NFSv4.1 has built-in trunking support that allows a client to determine
whether two connections to two different IP addresses are actually to
the same server. NFSv4.0 does not, but RFC 7931 attempts to provide
clients a means to do this by suggesting that they perform SETCLIENTIDs
to the two servers and comparing the clientids and verifiers.
Linux clients since
05f4c350ee02 "NFS: Discover NFSv4 server trunking
when mounting" implement this suggestion. It is possible that other
clients do to.
knfsd generates the 64-bit clientid by concatenating the 32-bit boot
time (in seconds) and a counter. This makes collisions between
clientids generated by the same server extremely unlikely. But
collisions are very likely between clientids generated by servers that
boot at the same time, and it's quite common for multiple servers to
boot at the same time. The verifier is generated in the same way, so
has the same problem.
Therefore recent NFSv4.0 clients may decide two different servers are
really the same, and mount a filesystem from the wrong server.
The fault is really with RFC 7931, and needs a client fix, but it's not
clear what that fix will be. In the meantime, mitigate the chance of
these collisions by randomizing the starting value of the counters used
to generate clientids and verifiers.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>