nfssrv Module Parameters
This section describes NFS parameters for the nfssrv module.
nfssrv:nfs_portmon
- Description
Controls some security checking that the NFS server attempts to do to enforce integrity on the part of its clients. The NFS server can check whether the source port from which a request was sent was a reserved port. A reserved port has a number less than 1024. For BSD-based systems, these ports are reserved for processes being run by root. This security checking can prevent users from writing their own RPC-based applications that defeat the access checking that the NFS client uses.
- Data Type
Integer (32-bit)
- Default
0 (security checking disabled)
- Range
0 (security checking disabled) or 1 (security checking enabled)
- Units
Boolean values
- Dynamic?
Yes
- Validation
None
- When to Change
Use this parameter to prevent malicious users from gaining access to files by using the NFS server that they would not ordinarily have access to. However, the reserved port notion is not universally supported. Thus, the security aspects of the check are very weak. Also, not all NFS client implementations bind their transport endpoints to a port number in the reserved range. Thus, interoperability problems might result if the security checking is enabled.
- Commitment Level
Unstable
nfssrv:rfs_write_async
- Description
Controls the behavior of the NFS version 2 server when it processes WRITE requests. The NFS version 2 protocol mandates that all modified data and metadata associated with the WRITE request reside on stable storage before the server can respond to the client. NFS version 2 WRITE requests are limited to 8192 bytes of data. Thus, each WRITE request might cause multiple small writes to the storage subsystem. This can cause a performance problem.
One method to accelerate NFS version 2 WRITE requests is to take advantage of a client behavior. Clients tend to send WRITE requests in batches. The server can take advantage of this behavior by clustering together the different WRITE requests into a single request to the underlying file system. Thus, the data to be written to the storage subsystem can be written in fewer, larger requests. This method can significantly increase the throughput for WRITE requests.
- Data Type
Integer (32-bit)
- Default
1 (clustering enabled)
- Range
0 (clustering disabled) or 1 (clustering enabled)
- Units
Boolean values
- Dynamic?
Yes
- Validation
None
- When to Change
Some very small NFS clients, particularly PC clients, might not batch WRITE requests. Thus, the behavior required from the clients might not exist. In addition, the clustering in the NFS version 2 server might just add overhead and slow down performance instead of increasing it.
- Commitment Level
Unstable
nfssrv:nfsauth_ch_cache_max
- Description
Controls the size of the cache of client handles that contact the NFS authentication server. This server authenticates NFS clients to determine whether they are allowed access to the file handle that they are trying to use.
- Data Type
Integer (32-bit)
- Default
16
- Range
0 to 231 - 1
- Units
Client handles
- Dynamic?
Yes
- Validation
None
- When to Change
This cache is not dynamic, so attempts to allocate a client handle when all are busy will fail. This failure results in requests being dropped by the NFS server because they could not be authenticated. Most often, this result is not a problem because the NFS client just times out and retransmits the request. However, for soft-mounted file systems on the client, the client might time out, not retry the request, and then return an error to the application. This situation might be avoided if you ensure that the size of the cache on the server is large enough to handle the load.
- Commitment Level
Unstable
nfssrv:exi_cache_time
- Description
Controls the duration of time that entries are held in the NFS authentication cache before being purged due to memory pressure in the system.
- Data Type
Long integer (32 bits on 32-bit platforms and 64 bits on 64-bit platforms)
- Default
3600 seconds (1 hour)
- Range
0 to 231 - 1 on 32-bit platforms
0 to 263 - 1 on 64-bit platforms
- Units
Seconds
- Dynamic?
Yes
- Validation
None
- When to Change
The size of the NFS authentication cache can be adjusted by varying the minimum age of entries that can get purged from the cache. The size of the cache should be controlled so that it is not allowed to grow too large, thus using system resources that are not allowed to be released due to this aging process.
- Commitment Level
Unstable