ZFS
In computing, ZFS is a combined file system and logical volume manager designed by Sun Microsystems. The features of ZFS include data integrity verification against data corruption modes, support for high storage capacities, integration of the concepts of filesystem and volume management, snapshots and copy-on-write clones, continuous integrity checking and automatic repair, RAID-Z and native NFSv4 ACLs. ZFS is implemented as open-source software, licensed under the Common Development and Distribution License (CDDL). The ZFS name is a trademark of Oracle.[3]
Contents
[edit] History
ZFS was designed and implemented by a team at Sun led by Jeff Bonwick. It was announced on September 14, 2004.[4] Source code for ZFS was integrated into the main trunk of Solaris development on October 31, 2005[5] and released as part of build 27 of OpenSolaris on November 16, 2005. Sun announced that ZFS was included in the 6/06 update to Solaris 10 in June 2006, one year after the opening of the OpenSolaris community.[6]
The name originally stood for "Zettabyte File System".[7] A ZFS file system can store up to 256 quadrillion zettabytes (ZB), where a zettabyte is 270 bytes.
[edit] Release history
As new features are introduced the version number of the ZPool and Z file system are incremented to designate the format and features available.[8][9]
Legend:
[edit] Features
[edit] Data Integrity
One major feature that distinguishes ZFS from other file systems is that ZFS is designed from the ground up with a focus on data integrity. That is, protect the user's data on disk, against silent data corruption caused by e.g., bit rot, cosmic radiation, current spikes, bugs in disk firmware, ghost writes, etc.
Data Integrity is a high priority in ZFS because recent research shows that none of the currently widespread file systems — such as Ext, XFS, JFS, ReiserFS, or NTFS — nor Hardware RAID provide sufficient protection against such problems.[10][11][12][13][14] It is well known that Hardware RAID has some issues with data integrity. Initial research indicates that ZFS clearly protects data better than earlier solutions.[15]
A modern hard disk devotes a large portion of its capacity to error detection data. Many errors occur during normal usage, but are corrected by the disk's internal software, and thus are not visible to the host software. A tiny fraction of the detected errors are not correctable. For example, a modern Enterprise SAS disk specification estimates this fraction to be one uncorrected error in every 1016 bits[16]. A modern Enterprise Fibre Channel disk which uses the new 520 byte sectors to support the new DIF Data Integrity Field standard to combat data corruption, reports similar error rates[17]. The worst type of errors are those that go unnoticed, and are not even detected by the disk firmware or the host operating system. This is known as "silent corruption". A real life study of 1.5 million HDDs in the NetApp database found that on average 1 in 90 SATA drives will have silent corruption which is not caught by hardware raid verification process, for a RAID-5 system that calculates to an undetected error for every 67 TB of data [18].
However, there are many other external error sources than the disk itself. For instance, the disk cable might be slightly loose, the power supply might be flaky [19], external vibrations such as a loud sound[20], the Fibre Channel switch might be faulty[21], cosmic radiation and many other types of soft errors, etc. In 39,000 storage systems that were analyzed, firmware bugs accounted for between 5-10% of storage failures [22]. All in all, the error rates as observed by a CERN study on silent corruption, are far higher than one in every 1016 bits [23].
Silent data corruption has not been a serious concern while storage devices remained relatively small and slow. Hence, a user very rarely faced silent corruption, so it was not deemed to be a problem that required a solution. With the advent of larger drives and very fast RAID setups, a user is capable of transferring 1016 bits in a sufficiently short time. In particular, ZFS creator Jeff Bonwick stated that the fast database at Greenplum — a database software company located in San Mateo, California specializing in enterprise data cloud solutions for large-scale data warehousing and analytics — faces silent corruption every 15 minutes,[24] which is one of the reasons that Greenplum now base their fast database solution on ZFS. These large and fast raid setups require new file systems that focus on data integrity. This is one of the design goals of ZFS, as explained by Jeff Bonwick.[24]
For ZFS, data integrity is achieved by using a (Fletcher-based) checksum or a (SHA-256) hash throughout the file system tree.[25] Each block of data is checksummed and the checksum value is then saved in the pointer to that block—rather than at the actual block itself. Next, the block pointer is checksummed, with the value being saved at its pointer. This checksumming continues all the way up the file system's data hierarchy to the root node, which is also checksummed, thus creating a Merkle tree.[25] When a block is accessed, regardless of whether it is data or meta-data, its checksum is calculated and compared with the stored checksum value of what it "should" be. If the checksums match, the data is passed up the programming stack to the process that asked for it. If the values do not match, then ZFS can heal the data if the storage pool has redundancy via ZFS type of mirroring or RAID.[26] If the storage pool consists of a single disk it is possible to provide such redundancy by specifying "copies=2" (or "copies=3") which means that data will be stored twice (thrice) on the disk, effectively halving (1/3) the storage capacity of the disk.[27] If redundancy exists, then ZFS fetches the second copy of the data (or recreates it via a RAID recovery mechanism), and recalculates the checksum—hopefully reproducing the original value this time. If the data passes the integrity check, the system can then update the first copy with known-good data so that redundancy can be restored.
ZFS cannot fully protect the user's data when using a hardware RAID controller, as it is not able to perform the automatic self-healing unless it controls the redundancy of the disks and data [28]. ZFS prefers direct, exclusive access to the disks, with nothing in between that interferes. If the user insists on using hardware-level RAID, the controller should be configured as JBOD mode (i.e. turn off RAID-functionality) for ZFS to be able to guarantee data integrity. Note that hardware RAID configured as JBOD may still detach disks that do not respond in time; and as such may require TLER/CCTL/ERC-enabled disks to prevent drive dropouts: [29]
These limitations do not apply when using a non-RAID controller, which is the preferred method of supplying disks to ZFS. A non-RAID controller is generally called a Host Bus Adapter (HBA) and allows the operating system to control timeout and error control, rather than the RAID controller which generally has very strict timeout control.
ZFS has no "fsck" repair tool, common on Unix/Linux filesystem, which examines and repairs data. Instead, ZFS has a repair tool called "scrub" which examines and repairs Silent Corruption and other problems. Some differences are:
The official recommendation from Sun/Oracle is to scrub once every month with Enterprise disks, because they have much higher reliability than cheap commodity disks. If using cheap commodity disks, scrub every week.
However, no system is immune to bugs or hardware not following standards.
"...For example: FLUSH CACHE should only return, when the cache is flushed. But there are dirt cheap converter chips that sends the FLUSH CACHE to disk, but returns a successful FLUSH CACHE in the same moment back to the OS (of course without having NVRAM on disk or in a controller as this would allow to ignore CACHE FLUSH). Or interface converters reordering commands in really funny ways. By such reordering it may happen, that the uberblock is written to disk, before the rest of the structure has been written to disk..." [30]
Thus, there are known cases where ZFS has had problems. Therefore, as an extra safety measure, it is possible to go back in time by using the "-F" flag with the "zpool" command. ZFS use Copy-On-Write, which means old data is not altered. Whenever data is edited and updated, the old data is always left intact, and only the edits are stored, on a new place on the disk. This means every change can be traced back in time. This allows the user to discard the latest change which caused the problem, and instead go back to an earlier functioning state. This is also how ZFS Snapshots works.
[edit] Storage pools
Unlike traditional file systems, which reside on single devices and thus require a volume manager to use more than one device, ZFS filesystems are built on top of virtual storage pools called zpools. A zpool is constructed of virtual devices (vdevs), which are themselves constructed of block devices: files, hard drive partitions, or entire drives, with the last being the recommended usage.[31] Block devices within a vdev may be configured in different ways, depending on needs and space available: non-redundantly (similar to RAID 0), as a mirror (RAID 1) of two or more devices, as a RAID-Z (similar to RAID-5) group of three or more devices, or as a RAID-Z2 (similar to RAID-6) group of four or more devices.[32] In July 2009, triple-parity RAID-Z3 was added to OpenSolaris.[33][34]
Thus, a zpool (ZFS storage pool) is vaguely similar to a computer's RAM. The total RAM pool capacity depends on the number of RAM memory sticks and the size of each stick. Likewise, a zpool consists of one or more vdevs. Each vdev can be viewed as a group of hard disks (or partitions, or files, etc.). Each vdev should have redundancy because if a vdev is lost, then the whole zpool is lost. Thus, each vdev should be configured as RAID-Z1, RAID-Z2, mirror, etc. It is not possible to change the number of drives in an existing vdev (Block Pointer Rewrite will allow this, and also allow defragmentation), but it is always possible to increase storage capacity by adding a new vdev to a zpool. It is possible to swap a drive to a larger drive and resilver (repair) the zpool. If this procedure is repeated for every disk in a vdev, then the zpool will grow in capacity when the last drive is resilvered. A vdev will have the same capacity as the smallest drive in the group. For instance, a vdev consisting of three 500 GB and one 700 GB drive, will have a capacity of 4 x 500 GB.
[edit] L2ARC
In addition, pools can have hot spares to compensate for failing disks. ZFS also supports both read and write caching, for which special devices can be used. Solid State Devices can be used for the L2ARC, or Level 2 adaptive replacement cache, speeding up read operations, while NVRAM buffered SLC memory can be boosted with supercapacitors to implement a fast, non-volatile write cache, improving synchronous writes. Finally, when mirroring, block devices can be grouped according to physical chassis, so that the filesystem can continue in the case of the failure of an entire chassis.
Storage pool composition is not limited to similar devices but can consist of ad-hoc, heterogeneous collections of devices, which ZFS seamlessly pools together, subsequently doling out space to diverse filesystems as needed. Arbitrary storage device types can be added to existing pools to expand their size at any time. [35]
The storage capacity of all vdevs is available to all of the file system instances in the zpool. A quota can be set to limit the amount of space a file system instance can occupy, and a reservation can be set to guarantee that space will be available to a file system instance.
[edit] Capacity
ZFS is a 128-bit file system, so it can address 1.84 × 1019 times more data than 64-bit systems such as NTFS. The limitations of ZFS are designed to be so large that they would never be encountered. This was assured by surpassing physical rather than theoretical limitations—there simply is not enough usable matter on the planet Earth to support a maximized ZFS filesystem. Some theoretical limits in ZFS are:
[edit] Copy-on-write transactional model
ZFS uses a copy-on-write transactional object model. All block pointers within the filesystem contain a 256-bit checksum or 256-bit hash (currently a choice between Fletcher-2, Fletcher-4, or SHA-256)[37] of the target block which is verified when the block is read. Blocks containing active data are never overwritten in place; instead, a new block is allocated, modified data is written to it, then any metadata blocks referencing it are similarly read, reallocated, and written. To reduce the overhead of this process, multiple updates are grouped into transaction groups, and an intent log is used when synchronous write semantics are required. The blocks are arranged in a tree, as are their checksums (see Merkle signature scheme).
[edit] Snapshots and clones
An advantage of copy-on-write is that when ZFS writes new data, the blocks containing the old data can be retained, allowing a snapshot version of the file system to be maintained. ZFS snapshots are created very quickly, since all the data composing the snapshot is already stored; they are also space efficient, since any unchanged data is shared among the file system and its snapshots.
Writeable snapshots ("clones") can also be created, resulting in two independent file systems that share a set of blocks. As changes are made to any of the clone file systems, new data blocks are created to reflect those changes, but any unchanged blocks continue to be shared, no matter how many clones exist. This is an implementation of the Copy-on-write principle.
[edit] Dynamic striping
Dynamic striping across all devices to maximize throughput means that as additional devices are added to the zpool, the stripe width automatically expands to include them; thus all disks in a pool are used, which balances the write load across them.
[edit] Variable block sizes
ZFS uses variable-sized blocks of up to 128 kilobytes. The currently available code allows the administrator to tune the maximum block size used as certain workloads do not perform well with large blocks. If data compression (LZJB) is enabled, variable block sizes are used. If a block can be compressed to fit into a smaller block size, the smaller size is used on the disk to use less storage and improve IO throughput (though at the cost of increased CPU use for the compression and decompression operations).
[edit] Lightweight filesystem creation
In ZFS, filesystem manipulation within a storage pool is easier than volume manipulation within a traditional filesystem; the time and effort required to create or expand a ZFS filesystem is closer to that of making a new directory than it is to volume manipulation in some other systems.
[edit] Cache management
ZFS also uses the ARC, a new method for Read cache management, instead of the traditional Solaris virtual memory page cache. For write caching, ZFS employs the ZFS Intent Log (ZIL). ZFS makes allowances for both of these methods to incorporate separate virtual devices to improve the total IOPS. For read operations it is the "cache" vdev and for write operations it is the "log" vdev.[38]
[edit] Adaptive endianness
Pools and their associated ZFS file systems can be moved between different platform architectures, including systems implementing different byte orders. The ZFS block pointer format stores filesystem metadata in an endian-adaptive way; individual metadata blocks are written with the native byte order of the system writing the block. When reading, if the stored endianness does not match the endianness of the system, the metadata is byte-swapped in memory.
This does not affect the stored data itself; as is usual in POSIX systems, files appear to applications as simple arrays of bytes, so applications creating and reading data remain responsible for doing so in a way independent of the underlying system's endianness.
[edit] Deduplication
Deduplication capability was added to the ZFS source repository at the end of October 2009.[39] The OpenSolaris ZFS development packages have been available since December 3, 2009 (build 128).
The effective use of deduplication may require additional hardware. ZFS designers recommend 2 GB of RAM for every 1 TB of storage. For example, at least 32 GB of memory is recommended for 20 TB of storage. [40] However, some further discussion on the zfs-discuss lists [41], and testing on FreeBSD [42] by individuals affiliated with the project, have shown this value to be significantly higher than the prescribed 2 GB of RAM for every 1 TB of storage. If RAM is lacking, consider adding an SSD as a cache, which will automatically handle the large deduplication tables. This can speed up deduplication performance by a factor of eight or more. Insufficient physical memory or lack of ZFS cache results in virtual memory thrashing, which can either lower performance, or result in complete memory starvation [43].
As of today with Solaris 11 Express, deduplication can cause several problems if you are not aware of the limitations involved. [44]
[edit] Encryption
The encryption capability in ZFS[45] is embedded into the I/O pipeline. During writes a block may be compressed, encrypted, checksummed and then deduplicated in that order. The policy for encryption is set at the dataset level when datasets (file systems or ZVOLs) are created. The wrapping keys provided by the user/administrator can be changed at any time without taking the file system off line. The default behaviour is for the wrapping key to be inherited by any child data sets. The data encryption keys are randomly generated at dataset creation time. Only descendant datasets (snapshots and clones) share data encryption keys.[46] A command to switch to a new data encryption key for the clone or at any time is provided — this does not re-encrypt already existing data.
[edit] Additional capabilities
[edit] Limitations
[edit] Platforms
[edit] Solaris 10
ZFS is part of Sun's own Solaris operating system and is thus available on both SPARC and x86-based systems. Since the code for ZFS is open source, a port to other operating systems and platforms can be produced without Sun's involvement.
[edit] Solaris 11
After Oracle's Solaris 11 Express release, the OS/Net consolidation (the main OS code) was made proprietary and closed-source, and further ZFS upgrades and implementations inside Solaris (such as encryption) are not compatible with other non-proprietary implementations which use previous versions of ZFS.
When creating a new ZFS pool, to retain the ability to use access the pool from other non-proprietary Solaris-based distributions, it is recommended to upgrade to Solaris 11 Express from OpenSolaris (snv_134b), and thereby stay at ZFS version 28.
[edit] OpenSolaris
OpenSolaris 2008.05 and 2009.06 use ZFS as their default filesystem. There are over a dozen 3rd party distributions, of which nearly a dozen are mentioned here. (OpenIndiana and Illumos are two new distributions not included on the OpenSolaris distribution reference page.)
[edit] OpenIndiana
OpenIndiana 148 and 151 use ZFS version 28, as implemented in Illumos.
By upgrading from OpenSolaris snv_134 to both OpenIndiana and Solaris 11 Express, one also has the ability to upgrade and separately boot Solaris 11 Express on the same ZFS pool, but one should not install Solaris 11 Express first because of ZFS incompatibilities introduced by Oracle past ZFS version 28.[59]
[edit] FreeBSD
Paweł Jakub Dawidek ported ZFS to FreeBSD, and it has been part of FreeBSD since version 7.0.[60] This includes zfsboot, which allows booting FreeBSD directly from a ZFS volume.[61][62]
FreeBSD's ZFS implementation is fully functional; the only missing features are kernel CIFS server and iSCSI, but at least the latter can be added using externally available packages.[63] A CIFS server can be emulated in user space using Samba.
FreeBSD 7-stable (where updates to the series of versions 7.x are committed to) uses zpool version 6.
FreeBSD version 8 includes a much-updated implementation of ZFS, and zpool version 13 is supported in FreeBSD release 8.0.[64] zpool version 14 support was added to the 8-stable branch on 11 January 2010,[65] and is included in FreeBSD release 8.1. zpool version 15 is supported in release 8.2.[66] The 8-stable branch gained support for zpool version v28 and zfs version 5 in early June 2011.[67] Therefore, v28 will be supported in the 8.x FreeBSD series with the release of FreeBSD 8.3.
FreeBSD 9.0-RELEASE uses ZFS Pool version 28.
[edit] FreeNAS
FreeNAS, an embedded open source network-attached storage (NAS) distribution based on FreeBSD, has the same ZFS support as FreeBSD.
[edit] PC-BSD
PC-BSD is a desktop version of FreeBSD, which inherits FreeBSD's ZFS support, similarly to FreeNAS. It also allows installation with disk encryption using geli.
[edit] GNU/kFreeBSD
Being based on the FreeBSD kernel, GNU/kFreeBSD has ZFS support from the kernel. However, it depends on the distribution of GNU/kFreeBSD whether the necessary userland tools are available. The only distribution of this system to the date (Debian GNU/kFreeBSD) provides ZFS utilities in the zfsutils package. Additionally, the Debian installer supports installing the operating system under ZFS on the amd64 architecture.
[edit] NetBSD
The NetBSD ZFS port was started as a part of the 2007 Google Summer of Code and in August 2009 the code was merged into NetBSD's source tree.[68]
[edit] Mac OS X
The first indication of Apple Inc.'s interest in ZFS was an April 2006 post on the opensolaris.org zfs-discuss mailing list where an Apple employee mentioned being interested in porting ZFS to their Mac OS X operating system.[69] In the release version of Mac OS X 10.5, ZFS was available in read-only mode from the command line, which lacks the possibility to create zpools or write to them.[70] Before the 10.5 release, Apple released the "ZFS Beta Seed v1.1", which allowed read-write access and the creation of zpools,[71] however the installer for the "ZFS Beta Seed v1.1" has been reported to only work on version 10.5.0, and has not been updated for version 10.5.1 and above.[72] In August 2007, Apple opened a ZFS project on their Mac OS Forge web site. On that site, Apple provided the source code and binaries of their port of ZFS which includes read-write access, but there was no installer available[73] until a third-party developer created one.[74] In October 2009, Apple announced a shutdown of the ZFS project on Mac OS Forge. No explanation was given, just the following statement: "The ZFS project has been discontinued. The mailing list and repository will also be removed shortly." Versions of the previously released source and binaries, as well as the wiki, have been preserved and development has been adopted by a group of enthusiasts.[75][76] Complete ZFS support was once advertised as a feature of Snow Leopard Server (Mac OS X Server 10.6). However, all references to this feature have been silently removed; it is no longer listed on the Snow Leopard Server features page.[77] Apple has not commented regarding the omission.
The MacZFS project mirrored the public archives of the Apple ZFS before they disappeared,[75] and has grown into a community-maintained project, producing releases of ZFS for most recent versions of OS X, including Lion (10.7).[75] The project has an active mailing list. As of January 2012, MacZFS implements zpool version 8, the version from the October 2008 release of Solaris.
In January 2012, the company Ten's Complement LLC released a ZFS implementation for Mac OS X called "Zevo" which includes both GUI and command-line features. As of January 2012, Zevo implements zpool version 28, the same as FreeBSD 9.0. The first "Silver" release of Zevo does not include compression, snapshots, or RAIDZ, although it does enable checksumming. Future releases of Zevo, slated for release later in 2012, will offer additional features. The company was founded by Don Brady, a former Apple engineer who was technical lead on the original HFS+ team and worked on Apple's abandoned internal project to port ZFS.[78]
[edit] Linux
Porting ZFS to Linux is complicated by the fact that the GNU General Public License, which governs the Linux kernel, is incompatible with the Sun CDDL under which ZFS is distributed. According to some developers a single derived work of both projects cannot be legally distributed, as it is not possible to simultaneously meet both licenses' requirements.[79] To include ZFS in the Linux kernel it would have to be cleanly reimplemented, and patents may hamper this.[80]
[edit] Linux FUSE
Another solution to this problem was to port ZFS to Linux's FUSE system so the filesystem runs in userspace instead, where it is not considered a derived work of the kernel. A project to do this was sponsored by Google's Summer of Code program in 2006.[81] The original ZFS on FUSE project is available here. Development for ZFS on FUSE/Linux now takes place at zfs-fuse.net.
[edit] Native ZFS on Linux
A native port of ZFS for Linux is in development. This ZFS on Linux port was produced at the Lawrence Livermore National Laboratory (LLNL) under Contract No. DE-AC52-07NA27344 (Contract 44) between the U.S. Department of Energy (DOE) and Lawrence Livermore National Security, LLC (LLNS) for the operation of LLNL. It has been approved for release under LLNL-CODE-403049. The port is currently in release candidate status for version 0.6.0, which supports mounting filesystems.
Another native port was being worked on by KQ Infotech .[82][83] This port used the LLNL ZVOL implementation as a starting point. A GA release supporting zpool v28 was released in January 2011.[84] In mid-2011, KQ Infotech was acquired by another company, and as such their work on ZFS had ceased.[85] Their code can be found on github.[86]
[edit] Comparisons
List of Operating Systems, Distros and add-ons that support ZFS, the zpool version it supports, and the Solaris build they are based on (if any):
(updated 2011/11/26)
