The AIX NFS (Network File System) Server provides a powerful distributed file-system service that lets users and applications access files and directories on remote systems as though they were stored locally. It supports NFS protocol versions 2, 3, and 4, ensuring both backward compatibility and modern NFSv4 features such as stateful connections and enhanced security.
On AIX, NFS is built on a set of coordinated server and client daemons that use Remote Procedure Calls (RPC) to manage file sharing, mounting, and communication between systems. This design enables transparent file access, centralized storage management, and efficient resource sharing across networked AIX environments.
1. Client sends MOUNT request → rpc.mountd
2. rpc.mountd authenticates → checks /etc/exports
3. rpc.mountd grants handle → returns to client
4. Client sends file requests → rpc.nfsd
5. rpc.nfsd performs I/O → local FS
6. rpc.lockd/statd manage locks/recovery
Server Export Configuration:
The NFS server administrator defines which directories to share and with which clients in:
/etc/exports
Start the NFS subsystem using SMIT or command line:
# smitty mknfsexp
# startsrc -g nfs
This starts daemons:
portmap → statd → lockd → mountd → nfsd
Client Mount Request:
# mount -o rw servername:/data/projects /mnt/projects
Client contacts rpc.mountd on the server using RPC.
2. rpc.mountd authenticates → checks /etc/exports
3. rpc.mountd grants handle → returns to client
4. Client sends file requests → rpc.nfsd
5. rpc.nfsd performs I/O → local FS
6. rpc.lockd/statd manage locks/recovery
AIX NFS Port Control (Fixing Dynamic Ports)
By default, mountd, statd, and lockd use dynamically assigned ports.
You can assign fixed ports in AIX to simplify firewall configuration.
Edit /etc/services and assign static ports, for example:
mountd 635/tcp
mountd 635/udp
statd 662/tcp
statd 662/udp
lockd 4045/tcp
lockd 4045/udp
rquotad 875/udp
Commonly Fixed NFS Ports
Service TCP Port UDP Port
portmap / rpcbind 111 111
nfsd 2049 2049
mountd 635 635
statd 662 662
lockd 4045 4045
rquotad 875 875
HARD Mount (Default and Recommended):
- If the NFS server does not respond, all read/write operations are retried indefinitely.
- The client process appears to hang (waits for the server to come back).
- When the server is restored, the client continues automatically.
Advantages:
- Ensures data integrity — no partial writes or file corruption.
- Automatically recovers when the server returns.
- Best for critical or write-heavy data.
Disadvantages:
- Applications may appear frozen until the server is back.
- If the network is unstable, the system can hang temporarily during NFS calls.
SOFT Mount (Optional, Non-Blocking):
- If the NFS server doesn’t respond within timeout, the client returns an I/O error to the application.
- The process does not hang, but the operation fails.
Advantages:
- The client does not hang — user or process can continue.
- Useful for read-only or non-critical mounts (e.g., logs, config files).
Disadvantages:
- Data corruption risk — if a write fails mid-operation.
- Application may see I/O or stale file handle errors.
- Some applications may crash on failed I/O.
The NFS server administrator defines which directories to share and with which clients in:
/etc/exports
Basic Syntax:
<directory> -option1,option2,...,access=<client_list>
Where:
<directory> — local path to export
option — NFS export options (e.g., rw, ro, root_squash)
access= — specifies which clients (hosts or subnets) can mount it
Example: Export Multiple Directories
Here’s how to share multiple directories from the same AIX NFS server.
/data/projects -rw,access=10.1.1.0/24
/data/backups -ro,access=backup01,root_squash
/home/shared -rw,access=client1:client2:client3
Start the NFS subsystem using SMIT or command line:
# smitty mknfsexp
# startsrc -g nfs
This starts daemons:
portmap → statd → lockd → mountd → nfsd
Client Mount Request:
# mount -o rw servername:/data/projects /mnt/projects
Client contacts rpc.mountd on the server using RPC.
In /etc/filesystems (Persistent Mount on AIX)
/mnt/data:
dev = server1:/export/data
vfs = nfs
nodename = server1
mount = true
options = rw,vers=3,soft
account = false
Then mount it using:
# mount /mnt/data
Server rpc.mountd:
Checks /etc/exports for permission.
Grants or denies access.
Returns a file handle (reference to the directory).
Once mounted:
Client’s VFS (Virtual File System) routes file operations (open/read/write) through NFS.
Each NFS request (like read() or write()) is sent to rpc.nfsd on the server.
nfsd performs the requested operation on the local filesystem and sends results back to the client.
If the client locks a file:
The rpc.lockd and rpc.statd daemons coordinate file lock requests and recover locks if the server or client reboots.
You can verify running NFS daemons:
# lssrc -g nfs
Important NFS Configuration Files
/etc/exports → Lists shared directories and access permissions.
Checks /etc/exports for permission.
Grants or denies access.
Returns a file handle (reference to the directory).
Once mounted:
Client’s VFS (Virtual File System) routes file operations (open/read/write) through NFS.
Each NFS request (like read() or write()) is sent to rpc.nfsd on the server.
nfsd performs the requested operation on the local filesystem and sends results back to the client.
If the client locks a file:
The rpc.lockd and rpc.statd daemons coordinate file lock requests and recover locks if the server or client reboots.
You can verify running NFS daemons:
# lssrc -g nfs
Subsystem Group PID Status
portmap portmap 12345 active
biod nfs 12346 active
rpc.statd nfs 12347 active
rpc.lockd nfs 12348 active
rpc.mountd nfs 12349 active
nfsd nfs 12350 active
Important NFS Configuration Files
/etc/exports → Lists shared directories and access permissions.
/etc/filesystems → Defines NFS mounts (can include type=nfs entries).
/etc/rc.nfs → Script used at startup to initialize NFS.
Command Reference:
# startsrc -g nfs → Start NFS services
# stopsrc -g nfs → Stop NFS services
# exportfs -i -v → Export a directory
# showmount -e → Show exported directories
# exportfs -u <dir> then exportfs -i <dir> → Refresh exports
# mount -o vers=3 server:/export /mnt → Mount with NFSv3
# mount -o vers=4 server:/export /mnt → Mount with NFSv4
# nfsstat -m → Check version used
# rpcinfo -p server → Check server NFS versions
Common NFS Mount Flags (and Meanings):
vers=2/3/4 → NFS protocol version → Specifies which NFS version the client is using (2, 3, or 4).
proto=tcp / udp → Transport protocol → NFS can use either TCP (reliable) or UDP (legacy). TCP is default for v3/v4.
hard → Hard mount → Retries indefinitely if the server is unavailable — ensures data integrity.
soft → Soft mount → Fails after timeout — avoids hangs, but risks I/O errors.
intr → Interruptible → Allows users to interrupt hung NFS operations (Ctrl+C). Used with hard.
bg → Background mount → Retries the mount in background if the server is down during boot.
rw / ro → Read/write or Read-only → Determines access mode for the mount.
sec=sys → Security flavor → Uses traditional UNIX UID/GID authentication. Other options: krb5, krb5i, krb5p.
rsize= → Read buffer size → Max bytes per read request (e.g., 32768 or 65536).
wsize= → Write buffer size → Max bytes per write request.
timeo= → Timeout (in tenths of a second) → How long to wait before retrying. timeo=7 = 0.7 seconds.
retrans= → Retry count → Number of times to retry before failing (used with soft).
mountvers=3 → Mount protocol version → Version of the rpc.mountd protocol used.
namlen=255 → Max file name length supported by server.
acdirmin/acdirmax → Attribute cache min/max timeout for directories.
acregmin/acregmax → Attribute cache min/max timeout for files.
cto/nocto → Close-to-open consistency → Controls attribute cache revalidation.
noac → No attribute caching → Disables caching (slower, but consistent).
nolock → No file locking → Disables lockd (useful for read-only or stateless mounts).
nointr → Non-interruptible → Prevents user from interrupting hung NFS calls.
lookupcache=positive/none → Cache lookup results → Improves performance by caching name lookups.
port=2049 → Port used for NFS communication.
retry= → Retry count for initial mount attempts.
root_squash / no_root_squash → Server-side option → Maps root to anonymous user for security (shown only on server).
nolock → Disables NLM locking (use for NFSv4 or read-only).
No comments:
Post a Comment