Sun NFS and Andrew

File System (AFS)

This presentation explores two prominent distributed file systems:
Sun Network File System (NFS) and Andrew File System (AFS). We will
examine their architectures, key design principles, implementation
details, and performance characteristics. The goal is to provide a
comprehensive understanding of how these systems enable
transparent access to remote shared files.

by Siddharth Panda
Sun NFS Architecture
NFS Protocol RPC Communication

NFS uses a set of remote procedure calls (RPC) for clients The NFS client and server modules communicate using
to perform operations on a remote file store. It is OS- RPC. Sun's RPC system can be configured to use either
independent but designed for UNIX networks. The NFS UDP or TCP. A port mapper service enables clients to bind
server module resides in the kernel, translating client to services by name. User credentials can be signed or
requests into NFS protocol operations. encrypted for security.
Virtual File System (VFS) in N
Access Transparency VFS Module
NFS provides access The VFS module in the UNIX
transparency, allowing user kernel distinguishes between
programs to access local or local and remote files and
remote files without distinction. translates between UNIX-
Other distributed file systems can independent file identifiers and
be integrated similarly. internal file identifiers.

File Handles
File identifiers used in NFS are called file handles, opaque to clients and
containing information for the server to distinguish individual files. In
UNIX, the file handle is derived from the file’s i-node number.
NFS Client Integration and Operations
User Programs
User programs access files via UNIX system calls without recompilation or reloading.

Single Client Module

A single client module serves all user-level processes, with a shared cache of recently used blocks.

Encryption Key
The encryption key used to authenticate user IDs is retained in the kernel, preventing impersonation.
Access Control and Authentication in NFS
User Authentication
The Sun RPC protocol requires clients
to send user authentication
information with each request,
2
Stateless Server checked against the access permission
The NFS server is stateless and in the file attributes.
checks the user’s identity against 1
the file’s access permission Security Loophole
attributes on each request. A security loophole is closed by using
3 DES encryption of the user’s
authentication information or
integrating Kerberos for stronger
authentication.
Mount Service and
Pathname Translation in
NFS Mount Service
1
The mounting of subtrees of remote filesystems is supported by a
separate mount service process running at user level on each NFS
server computer.

2 /etc/exports
Each server has a file (/etc/exports) containing the names of local
filesystems available for remote mounting, with access lists
indicating permitted hosts.

3 Pathname Translation
Pathnames are parsed and translated iteratively by the client, with
each part referring to a remote-mounted directory translated to a
file handle using a lookup request to the remote server.
Caching in NFS
Server Caching
NFS servers use a cache to hold recently read disk blocks,
enhancing performance. Write operations offer write-through
caching or caching with commit operations.

Client Caching
The NFS client module caches the results of read, write, getattr,
lookup, and readdir operations to reduce requests to servers. A
timestamp-based method validates cached blocks.

Bio-daemons
Bio-daemon processes at each client perform read-ahead and
delayed-write operations, improving performance by ensuring
the client module does not block.
Andrew File System (AFS) Overview
Scalability
1 Designed for high scalability.

Whole-file Serving
2 Transmits entire files to clients.

Whole-file Caching
3 Caches files on local disk.

AFS provides transparent access to remote shared files for UNIX programs, similar to NFS. However, AFS differs
significantly in its design and implementation, primarily focusing on scalability by caching whole files in client nodes.
AFS Implementation Details
Vice and Venus
1 Implemented as two software components: Vice (server) and Venus (client).

Name Space
2 Splits the file name space into local and shared files, with a subtree
containing shared files.

File Identifiers
3 Uses 96-bit file identifiers (fids) for files and directories
in the shared file space.

AFS is implemented with Vice (server software) and Venus (client software). It splits the file name space into local and
shared files, using 96-bit file identifiers (fids) for files and directories in the shared file space.
AFS Cache Consistency
and Performance
96-98%
Cache Hit Ratio
High cache hit ratios for file accesses.

40%
Server Load
Lower server load compared to NFS.

AFS uses a callback promise mechanism to ensure cache consistency.

Performance measurements show reduced server loads and high cache hit
ratios, indicating its scalability and efficiency in large-scale environments.