ESXi supports NFS protocols version 3 and 4.1. To support both versions, ESXi uses two different NFS clients.
NFS Protocol Version 3
- With NFS version 3, storage traffic is transmitted in an unencrypted format across the LAN. Because of this limited security, use NFS storage on trusted networks only and isolate the traffic on separate physical switches. You can also use a private VLAN.
- NFS 3 uses only one TCP connection for I/O. As a result, ESXi supports I/O on only one IP address or hostname for the NFS server, and does not support multiple paths. Depending on your network infrastructure and configuration, you can use network stack to configure multiple connections to the storage targets. In this case, you must have multiple datastores, with each datastore using separate network connections between the host and the storage.
- With NFS 3, ESXi does not support the delegate user functionality that enables access to NFS volumes by using nonroot credentials. You must ensure that each host has root access to the volume.
- NFS 3 supports hardware acceleration that allows your host to integrate with NAS devices and use several hardware operations that NAS storage provides. For more information, see Hardware Acceleration on NAS Devices.
- When hardware acceleration is supported, you can create thick-provisioned virtual disk on NFS 3 datastores.
- NFS 3 locking on ESXi does not use the Network Lock Manager (NLM) protocol. Instead, VMware provides its own locking protocol. NFS 3 locks are implemented by creating lock files on the NFS server. Lock files are named .lck-file_id..
NFS Protocol Version 4.1
- NFS 4.1 provides multipathing for servers that support session trunking. When trunking is available, you can use multiple IP addresses to access a single NFS volume. Client ID trunking is not supported.
- NFS 4.1 does not support hardware acceleration. This limitation does not allow you to create thick virtual disks on NFS 4.1 datastores.
- NFS 4.1 supports the Kerberos authentication protocol to secure communication with the NFS server. For more information, see Using Kerberos Credentials for NFS 4.1.
- NFS 4.1 uses share reservations as a locking mechanism.
- NFS 4.1 supports inbuilt file locking.
- NFS 4.1 supports nonroot users to access files when used with Kerberos.
- NFS 4.1 supports traditional non-Kerberos mounts. In this case, use security and root access guidelines recommended for NFS version 3.
- Does not support simultaneous AUTH_SYS and Kerberos mounts.
- NFS 4.1 with Kerberos does not support IPv6. NFS 4.1 with AUTH_SYS supports both IPv4 and IPv6.
NFS Protocols and vSphere Solutions
|vSphere Features||NFS version 3||NFS version 4.1|
|vMotion and Storage vMotion||Yes||Yes|
|High Availability (HA)||Yes||Yes|
|Fault Tolerance (FT)||Yes||Yes|
|Distributed Resource Scheduler (DRS)||Yes||Yes|
|Storage I/O Control||Yes||No|
|Site Recovery Manager||Yes||No|
NFS Version Upgrades
vSphere does not support automatic datastore conversions from NFS version 3 to NFS 4.1. If you want to upgrade your NFS 3 datastore, the following options are available:
- You can create a new NFS 4.1 datastore, and then use Storage vMotion to migrate virtual machines from the old datastore to the new one.
- Use conversion methods provided by your NFS storage server. For more information, contact your storage vendor.
- Unmount from one version and then mount as the other.
Caution: If you use this option, make sure to unmount the datastore from all hosts that have access to the datastore. The datastore can never be mounted by using both protocols at the same time.