetAttributes(FileId,

Attr)

Directory service

Lookup(Dir, Name) ->

FileId

AddName(Dir, Name,

File)

UnName(Dir, Name)

GetNames(Dir, Pattern) -

> NameSeq

Pathname lookupPathnames such as '/usr/bin/tar' are

resolved by iterative calls to lookup(), a call for each component of the path, starting with the ID of the root directory '/' which is known in every client.

position of first byte

position of first byte

Fig. 8.6 and 8.7

FileId

13

File Group A collection of files that can be located on any server or moved between servers while maintaining the same names. A file can not change its group.– Similar to a UNIX filesystem – Helps with distributing the load of file

serving between several servers.– File groups have identifiers which are

unique throughout the system (and hence for an open system, they must be globally unique). • Used to refer to file groups and files

14

To construct a globally unique ID we use some unique attribute of the

machine on which it is created, e.g. IP number, even though the file group

may move subsequently.

IP address date

32 bits 16 bits

File Group ID:

File Group (Cont.)

15

Case Study: Sun NFS An industry standard for file sharing on local networks since the 1980s. Open standard with clear & simple interfaces. Supports many of the design requirements already mentioned:

- Transparency - Heterogeneity- Efficiency - Fault tolerance

Limited achievement of:- Concurrency - Replication- Consistency - Security

16

Fig. 8.8: NFS Architecture

Client computer Server computer

UNIXfile

system

NFSclient

NFSserver

UNIXfile

system

Applicationprogram

Applicationprogram

Virtual file systemVirtual file system

Oth

er fi

le s

yste

m

UNIX kernel

system calls

NFSprotocol

(remote operations)

UNIX

Operations on local files

Operationson

remote files

Applicationprogram

NFSClient

KernelApplicationprogram

NFSClient

Client computer

17

NFS architecture: does implementation have to be in

system kernel?No:

– there are examples of NFS clients and servers that run at application-level as libraries or processes (e.g. early Windows and MacOS implementations, current PocketPC, etc.)

Continues on next slide ...

18

But, for a Unix implementation there are advantages:– Binary code compatible - no need to recompile

applications• Standard system calls that access remote files can

be routed through the NFS client module by the kernel

– Shared cache of recently-used blocks at client– Kernel-level server can access i-nodes and file

blocks directly• but a privileged (root) application program could do

almost the same.– Security of the encryption key used for

authentication.

19

Fig. 8.9: NFS server operations (simplified) – 1

lookup(dirfh, name) -> fh, attr Returns file handle and attributes for the file name in the directory dirfh.

create(dirfh, name, attr) -> newfh, attr

Creates a new file name in directory dirfh with attributes attr andreturns the new file handle and attributes.

remove(dirfh, name) status Removes file name from directory dirfh.getattr(fh) -> attr Returns file attributes of file fh. (Similar to the UNIX stat system

call.)setattr(fh, attr) -> attr Sets attributes (mode, user id, group id, size, access time &

modify time of a file). Setting the size to 0 truncates the file.read(fh, offset, count) -> attr, data Returns up to count bytes of data from a file starting at offset.

Also returns the latest attributes of the file.write(fh, offset, count, data) -> attr Writes count bytes of data to a file starting at offset. Returns the

attributes of the file after the write has taken place.rename(dirfh, name, todirfh, toname)

-> statusChanges the name of file name in directory dirfh to toname indirectory to todirfh.

link(newdirfh, newname, dirfh, name) -> status

Creates an entry newname in the directory newdirfh whichrefers to file name in the directory dirfh.

Continues on next slide ...

20

Fig. 8.9: NFS server operations (simplified) – 2

symlink(newdirfh, newname, string)-> status

Creates an entry newname in the directory newdirfh of typesymbolic link with the value string. The server does not interpretthe string but makes a symbolic link file to hold it.

readlink(fh) -> string Returns the string that is associated with the symbolic link fileidentified by fh.

mkdir(dirfh, name, attr) -> newfh, attr

Creates a new directory name with attributes attr and returns thenew file handle and attributes.

rmdir(dirfh, name) -> status Removes the empty directory name from the parent directory dirfh.Fails if the directory is not empty.

readdir(dirfh, cookie, count) -> entries

Returns up to count bytes of directory entries from the directorydirfh. Each entry contains a file name, a file handle, and an opaque

pointer to the next directory entry, called a cookie. The cookie isused in subsequent readdir calls to start reading from the following

entry. If the value of cookie is 0, reads from the first entry in thedirectory.

statfs(fh) -> fsstats Returns file system information (such as block size, number offree blocks and so on) for the file system containing a file fh.

21

NFS Access Control & Authentication

Stateless server- user's identity & access rights must be checked by server on each request.-In local file system, checked only on open()

Every client request is accompanied by the userID and groupID. Server is exposed to imposter attacks unless userID & groupID are protected by encryption.Kerberos - integrated with NFS to provide a stronger & comprehensive security solution.

22

Mount service Mount operation:mount(remotehost, remotedirectory,

localdirectory)

Server maintains a table of clients who have mounted filesystems at that

serverEach client maintains a table of

mounted file systems holding: < IP address, port number, file handle>

23

Fig. 8.10: Local & remote file systems accessible on NFS

client

jim jane joeann

usersstudents

usrvmunix

Client Server 2

. . . nfs

Remote

mountstaff

big bobjon

people

Server 1

export

(root)

Remote

mount

. . .

x

(root) (root)

Note: The file system mounted at /usr/students in the client is actually the sub-tree located at /export/people in Server 1; The file system mounted at /usr/staff in the client is actually the sub-tree located at /nfs/users in Server 2.

26

NFS Optimization - Server Caching

Similar to UNIX file caching for local files:– pages (blocks) from disk are held in a main memory

buffer cache until the space is required for newer pages. Read-ahead and delayed-write optimizations.

– For local files, writes are deferred to next sync event (30 second intervals)

– Works well in local context, where files are always accessed through the local cache, but in the remote case it doesn't offer necessary synchronization guarantees to clients.

27

NFS v3 servers offers two strategies for updating the disk:– write-through - altered pages are written to disk as

soon as they are received at the server. When a write() RPC returns, the NFS client knows that the page is on the disk: non pre-emptive

– delayed commit - pages are held only in the cache until a commit() call is received for the relevant file. This is the default mode used by NFS v3 clients. A commit() is issued by the client whenever a file is closed: pre-emptive

NFS Optimization - Server Caching (Cont.)

28

NFS Optimization - Client Caching

Server caching does nothing to reduce RPC traffic between client and server– further optimization is essential to reduce server load

in large networks– NFS client module caches the results of read, write,

getattr, lookup and readdir operations– synchronization of file contents (one-copy semantics)

is not guaranteed when two or more clients are sharing the same file.

29

NFS optimization - client caching (Cont.)Timestamp-based validity check

– reduces inconsistency, but doesn't eliminate it– validity condition for cache entries at the client:

(T - Tc < t) v (Tmclient = Tmserver)– t is configurable (per file) but is typically set to

3 seconds for files and 30 secs. for directories– it remains difficult to write distributed

applications that share files with NFS

t freshness guaranteeTc time when cache entry was last validatedTm time when block was last updated at serverT current time

30

Other NFS optimizations Sun RPC runs over UDP by default (can use

TCP if required) Uses UNIX BSD Fast File System with 8-kbyte

blocks reads() and writes() can be of any size

(negotiated between client and server) the guaranteed freshness interval t is set

adaptively for individual files to reduce gettattr() calls needed to update Tm

file attribute information (including Tm) is piggybacked in replies to all file requests

32

NFS Summary An excellent example of a simple, robust, high-

performance distributed service.

Achievement of transparencies: Access: Excellent; the API is the UNIX

system call interface for both local and remote files.Location: Not guaranteed but normally

achieved; naming of filesystems is controlled by client mount operations, but transparency can be ensured by an appropriate system configuration.

33

Achievement of transparencies (continued):

Concurrency: Limited but adequate for most purposes; when read-write files are shared concurrently between clients, consistency is not perfect.

Replication: Limited to read-only file systems; for writable files, SUN Network Information Service (NIS) runs over NFS & is used to replicate essential system files.

Failure: Limited but effective; service is suspended if a server fails. Recovery from failures is aided by the simple stateless design.

34

Achievement of transparencies (continued):

Mobility: Hardly achieved; relocation of files is not possible, relocation of filesystems is possible, but requires updates to client configurations.

Performance: Good; multiprocessor servers achieve very high performance, but for a single filesystem it's not possible to go beyond the throughput of a multiprocessor server.

Scaling: Good; filesystems (file groups) may be subdivided and allocated to separate servers. Ultimately, the performance limit is determined by the load on the server holding the most heavily-used filesystem (file group).

35

Case Study: Andrew File System

Provides transparent access to remote shared file AFS compatible with NFS Differ markedly from NFS in its design &

implementation Design to perform well with larger numbers of

active users than other distributed file systems 2 unusual design characteristics:

~ Whole-file serving: The entire contents of directories and files are transmitted to client computers by AFS server

~ Whole-file caching: Once a copy of a file or its chunk has been transferred to a client computer, it is stored in a cache on the local disk.

36

Andrew File System operation

client comp issues an open and no current copy in local cache, server holding is located and send request for a copy.

copy is stored in local UNIX in client comp subsequent read, write and other operation are

applied in local copy when client issues a close, updated will sent to the

server-timestamp and content. copy on the local disk is retained for other user in same workstation.

37

AFS implementation How AFS control when an open or close system call

referring to a file in the shared file space is issued by client?

How the server holding the required file located? What space is allocated for cached files in

workstation How does AFS ensures that the cached copies are

up to date when many files updated by several clients?

38

Fig. 8.11: Distribution of processes in the Andrew File

System

Venus

Workstations Servers

Venus

VenusUserprogram

Network

UNIX kernel

UNIX kernel

Vice

Userprogram

Userprogram

ViceUNIX kernel

UNIX kernel

UNIX kernel

Vice process: Server s/w to run the user processes at server.Venus process: Client s/w

39

Fig. 8.12: File name space seen by clients of AFS in Unix

/ (root)

tmp bin cmuvmunix. . .

bin

SharedLocal

Symboliclinks

40

Fig. 8.13: System call interception in AFS

UNIX filesystem calls

Non-local fileoperations

Workstation

Localdisk

Userprogram

UNIX kernel

Venus

UNIX file system

Venus

41

Fig. 8.14: Implementation of file system calls in AFS

User process UNIX kernel Venus Net Viceopen(FileName,

mode)If FileName refers to afile in shared file space,pass the request toVenus.

Open the local file andreturn the filedescriptor to theapplication.

Check list of files inlocal cache. If notpresent or there is novalid callback promise,send a request for thefile to the Vice serverthat is custodian of thevolume containing thefile.

Place the copy of thefile in the local filesystem, enter its localname in the local cachelist and return the localname to UNIX.

Transfer a copy of thefile and a callbackpromise to theworkstation. Log thecallback promise.

read(FileDescriptor,Buffer, length)

Perform a normalUNIX read operationon the local copy.

write(FileDescriptor,Buffer, length)

Perform a normalUNIX write operationon the local copy.

close(FileDescriptor) Close the local copyand notify Venus thatthe file has been closed. If the local copy has

been changed, send acopy to the Vice serverthat is the custodian ofthe file.

Replace the filecontents and send acallback to all otherclients holdingcallbackpromises on the file.

42

Cache consistency vice supply a file to venus also provide a callback

promise Callback promise stored with cached file on

workstation and have 2 state : valid and cancelled. when venus handles open on behalf of client, it

checks the cached. If it found in the cache, token is checked. If value is cancelled – fresh copy of file must be

fetch from Vice server. If valid – cached copy can be opened without

reference to Vice BUT, if worksation is restarted after a failure or

shutdown?

43

Fig. 8.15: Main components of the Vice service interface

Fetch(fid) -> attr, data Returns the attributes (status) and, optionally, the contents of fileidentified by the fid and records a callback promise on it.

Store(fid, attr, data) Updates the attributes and (optionally) the contents of a specifiedfile.

Create() -> fid Creates a new file and records a callback promise on it.Remove(fid) Deletes the specified file.SetLock(fid, mode) Sets a lock on the specified file or directory. The mode of the

lock may be shared or exclusive. Locks that are not removed expire after 30 minutes.

ReleaseLock(fid) Unlocks the specified file or directory.RemoveCallback(fid) Informs server that a Venus process has flushed a file from its

cache.BreakCallback(fid) This call is made by a Vice server to a Venus process. It cancels

the callback promise on the relevant file.

44

Enhancement and further

developments NFS Enhancement AFS Enhancement Improvement in storage organization

New design approaches

45

Recent advances in file servicesNFS enhancements

WebNFS – The advent of Java and applets led to WebNFW. NFS server implements a web-like service on a well-known port. Requests use a 'public file handle' and a pathname-capable variant of lookup(). Enables applications to access NFS servers directly, e.g. to read a portion of a large file.

One-copy update semantics (Spritely NFS, NQNFS) - Include an open() operation and maintain tables of open files at servers, which are used to prevent multiple writers and to generate callbacks to clients notifying them of updates. Performance was improved by reduction in gettattr() traffic.

46

Recent advances in file services (Cont.)

AFS enhancements: The design of DCE/DFS distributed file systems goes beyond AFS.

Improvements in disk storage organisationRAID - improves performance and reliability by striping

data redundantly across several disk drivesLog-structured file storage – – updated pages are stored contiguously in memory

and committed to disk in large contiguous blocks (~ 1 Mbyte).

– File maps are modified whenever an update occurs. – Garbage collection to recover disk space.

47

New design ApproachesDistribute file data across several servers

– Exploits high-speed networks (ATM, Gigabit Ethernet)– Layered approach, lowest level is like a 'distributed

virtual disk'– Achieves scalability even for a single heavily-used file

'Serverless' architecture– Exploits processing and disk resources in all available

network nodes– Service is distributed at the level of individual files

48

New design Approaches (Cont.)Examples:

xFS is serverless: Experimental implementation demonstrated a substantial performance gain over NFS and AFS

Frangipani is a hidhly scalable DS: Performance similar to local UNIX file access

Tiger Video File System Peer-to-peer systems: Napster, OceanStore (UCB),

Farsite (MSR), Publius (AT&T research)

49

Replicated read-write files– High availability– Disconnected working

• re-integration after disconnection is a major problem if conflicting updates have ocurred

– Examples: • Bayou system• Coda system

New design Approaches (Cont.2)

50

SummarySun NFS is an excellent example of a

distributed service designed to meet many important design requirements

Effective client caching can produce file service performance equal to or better than local file systems

Consistency versus update semantics versus fault tolerance remains an issue

Most client and server failures can be maskedSuperior scalability can be achieved with whole-file

serving (Andrew FS) or the distributed virtual disk approach

Exercise

• Discuss the EIGHT (8) requirements of Distributed File System in detail.

• Discuss the cache consistency issue, if workstation is restarted after a failure or shutdown?

51