## 基于SPDK的CurveBS PFS存储引擎 ## Why ·为了减少使用cpu做内存copy，减少系统调用 发挥某些被操作系统屏蔽的功能，例如nvme write zero ·根据阿里《When Cloud Storage Meets RDMA》的说法 ·在100Gbps网络带宽时，内存带宽成为瓶颈 Intel Memory Latency Checker (MLC)测试得到的CPU内存带宽是61Gbps zero ## 为什么用PFS ·对代码比较熟悉 找一个能管理裸盘，具有产品级可靠性的代码挺难的 ·PFS支持类POSIX文件的接口，与使用EXT4的存储引擎代码很像，所以容易移植现有代码到PFS存储引擎 CurveBS对文件系统元数据的操作非常少，对文件系统的要求不高，所以不需要元数据高性能，这方面PFS也合适 ## 对PFS的修改 ## 基于阿里开源的PFS ·不再基于daemon模式，而是直接使用pfs ·不再基于daemon模式，而是直接使用pfs core api ·依然向外提供管理工具，例如 pfs ls、cp、rm等 ·增加spdk驱动 ## 新增PFS接口 ·增加pfs_pwritev和pfs_preadv接口 • size_t pfs_preadv(int fd, const struct iovec *iov, int iovcnt, off_t offset); .ssize_t pfs_pwritev(int

下图所示。 int pfs_mount(const char *volname, int host_id) int pfs_umount(const char *volname) int pfs_mount_growfs(const char *volname) int pfs_creat(const char *volpath, mode_t mode) int pfs_open(const char mode) int pfs_close(int fd) size_t pfs_read(int fd, void *buf, size_t len) size_t pfs_write(int fd, const void *buf, size_t len) off_t pfs_lseek(int fd, off_t offset, int whence) size_t pfs_pread(int off_t offset) size_t pfs_write(int fd, const void *buf, size_t len, off_t offset) int pfs_stat(const char *volpath, struct stat *buf) int pfs_fstat(int fd, struct stat *buf) int pfs_posix_fallocate(int

Linux专有块设备协议 • iSCSI • 广泛支持的外部设备协议（块，磁带等） ## Curve云原生存储支持块设备 • 通过NBD，只支持Linux - 通过SDK API，目前只支持Linux - PFS · 扩大使用范围 - 通过iSCSI支持更多系统，例如Windows, 类UNIX系统等，使用两项基础技术 • TCP/IP • SCSI • 替代SAN - 可靠性、稳定性方面有自己

Sweeney Faculty of Informatics University of Lugano Lugano, CH IBM Research Hawthorne, NY, USA pfs@us.ibm.com {mytkowit,diwan}@colorado_du Link Order Changes function addresses ## Environment Variable

ciphersuites: 599 • Testing cipher strings and allowing only PFS ciphersuites • Switching from AES128 to AES256 Testing cipher strings and allowing only PFS ciphersuites To see which ciphersuites have been selected allowing only a few ciphersuites, e.g. only ciphersuites with PFS (Perfect Forward Secrecy). Let’s try to allow only ciphersuites with PFS using TLSCipher* parameters. Attention: The result will not be TLSCipherAll and TLSCipherAll13 you need to experiment with the agent, proxy or server. So, to allow only PFS ciphersuites you may need to add up to three parameters TLSCipherCert=EECDH+aRSA+AES128 TLSCipherPSK=kECDHEPSK+AES128

ciphersuites: 778 • Testing cipher strings and allowing only PFS ciphersuites • Switching from AES128 to AES256 Testing cipher strings and allowing only PFS ciphersuites To see which ciphersuites have been selected allowing only a few ciphersuites, e.g. only ciphersuites with PFS (Perfect Forward Secrecy). Let’s try to allow only ciphersuites with PFS using TLSCipher* parameters. Attention: The result will not be TLSCipherAll and TLSCipherAll13 you need to experiment with the agent, proxy or server. So, to allow only PFS ciphersuites you may need to add up to three parameters TLSCipherCert=EECDH+aRSA+AES128 TLSCipherPSK=kECDHEPSK+AES128

ciphersuites: • Testing cipher strings and allowing only PFS ciphersuites • Switching from AES128 to AES256 Testing cipher strings and allowing only PFS ciphersuites To see which ciphersuites have been selected allowing only a few ciphersuites, e.g. only ciphersuites with PFS (Perfect Forward Secrecy). Let's try to allow only ciphersuites with PFS using TLSCipher* parameters. ## Attention: The result will TLSCipherAll and TLSCipherAll13 you need to experiment with the agent, proxy or server. So, to allow only PFS ciphersuites you may need to add up to three parameters to zabbix_agentd.conf, zabbix_proxy.conf and

ciphersuites: • Testing cipher strings and allowing only PFS ciphersuites • Switching from AES128 to AES256 Testing cipher strings and allowing only PFS ciphersuites To see which ciphersuites have been selected allowing only a few ciphersuites, e.g. only ciphersuites with PFS (Perfect Forward Secrecy). Let’s try to allow only ciphersuites with PFS using TLSCipher* parameters. Attention: The result will not be TLSCipherAll and TLSCipherAll13 you need to experiment with the agent, proxy or server. So, to allow only PFS ciphersuites you may need to add up to three parameters TLSCipherCert=EECDH+aRSA+AES128 TLSCipherPSK=kECDHEPSK+AES128

ciphersuites: • Testing cipher strings and allowing only PFS ciphersuites • Switching from AES128 to AES256 Testing cipher strings and allowing only PFS ciphersuites To see which ciphersuites have been selected allowing only a few ciphersuites, e.g. only ciphersuites with PFS (Perfect Forward Secrecy). Let's try to allow only ciphersuites with PFS using TLSCipher* parameters. ## Attention: The result will TLSCipherAll and TLSCipherAll13 you need to experiment with the agent, proxy or server. So, to allow only PFS ciphersuites you may need to add up to three parameters to zabbix_agentd.conf, zabbix_proxy.conf and

ciphersuites: • Testing cipher strings and allowing only PFS ciphersuites • Switching from AES128 to AES256 Testing cipher strings and allowing only PFS ciphersuites To see which ciphersuites have been selected allowing only a few ciphersuites, e.g. only ciphersuites with PFS (Perfect Forward Secrecy). Let's try to allow only ciphersuites with PFS using TLSCipher* parameters. The result will not be interoperable TLSCipherAll and TLSCipherAll13 you need to experiment with the agent, proxy or server. So, to allow only PFS ciphersuites you may need to add up to three parameters TLSCipherCert=EECDH+aRSA+AES128 TLSCiph