The Enhanced Network Block Device Linux Kernel Module

(Last revised: 21 Jan. 2010)

Enbd 2.4.37a works over SCTP as well as TCP and SSL. Use a server URL of the form sctp://... at the client end.

The Enhanced NBD is the result of an industrially funded academic research project with Realm Software of Atlanta, GA, to toughen up the kernel's NBD. It started back in 2.0 times, when I back-ported the nascent NBD by Pavel Machek from the 2.1 development kernel.


• What is an NBD?
• Requirements
• Current Version
• Documentation
• HOWTO
• Gotcha!
• HOWTO-2
• Resources > 2GB
• Setting up failover
  
• Intelligent mirroring
  
• Bugs
• To Do
• Mail List
• Downloads
• Contacts
  

What is an NBD?


An NBD is "a long pair of wires". It makes a remote disk on a different machine act as though it were a local disk on your machine. It looks like a block device on the local machine where it's typically going to appear as /dev/nda. The remote resource doesn't need to be a whole disk or even a partition. It can be a file.



The intended use for ENBD in particular is for RAID over the net. You can make any NBD device part of a RAID mirror in order to get real time mirroring to a distant (and safe!) backup. To make it clear: start up an NBD connection to a distant NBD server, and use its local device (probably /dev/nda) where you would normally use a local partition in a RAID setup.


I've seen ENBD running at 70MB/s sustained over Giga-ethernet (recent enbd 2.4.35a, between two standard 32-bit dual-core 2GHz intel machines; cpu loading was at about 10%).


The original kernel NBD has been hardened in many ways in moving to ENBD: ENBD uses block-journaled multichannel communications; there is internal failover and automatic balancing between the channels; the client and server daemons restart, authenticate and reconnect after dying or loss of contact; the code can be compiled to take the networking transparantly over SSL channels (see the Makefile for the compilation options).

To summarize briefly, the important changes in ENBD with respect to the standard NBD kernel driver are

• user-space networking (nowadays, enbd-2.4.37, under UDP or SCTP as well as TCP or SSL), combined with a new multichannel self-balancing asynchronous architecture in the kernel driver, and
• automatic restart, authentication, reconnect and recovery by the user space daemons, and now (in enbd post-2.4.27) ...
• support for remote ioctls, and ...
• support for removeable-media such as cdroms and floppies as the remote resource, and ...
  
• since enbd 2.4.30, support for partitioning on NBD devices, and ...
• in enbd-2.4.31, support for intelligent embedded RAID1 mirroring with FR1 (FR technology has now gone into the kernel RAID architecture via Paul Clements and Neil Brown, kernel NBD and RAID maintainers respectively, since circa kernel 2.6.13-18, so you don't need the 3rd party FR1 module nowadays).
  

I haven't been following Pavel's (now Paul's, etc.) kernel driver closely but we are in friendly contact, and bugfixes pass between the two when the differing architectures permit.

Requirements

Kernel version 2.2.10 to .15 or thereabouts onwards, or kernel 2.4.0 and 2.6.3 onwards.  "Legacy" branch versions enbd-2.2.25 onwards also work under at least the early 2.4 kernels. The "current" branch versions enbd-2.4.* work on both 2.2 and 2.4 kernels as well as 2.6 kernels, and probably on 2.0 kernels too (as do the enbd-2.2.* series). Compatibility layers in the driver code serve to emulate the newer kernel interfaces on older kernel architectures.

Current version as of Aug. 2008

The legacy code for the 2.2 kernel is to be found at enbd-2.2-current   (currently enbd-2.2.29). See the ftp area for the full set of releases. The latest fully qualified stable release is enbd-2.4.35 (which in theory supports the 2.2 kernels as well as the intended 2.4 and 2.6 kernels), available at enbd-2.4-current. The development version is currently enbd-2.4.37a, in the same directory. In addition, there are enbd-2.4.35a, enbd-2.4.35b, in that directory which consist of earlier stable (and development) releases with updates, corrections, and portability changes for compatibility with later kernels than the ones they were developed against. I have tested and run under kernels up to and including 2.6.32. Yes, this information is probably going to be out of date when you see it.

Sorry for the confusion that results from me having one minor version number (2.4) which covers three (2.4, 2.5, 2.6) kernel version minors!

Documentation

I'll refer you for general orientation to the Linux Journal article (vol #73 May 2000), but please regard the documentation bundled with the distribution as authoratative. The journal article is accurate only for the procedures for 2.2 series codes. I keep a copy in postscript format here.

Here are some now ancient performance measurements from 2000:



These are taken under Linux kernel 2.0.36, as I recall, with a much older version of ENBD than the current one! The testbed back then was a pair of 64MB P200s on a 100BT switched circuit using 3c905 NICs. The best speed I could get out of raw TCP between them was 58.3Mb/s, tested using netperf.


On a 100BT switch I would expect to get at least 9.4MB/s with TCP under current ENBD, and going faster than the net is possible, indeed usual, under some circumstances, thanks to some tricks that ENBD incorporates. CPU load on 100BT on current multi-GHz 32-bit platforms is of the order of 10%. Recent measurements show 50MB/s in both directions being achieved with TCP on Gigabit ethernet (enbd 2.4.37).

The driver is known to work on intel (and AMD) 32 and 64-bit platforms, and on ARM, and on sparc and other bigendian platforms. If you have an unusual architecture please let me know if it does not compile or run correctly and I'll fix it.


HOWTO

The first and best advice is to do all the compilation on the client machine that you will be using to host the kernel ENBD devices. It has the kernel configuration that we need to match during the compilation - the enbd server never talks to its own kernel so it can pretty well be compiled against any headers. It's an entirely user-space application (there's even a Windows server floating around - the protocol specification is published so servers can be written fairly easily; there's a copy of the specification in the documentation directory in the distribution). The ENBD client daemon does speak to the kernel, however, and it needs to get the shapes and sizes of several data types just right.

Usually, typing "make" in the enbd source directory will do all the work automatically. However, that pre-supposes a very common state of affairs that I'll make explicit, so you can mend it if it is not so:


1. The softlink /lib/modules/`uname -r`/build must point to the source directory where the running kernel was compiled - i.e. you (or somebody else) compiled it in that source directory and you haven't moved, changed, removed or cleaned the source afterwards.
   

   A distribution-provided kernel usually requires the kernel source package to be installed separately. Usually (but not always) that source is configured in the same way as the running distribution kernel. In particular ...
   

2. The .config in the kernel source directory must be the one that was used to compile the running kernel. You can make sure it is by comparing it with `zcat /proc/config.gz`, if that file exists.

   I generally do "zcat /proc/config.gz | diff - .config". No output from that command is good. A minor output showing a date difference is harmless.

   If there is no /proc/config.gz, well, a distribution kernel usually comes with the original config in /boot/config-`uname -r` (check the kernel package manifest for details).

   You can restore the .config from one or another of those places.

3. If you put the right .config back in its place, you will need to let the kernel compile go through again for at least the first few files of the compilation.

   Usually "make prepare" in the kernel source directory does the trick (the aim is to establish the correct include/version.h file and a few other little things).
   
   Notice that this implies that you must have write permission in the kernel directory. It doesn't mean you need to be root! I usually chown the kernel source to my userid, recursively ("sudo chown ptb -R ."), and do all the compiling as myself.
   

4. Make sure you are using the same compiler as was used to compile the running kernel. I.e. if you've upgraded since, reinstall the old compiler somewhere and set the environment variable CC to point to it (e.g "export CC=gcc-3.4").

   Unfortunately, the only way I know of of finding out about this is to do the compilation of one kernel module and try and insert it into the running target kernel. If insmod complains about a compiler mismatch, you'll see which compiler was used originally from the message. If it doesn't complain, you're using the right compiler (failing being sensible, I usually just compile the whole caboodle, both kernel and enbd, with the compiler I happen to have to hand at that moment, and install the newly compiled kernel too!)

The above conditions are usually met just because life is kind. But in case the source has moved or you are compiling for a kernel that is not the running kernel on the compile machine, you can still get away with doing a "make" in the enbd source directory but you need to first set the environment variable KLINUXDIR to the location of the source directory for the target kernel. Typing "make KLINUXDIR=wherever" also works.

Again, the target kernel source directory must contain the correct target kernel .config file, and "make prepare" must have been run there.

So, to summarize, what you need to do in the normal case is, for example:

1. % tar xzvf enbd-2.4.36.tgz
2. % cd enbd-2.4.36
3. % make
   

and provided the conditions enumerated above are met, all will be compiled correctly. Only if it doesn't work, look harder at what's going on and perhaps email me about it. I'll quote the INSTALL directions:


Typing "make" in the enbd source directory will build enbd.ko, enbd_ioctl.ko, enbd-server, enbd-client in /tmp.

Change BUILD in the Makefile to change the build directory or run "make BUILD=wherever".

Run "make clean realclean config all" to really really really make sure that everything is set up for you, but just "make" should normally do the job.


Then you can go on to do a test as follows ...


4. Make sure that sudo is installed and that you are a sudoer.

   install the modules enbd.ko and enbd_ioctl.ko into the running kernel with
   
   % insmod /tmp/enbd.ko
   % insmod /tmp/enbd_ioctl.ko

   Then run "make test".

   This depends on the presence of sudo.

   Observe that the module enbd.ko is loaded (use /sbin/lsmod for that).

   Observe also that enbd-server and enbd-client are running (use pstree for that).

   Check that server and client daemons have branched off slave server and client daemons to handle the connections (use pstree to visualize the situation).

   Check that the state of the device is good by doing a "cat /proc/nbdinfo".

   You should see indications of /dev/nda being up and running. If anything is wrong, look in your system logs for error messages and send me the state shown by /proc/nbdinfo.

What happens in the test above?

Well, "make test" should set up a small file in /tmp on localhost and serve it to the same machine. That'll appear as the /dev/nda device. The makefile will run the "enbd-test" utility on /dev/nda and report the results. If all has gone well, you can make a file system with "mke2fs /dev/nda" and play. I suggest:
 

% mke2fs /dev/nda
% mount /dev/nda /mnt
% cd /mnt
% bonnie ...


The ndxN devices must exist on the client for this to work. I've provided a script called MAKEDEV to make them. On the client, do "cd /dev; sh path_to_MAKEDEV".
 

Be careful ... there is already a script called MAKEDEV in /dev. Name yours something different or look inside it and see what it does and make the devices it makes by hand. You need block devices /dev/nda, /dev/nda1, /dev/nda2, /dev/nda3, etc, with major 43 (or whatever the kernel sets for NBD_MAJOR) and minors 0, 1, 2, 3, etc. "mknod /dev/nda b 43 0; mknod /dev/nda1 b 43 1; ..." should do the trick.

You also need corresponding serial devices /dev/ndaS, /dev/ndaS1, /dev/ndaS2, etc. The provided MAKEDEV should make them automatically (but udev-users may need extra tricks to keep them there permanently).


To abort the test, you can run "make stop" or  "make rescue". I don't guarantee a rescue in all circumstances, but it'll try, and you can elaborate the Makefile to suit your circumstances.

The difficulty is in stopping the self-repairing code! Sending a kill -USR1 to the daemons should shut them down and error out the pending device queue requests. A kill -USR2 will try even harder to shut them down. A kill -TERM should then murder the daemons safely, allowing you to unload the kernel module.
 

Look at the output from /proc/nbdinfo to gauge the state of the device. In particular, you should see the number of active sockets, and the number of active client threads.
 

Device a:       Open
[a] State:      initialized, verify, rw, last error 0
[a] Queued:     +0 curr reqs/+0 real reqs/+10 max reqs
[a] Buffersize: 86016   (sectors=168)
[a] Blocksize:  1024    (log=10)
[a] Size:       2097152
[a] Blocks:     2048
[a] Sockets:    4       (+)     (+)     (*)     (+)
[a] Requested:  2048+0  (602)   (462)   (431)   (553)
[a] Dispatched: 2048    (602)   (462)   (431)   (553)
[a] Errored:    0       (0)     (0)     (0)     (0)
[a] Pending:    0+0     (0)     (0)     (0)     (0)
[a] Kthreads:   0       (0 waiting/0 running/1 max)
[a] Cthreads:   4       (+)     (+)     (+)     (+)
[a] Cpids:      4       (9489)  (9490)  (9491)  (9492)
Device b-p:     Closed


In the above I see four client threads (Cthreads) all currently within the kernel (+). They're probably waiting for work to do. I see four network sockets open and known good (+) with the third of them having been active last (*). The first socket seems to have taken more of the work available than the rest, but the difference is not significant. There are no errors reported and no requests waiting in internal queues. If you send in a bug report, make sure to include the output from /proc/nbdinfo.
 

GOTCHA!

Some people run into trouble just when they've got a bit of confidence and try setting things up for themselves. They run successfully and then stop the server and the client for a while and then try again. They can't reconnect! What's going on?

The server generates a signature that is implanted into the clients nbd device at first contact. Any attempt to afterwards connect to a server with a different signature will be rejected. It's an anti-spoofing device. The client doesn't really know the signature either - it's buried in the kernel and the client can only ask if it's been given the right signature or not.

Some find out that they can remove the kernel module and then start again successfully. Of course! That wipes the embedded signature. But it's not the solution. The right thing to do is to


1. generate the same signature in the server every time you start it, using its "-i foobar" option.
2. if you restart the server without restarting the client, signal the client with SIGPWR ("kill -PWR 19645 " or whatever the pid is).
   

Most people are caught by GOTCHA! #1, but some people hit #2, which is why I mention it here.

The signal with SIGPWR is normally taken care of by the assistant daemons, nbd-sstatd and nbd-cstatd, but ten to one they haven't been installed yet. I'll explain briefly ... the handshake sequence is longer for a first contact than for a reconnect, and without the SIGPWR the clients will try the short sequence instead of the long.

HOWTO-2

I'll lay out in a bit more detail what the "make test" does for you so that you can duplicate it for yourself. The first set of instructions are for a enbd-2.2.* code, and you'll find instructions for the enbd-2.4.* codes immediately after them. Please watch out for command line differences:
 
1. choose a resource (file or partition) on the serving machine and choose some ports on which to serve it out to the client. Then start the server:

    enbd-server 1100 1101 1102 1103 /dev/sda1


2. on the client, load the enbd module (make sure to get the right one, using absolute path names if in doubt)

    insmod enbd.o


3. on the client machine, start the client:

    enbd-client your.server 1100 1101 1102 1103 /dev/nda

That was for an enbd-2.2.*. For an enbd-2.4.*, the sequence is as follows:
 
1. choose a resource (file or partition) on the serving machine and a single control port. Then start the server. Here the resource is /dev/sda1:

    enbd-server 1099 /dev/sda1


2. on the client, load the enbd module (make sure to get the right one, using absolute path names if in doubt)
    
       insmod enbd.ko
       insmod enbd_ioctl.ko
   
   
3. on the client machine, start the client. Note that you give the server control port plus the number of channels you want it to set up. It'll find and set up on its own different ports for the data channels:

    enbd-client your.server:1099 -n 4 /dev/nda.
 

In addition, for enbd-2.4.35a and above, you can alternatively:
 

1. edit /etc/enbd.conf to contain the lines:
   
       server test 1099 /dev/sda1
       client test /dev/nda your.server 1099 -n 4
   
   on server and client machine respectively.


2. on the client, load the enbd module with insmod:
   
       % insmod enbd.ko
       % insmod enbd_ioctl.ko
   
   
3. Then run enbd-server and enbd-client without arguments on the respective machines.

 

What about resources > 2GB?

It's really up to the server, and thus a userspace question. Look: if the server system can use lseek() to move across more than 2GB, then the NBD network protocol will support it, because it passes 64 bit offsets. And on the clientside, the daemon certainly interacts with the kernel using 64bit offsets too (whether you can access >2GB files on the client is again a userspace question).

If you don't have a native 64 bit server system, from what I can find out from the current confused state of affairs in the linux world ... under glibc2 and kernels 2.2.* and 2.4.* you need to compile the nbd-server code with _LARGEFILE64_SOURCE defined. It's all set up for you from nbd-2.2.26 and nbd-2.4.5 on.

If you do not have Large File Support on your system, the ENBD still supports resource aggregation, via either linear or striping RAID, to any size, unlimited by the 2GB file size maximum, provided only that the individual components of the aggregate resource are below 2GB in size. Check out the command line arguments for the server. Just listing multiple resources on the command line is enough to cause some form of aggregation to occur!


Setting up for failover

... or how to make ENBD work with heartbeat, the well known failover infrastructure. Matthew Sackman has written a very good HOWTO on this subject. You'll find his document here . I've added the scripts necessary to the distribution archive (enbd-2.4.30 on) under the nbd/etc/ha.d directory. Flash: Steve Purkis has adapted the scripts for RedHat-based platforms, and I've included his scripts in the latest archives (enbd-2.4.32 on) in the nbd/etc-RH/ha.d directory.


Sorry about the links. I hate non-inline documentation myself. In compensation, I'll describe something of what one is trying to achieve with failover; heartbeat is only a means to an end and in many instances a simple little shell script will be just as good or better and this description may help you construct it!


The idea is that server and client are both capable of using a single "floating IP address". This floating IP is normally held by the client, but it moves to the server when the client dies, and it moves back again when the client comes back up and has been brought up to date again. The floating IP is normally that announced in DNS for some vital service such as samba or http.


Heartbeat is simply a general mechanism for detecting when the client or server has failed, and for running the appropriate scripts in response.


Overview: the client will normally be running a raid1 (mirror) composed of the NBD device and a local resource. When the client dies, the floating IP is handed off to the server, which then starts serving from the physical resource of which the NBD device is/was a virtual image. When the client comes back up, its local mirror component has to be resynced from the NBD device component, but the client can take the IP immediately, as the mirror resyncs in the background while it continues working.


Abstraction: There are 4 possible states in which the pair of machines can be: (1) server alive, client alive, (2) server alive, client dead, (3) server dead, client alive, (4) server dead, client dead. Of these, (1) is "normal" and (4) is impossible, for our purposes - failover would have failed. The transitions (1)-(2), (2)-(1) and (1)-(3), (3)-(1) are what we are interested in. Heartbeat initiates actions on the surviving machine or machines after each transition.


More detail: Let's look at the (1)-(2) transition. The server is the survivor. It will run its 'endbd-client start' script because it now has to take up the role of the client. If the client got the chance before dying, it would also have run its 'enbd-client stop' script. Leave aside what these scripts do for the moment and just focus on the naming convention. In the (2)-(1) transition, when the client comes back up, it runs its 'enbd-client start' script, and the server runs its 'enbd-client stop' script.


Similarly, in the (1)-(3) transition, where the client is the survivor, it must take up the role of the server and so it runs 'enbd-server start'. The server, if it got the chance before dying, runs 'enbd-server stop'. On the reverse transition, (3)-(1), the client runs 'enbd-server stop' and the server runs 'enbd-server start'.


What do these scripts do?


Look at (1)-(2) again, where the client dies and the server survives and takes the clients role. The server has to kill its enbd server daemon, fsck the raw partition if it wasn't journaled, and then mount it in the place where its apache and samba services expect to find it. So that's what 'enbd-client start' does for it.


The matter of taking the IP is normally handled by heartbeat, but one can do it manually with a simple ifconfig eth0:0 foobar command in the script. The same goes for starting and stopping the apache and samba services - i.e. that's handled by heartbeat too.


If the client got a chance to run its 'enbd-client stop' script before dying, it would have unmounted the raid mirror, then stopped the mirror and stopped the enbd client daemon that it was running. So that's what 'enbd-client stop' does do.


The (2)-(1) transition is the one that restarts the client in the client role. Usually the server will live to see this transition through, and its 'enbd-client stop' script will unmount the raw partition, start the enbd-server daemon on it, and that's all. The client's 'enbd-client start' script, on the other hand, has to carefully start the enbd-daemon, wait for the NBD device to come up, then start the mirror with the NBD device as primary component. Oh yes, it'll also steal the floating IP address - well, that's normally handled by heartbeat itself.


The (1)-(3) transition should be thought about in the same way, but it's linked to an easier set of scripts than (1)-(2), since the apache and samba services don't need to be relocated - they stay on the client.


The client is the survivor. It takes the role of the server with 'enbd-server start', so this script should kill its enbd-client daemon (the mirror component was dead anyway). It does not need to do anything else since the mirror itself has survived. It could take the NBD component out of the mirror with raidhotremove, but it does not need to. If the server got to run 'enbd-server stop' before dying, it should have killed its enbd-server daemon and that's all.


The reverse transition (3)-(1) is harder. This is where the server has to be reintegrated. It runs 'enbd-server start', which starts up its enbd-server daemon. The client does the reintegration work - it runs 'enbd-server stop', which starts the enbd-client demon, waits for the NBD device to come up, then integrates it into the mirror as a secondary, using raidhotadd.


The scripts are in the HOWTO, and in the distribution archive. Phew!


Intelligent mirroring


(The FR technology is nowadays to be found in the mainline kernel RAID, since about kernel 2.6.13, so you no longer need the separate FR1 module to get intelligent RAID -- see below instead).


In ENBD 2.4.31, you can run under fr1  instead of plain kernel raid1, and get a "fully integrated" networked RAID1 solution. Get the fr1 patch, apply it to your kernel source, choose fr1 as a raid module in the kernel config (make menuconfig, etc.), and recompile (make modules) for the module. Load the new md.o module, and the fr1.o module on top of it. It's a replacement for raid1.o. It is fully backward compatible with old kernel RAID1.

The intelligence in fr1 is in what happens when one of the enbd servers fails, and what happens afterwards. In ordinary RAID1 mirroring, a failed disk is usually replaced by the operator after a short delay, and then the RAID controller takes it upon itself to resync the new disk from the surviving good disk in the background, while the RAID device pretends to the operating system that all systems are go, as normal. Unfortunately, in the networked scenario


1. temporary network failures are much more common than real disk blow-ups, so we probably only need to catch up with a bit of the data when the network comes back, not write the whole disk from scratch!
2. the reason you are working over the network is probably to aggregate a large number of disks, with a total size in the terrabytes or petabytes (if you can get there, 16TB is currently the aggregated limit on 32bit systems on linux), so resyncing all of a disk is something you definitely do not want to do.
3. unless you are using Gigabit ethernet, or some other very fast medium, the transport is probably slower than the disks, so you want to avoid network transfers when possible.

The reengineered mirroring in fr1 notices exactly what block writes are missing on the missing server, and when it comes back into contact, updates only those blocks.

That's a great speed up and time saver. It can reduce the time period in which the servers don't have redundancy from a matter of hours to a matter of seconds. And the resync is automatic when contact with an enbd server is reestablished. It doesn't require human intervention, because the enbd client issues the hotadd instruction.

To set it up, run an enbd device as one component of a fr1 ("raid1") mirror. That's it (so sue me, MacDonalds).

There is now an fr5 driver too, but even without it you can get at least the automatic resync on reconnect by patching the kernel for fr1 and then using the patched md.o module under ordinary kernel raid5.

From the horse's mouth

Nowadays (kernel 2.6.13 onwards), FR bitmap technology is to be found in the mainline kernel itself. The bitmap is implemented as an on-disk so-called intent log. That name only really refers to the fact that the on-disk bitmap is always a little pessimistic, because it is cleared more slowly than it is marked dirty, in order to avoid too much disk i/o. To put the kernel RAID bitmap in memory only, you will have to specify a bitmap on a ramdisk or tmpfs with mdadm --bitmap=, otherwise you get it on disk.

With the bitmap, one has most of the FR technology. What is missing is a facility to allow enbd to proactively warn the RAID driver when the network has died, and proactively tell it when the network returns and reinsert itself in the RAID array.

So, you should run mdadm --monitor --program= using a program (shell script, most likely) that acts on the Fail event sent it as argument. When Fail of an enbd device in the array happens, the program should run mdadm --remove for the enbd device and start polling the net and the enbd device itself to see when the network returns and the device is working again (the validated and enabled flags will be set in /proc/sys and/or be visible in the /proc/nbdinfo device status line), and then run mdadm --re-add for the enbd device.

If that description's not clear, I'll put up a script. Watch this space.

Bugs

What's that? Oh yes, there are bugs.
• Renegotiation on reconnect can probably still lock up under some circumstances. I just beat on that in 2.2.23. The networking is all in userspace, so volunteers should be able to make headway if they find a new deadlock. The problem is "networking is complicated when it breaks". There are lots of possible error conditions, and the trick is to get out of all of them and back to square one safely. If by any chance the recovery protocol does get stuck, you can always kill both the server and client slave daemons, however. They'll be restarted from fresh by their guardian daemons, and will connect up again just fine. I believe that it is possible for the userspace daemons to wait forever in a send or recv library call, since I can't set a timeout for the sockets on linux, at least not under older kernels. Please someone add a timeout.

In 2.4.12, renogiation after net breakage is very, very, very smooth and reliable. nbd 2.4.X codes work fine under 2.2 kernels. so you should probably be using them!
• I've disabled request-aggregation in the kernel driver for 2.2. The 2.2 kernels are doing something fundamentally different here, and I don't know what. Until I figure it out, make sure the tests are done with merge_requests=0. You get occasional corrupt blocks on read if you try merged kernel requests! It looks like 2.2 kernel block requests may have holes in their buffers. It's definitely in the kernel. Don't Do That Then.

Request aggregation is fixed under the 2.4.0test1 kernel, which does a very nice job of request aggregation on its own as requests enter the device queue. I might have to steal its code for 2.2, but I suspect 2.4.real will be out before anyone begins to care.
• I just fixed a bug in 2.2.23 that may have been more widespread: libc sleep() gets ruined if alarm signals fire. Look out for more uses of sleep() and replace them with the microsleep() code in nbd-client.c if you see any. Tell me too.
• In the 2.4.0test kernels, sending a USR2 signal to nbd-client (or echo -n 1 > /proc/nbdinfo) usually oopses and burns the kernel. This signal forces a "hard reset" of the device. In particular it clears its request queue and its usage count. The latter is very rarely harmless, but you were in a pickle anyway if the usage count was nonzero and there were no processes holding the device open! Try a "soft reset" instead. That's a USR1 signal to nbd-client (or echo -n 0 > /proc/nbdinfo ).
• Curing 64bit buglets led me to find that over-range block requests from the kernel used to cause a hang. Cured in 2.2.27 and 2.4.6 (might surreptitiously port this fix into earlier versions). I never expected such requests.
• Outstanding bug - the 2.4.0t1 kernel burns and dies under pressure from the nbd device (tested nbd-2.4.2) after about 10MB of transfers. The same code compiled and running under the 2.2.15 kernel supports gigabytes of transfers without harm. So it's the kernel or my misunderstanding of newer kernel changes. Is this a throttling issue? It seems to have gone away completely in nbd-2.4.25 and kernels 2.4.[0-5]. This probably has been well and truly fixed during development.
• The error paths from/to the device are not clearly defined. There is no way of erroring out a request under some circumstances. Need a stronger NAK (put in in 2.4.9, which cleaned up some error paths).
• Fixed a bug in 2.4.13 in which the server would get 0 bytes from a network read and loop. Thanks to Daniel Shane for spotting it.
• In kernels above the great VM ripout (2.4.10 plus), VM issues seem to make deadlock a possibility. One needs to alter /proc/sys/vm/bdflush to put the two limit numbers which are usually 40,60 something more like 25,95. The second number is the percentage of buffers dirtied at which the VM goes into synchronous mode. We don't want that to happen at all! 90% should be a safe number, and I wouldn't mind 99%. The lower number is the percentage of buffers dirtied at which the kernel starts flushing them to devices. We want that to be as low as possible, though some slack can be left to help with the feel. I think 25% is appropriate. In 2.4.27 I made the client daemon shift the numbers to reasonable ones by force.
• When I reviewed the 2.4.31 remote ioctl code for the 2.4.32 fork, I noticed a possible memory leak in 2.4.31 remote ioctls, and fixed it in 2.4.32. I am confident neither of the fix nor if there was a problem in the first place. Please watch out.
• There is a longstanding design problem when a write request is timed out and resubmitted. Subsequent writes to the same place should wait till the resubmit has finished, or else preempt the original if there are no reads waiting on it too. At the moment only the generic write ordering control enforces that and it is lossy - under sufficient stress it is abandoned temporarily. Yet making the write ordering enforcement absolutely strict would ruin the speed since network stalls are quite common. So we can sometimes deliver writes to the same spot in the wrong order. It's even worse if the first write is timed out and resubmitted because the timeout in itself authorises write-disordering to the device wrt it. We should keep timed out writes in the database until their final exit status is known, so that a subsequent write can at least choose to stall itself or preempt the first write. If the first write is preempted, we should discard it when it eventually shows up, which means we must keep the second write in the database too. This is all very complicated.
• RedHat apparently broke GFP_ATOMIC in their standard 2.6.9 kernel, resulting in 90s of fruitless trying to get a request structure for a remote probe ioctl at startup (OK thereafter). Thanks to Paul Allen for diagnosis. In 2.4.34 and 2.4.35 I've started to use GFP_WAIT instead after every 15 failures. It should work in practice. If GFP_NOWAIT is defined (later kernel) I use that instead. My intention was only to be able to use a timeout to get memory, something that GFP_WAIT does not allow in principle, but if 15 goes at getting memory with GFP_ATOMIC don't work, neither will 15000, so what's the point of keeping trying it ...
• The SCTP support in 2.4.37 is still very much a hack since I don't know much about SCTP and in particular there's a bodged 3s delay before connect in the client to allow the server to start listening for SCTP connects before the client starts to connect. Who knows if 3s is meaningful or even right?
• There something wrong with the sysfs take-down on module removal in kernels 2.6.29 and above. It eventually messes up the /proc/sys/devices/enbd directory structure after repeated module insert and remove so that a ls segfaults.

To Do

• Make the choice of ports by the daemons more unix-like. Just one initial communication channel please, followed by splitting off private channels on randomly chosen ports (done in 2.4.4).
• Fix request aggregation for 2.2 kernels (looks difficult)
• Port forward to 2.4 kernels (mostly working very well in 2.2.25, 2.4.0, etc., so forget this)
• Add a "close" command to the negotiation protocols so that either side can choose to break off, and can tell the other about it!
• Add performance figures to this page, lifting from the listed paper. (done! 1/6/00)
• Maybe incorporate the mmap trick for sharing bufferspace between kernel and user space without copying. But experiments indicate that that's not where the bottleneck is. Where is it? Why can't I go past about 20% cpu utilization on a 100BT net? (At that point we're flying at between 3 and 5 MB/s - probably no longer relevant).
• Fix the error paths!
• Put in a proper hash map and thus lift the 2GB limitation on clientside caching. (done in 2.4.14)
• Write FR5 (done ages ago).
  
• Allow multiple separate requests to be loaded into a single network packet (done about 2.4.35 or so).
• Write iSCSI interface.
• Make a UDP transport module. (done 2.4.37)

Latest News

• Just added clientside cacheing to nbd-2.4.4. This turns a readonly export into a readwrite one. It also permits a single ro resource to be shared among several clients. each of which caches local changes. See the -journal option in the man page.
  
• Also in 2.4.4, true unix client/server model over a single port, at last.
  
• In 2.4.9, multiple client daemons can connect to the same server, allowing the same resource to be exported many times. If you use the clientside caching too, you get a modifiable local copy suitable as a network root FS (only works up to 2GB at present).
  
• In 2.4.27, remote IOCTLs are supported. You will have to edit the ioctl.c (and its kernel twin, the nbd_ioctl.c file) to add the ioctls you need. See the comments there.
  
• In 2.4.30, we now have support for partitions on the NBD devices, and recent breakage for 2.2 kernels is finally mended (kernel 2.2.20 checked).
  
• 2.4.31 supports the fr1  ("fast raid1") kernel patch. The support has also been backported into 2.4.30 as a special secret easter egg that will not be noticed by anybody (shhh!), as I thought it was only fair as 2.4.31 has taken so long to come out, thanks to my experiments in it.
  
• Jan 2004 and 2.4.32 is now the development version, and 2.4.31 is stable, me having finally removed all experiments and received no important bug reports for a long while. I forked 2.4.32 because people kept complaining that the removable device support made floppies go click every second - yes, the server probed them. So in 2.4.32 I stopped the server probing and instead passed open, close and mount events across over the remote ioctl interface (which presumably now becomes essential for a healthy life), and got only them to trigger probes. That matches the way the kernel probes a local floppy device. It was rather a big change, hence the fork.
  
• Jul 2007 - I've had to do some quick hacking to make things work with kernel 2.6.19 and 2.6.20, as the block susbsystem has changed radically. The result is enbd 2.4.34pre, and I'll continue to check out what changes are needed and work on it. The hack passes my tests, but the kernel changes are so extensive that I must have missed something, I'm sure. Meanwhile, enbd 2.4.33 passes to being the stable version (good probably up to linux kernel 2.6.18.x, though I only tested it up to the 2.6.15.3 that I normally run on my test machine).
  
• Dec 2007 - I'm making 2.4.34 stable and moving development to 2.4.35. 2.4.34 compiles and runs well under ARM and ia64, and I really am not able to swear for 2.4.33 any longer in that respect since the kernel changes so much and so often.

  I started 2.4.35 by splitting off the sysfs code into a separate source file. Before I forked, however, 2.4.34 had had some updates go into the /proc/sys/devices/enbd display area so that the IP number of individual connections can be seen in there. That makes scripting for failover easier to make generic, since one can pick up the address to ping for connectivity from there. More state info is also shown than before I made the change - there are subdirectories dedicated to the individual slots, for example.

  In 2.4.35 there is also a relatively minor change to the enbd-test facility. But it makes it exceedingly useful for a replacement for bonnie. Use -t 5 (the seek, write, read test). And specifiy the amount of i/o in the test with -S. You may want to specify about 50% of the resource size there. -S 50% will be understod. It's the amount to pepper with patterned data at random locations. It gets read back and checked later, and the speed both ways is printed at the end. Don't try for 100%! The test generation algorithm discards double-hits as they turn up. You can wait forever for 100% coverage to be achieved randomly like that. The change was to use a binary tree algorithm to store the patterns written, so the checking process is almost costless now, computationally (Order n log n, total). Otherwise it would grind to a halt for any significant amount of data.

• Jan 2008 - finally succeeded in making 2.4.35 do multiple requests at a time in one daemon. I gave up on pthreads as an infrastructure and did the scheduling myself in a single process thread. You need to set /proc/sys/dev/enbd/devices/a/multireq to greater than zero, and that's how many extra requests at a time over `one' will be taken from the kernel. That way a single daemon with go W W W R R R instead of W R W R W R. It should be much faster.
• Found that on my debian a udevd update blocked enbd. Udevd now launches scsi_id and vol_id against every block device as they register in their init. That launched an attempt to check the partition table .. all before init had complted. Somehow it blocked on open. I made the block device error on open before the dameon has registered. The daemon opens the serial device now, never the block device. I should try and make the daemons create such an inode in /dev if they don't have one. (solved by using the serial device interface for initializations).
• Feb 2008 - made enbd 2.4.35 try and choose the deadline scheduler. Should be simpler and better for it.
  
• Mar 2008 - cured a potential/real bug on SMP. I had protected the code against double-free of finished requests but had never found out why it was necessary for me to do so. It turns out that since somewhen in the 2.6.x kernel series requests sent to the standard kernel end_that_request_last function for processing get freed by default inside it. And I try to free them afterwards.  On a UP machine nothing went wrong since a double free did nothing (by accident, presumably). On an SMP machine nothing went wrong also, but it was certainly possible that a request had been reallocated by the time I got to try and free it a second time, and that was what was detected and stopped from happening by my code and that accounted for nothing going wrong. I got worried enough about it all to figure out what was happening. I'm not sure that anything would ever have gone wrong, but now it won't, since the problem is identified and fixed. Now I don't ever attempt to free the request myself - I leave it to the kernel (trouble will ensue when the kernel series changes its default ..). Let's hope that is OK for ioctl-bearing requests also, since they're rather artificial beasts quite different from the ordinary i/o requests, and their code path is wildly unrelated.
  
• Mar 2008 - cured an occasional buffer overrun in read_proc of the /proc/nbdinfo file that could cause ugly output with a bug report from libc embedded in it!
  
• Mar 2008 - released 2.4.35. Started 2.4.36. 2.4.36 has a multireq flag instead of a counter. The idea is that the merge_requests count is a total maximum and when it is not fulfilled by the kernel and the multireq flag is set then the difference will be made up by multireq in user space. I might port that flag/counter change back to 2.4.35 if it proves the way to go, as I suspect.

  Other minor differences are in the way tcp level packets are merged, via the MSG_MORE flag on the socket instead of the linux specific TCP_CORK. Internally the work task queue support for multireq has been factored into a separate source file.

• Apr 2008 - make multireq back into an integer and let it be greater than one to act as a multiplier of the merge requests limit in user space. Bigger network packets!

  In 2.4.36 it is now possible to use SCTP as a transport as well as TCP (or SSL). Use sctp://server:port as the address in the client command line. Improvements will follow (the library seems to use 64bit packets by default so it's deadly slow at the moment). You need libsctp1 and libsctp-dev (debian packages).

• May 2008 - managed to lower copying load by mmapping the driver's request buffers into user space where they serve as the buffer for socket read/writes. That speeds up the client noticably (30%) in conditions where the cpu is limiting. It explicitly avoids a couple of copy_to/from_user calls in the kernel for the request data. Mmap is unfortunately not so fast on ARM, however, where the cpu really needs the help. On ia32 it's undoubtely a big win, though; a 500MHz intel 32 bit machine can max out a 100BT network bandwidth with enbd.

  The server also clearly benefits from networking from mmapped buffers, so I made at least networked writes from mmapped buffers the default on the server - the -M option now just adds networked reads to the mmapped resource into the mix. Network sends from an mmapped file buffer should be zero-copy, like sendfile is, and indeed it seems to measure out as such in practice. Network reads to an mmapped file buffer don't seem to win anything extra, however.

  For these and other improvements I made what backports I could and issued a 2.4.35a, as 2.4.36 continues to be the development vehicle yet it would be a shame to deny the improvements to users of the stable 2.4.35.

• May 2008 - got server acks to avoid client data sends on the wire in 2.4.36, when multireq is on, by equipping specially the server for multireq too.
• Jun 2008. Fixed a bug in the above-mentioned mmap-based changes. Kernel requests don't necessarily have a linear internal layout of bio components (if they are multi-bio in size), and I didn't take account of it properly. It shows up because of the equation of the memory map addressing with the block device addressing done in the mmap technique, and only if merge_requests is set, and the first time the device is addressed only (to provoke it, write the device with enbd-test -t 1 through the kernel buffer system, then read the device directly without using the kernel memory cache via enbd-test -t 2 -n). I backported the fix to 2.4.35a (from 2.4.36).
• Dec 2009. Brought up to date with kernels 2.6.28 to 2.6.32 with enbd 2.4.37. Added UDP support as well as SCTP. Need to see if I can eventually manage SSL over SCTP.

Mailing List

Tummy.com have kindly set up a mailing list for nbd. Send mail containing the word "help" or "subscribe enbd" to enbd-request@lists.community.tummy.com . You will find complete instructions on their web page for the list. The list itself is at enbd@lists.community.tummy.com .
 

Downloads

As well as the main site at ftp://nbd.it.uc3m.es/pub/Programs/ , tummy.com have set up a mirror at ftp://mirrors.tummy.com/pub/mirrors/linux-ha/enbd/ .

Contacts

Contact me - not least to encourage me to start a mailing list (yay! done, thanks to SuSE and tummy.com) and improve this page. The change list in the driver source is really impressive.
 

Peter T. Breuer ptb@inv.it.uc3m.es