NFS has undergone remarkable evolution since its 1984 debut. Each major version addressed limitations discovered through real-world deployment, incorporated lessons from distributed systems research, and adapted to changing network environments—from 10 Mbps Ethernet LANs to global data centers connected by optical fiber.

Understanding NFS versions isn't merely academic. In production environments, you'll encounter all versions: legacy systems running NFSv3, modern Linux deployments on NFSv4.2, and everything in between. Knowing the capabilities and limitations of each version helps you:

• Choose the right version for new deployments
• Understand behavior differences when troubleshooting
• Plan migration strategies for version upgrades
• Configure interoperability between different systems

Backward Compatibility Strategy

NFS maintains strong backward compatibility through graceful negotiation:

1. Client requests highest version it supports
2. Server responds with highest version it supports (≤ client's request)
3. Both sides operate at the negotiated version

This allows gradual infrastructure upgrades—a new server can serve both legacy and modern clients simultaneously.

# Force specific version on mount
mount -t nfs -o vers=3 server:/export /mnt    # Force NFSv3
mount -t nfs -o vers=4 server:/export /mnt    # Force NFSv4.0
mount -t nfs -o vers=4.2 server:/export /mnt  # Force NFSv4.2

# Check negotiated version
nfsstat -m  # Shows mount options including version

NFSv2, released with SunOS 2.0 in 1984, established the fundamental NFS model that persists today. Understanding NFSv2's limitations explains why its successors evolved as they did.

Core Characteristics of NFSv2:

• Transport: UDP only (TCP added by some vendors later)
• File Size: 32-bit offsets (maximum 2GB files)
• Write Semantics: Synchronous only
• File Handles: Fixed 32 bytes
• Maximum Read/Write: 8KB per operation

NFSv2 Limitations That Drove NFSv3

NFSv3 (RFC 1813, 1995) addressed NFSv2's most painful limitations while maintaining the stateless model. It became the dominant NFS version for over a decade and remains widely deployed today.

Key NFSv3 Improvements:

Asynchronous Writes: The Game Changer

NFSv3's asynchronous write capability was transformative for performance. The WRITE procedure includes a stable parameter:

WRITE Stability Modes:

UNSTABLE (0):  "Write to server memory, don't wait for disk"
               Fast, but data at risk if server crashes
               
DATA_SYNC (1): "Write data to disk, metadata can be cached"
               Moderate speed, data safe, metadata at risk
               
FILE_SYNC (2): "Write everything to disk before returning"
               Slow, full durability (like NFSv2)

The COMMIT procedure complements UNSTABLE writes:

1. Client sends multiple UNSTABLE writes (fast)
2. Client sends COMMIT covering all written ranges
3. Server flushes to disk and returns
4. Client knows data is durable

Weak Cache Consistency (WCC)

WCC provides pre-operation and post-operation attributes with modifying operations. This lets clients detect concurrent modifications:

/* WCC example: WRITE response */
struct WRITE3resok {
    wcc_data     file_wcc;        /* Before/after attributes */
    count3       count;           /* Bytes written */  
    stable_how   committed;       /* How stable is the write? */
    writeverf3   verf;            /* Server write verifier */
};

struct wcc_data {
    pre_op_attr  before;          /* size, mtime, ctime before */
    post_op_attr after;           /* Full attrs after */
};

The client compares before with its cached attributes:

• Match: cache was valid, update with after attributes
• Mismatch: someone else changed the file, invalidate cache

NFSv4 (RFC 3530, 2003) was not an incremental update—it was a fundamental redesign. The IETF working group incorporated lessons from AFS, CIFS, and distributed systems research to create a more robust, secure, and WAN-friendly protocol.

Philosophical Shifts in NFSv4:

Compound Operations: Reducing Round Trips

NFSv4 allows multiple operations in a single RPC call. Consider accessing /export/home/alice/project/README.md:

NFSv3 requires:

RPC 1: LOOKUP(export_fh, "home")     → home_fh
RPC 2: LOOKUP(home_fh, "alice")     → alice_fh
RPC 3: LOOKUP(alice_fh, "project")  → project_fh
RPC 4: LOOKUP(project_fh, "README.md") → file_fh
RPC 5: READ(file_fh, 0, 4096)       → data

5 round trips!

NFSv4 compound:

RPC 1: COMPOUND {
    PUTROOTFH                        // Start at export root
    LOOKUP("home")                   // Navigate
    LOOKUP("alice")         
    LOOKUP("project")
    LOOKUP("README.md")
    READ(0, 4096)                    // Get data
}

1 round trip!

Delegations: Safe Client-Side Caching

Delegations allow the server to grant caching rights to clients. When a client holds a delegation, it can cache aggressively without revalidation:

Read Delegation:

• Server guarantees no other client will modify the file
• Client can cache data and attributes without checking server
• If another client wants to write, server recalls the delegation

Write Delegation:

• Server guarantees no other client will read or write
• Client can buffer writes locally without sending to server
• Recall happens before any other access

This provides the performance benefits of aggressive caching while maintaining correctness—something NFSv3's weak consistency couldn't achieve.

NFSv4.1 (RFC 5661, 2010) introduced two major innovations: Sessions for exactly-once semantics, and pNFS for parallel data access across clustered storage.

Sessions: Solving the Exactly-Once Problem

NFSv4.0's idempotency approach wasn't perfect—some operations (like CREATE) couldn't be made truly idempotent. NFSv4.1 sessions provide exactly-once semantics through sequence numbers:

Session Model:

1. Client establishes session with server (CREATE_SESSION)
2. Session has 'slots' - each slot tracks one outstanding request
3. Each request carries (slotid, sequence_number)
4. Server tracks highest completed sequence per slot
5. Duplicate detection is now deterministic, not probabilistic

pNFS: Parallel Network File System

pNFS enables clients to perform data I/O directly to storage devices, bypassing the NFS server for data paths while retaining metadata centralization:

Traditional NFS:

  Client ←───────────────→ NFS Server ←→ Storage
        All data flows through server
        Server is bandwidth bottleneck


pNFS Architecture:

                    ┌─→ Storage Device 1
  Client ─┬─ Data ─→├─→ Storage Device 2
          │         └─→ Storage Device 3
          │
          └─ Metadata ─→ Metadata Server (MDS)
          
  Data flows directly to storage!
  Metadata server not in data path

pNFS Layout Types

The 'layout' describes how data is distributed across storage. NFSv4.1 defines three layout types:

1. File Layout (RFC 5661)

• Data striped across multiple NFS data servers
• Simple, NFS-native approach

2. Block Layout (RFC 5663)

• Client accesses block storage directly (iSCSI, FC)
• Requires block protocol stack on client
• Highest performance potential

3. Object Layout (RFC 5664)

• Data stored as objects (like in object storage)
• Used with OSD (Object-based Storage Device) protocols

NFSv4.2 (RFC 7862, 2016) brings NFS into the modern era with features addressing cloud, virtualization, and security requirements.

Key NFSv4.2 Features:

Server-Side Copy: Revolutionary for Virtualization

Consider cloning a VM with a 100GB disk image:

Traditional approach:

Client reads 100GB from source NFS server
Client writes 100GB to destination NFS server
Transfers: 100GB download + 100GB upload = 200GB client bandwidth
Time: Minutes to hours

NFSv4.2 server-side copy:

Client sends COPY command
Server(s) copy data internally
Transfers: Two small NFS commands
Time: Seconds (limited by server disk speed, not network)

For cloud providers and virtualization platforms, this is transformative.

Labeled NFS: MAC Security Across the Network

Labeled NFS enables SELinux and similar MAC (Mandatory Access Control) systems to work across NFS:

Without Labeled NFS:
- File has SELinux label on server: httpd_sys_content_t
- When accessed via NFS, label is lost
- Client can't enforce SELinux policy for NFS files
- Security model is weakened

With Labeled NFS:
- Server includes security label in GETATTR responses
- Client enforces local MAC policy using server's labels
- SELinux policies work consistently across local and NFS files

This is critical for security-sensitive environments like government and financial systems.

Choosing the right NFS version requires balancing features, compatibility, and operational complexity. Here's a decision framework:

Migration Considerations

Moving from NFSv3 to NFSv4:

Configuration Changes:

• NFSv4 exports don't use /etc/exports the same way
• The pseudofs (fsid=0) creates a virtual root
• ID mapping replaces numeric UID/GID

# NFSv3 export
/export/home  192.168.1.0/24(rw,sync)

# NFSv4 export (add fsid=0 for root)
/export       *(ro,fsid=0)             # Pseudofs root
/export/home  192.168.1.0/24(rw,sync)  # Actual data

ID Mapping:

# /etc/idmapd.conf
[General]
Domain = example.com

# Users 'alice@example.com' mapped to local UID

Testing Strategy:

1. Set up NFSv4 server alongside existing NFSv3
2. Test with non-production clients
3. Verify ID mapping, ACLs, lock behavior
4. Migrate clients incrementally
5. Monitor for issues before decommissioning NFSv3

We've journeyed through four decades of NFS evolution. Each version addressed real-world limitations while building on the fundamental principles established in NFSv2. Let's consolidate the key points:

What's Next

With NFS version capabilities understood, we'll explore Performance Considerations—how to optimize NFS for your workload. We'll cover tuning parameters, caching strategies, network considerations, and common performance pitfalls. This practical knowledge helps you get the most from your NFS infrastructure.