1Reexporting NFS filesystems
2===========================
3
4Overview
5--------
6
7It is possible to reexport an NFS filesystem over NFS.  However, this
8feature comes with a number of limitations.  Before trying it, we
9recommend some careful research to determine whether it will work for
10your purposes.
11
12A discussion of current known limitations follows.
13
14"fsid=" required, crossmnt broken
15---------------------------------
16
17We require the "fsid=" export option on any reexport of an NFS
18filesystem.  You can use "uuidgen -r" to generate a unique argument.
19
20The "crossmnt" export does not propagate "fsid=", so it will not allow
21traversing into further nfs filesystems; if you wish to export nfs
22filesystems mounted under the exported filesystem, you'll need to export
23them explicitly, assigning each its own unique "fsid= option.
24
25Reboot recovery
26---------------
27
28The NFS protocol's normal reboot recovery mechanisms don't work for the
29case when the reexport server reboots.  Clients will lose any locks
30they held before the reboot, and further IO will result in errors.
31Closing and reopening files should clear the errors.
32
33Filehandle limits
34-----------------
35
36If the original server uses an X byte filehandle for a given object, the
37reexport server's filehandle for the reexported object will be X+22
38bytes, rounded up to the nearest multiple of four bytes.
39
40The result must fit into the RFC-mandated filehandle size limits:
41
42+-------+-----------+
43| NFSv2 |  32 bytes |
44+-------+-----------+
45| NFSv3 |  64 bytes |
46+-------+-----------+
47| NFSv4 | 128 bytes |
48+-------+-----------+
49
50So, for example, you will only be able to reexport a filesystem over
51NFSv2 if the original server gives you filehandles that fit in 10
52bytes--which is unlikely.
53
54In general there's no way to know the maximum filehandle size given out
55by an NFS server without asking the server vendor.
56
57But the following table gives a few examples.  The first column is the
58typical length of the filehandle from a Linux server exporting the given
59filesystem, the second is the length after that nfs export is reexported
60by another Linux host:
61
62+--------+-------------------+----------------+
63|        | filehandle length | after reexport |
64+========+===================+================+
65| ext4:  | 28 bytes          | 52 bytes       |
66+--------+-------------------+----------------+
67| xfs:   | 32 bytes          | 56 bytes       |
68+--------+-------------------+----------------+
69| btrfs: | 40 bytes          | 64 bytes       |
70+--------+-------------------+----------------+
71
72All will therefore fit in an NFSv3 or NFSv4 filehandle after reexport,
73but none are reexportable over NFSv2.
74
75Linux server filehandles are a bit more complicated than this, though;
76for example:
77
78        - The (non-default) "subtreecheck" export option generally
79          requires another 4 to 8 bytes in the filehandle.
80        - If you export a subdirectory of a filesystem (instead of
81          exporting the filesystem root), that also usually adds 4 to 8
82          bytes.
83        - If you export over NFSv2, knfsd usually uses a shorter
84          filesystem identifier that saves 8 bytes.
85        - The root directory of an export uses a filehandle that is
86          shorter.
87
88As you can see, the 128-byte NFSv4 filehandle is large enough that
89you're unlikely to have trouble using NFSv4 to reexport any filesystem
90exported from a Linux server.  In general, if the original server is
91something that also supports NFSv3, you're *probably* OK.  Re-exporting
92over NFSv3 may be dicier, and reexporting over NFSv2 will probably
93never work.
94
95For more details of Linux filehandle structure, the best reference is
96the source code and comments; see in particular:
97
98        - include/linux/exportfs.h:enum fid_type
99        - include/uapi/linux/nfsd/nfsfh.h:struct nfs_fhbase_new
100        - fs/nfsd/nfsfh.c:set_version_and_fsid_type
101        - fs/nfs/export.c:nfs_encode_fh
102
103Open DENY bits ignored
104----------------------
105
106NFS since NFSv4 supports ALLOW and DENY bits taken from Windows, which
107allow you, for example, to open a file in a mode which forbids other
108read opens or write opens. The Linux client doesn't use them, and the
109server's support has always been incomplete: they are enforced only
110against other NFS users, not against processes accessing the exported
111filesystem locally. A reexport server will also not pass them along to
112the original server, so they will not be enforced between clients of
113different reexport servers.
114