Understanding the NFS health check on DataPower

Body

This publication assumes the use of a currently supported DataPower firmware version at the time of posting.

Background

DataPower offers the ability to configure both Static and Dynamic NFS mounts. For the purpose of this discussion, we will be assuming the use of the NFS Static Mount, as this is the most common and more widely seen in the field. An NFS Static Mount on DataPower mounts a directory from a remote file system to DataPower's to allow access for reading and writing files to the remote server. This not only can be used for transaction processing, but also logging and B2B applications.

The Health Check

In order to keep the NFS Static Mounts ready and monitor its connectivity to the remote servers, DataPower will perform health checks on all configured NFS Static Mounts. The frequency of the health check is defined in the default domain via the NFS Client Settings object. This object contains a Mount Refresh Time setting, which is a time value in the unit of seconds. The default value is 10 seconds.

As NFS is a network protocol, much of the debugging and troubleshooting is done at the network layer. Let's take a look at what the health check looks like:

In the above screen image, the following is happening (per packet):

1. DataPower (192.168.0.2) initiates a TCP connection with the NFS server (192.168.47.167)
2. The NFS server acknowledges DataPower TCP connection request
3. DataPower acknowledges the NFS server's response, and the TCP connection is established
4. DataPower sends a MOUNT V3 NULL Call to the NFS server
5. The NFS server acknowledges the receipt of the NULL Call
6. The NFS server responds with a MOUNT V3 NULL Reply
7. DataPower acknowledges the receipt of the NULL Reply
8. DataPower sends a TCP RST, immediately closing the TCP connection

The eight steps seen above make up a successful health check for an NFS Static Mount. One thing to note here is that the NULL Call is essentially a check against the RPC service on the remote server. Because the MOUNT calls do not reference a particular directory, the NFS health check does not actually validate the availability of the mounted directory itself, only the service used to access the directory. This ensures connectivity with the NFS server is good, and the RPC service is responding to requests.

Considerations

An important aspect of setting up NFS connectivity on DataPower is setting the Mount Refresh Time in the NFS Client Settings object. This defines the amount of time where a lack of response from an NFS server will cause DataPower to mark the server (and thus the NFS mount) down. A caveat to this behavior is that the health check interval will be approximately one fourth of the Mount Refresh Time.

Another behavior to keep in mind is that DataPower will health check each NFS Static Mount, even if they all point to the same remote server. You should be mindful of this when creating NFS Static Mounts on DataPower, and know that for each new mount you create, you're adding another health check to the rotation.

As with most health checks, the higher the frequency the quicker any outages or connectivity issues can be detected. However, you must balance the frequency of health checks with the induced load on the NFS server, and the network itself.

Best Practices

• Because the health check interval is approximately one fourth of the Mount Refresh Time, this setting should not be set lower than 5 seconds if the target NFS server cannot respond to the health check in under 1 second. Setting the refresh time to lower than 5 seconds can cause the NFS Static Mount to go up and down even though connectivity with the NFS server is fine. Leaving the time at the default setting of 10 seconds, or increasing it to a higher value is recommended to alleviate load on the NFS server and network. The more NFS Static Mounts that exist on the DataPower appliance, the higher the refresh interval may need to be raised as more health checks will be made per cycle.
• A single NFS Static Mount should be created per remote NFS server. You should not create a new NFS Static Mount for each directory you wish to access on the same remote server, as this will generate redundant health checks causing extra load on the server and network. Instead, set the NFS Static Mount's remote directory to a top level directory, and let your stylesheets/configuration/etc. on DataPower reference and navigate to the desired directories where needed.