smb3 protocol update
play

SMB3 Protocol Update Tom Talpey Microsoft Corporation 1 Outline - PowerPoint PPT Presentation

Oct 13, 2023 •600 likes •977 views

SMB3 Protocol Update Tom Talpey Microsoft Corporation 1 Outline SMB3 Protocol changes SMB3 Protocol futures Possible Microsoft/Samba collaborations sambaXP 2019 Gttingen 2 SMB3 Protocol Changes sambaXP 2019 Gttingen 3

  1. SMB3 Protocol Update Tom Talpey Microsoft Corporation 1

  2. Outline • SMB3 Protocol changes • SMB3 Protocol futures • Possible Microsoft/Samba collaborations sambaXP 2019 Göttingen 2

  3. SMB3 Protocol Changes sambaXP 2019 Göttingen 3

  4. MS-SMB2 • Windows and Windows Server “19H1” release • A.k.a. Windows 10 version 1903 • May 22, 2019 • Updated doc March 13 • Corrections/updates April 30 • https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms- smb2/5606ad47-5ee0-437a-817e-70c366052962 • Also covering 18H2/Server2019 today • Since it’s a year since we met here! • Largely maintenance – no protocol changes sambaXP 2019 Göttingen 4

  5. SMB3 Changes • New SMB3 features (negotiate contexts) • Compression • Server netname • No dialect change • No dialect bump foreseen • Since SMB2/3 now has forward-compatible contexts in • Negotiate • Tree Connect sambaXP 2019 Göttingen 5

  6. Compression • New negotiate context SMB2_COMPRESSION_CAPABILITIES • MS-SMB2 section 2.2.3.1.3 (request) and 2.2.4.1.3 (response) • ID 0x000 3 • New SMB2_COMPRESSION_TRANSFORM_HEADER • New transform specifically for compression • MS-SMB2 section 2.2.42 • Also SMB2_READFLAG_REQUEST_COMPRESSED • New flag in SMB2_READ request • MS-SMB2 section 2.2.19 sambaXP 2019 Göttingen 6

  7. Negotiable SMB Traffic Compression • Client optionally negotiates compression by appending negotiation context (ID = 0x0003) Algorithm Algorithm Id 1 Algorithm Id 2 Algorithm Id 3 …… Count 2 Byte 2 Byte 2 Byte 2 Byte • Supporting server selects subset of compression algorithms, if any, and responds with: Selected Selected n …… Algorithm Id 1 Algorithm Id n 2 Byte 2 Byte • Supported compression algorithms defined in MS-XCA: • XPRESS (also known as LZ77) • XPRESS Huffman (LZ77+Huffman) • LZNT1 sambaXP 2019 Göttingen 7

  8. Compression + Signing/Encryption Interop • New, compact transform header for SMB Compression (16B) Protocol ID Original Segment Size Algorithm Reserved Compression Offset • When compression and signing or encryption are needed, transform headers are nested • Compress always first: regular transform header always the outer transform header SMB Compression SMB2 HEADER and SMB Transform Header Transform Header other payload … sambaXP 2019 Göttingen 8

  9. Compression processing • MS-SMB2 section 3.1.4.4 • Choice of compression types by sender, on each operation • As appropriate to type of data, performance, etc • Compress Writes and requesting compress Reads for client • CompressAllRequests override for client • Not over RDMA (for now) sambaXP 2019 Göttingen 9

  10. Decompression processing • MS-SMB2 section 3.2.5.1.10 • Drops connection on fail (size mismatch) • Inevitably drops connection on garbage sambaXP 2019 Göttingen 10

  11. Compression commentary • It’s optional! • Doesn’t compress if payload not smaller • Only compresses “large” “data - bearing” operations • Separate decision on both client and server, on each operation sent • Compress *before* encrypt • Encrypted data compresses badly • Note, some encryptions also compress – implementation consideration • Optional to compress SMB headers • Offset field may point into “middle” of payload • Windows compresses data-only at ~4KB+ sambaXP 2019 Göttingen 11

  12. Compression Performance SMB Compression performance under 100Mbps network with EXPRESS using Intel Xeon W3520 500 400 400 300 168 200 100 100 100 0 Patterned Data Random Data No Compression With Compression sambaXP 2019 Göttingen 12

  13. Compression Performance SMB Compression performance under 200Mbps network with EXPRESS using Intel Xeon W3520 600 544 500 400 300 232 200 200 200 100 0 Patterned Data Random Data No Compression With Compression sambaXP 2019 Göttingen 13

  14. Compression Use Cases • Reads and Write • Not metadata and IOCTL/FSCTL, but possible • Bulk data on long-haul • Specialized local transfers • File copy, migration, etc • Client opt-in • Used only in scenarios which might benefit sambaXP 2019 Göttingen 14

  15. Compression future • Alternative compression algorithms • Hyper-V / VHDX optimized? • RLL type algorithm for all-zero blocks is perhaps appealing • Still a per-operation and per-payload decision • Interaction with encryption, transport, etc • Compression when encryption implements • Cf. not signing when using authenticated encryption • Compression over RDMA may have different goals • RDMA transport changes the benefit equation sambaXP 2019 Göttingen 15

  16. Netname Negotiate Context • Client provides target servername by appending negotiation context (ID = 0x0005) Name length Unicode null-terminated name 2 Byte Variable • Provides servername • Advisory, available prior to session and treeconnect processing • May be inspected by load balancers, connection managers, etc • Ignored by Server processing (perhaps surprisingly?) sambaXP 2019 Göttingen 16

  17. Netname Negotiate Context • SMB2_NETNAME_NEGOTIATE_CONTEXT_ID • MS-SMB2 Section 2.3.1.4 (request only) • 0x0005 • Included with SMB2_NEGOTIATE by default • MS-SMB2 section 3.2.4.2.2 sambaXP 2019 Göttingen 17

  18. Updates to the Microsoft SMB3 client • FileNormalizedNameInformation • Normalized Name query added to protocol • FileIdInformation • Omitted in 3.x [oops!] (3.3.5.20.1) • Directory Caching Enhancements • Can now cache much larger directories ~ 500K entries. • Will attempt directory queries with 1 MB buffers to reduce round trips and improve performance • Accelerated IO path for low latency access sambaXP 2019 Göttingen 18

  19. Other MS-SMB2 Document Updates • MS-XCA normative reference added (for compression) • Numerous clarity and language tweaks • FSCTL input and output counts • Transform processing order, invalid protocol id’s • New section reorg in April 30 update see 3.2.5.1.1/3.3.5.2.1 and subsections • Oplock/Lease break client processing • Tree connect and redirect • Durable reconnect v2 (3.3.5.9.12) • Compound processing (18H2 document) sambaXP 2019 Göttingen 19

  20. SMB3 Protocol Futures sambaXP 2019 Göttingen 20

  21. What’s Coming? (SDC 2018 review / SDC 2019 preview ) • SMB over QUIC • New transforms and signing • AES-GMAC signing • Signing and RDMA • RDMA direct access to persistent storage sambaXP 2019 Göttingen 21

  22. QUIC:UDP based secure stream transport • Low-latency connection setup • 1-RTT for initial connections • 0-RTT for repeat connections. • Secure and Encrypted (TLS 1.3+) • Improvements over HTTP/2 (“H2”) and TCP • Multiple Stream Support • ALPN for better multiplexing • Support for connection migration across • Better congestion control & loss recovery • UDP based library implementation • IETF draft stage. sambaXP 2019 Göttingen 22

  23. QUIC - Unknowns • Still experimental • Evidence (Google) shows that it is firewall/NAT friendly – 93% • Initial implementations are software only • Will it catch up with TCP offload ? • RDMA over QUIC ? • Still in development • Very close to standardization sambaXP 2019 Göttingen 23

  24. SMB Bindings for QUIC • QUIC connections can share same 4-tuple • Can multiplex using an ALPN identifier • Can share same port with HTTPS traffic • Use QUIC as a single channel TCP replacement • SMB multichannel will use separate QUIC connections. • Not currently envisioning using QUIC streams • Can QUIC be hooked up to Azure Files ? • No more port 445 blocking ! sambaXP 2019 Göttingen 24

  25. SMB3 Signing – Enabling AES-GMAC • Switch from AES-CCM to AES-GCM cipher • AES-GCM based SMB3 encryption performs significantly better than AES-CCM based signing • Most modern processors have optimized instructions for AES-GCM computations • SMB3.x (still) uses AES-CMAC for signing • Can we use AES-GMAC to similarly improve signing ? • Definitely yes sambaXP 2019 Göttingen 25

  26. AES-GMAC expected performance sambaXP 2019 Göttingen 26

  27. Negotiable SMB Signing with New Algorithm • Negotiable • Client will be able to negotiate switching to the AES128-GMAC algorithm for signing in SMB 3.1.1. New negotiation context specifying the algorithm count and algorithm IDs: Algorithm Algorithm Id 1 Algorithm Id 2 Algorithm Id …… Count 2 Byte 2 Byte 2 Byte • Supporting server will select 1 signing algorithm, if possible, and respond with: Selected 0x0001 Algorithm ID • More algorithms may be added over time 2 Byte sambaXP 2019 Göttingen 27

  28. Better Signing and Encryption in RDMA E.g. An SMB RDMA write: • Signing and Encryption over SMB RDMA. • Performance gain over current SMB2 RDR SMB2 SRV packet-based authenticated and/or encrypted traffic over SMB RDMA. RDMA Buffer RDMA Buffer RDMA Buffer • Supports AES128-GMAC for (Encrypted/Signed) (Decrypted/Verified) signing, AES-CCM and AES-GCM for encryption. RDMA Pull sambaXP 2019 Göttingen 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SMB3 Protocol Update 2020 edition! Tom Talpey Microsoft Corporation 1 Outline SMB3

SMB3 Protocol Update 2020 edition! Tom Talpey Microsoft Corporation 1 Outline SMB3

SMB3 Protocol Update 2020 edition! Tom Talpey Microsoft Corporation 1 Outline SMB3 Protocol since last year SMB3 Protocol update in current 20H1 SMB3 Protocol changes coming Other related developments 2 SambaXP 2020

1.45k views • 45 slides
Forward Tom Talpey Microsoft Outline A look at SMB3 today A look at things in the

Forward Tom Talpey Microsoft Outline A look at SMB3 today A look at things in the

Microsoft SMB Looking Forward Tom Talpey Microsoft Outline A look at SMB3 today A look at things in the works in Windows The SMB1 situation Other uses of SMB3 sambaXP 2018 Gttingen 2 SMB3 Today SMB3 is the key

677 views • 28 slides
Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and

Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and

Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and Objectives Goals and Objectives CAR adopted the Forest Protocols in 2005 CAR Board directed staff in 2007 to: Initiate a stakeholder process

532 views • 25 slides
SMB3 in Samba Multi-Channel and Beyond Michael Adam Red Hat / samba.org 2016-04-20 agenda

SMB3 in Samba Multi-Channel and Beyond Michael Adam Red Hat / samba.org 2016-04-20 agenda

SMB3 in Samba Multi-Channel and Beyond Michael Adam Red Hat / samba.org 2016-04-20 agenda History of SMB History of Samba SMB 2+ SMB 2+ in Samba SMB3 Multi-Channel Outlook: SMB3 over RDMA Outlook: SMB3 Clustering/Witness Outlook: SMB3

573 views • 56 slides
SMB3 Multichannel Update Gnther Deschner <gd@samba.org> Sachin Prabhu

SMB3 Multichannel Update Gnther Deschner <gd@samba.org> Sachin Prabhu

SMB3 Multichannel Update Gnther Deschner <gd@samba.org> Sachin Prabhu <sprabhu@redhat.com> A g e n d a S a mb a / C T D B C l u s t e r i n g w i t h G l u s t e r F S S M B 3 M u

862 views • 33 slides
What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i -Key-Protocol, i = 1, 2, 3, Family of protocols Secure electronic payment Based on credit card payments Christopher Hsu Can be extended

407 views • 4 slides
SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP -

SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP -

SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP - 2016-05-11 Introduction SMB - mini history SMB: created around 1983 by Barry Feigenbaum, IBM SMB in Lan Manager: around 1990 SMB in Windows for

1.29k views • 58 slides
SMB3.1.1 and beyond: Optimizing access from Linux Client to Samba, the Cloud and modern file

SMB3.1.1 and beyond: Optimizing access from Linux Client to Samba, the Cloud and modern file

SMB3.1.1 and beyond: Optimizing access from Linux Client to Samba, the Cloud and modern file servers Steve French Principal Software Engineer Azure Storage - Microsoft Legal Statement This work represents the views of the author(s) and does

748 views • 51 slides
Pushing the Boundaries of SMB3: Status of the Linux Kernel client and interoperability with Samba

Pushing the Boundaries of SMB3: Status of the Linux Kernel client and interoperability with Samba

Pushing the Boundaries of SMB3: Status of the Linux Kernel client and interoperability with Samba Steve French Principal Systems Engineer Primary Data Legal Statement T h i s w o r k r e p r e s e n t s t h e v i e w s o f t h e a u t h

513 views • 30 slides
ODS Destruction Protocol Stakeholder Meeting Ontario and Quebec March 17, 2017 Agenda 1.

ODS Destruction Protocol Stakeholder Meeting Ontario and Quebec March 17, 2017 Agenda 1.

ODS Destruction Protocol Stakeholder Meeting Ontario and Quebec March 17, 2017 Agenda 1. Process update 2. Issues for discussion 3. Protocol changes 4. Audience questions 5. Next steps 2 Item 1 PROCESS UPDATE 3 Process update

553 views • 20 slides
SMB3 and Beyond: Accessing Samba from Linux Steve French Principal Systems Engineer Primary

SMB3 and Beyond: Accessing Samba from Linux Steve French Principal Systems Engineer Primary

SMB3 and Beyond: Accessing Samba from Linux Steve French Principal Systems Engineer Primary Data Legal Statement T h i s w o r k r e p r e s e n t s t h e v i e w s o f t h e a u t h o r ( s ) a n d d o e s n o t necessarily reflect the

637 views • 34 slides
Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack 2 TCP Protocol Transmission Control Protocol (TCP) is a core protocol

598 views • 47 slides
SMB3 Extensions for Low Latency Tom Talpey Microsoft May 12, 2016 Problem Statement

SMB3 Extensions for Low Latency Tom Talpey Microsoft May 12, 2016 Problem Statement

SMB3 Extensions for Low Latency Tom Talpey Microsoft May 12, 2016 Problem Statement Storage Class Memory A new, disruptive class of storage Nonvolatile medium with RAM-like performance Low latency, high throughput, high

519 views • 36 slides
SMB3 Multichannel with Samba/CTDB and Gluster Gnther Deschner <gd@samba.org> Sachin

SMB3 Multichannel with Samba/CTDB and Gluster Gnther Deschner <gd@samba.org> Sachin

SMB3 Multichannel with Samba/CTDB and Gluster Gnther Deschner <gd@samba.org> Sachin Prabhu <sprabhu@redhat.com> A g e n d a S a mb a / C T D B C l u s t e r i n g w i t h G l u s t e r F S

322 views • 31 slides
AU GUIDELINES FOR A COORDINATED IMPLEMENTATION OF THE NAGOYA PROTOCOL ON ABS: AN UPDATE MAHLET

AU GUIDELINES FOR A COORDINATED IMPLEMENTATION OF THE NAGOYA PROTOCOL ON ABS: AN UPDATE MAHLET

AU GUIDELINES FOR A COORDINATED IMPLEMENTATION OF THE NAGOYA PROTOCOL ON ABS: AN UPDATE MAHLET TESHOME ENVIRONMENTAL LAWYER AFRICAN UNION COMMISSION DEPARTMENT OF HUMAN RESOURCES SCIENCE AND TECHNOLOGY 8 th PAN AFRICAN WORKSHOP ON ABS MARCH

248 views • 11 slides
INTRODUCE IN-KERNEL SMB3 SERVER CALLED CIFSD Namjae Jeon Samsung Electronics June 5, 2019

INTRODUCE IN-KERNEL SMB3 SERVER CALLED CIFSD Namjae Jeon Samsung Electronics June 5, 2019

INTRODUCE IN-KERNEL SMB3 SERVER CALLED CIFSD Namjae Jeon Samsung Electronics June 5, 2019 About me Linux kernel contributor since 2011 Co-Creator of Samsung internal NTFS Filesystem Introduce collapse and insert range syscall

406 views • 26 slides
Support for mini-debuginfo in LLDB How to read the .gnu_debugdata section Konrad Kleine February

Support for mini-debuginfo in LLDB How to read the .gnu_debugdata section Konrad Kleine February

Support for mini-debuginfo in LLDB How to read the .gnu_debugdata section Konrad Kleine February 2, 2020 Red Hat - LLDB 1/10 Overall goal Improve LLDB for Fedora and RHEL release binaries 1 when no debug symbols installed not all

300 views • 18 slides
Backdooring your server through its BMC : the HPE iLO4 case Fabien Prigaud, Alexandre Gazet

Backdooring your server through its BMC : the HPE iLO4 case Fabien Prigaud, Alexandre Gazet

Backdooring your server through its BMC : the HPE iLO4 case Fabien Prigaud, Alexandre Gazet & Jofgrey Czarny Rennes, June 13-15 , 2018 Outline Introduction Previous works Firmware security A fjrmware backdoor Conclusion 1 HP

658 views • 43 slides
Data Processing on Modern Hardware Jens Teubner, TU Dortmund, DBIS Group

Data Processing on Modern Hardware Jens Teubner, TU Dortmund, DBIS Group

Data Processing on Modern Hardware Jens Teubner, TU Dortmund, DBIS Group jens.teubner@cs.tu-dortmund.de Summer 2015 Jens Teubner Data Processing on Modern Hardware Summer 2015 c 1 Part V Vectorization Jens Teubner Data

619 views • 35 slides
ROHC Implementation Experience mark.a.west@roke.co.uk Mark West 1 s s Roke Manor Overview

ROHC Implementation Experience mark.a.west@roke.co.uk Mark West 1 s s Roke Manor Overview

Research Manor Roke ROHC Implementation Experience mark.a.west@roke.co.uk Mark West 1 s s Roke Manor Overview Research ! First steps towards a full ROHC implementation ! Initial feel for memory and processor load ! Updating original

409 views • 10 slides
Codec Chips Tribute to Prof. Goto Jinjia Zhou 1 , Dajiang Zhou 2 , Satoshi Goto 2 1 Hosei

Codec Chips Tribute to Prof. Goto Jinjia Zhou 1 , Dajiang Zhou 2 , Satoshi Goto 2 1 Hosei

100x Evolution of Vid ideo Codec Chips Tribute to Prof. Goto Jinjia Zhou 1 , Dajiang Zhou 2 , Satoshi Goto 2 1 Hosei University, Tokyo, Japan 2 Waseda University, Kitakyushu, Japan Prof. Goto has been my supervisor from 2008 to 2015. (M.S ->

464 views • 27 slides
Office Hours: COVID-19 Planning and Response May 15, 2020 Housekeeping A recording of

Office Hours: COVID-19 Planning and Response May 15, 2020 Housekeeping A recording of

Office Hours: COVID-19 Planning and Response May 15, 2020 Housekeeping A recording of todays session, along with the slide deck and a copy of the Chat and Q&A content will be posted to the HUD Exchange within 2-3 business days

688 views • 34 slides
DupHunter : Flexible High-Performance Deduplication for Docker Registries Nannan Zhao , Hadeel

DupHunter : Flexible High-Performance Deduplication for Docker Registries Nannan Zhao , Hadeel

DupHunter : Flexible High-Performance Deduplication for Docker Registries Nannan Zhao , Hadeel Albahar, Subil Abraham, Keren Chen, Vasily Tarasov, Dimitrios Skourtis, Lukas Rupprecht, Ali Anwar, and Ali R. Butt Containers are ubiquitous OS

1.61k views • 76 slides
Functional Mock-up Interface Thierry S. Nouidui and Michael Wetter Simulation Research Group

Functional Mock-up Interface Thierry S. Nouidui and Michael Wetter Simulation Research Group

Functional Mock-up Interface Thierry S. Nouidui and Michael Wetter Simulation Research Group July 22, 2015 1 Overview The purpose is to 1. understand the Functional Mock-up Interface (FMI) and Functional Mock-up Unit (FMU) 2. learn how to

701 views • 15 slides

More recommend