Operating SystemsAdvanced File Systems

Network File Systems

LevelAdvanced

Duration75 mins

TopicAdvanced File Systems

1 / 5

NFS Overview

The Network is the Computer

In 1984, Sun Microsystems introduced a technology that would fundamentally reshape how we think about file storage and access: the Network File System (NFS). The premise was revolutionary yet elegantly simple—what if accessing a file on a remote machine could be indistinguishable from accessing a file on your local disk?

This concept, known as location transparency, became the foundation for modern distributed computing. Before NFS, sharing files between computers required explicit copy operations, FTP transfers, or cumbersome remote mounting procedures that demanded users to understand network topology. NFS changed this paradigm by allowing remote file systems to be mounted just like local disks, with applications completely unaware that the data resided miles—or continents—away.

Today, NFS and its conceptual descendants underpin everything from enterprise data centers to cloud storage services. Understanding NFS is essential for any systems engineer because it illuminates the fundamental challenges of distributed systems: consistency, reliability, performance, and the delicate balance between simplicity and correctness.

What You Will Learn

By the end of this page, you will understand the motivation behind network file systems, the core design philosophy that made NFS successful, and the fundamental trade-offs inherent in distributed file access. You'll gain the conceptual foundation necessary to understand NFS architecture, protocols, and performance characteristics in subsequent pages.

The Problem NFS Solves

To understand NFS, we must first understand the problem it was designed to solve. In the early 1980s, computing environments faced a fundamental challenge: data fragmentation across isolated machines.

The Pre-NFS World

Consider a typical computing environment before network file systems:

Each workstation had its own local disk storage
Users had to log into specific machines to access their files
Sharing data required explicit file transfers via FTP, rcp, or physical media
Backup and administration required managing each machine individually
Software installation had to be repeated on every workstation
Disk space was expensive and often underutilized (one machine full, another nearly empty)

This model created numerous operational nightmares:

Pain Points of Isolated Storage

•User Mobility Constraints — Users were tied to specific workstations. If your machine was busy or broken, you couldn't access your files from another terminal.
•Resource Waste — Storage resources couldn't be pooled. Each machine needed enough disk space for its 'worst case' scenario, leading to massive underutilization.
•Administrative Overhead — System administrators had to manage backups, updates, and configurations on every individual machine—an O(n) problem that scaled terribly.
•Data Consistency — When users copied files between machines, versions quickly diverged. There was no single source of truth.
•Collaboration Friction — Sharing work required explicit coordination: 'I'll FTP you the file when I'm done.' Real-time collaboration was impossible.

Sun's Vision: Diskless Workstations

Sun Microsystems, founded in 1982, had a radical vision for solving these problems: diskless workstations. Their idea was to build powerful graphical workstations without local storage. All data and even operating system files would be served over the network from centralized servers.

This approach offered compelling advantages:

Centralized Administration — Manage storage, backups, and software from a single location
Resource Pooling — Aggregate storage capacity could be allocated dynamically
User Mobility — Log in from any workstation and see your complete environment
Cost Reduction — Workstations without disks were cheaper; central storage could use higher-quality hardware
Reliability — Professional storage servers could have redundant disks, professional backups, etc.

But realizing this vision required a new kind of file system—one that could make network resources appear local.

The 'Network is the Computer' Philosophy

Sun's famous slogan 'The Network is the Computer' wasn't just marketing—it was the design philosophy behind NFS. The goal was to make the network so transparent that applications wouldn't know (or care) whether files were local or remote. This transparency principle became the guiding star for NFS's design decisions.

Design Philosophy and Goals

The NFS designers at Sun faced a challenging design space. They needed a system that was simple enough to implement reliably, performant enough for interactive use, and robust enough to survive network and server failures. The resulting design philosophy can be understood through several key principles:

Core Design Principles of NFS

•Transparency — Applications should not need modification to use remote files. Standard UNIX system calls (open, read, write, close) must work identically for local and remote files.
•Crash Recovery — Both client and server crashes should be recoverable without special procedures. The system should 'just work' after restart.
•Heterogeneity — Different hardware architectures and operating systems should be able to interoperate. NFS must not assume specific byte ordering or word sizes.
•Performance — Despite the network overhead, the system should be fast enough for interactive use. Users shouldn't notice significant delays.
•Simplicity — A simpler design means fewer bugs, easier debugging, and more reliable operation. Complexity is the enemy of reliability.

The Stateless Server Decision

Perhaps the most consequential design decision was making the NFS server stateless. Unlike many network protocols where the server maintains information about each client's session, an NFS server treats each request as independent. The server retains no memory of past requests or client state.

This was a controversial choice. A stateful design would offer significant performance benefits (the server could cache client information, track open files, send change notifications). But the NFS designers prioritized crash recovery above all else:

Stateful Server Crash Scenario:

Client opens file, server records 'Client A has file X open'
Server crashes and reboots
Server has lost all session state
Client A's file handle is now invalid
Client must detect failure, reconnect, and reopen files
Complex recovery logic on both sides

Stateless Server Crash Scenario:

Client opens file (server records nothing)
Server crashes and reboots
Client's request times out
Client automatically retries the same request
Server handles request as if nothing happened
Operation succeeds transparently

The stateless approach dramatically simplified crash recovery—clients simply retry until the server comes back up. This idempotent request model became a fundamental characteristic of NFS.

Idempotency: A Fundamental Concept

An operation is idempotent if performing it multiple times has the same effect as performing it once. In NFS, most operations are designed to be idempotent: reading the same block twice produces identical results; writing the same data to the same offset twice leaves the file in the same state. This property allows safe retries after timeouts or failures.

The Trade-off: Consistency vs. Simplicity

The stateless approach came with trade-offs that persist in NFS to this day:

Advantages of Stateless Design:

Server can crash and reboot without complex recovery protocols
No limit on the number of clients (no per-client state to maintain)
Server implementation is simpler and less bug-prone
Load balancing is straightforward (any server can handle any request)

Disadvantages of Stateless Design:

No server-side cache invalidation (clients don't know when files change)
Locking requires a separate, stateful protocol
Some operations cannot be made idempotent (e.g., creating a unique filename)
Clients must poll to detect changes

These trade-offs would shape NFS's evolution across its various versions, with later designs adding limited statefulness to address the most painful limitations.

The NFS Access Model

Understanding how NFS provides file access requires understanding its core abstractions: file handles, mount points, and the remote procedure call mechanism that ties everything together.

File Handles: The Universal Identifier

In local file systems, files are typically identified by inode numbers—simple integers that index into a table on a specific disk. But in a network environment, we need a way to uniquely identify files across machines. NFS accomplishes this with file handles.

A file handle is an opaque byte sequence (typically 32-64 bytes) that uniquely identifies a file on a particular server. The handle encodes enough information for the server to locate the file, but its internal structure is intentionally hidden from clients.

A typical file handle might contain:

File system identifier — Which file system on the server
Inode number — The file's identity within that file system
Generation number — A version counter that changes when inodes are reused

The generation number is crucial for correctness. Without it, a sequence like:

Client gets handle for file with inode 42
File is deleted, inode 42 is freed
New file is created, assigned inode 42
Client uses old handle, accesses wrong file!

The generation number ensures stale handles are detected: the new file at inode 42 has a different generation number, so the old handle won't match.

NFS File Handle Structure (Conceptual)
C (Conceptual)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
/* Conceptual structure of an NFS file handle
 * Actual layout is opaque to clients and varies by implementation */
 
struct nfs_file_handle {
    /* File system identifiers */
    uint32_t    fsid_major;      /* Major file system ID */
    uint32_t    fsid_minor;      /* Minor file system ID */
    
    /* File identity within the file system */
    uint64_t    inode_number;    /* Inode number of the file */
    uint32_t    generation;      /* Generation number for stale detection */
    
    /* Export-specific information */
    uint32_t    export_id;       /* ID of the exported subtree */
    
    /* Padding/reserved for future use */
    uint8_t     reserved[16];
    
    /* Total size: typically 32-64 bytes in NFSv3/v4 */
};
 
/* File handles are opaque to clients:
 * - Client receives handle from server via LOOKUP or other operations
 * - Client passes handle back to server for subsequent operations  
 * - Client NEVER interprets handle contents
 * - If handle format changes, only server implementation changes */

Mount Points: Connecting Remote File Systems

NFS relies on the standard UNIX mount mechanism to integrate remote file systems into the local directory tree. When a client mounts an NFS export, it creates a mount point where the remote file system appears.

For example:

mount server.example.com:/export/home /home

This command mounts the remote path /export/home from server.example.com at the local path /home. After this, any access to /home/alice/document.txt transparently becomes an NFS operation to access /export/home/alice/document.txt on the server.

The mount process involves:

Contact the mount daemon — The client connects to the server's mount service
Authentication — The server verifies the client is allowed to access the export
File handle exchange — The server provides the root file handle for the exported path
Kernel configuration — The client kernel records the mount point and associated file handle

Once mounted, the NFS file system is integrated into the Virtual File System (VFS) layer. All standard file operations go through VFS, which routes them to the appropriate handler—local disk or NFS client.

Converting Mermaid diagram...

VFS Integration: Key to Transparency

The Virtual File System (VFS) layer is what makes NFS transparency possible. VFS provides a uniform interface for all file operations, routing them to the appropriate file system implementation. Applications use standard POSIX calls like open() and read(); VFS determines whether those calls go to a local file system or the NFS client. No application code changes required.

Remote Procedure Calls (RPC)

NFS is built on top of Remote Procedure Call (RPC), a protocol that allows programs to execute procedures on remote machines as if they were local function calls. Understanding RPC is essential to understanding how NFS actually works.

The RPC Abstraction

RPC provides a powerful abstraction: instead of thinking about network sockets, message formats, and serialization, a programmer can simply 'call a function' that happens to execute on a remote machine. The RPC infrastructure handles all the networking details.

From the programmer's perspective:

// This looks like a local function call
result = nfs_read(file_handle, offset, count);

// But behind the scenes:
// 1. Arguments are serialized into a network message
// 2. Message is sent to the server
// 3. Server deserializes and executes the actual function
// 4. Result is serialized and sent back
// 5. Client deserializes result and returns it

Sun RPC (ONC RPC)

NFS uses Sun RPC, also known as ONC (Open Network Computing) RPC. This protocol defines:

Program Number — A unique identifier for each RPC service (NFS is program 100003)
Version Number — Allows protocol evolution while maintaining compatibility
Procedure Number — Identifies specific operations within a program
XDR (External Data Representation) — A standard format for encoding data that handles byte ordering and type conversion across different architectures

When a client wants to perform an NFS operation, it constructs an RPC request containing:

The program number (100003 for NFS)
The version number (2, 3, or 4)
The procedure number (e.g., 6 for READ in NFSv3)
XDR-encoded arguments (file handle, offset, count)

Key NFS Procedures (NFSv3)
Procedure #	Name	Description	Arguments
0	NULL	Null procedure (used for pinging/testing)	None
1	GETATTR	Get file attributes	File handle
2	SETATTR	Set file attributes	File handle, attributes
3	LOOKUP	Look up filename in directory	Directory handle, filename
4	ACCESS	Check access permissions	File handle, access mode
5	READLINK	Read symbolic link	File handle
6	READ	Read data from file	File handle, offset, count
7	WRITE	Write data to file	File handle, offset, data
8	CREATE	Create a file	Directory handle, name, attributes
9	MKDIR	Create a directory	Directory handle, name, attributes
10	SYMLINK	Create a symbolic link	Directory handle, name, attributes, path
11	MKNOD	Create a special device	Directory handle, name, type, attributes
12	REMOVE	Remove a file	Directory handle, name
13	RMDIR	Remove a directory	Directory handle, name
14	RENAME	Rename a file or directory	From dir, from name, to dir, to name
15	LINK	Create a hard link	File handle, directory handle, name
16	READDIR	Read directory entries	Directory handle, cookie, count
20	FSSTAT	Get file system statistics	File handle
21	FSINFO	Get file system info	File handle

Transport Protocols: UDP vs. TCP

NFS can operate over either UDP or TCP:

UDP (User Datagram Protocol):

Lighter weight, lower latency per packet
NFS must implement its own reliability (retransmission, ordering)
Better for LANs with low packet loss
Historically the default choice

TCP (Transmission Control Protocol):

Reliable, ordered delivery built-in
Better for WANs or unreliable networks
Higher overhead per operation
Became default in NFSv4

The choice between UDP and TCP involves trade-offs between latency and reliability. In a healthy local network, UDP's lower overhead provides better performance. But TCP's reliability is essential when packet loss is significant, and it simplifies firewall configuration (single well-known port).

XDR: Solving the Heterogeneity Problem

Different computer architectures use different byte orderings (big-endian vs. little-endian), word sizes, and data alignments. XDR (External Data Representation) provides a canonical format for encoding data, ensuring that a SPARC server and an x86 client can communicate correctly. All integers are sent in network byte order (big-endian); all data types have specified sizes and alignments.

The Export Model

Before clients can access files via NFS, servers must explicitly export portions of their file system. The export model provides access control, determining which clients can mount which directories and with what permissions.

The /etc/exports File

On Unix-like NFS servers, exports are typically configured in /etc/exports. Each line specifies a directory to export and the clients permitted to access it:

# Export home directories to the internal network
/export/home  192.168.1.0/24(rw,sync,no_root_squash)

# Export software repository read-only to everyone
/export/software  *(ro,sync)

# Export project data to specific machines
/export/projects  workstation1.example.com(rw,sync) workstation2.example.com(rw,sync)

Common Export Options

•rw / ro — Read-write or read-only access. Controls whether clients can modify files.
•sync / async — Synchronous writes return only after data is committed to disk; asynchronous writes return immediately (faster but risky).
•root_squash / no_root_squash — Map root user to anonymous (squash) or allow root access. Critical for security.
•all_squash — Map all users to anonymous. Useful for public exports.
•anonuid / anongid — Specify the UID/GID for anonymous/squashed users.
•secure / insecure — Require requests from privileged ports (<1024) or allow any port.
•subtree_check / no_subtree_check — Verify that accessed files are in the exported subtree. Can cause problems with renamed files.

Security Implications of root_squash

The root_squash option deserves special attention because it addresses a fundamental security concern: the root user on a client is not the same as the root user on the server.

Without root_squash:

Client root can access any file on the NFS export
Client root can change ownership of files to any user
A compromised client machine means a compromised server file system

With root_squash (the default):

Client root is mapped to 'nobody' (typically UID 65534)
Root cannot access root-owned files on the server
Provides containment if a client is compromised

However, root_squash can cause problems for legitimate administrative tasks. The no_root_squash option is sometimes needed for client machines that must perform root operations (like diskless workstations mounting their root file system via NFS).

/etc/exports Examples
Shell Configuration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Complex export configuration example
 
# Home directories: read-write, synchronized, preserve root
# Only allow internal network
/export/home    192.168.1.0/24(rw,sync,no_subtree_check,root_squash)
 
# Shared project space: read-write for project team machines
# Use async for performance (with proper backup strategy)
/export/projects/alpha   project-ws1.example.com(rw,async,no_subtree_check) \
                         project-ws2.example.com(rw,async,no_subtree_check) \
                         project-server.example.com(rw,sync,no_root_squash)
 
# Public software repository: read-only for everyone
# Secure ports only, all users mapped to anonymous
/export/software         *(ro,sync,all_squash,anonuid=65534,anongid=65534)
 
# Diskless workstation root filesystem
# Must have no_root_squash so workstation can boot properly
/export/diskless/ws1     192.168.1.100(rw,sync,no_root_squash,no_subtree_check)
 
# After modifying /etc/exports, apply changes:
# exportfs -ra       # Re-export all directories
# exportfs -v        # Show current exports with options

NFS Trust Model: Client Authentication

Classic NFS has weak security: it trusts the client to accurately report user identities. If I claim to be UID 1000, the server believes me. This means a malicious client administrator can impersonate any user. In trusted internal networks this is acceptable; for anything else, NFSv4 with Kerberos authentication is essential.

NFS Client-Server Interaction Flow

Let's trace through a complete example of how an application's file access translates into NFS operations. This will solidify your understanding of the components we've discussed.

Scenario: Reading a File

An application on a client machine runs:

int fd = open("/home/alice/data.txt", O_RDONLY);
char buf[4096];
ssize_t n = read(fd, buf, sizeof(buf));

What happens behind the scenes?

Converting Mermaid diagram...

Phase 1: Path Resolution (open)

The open() call triggers a path resolution process:

VFS receives the open request and identifies /home as an NFS mount point
For each path component after the mount point, NFS issues a LOOKUP RPC:
- LOOKUP(mount_root_handle, "alice") → returns alice's directory handle
- LOOKUP(alice_dir_handle, "data.txt") → returns data.txt's file handle + attributes
The NFS client caches the file handle and creates a local file descriptor
VFS returns the file descriptor to the application

Phase 2: Data Transfer (read)

The read() call triggers data retrieval:

VFS routes the read request to the NFS client
NFS issues a READ RPC with the cached file handle, offset (0), and count (4096)
The server reads from its local file system
Data is returned in the RPC reply (up to a maximum size, typically 32KB-1MB)
The client may cache the data for future reads

Key Observations:

Path lookups are component-by-component — Each directory requires a separate LOOKUP. Deep paths mean many RPCs.
Caching is essential — Without caching, every file access would require network round-trips. The NFS client aggressively caches file handles and attributes.
File handles are persistent — Once obtained, a file handle can be used for all subsequent operations on that file.
The server is stateless — Each LOOKUP and READ contains all information needed to complete the operation. The server doesn't remember previous requests.

Attribute Caching: A Crucial Optimization

To avoid round-trips for every stat() call, NFS clients cache file attributes with a timeout (typically 3-60 seconds). This means changes on the server may not be immediately visible to clients—a source of the 'NFS consistency weirdness' that developers sometimes encounter. We'll explore caching behavior in detail in the Performance Considerations page.

NFS vs. Other Approaches

NFS is not the only way to share files over a network. Understanding where NFS fits in the landscape of network storage solutions helps clarify its strengths and appropriate use cases.

Network File Access Approaches
Approach	How It Works	Strengths	Weaknesses
NFS	Server exports file system; clients mount and access transparently	POSIX semantics, kernel integration, wide compatibility	Complex consistency semantics, security challenges
SMB/CIFS	Windows file sharing protocol; now cross-platform	Rich Windows integration, strong authentication	Higher overhead, complex protocol
FTP/SFTP	File transfer protocols; explicit copy operations	Simple, widely supported, secure (SFTP)	No file system semantics, explicit transfers
Object Storage (S3)	Flat namespace, HTTP-based access, eventual consistency	Massive scale, HTTP-based, cloud-native	No POSIX semantics, eventual consistency
iSCSI/FC	Block-level storage over network	Highest performance, transparent to file system	Single-host access, infrastructure cost

When to Use NFS

NFS excels in scenarios requiring:

POSIX file system semantics — Applications that use standard UNIX file operations work without modification
Shared access — Multiple machines need simultaneous access to the same files
Transparent integration — Applications shouldn't need to know files are remote
Unix/Linux environments — NFS is deeply integrated into Unix-like operating systems

When NFS May Not Be Ideal

High-security environments — Unless using NFSv4 with Kerberos, NFS security is weak
Wide-area networks — NFS was designed for LANs; high latency degrades performance significantly
Massive scale — Object storage may be more appropriate for billions of files across global infrastructure
Windows-centric environments — SMB/CIFS provides better Windows integration

The Role of FUSE

Modern systems often bridge these approaches using FUSE (Filesystem in Userspace). For example, S3 buckets can be mounted as file systems using tools like s3fs, providing NFS-like access to object storage. This flexibility blurs the traditional categories, but understanding the underlying trade-offs remains essential.

Summary: Understanding NFS Foundations

We've covered substantial ground in understanding the motivations, design philosophy, and fundamental concepts of Network File Systems. Let's consolidate the key takeaways:

Key Takeaways

•NFS provides location-transparent file access — Applications access remote files using standard system calls, unaware that data is on a remote server. This transparency is enabled by integration with the VFS layer.
•Stateless server design prioritizes crash recovery — By maintaining no client state, NFS servers can crash and reboot without complex recovery protocols. Clients simply retry failed requests.
•File handles are the key abstraction — These opaque identifiers uniquely identify files across the network, enabling stateless operation while maintaining file identity.
•RPC provides the communication foundation — Sun RPC with XDR encoding handles all networking complexity, presenting remote operations as simple function calls.
•Exports control access — Servers explicitly export directories with specific access permissions, providing coarse-grained access control.
•Trade-offs are inherent — The stateless design that enables reliability creates consistency challenges. Caching improves performance but can show stale data. Understanding these trade-offs is essential for effective NFS use.

What's Next

With this foundational understanding, we're ready to dive deeper into the technical architecture of NFS. The next page explores the NFS Architecture in detail, examining the protocol stack, the mount protocol, the NFS daemon structure, and how all the components work together to provide seamless remote file access.

We'll see how the simple concepts presented here translate into a sophisticated multi-layered system that has evolved over four decades while maintaining backward compatibility.

Page Complete

You now understand the fundamental concepts and design philosophy behind Network File Systems. NFS was born from a clear vision—making the network invisible—and its stateless, transparent design became a model for distributed systems. Next, we'll examine the architectural details that make this vision a reality.

1 / 5

Loading learning content...

Operating SystemsAdvanced File Systems

Network File Systems

LevelAdvanced

Duration75 mins

TopicAdvanced File Systems

1 / 5

NFS Overview

The Network is the Computer

What You Will Learn

The Problem NFS Solves

The Pre-NFS World

Consider a typical computing environment before network file systems:

Each workstation had its own local disk storage
Users had to log into specific machines to access their files
Sharing data required explicit file transfers via FTP, rcp, or physical media
Backup and administration required managing each machine individually
Software installation had to be repeated on every workstation
Disk space was expensive and often underutilized (one machine full, another nearly empty)

This model created numerous operational nightmares:

Pain Points of Isolated Storage

•User Mobility Constraints — Users were tied to specific workstations. If your machine was busy or broken, you couldn't access your files from another terminal.
•Resource Waste — Storage resources couldn't be pooled. Each machine needed enough disk space for its 'worst case' scenario, leading to massive underutilization.
•Administrative Overhead — System administrators had to manage backups, updates, and configurations on every individual machine—an O(n) problem that scaled terribly.
•Data Consistency — When users copied files between machines, versions quickly diverged. There was no single source of truth.
•Collaboration Friction — Sharing work required explicit coordination: 'I'll FTP you the file when I'm done.' Real-time collaboration was impossible.

Sun's Vision: Diskless Workstations

This approach offered compelling advantages:

Centralized Administration — Manage storage, backups, and software from a single location
Resource Pooling — Aggregate storage capacity could be allocated dynamically
User Mobility — Log in from any workstation and see your complete environment
Cost Reduction — Workstations without disks were cheaper; central storage could use higher-quality hardware
Reliability — Professional storage servers could have redundant disks, professional backups, etc.

But realizing this vision required a new kind of file system—one that could make network resources appear local.

The 'Network is the Computer' Philosophy

Design Philosophy and Goals

Core Design Principles of NFS

•Transparency — Applications should not need modification to use remote files. Standard UNIX system calls (open, read, write, close) must work identically for local and remote files.
•Crash Recovery — Both client and server crashes should be recoverable without special procedures. The system should 'just work' after restart.
•Heterogeneity — Different hardware architectures and operating systems should be able to interoperate. NFS must not assume specific byte ordering or word sizes.
•Performance — Despite the network overhead, the system should be fast enough for interactive use. Users shouldn't notice significant delays.
•Simplicity — A simpler design means fewer bugs, easier debugging, and more reliable operation. Complexity is the enemy of reliability.

The Stateless Server Decision

Stateful Server Crash Scenario:

Client opens file, server records 'Client A has file X open'
Server crashes and reboots
Server has lost all session state
Client A's file handle is now invalid
Client must detect failure, reconnect, and reopen files
Complex recovery logic on both sides

Stateless Server Crash Scenario:

Client opens file (server records nothing)
Server crashes and reboots
Client's request times out
Client automatically retries the same request
Server handles request as if nothing happened
Operation succeeds transparently

The stateless approach dramatically simplified crash recovery—clients simply retry until the server comes back up. This idempotent request model became a fundamental characteristic of NFS.

Idempotency: A Fundamental Concept

The Trade-off: Consistency vs. Simplicity

The stateless approach came with trade-offs that persist in NFS to this day:

Advantages of Stateless Design:

Server can crash and reboot without complex recovery protocols
No limit on the number of clients (no per-client state to maintain)
Server implementation is simpler and less bug-prone
Load balancing is straightforward (any server can handle any request)

Disadvantages of Stateless Design:

No server-side cache invalidation (clients don't know when files change)
Locking requires a separate, stateful protocol
Some operations cannot be made idempotent (e.g., creating a unique filename)
Clients must poll to detect changes

These trade-offs would shape NFS's evolution across its various versions, with later designs adding limited statefulness to address the most painful limitations.

The NFS Access Model

Understanding how NFS provides file access requires understanding its core abstractions: file handles, mount points, and the remote procedure call mechanism that ties everything together.

File Handles: The Universal Identifier

A typical file handle might contain:

File system identifier — Which file system on the server
Inode number — The file's identity within that file system
Generation number — A version counter that changes when inodes are reused

The generation number is crucial for correctness. Without it, a sequence like:

Client gets handle for file with inode 42
File is deleted, inode 42 is freed
New file is created, assigned inode 42
Client uses old handle, accesses wrong file!

The generation number ensures stale handles are detected: the new file at inode 42 has a different generation number, so the old handle won't match.

NFS File Handle Structure (Conceptual)
C (Conceptual)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
/* Conceptual structure of an NFS file handle
 * Actual layout is opaque to clients and varies by implementation */
 
struct nfs_file_handle {
    /* File system identifiers */
    uint32_t    fsid_major;      /* Major file system ID */
    uint32_t    fsid_minor;      /* Minor file system ID */
    
    /* File identity within the file system */
    uint64_t    inode_number;    /* Inode number of the file */
    uint32_t    generation;      /* Generation number for stale detection */
    
    /* Export-specific information */
    uint32_t    export_id;       /* ID of the exported subtree */
    
    /* Padding/reserved for future use */
    uint8_t     reserved[16];
    
    /* Total size: typically 32-64 bytes in NFSv3/v4 */
};
 
/* File handles are opaque to clients:
 * - Client receives handle from server via LOOKUP or other operations
 * - Client passes handle back to server for subsequent operations  
 * - Client NEVER interprets handle contents
 * - If handle format changes, only server implementation changes */

Mount Points: Connecting Remote File Systems

For example:

mount server.example.com:/export/home /home

The mount process involves:

Contact the mount daemon — The client connects to the server's mount service
Authentication — The server verifies the client is allowed to access the export
File handle exchange — The server provides the root file handle for the exported path
Kernel configuration — The client kernel records the mount point and associated file handle

Converting Mermaid diagram...

VFS Integration: Key to Transparency

Remote Procedure Calls (RPC)

The RPC Abstraction

From the programmer's perspective:

// This looks like a local function call
result = nfs_read(file_handle, offset, count);

// But behind the scenes:
// 1. Arguments are serialized into a network message
// 2. Message is sent to the server
// 3. Server deserializes and executes the actual function
// 4. Result is serialized and sent back
// 5. Client deserializes result and returns it

Sun RPC (ONC RPC)

NFS uses Sun RPC, also known as ONC (Open Network Computing) RPC. This protocol defines:

Program Number — A unique identifier for each RPC service (NFS is program 100003)
Version Number — Allows protocol evolution while maintaining compatibility
Procedure Number — Identifies specific operations within a program
XDR (External Data Representation) — A standard format for encoding data that handles byte ordering and type conversion across different architectures

When a client wants to perform an NFS operation, it constructs an RPC request containing:

The program number (100003 for NFS)
The version number (2, 3, or 4)
The procedure number (e.g., 6 for READ in NFSv3)
XDR-encoded arguments (file handle, offset, count)

Key NFS Procedures (NFSv3)
Procedure #	Name	Description	Arguments
0	NULL	Null procedure (used for pinging/testing)	None
1	GETATTR	Get file attributes	File handle
2	SETATTR	Set file attributes	File handle, attributes
3	LOOKUP	Look up filename in directory	Directory handle, filename
4	ACCESS	Check access permissions	File handle, access mode
5	READLINK	Read symbolic link	File handle
6	READ	Read data from file	File handle, offset, count
7	WRITE	Write data to file	File handle, offset, data
8	CREATE	Create a file	Directory handle, name, attributes
9	MKDIR	Create a directory	Directory handle, name, attributes
10	SYMLINK	Create a symbolic link	Directory handle, name, attributes, path
11	MKNOD	Create a special device	Directory handle, name, type, attributes
12	REMOVE	Remove a file	Directory handle, name
13	RMDIR	Remove a directory	Directory handle, name
14	RENAME	Rename a file or directory	From dir, from name, to dir, to name
15	LINK	Create a hard link	File handle, directory handle, name
16	READDIR	Read directory entries	Directory handle, cookie, count
20	FSSTAT	Get file system statistics	File handle
21	FSINFO	Get file system info	File handle

Transport Protocols: UDP vs. TCP

NFS can operate over either UDP or TCP:

UDP (User Datagram Protocol):

Lighter weight, lower latency per packet
NFS must implement its own reliability (retransmission, ordering)
Better for LANs with low packet loss
Historically the default choice

TCP (Transmission Control Protocol):

Reliable, ordered delivery built-in
Better for WANs or unreliable networks
Higher overhead per operation
Became default in NFSv4

XDR: Solving the Heterogeneity Problem

The Export Model

The /etc/exports File

On Unix-like NFS servers, exports are typically configured in /etc/exports. Each line specifies a directory to export and the clients permitted to access it:

# Export home directories to the internal network
/export/home  192.168.1.0/24(rw,sync,no_root_squash)

# Export software repository read-only to everyone
/export/software  *(ro,sync)

# Export project data to specific machines
/export/projects  workstation1.example.com(rw,sync) workstation2.example.com(rw,sync)

Common Export Options

•rw / ro — Read-write or read-only access. Controls whether clients can modify files.
•sync / async — Synchronous writes return only after data is committed to disk; asynchronous writes return immediately (faster but risky).
•root_squash / no_root_squash — Map root user to anonymous (squash) or allow root access. Critical for security.
•all_squash — Map all users to anonymous. Useful for public exports.
•anonuid / anongid — Specify the UID/GID for anonymous/squashed users.
•secure / insecure — Require requests from privileged ports (<1024) or allow any port.
•subtree_check / no_subtree_check — Verify that accessed files are in the exported subtree. Can cause problems with renamed files.

Security Implications of root_squash

The root_squash option deserves special attention because it addresses a fundamental security concern: the root user on a client is not the same as the root user on the server.

Without root_squash:

Client root can access any file on the NFS export
Client root can change ownership of files to any user
A compromised client machine means a compromised server file system

With root_squash (the default):

Client root is mapped to 'nobody' (typically UID 65534)
Root cannot access root-owned files on the server
Provides containment if a client is compromised

/etc/exports Examples
Shell Configuration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Complex export configuration example
 
# Home directories: read-write, synchronized, preserve root
# Only allow internal network
/export/home    192.168.1.0/24(rw,sync,no_subtree_check,root_squash)
 
# Shared project space: read-write for project team machines
# Use async for performance (with proper backup strategy)
/export/projects/alpha   project-ws1.example.com(rw,async,no_subtree_check) \
                         project-ws2.example.com(rw,async,no_subtree_check) \
                         project-server.example.com(rw,sync,no_root_squash)
 
# Public software repository: read-only for everyone
# Secure ports only, all users mapped to anonymous
/export/software         *(ro,sync,all_squash,anonuid=65534,anongid=65534)
 
# Diskless workstation root filesystem
# Must have no_root_squash so workstation can boot properly
/export/diskless/ws1     192.168.1.100(rw,sync,no_root_squash,no_subtree_check)
 
# After modifying /etc/exports, apply changes:
# exportfs -ra       # Re-export all directories
# exportfs -v        # Show current exports with options

NFS Trust Model: Client Authentication

NFS Client-Server Interaction Flow

Let's trace through a complete example of how an application's file access translates into NFS operations. This will solidify your understanding of the components we've discussed.

Scenario: Reading a File

An application on a client machine runs:

int fd = open("/home/alice/data.txt", O_RDONLY);
char buf[4096];
ssize_t n = read(fd, buf, sizeof(buf));

What happens behind the scenes?

Converting Mermaid diagram...

Phase 1: Path Resolution (open)

The open() call triggers a path resolution process:

VFS receives the open request and identifies /home as an NFS mount point
For each path component after the mount point, NFS issues a LOOKUP RPC:
- LOOKUP(mount_root_handle, "alice") → returns alice's directory handle
- LOOKUP(alice_dir_handle, "data.txt") → returns data.txt's file handle + attributes
The NFS client caches the file handle and creates a local file descriptor
VFS returns the file descriptor to the application

Phase 2: Data Transfer (read)

The read() call triggers data retrieval:

VFS routes the read request to the NFS client
NFS issues a READ RPC with the cached file handle, offset (0), and count (4096)
The server reads from its local file system
Data is returned in the RPC reply (up to a maximum size, typically 32KB-1MB)
The client may cache the data for future reads

Key Observations:

Path lookups are component-by-component — Each directory requires a separate LOOKUP. Deep paths mean many RPCs.
Caching is essential — Without caching, every file access would require network round-trips. The NFS client aggressively caches file handles and attributes.
File handles are persistent — Once obtained, a file handle can be used for all subsequent operations on that file.
The server is stateless — Each LOOKUP and READ contains all information needed to complete the operation. The server doesn't remember previous requests.

Attribute Caching: A Crucial Optimization

NFS vs. Other Approaches

NFS is not the only way to share files over a network. Understanding where NFS fits in the landscape of network storage solutions helps clarify its strengths and appropriate use cases.

Network File Access Approaches
Approach	How It Works	Strengths	Weaknesses
NFS	Server exports file system; clients mount and access transparently	POSIX semantics, kernel integration, wide compatibility	Complex consistency semantics, security challenges
SMB/CIFS	Windows file sharing protocol; now cross-platform	Rich Windows integration, strong authentication	Higher overhead, complex protocol
FTP/SFTP	File transfer protocols; explicit copy operations	Simple, widely supported, secure (SFTP)	No file system semantics, explicit transfers
Object Storage (S3)	Flat namespace, HTTP-based access, eventual consistency	Massive scale, HTTP-based, cloud-native	No POSIX semantics, eventual consistency
iSCSI/FC	Block-level storage over network	Highest performance, transparent to file system	Single-host access, infrastructure cost

When to Use NFS

NFS excels in scenarios requiring:

POSIX file system semantics — Applications that use standard UNIX file operations work without modification
Shared access — Multiple machines need simultaneous access to the same files
Transparent integration — Applications shouldn't need to know files are remote
Unix/Linux environments — NFS is deeply integrated into Unix-like operating systems

When NFS May Not Be Ideal

High-security environments — Unless using NFSv4 with Kerberos, NFS security is weak
Wide-area networks — NFS was designed for LANs; high latency degrades performance significantly
Massive scale — Object storage may be more appropriate for billions of files across global infrastructure
Windows-centric environments — SMB/CIFS provides better Windows integration

The Role of FUSE

Summary: Understanding NFS Foundations

We've covered substantial ground in understanding the motivations, design philosophy, and fundamental concepts of Network File Systems. Let's consolidate the key takeaways:

Key Takeaways

•NFS provides location-transparent file access — Applications access remote files using standard system calls, unaware that data is on a remote server. This transparency is enabled by integration with the VFS layer.
•Stateless server design prioritizes crash recovery — By maintaining no client state, NFS servers can crash and reboot without complex recovery protocols. Clients simply retry failed requests.
•File handles are the key abstraction — These opaque identifiers uniquely identify files across the network, enabling stateless operation while maintaining file identity.
•RPC provides the communication foundation — Sun RPC with XDR encoding handles all networking complexity, presenting remote operations as simple function calls.
•Exports control access — Servers explicitly export directories with specific access permissions, providing coarse-grained access control.
•Trade-offs are inherent — The stateless design that enables reliability creates consistency challenges. Caching improves performance but can show stale data. Understanding these trade-offs is essential for effective NFS use.

What's Next

We'll see how the simple concepts presented here translate into a sophisticated multi-layered system that has evolved over four decades while maintaining backward compatibility.

Page Complete

1 / 5