A storage system is a computer that provides storage (file) service relating to the organization of information on storage devices, such as disks. The storage system may be deployed within a network attached storage (NAS) environment and, as such, may be embodied as a file server. The file server or filer includes a storage operating system that implements a file system to logically organize the information as a hierarchical structure of directories and files on the disks. Each “on-disk” file may be implemented as a set of data structures, e.g., disk blocks, configured to store information. A directory, on the other hand, may be implemented as a specially formatted file in which information about is other files and directories are stored.
A filer may be further configured to operate according to a client/server model of information delivery to thereby allow many clients to access files stored on a server, e.g., the filer. In this model, the client may comprise an application, such as a database application, executing on a computer that “connects” to the filer over a computer network, such as a point-to-point link, shared local area network (LAN), wide area network (WAN), or virtual private network (VPN) implemented over a public network such as the Internet. Each client may request the services of the file system on the filer by issuing file system protocol messages to the filer over the network.
A common type of file system is a “write in-place” file system, an example of which is the conventional Berkeley fast file system. In a write in-place file system, the locations of the data structures, such as inodes and data blocks, on disk are typically fixed. An inode is a data structure used to store information, such as meta-data, about a file, whereas the data blocks are structures used to store the actual data for the file. The information contained in an inode may include, e.g., ownership of the file, access permission for the file, size of the file, file type and references to locations on disk of the data blocks for the file. The references to the locations of the file data are provided by pointers, which may further reference indirect blocks that, in turn, reference the data blocks, depending upon the quantity of data in the file. Changes to the inodes and data blocks are made “in-place” in accordance with the write in-place file system. If an update to a file extends the quantity of data for the file, an additional data block is allocated and the appropriate inode is updated to reference that data block.
Another type of file system is a write-anywhere file system that does not overwrite data on disks. If a data block on disk is retrieved (read) from disk into memory and “dirtied” with new data, the data is stored (written) to a new location on disk to thereby optimize write performance. A write-anywhere file system may initially assume an optimal layout such that the data is substantially contiguously arranged on disks. The optimal disk layout results in efficient access operations, particularly for sequential read operations, directed to the disks. A particular example of a write-anywhere file system that is configured to operate on a filer is the SpinFS file system available from Network Appliance, Inc. of Sunnyvale, Calif. The SpinFS file system utilizes a write anywhere technique for user and directory data but writes metadata in place. The SpinFS file system is implemented within a storage operating system of the filer as part of the overall protocol stack and associated disk storage.
Disk storage is typically implemented as one or more storage “volumes” that reside on physical storage disks, defining an overall logical arrangement of storage space. Currently available filer implementations can serve a large number of discrete volumes (150 or more, for example). A physical volume, comprised of a pool of disk blocks, may support a number of logical volumes. Each logical volume is associated with its own file system (i.e., a virtual file system) and, for purposes hereof, the terms volume and virtual file system (VFS) shall generally be used synonymously. The disks supporting a physical volume are typically organized as one or more groups of Redundant Array of Independent (or Inexpensive) Disks (RAID). RAID implementations enhance the reliability/integrity of data storage through the redundant writing of data “stripes” across a given number of physical disks in the RAID group, and the appropriate caching of parity information with respect to the striped data. In the example of a SpinFS file system, a RAID 4 implementation may be advantageously employed. This implementation specifically entails the striping of data across a group of disks, and separate parity caching within a selected disk of the RAID group. As described herein, a volume typically comprises at least one data disk and one associated parity disk (or possibly data/parity partitions in a single disk) arranged according to a RAID 4, or equivalent high-reliability, implementation.
In a file server environment, including network file system (NFS) server implementations, export lists are typically utilized as an access control mechanism to restrict access to portions of the server's unified view, i.e., name space, of storage resources on a per pathname basis using a network address, such as an Internet Protocol (IP) address, of a client. An export list consists of a set of pairings of mount points and host lists. The mount point identifies a path name, i.e., a location within the file server name space (such as a directory) that is protected by the export list. The host list includes a listing of network addresses to which the export list is applied. Typically, the host list also specifies a set of permissions associated with each network address. When a data access request issued by a client to access, e.g. a file, is received at the server, the pathname of the file is parsed to determine the appropriate mount point. Once the mount point is identified the file server locates the network address in the appropriate host list to determine if access is to be granted.
A noted disadvantage of export lists is the high computational cost involved in authenticating each data access request against the export lists, i.e., the cost of determining the mount point (and permissions) associated with the file referenced by an incoming request. As noted, each incoming data access request must be checked against the export list to see if the client may access the desired data; each data access request thus involves a time delay needed to compute the appropriate path name and associated mount point. When a file server operates under a heavy load, the added computational cost to parse the pathname exacerbates the load of the file server.