This page uses content from Wikipedia and is licensed under CC BY-SA.
|Developer(s)||Sun Microsystems originally, Oracle Corporation since 2010. See also OpenZFS (open source fork).|
|Introduced||November 2005 with OpenSolaris|
|Directory contents||Extensible hash table|
|Max. volume size||256 trillion yobibytes (2128 bytes)|
|Max. file size||16 exbibytes (264 bytes)|
|Max. number of files|
|Max. filename length||255 ASCII characters (fewer for multibyte character encodings such as Unicode)|
|Forks||Yes (called "extended attributes", but they are full-fledged streams)|
|File system permissions||POSIX, NFSv4 ACLs|
|Supported operating systems||Solaris, OpenSolaris, illumos distributions, OpenIndiana, FreeBSD, Mac OS X Server 10.5 (only read-only support), NetBSD, Linux via third-party kernel module ("ZFS on Linux") or ZFS-FUSE, OSv|
ZFS is a combined file system and logical volume manager designed by Sun Microsystems. ZFS is scalable, and includes extensive protection against data corruption, support for high storage capacities, efficient data compression, integration of the concepts of filesystem and volume management, snapshots and copy-on-write clones, continuous integrity checking and automatic repair, RAID-Z, native NFSv4 ACLs, and can be very precisely configured. The two main implementations, by Oracle and by the OpenZFS project, are extremely similar, making ZFS widely available within Unix-like systems.
The ZFS name stands for nothing - briefly assigned the backronym "Zettabyte File System", it is no longer considered an initialism. Originally, ZFS was proprietary, closed-source software developed internally by Sun as part of Solaris, with a team led by the CTO of Sun's storage business unit and Sun Fellow Jeff Bonwick. In 2005, the bulk of Solaris, including ZFS, was licensed as open-source software under the Common Development and Distribution License (CDDL), as the OpenSolaris project. ZFS became a standard feature of Solaris 10 in June 2006.
In 2010, Sun Microsystems was acquired by Oracle Corporation and ZFS became a registered trademark belonging to Oracle Corporation. Oracle stopped releasing updated source code for new OpenSolaris and ZFS development, effectively reverting Oracle's ZFS to closed source. In response, the illumos project was founded, to maintain and enhance the existing open source Solaris, and in 2013 OpenZFS was founded to coordinate the development of open source ZFS. OpenZFS maintains and manages the core ZFS code, while organizations using ZFS maintain the specific code and validation processes required for ZFS to integrate within their systems. OpenZFS is widely used in Unix-like systems. In 2017, one analyst described OpenZFS as "the only proven Open Source data-validating enterprise file system".[better source needed]
The management of stored data generally involves two aspects: the physical volume management of one or more block storage devices such as hard drives and SD cards and their organization into logical block devices as seen by the operating system (often involving a volume manager, RAID controller, array manager, or suitable device driver), and the management of data and files that are stored on these logical block devices (a file system or other data storage).
ZFS is unusual, because unlike most other storage systems, it unifies both of these roles and acts as both the volume manager and the file system. Therefore, it has complete knowledge of both the physical disks and volumes (including their condition and status, their logical arrangement into volumes, and also of all the files stored on them). ZFS is designed to ensure (subject to suitable hardware) that data stored on disks cannot be lost due to physical errors or misprocessing by the hardware or operating system, or bit rot events and data corruption which may happen over time, and its complete control of the storage system is used to ensure that every step, whether related to file management or disk management, is verified, confirmed, corrected if needed, and optimized, in a way that storage controller cards and separate volume and file managers cannot achieve.
ZFS also includes a mechanism for snapshots and replication, including snapshot cloning; the former is described by the FreeBSD documentation as one of its "most powerful features", having features that "even other file systems with snapshot functionality lack". Very large numbers of snapshots can be taken, without degrading performance, allowing snapshots to be used prior to risky system operations and software changes, or an entire production ("live") file system to be fully snapshotted several times an hour, in order to mitigate data loss due to user error or malicious activity. Snapshots can be rolled back "live" or previous file system states can be viewed, even on very large file systems, leading to savings in comparison to formal backup and restore processes. Snapshots can also be cloned to form new independent file systems.
Examples of features specific to ZFS include:
Unlike many file systems, ZFS is intended to work towards specific aims. Its primary targets are enterprise data management and commercial environments. If the system or its configuration are poorly matched to ZFS, then ZFS may underperform significantly. In their 2017 ZFS benchmarks, ZFS developers Calomel stated that:
Common system design failures include:
ZFS commands allow examination of the physical storage in terms of devices, vdevs they are organized into, data pools stored across those vdevs, and in various other ways. Various commands expose in-depth statistics of ZFS' internal status and internal performance/statistics data, to allow settings to be optimized.
vdevs are a fundamental part of ZFS. They can be conceived as groups of disks that each provide redundancy against failure of their physical devices. Each vdev must be able to maintain the integrity of the data it holds, and must contain enough disks that the risk of data loss within it, is acceptably tiny. If any vdev were to become unreadable (due to disk errors or otherwise) then the entire pool it is part of, will also fail. (See data recovery below)
Each vdev can be one of:
Each vdev acts as an independent unit of redundant storage. Devices might not be in a vdev if they are unused spare disks, disks formatted with non-ZFS filing systems, offline disks, or cache devices.
The physical structure of a pool is defined by configuring as many vdevs of any type, and adding them to the pool. ZFS exposes and manages the individual disks within the system, as well as the vdevs, pools, datasets and volumes into which they are organized. Within any pool, data is automatically distributed by ZFS across all vdevs making up the pool. ZFS stripes the data in a pool across all the vdevs in that pool, for speed and efficiency.
Each vdev that the user defines, is completely independent from every other vdev, so different types of vdev can be mixed arbitrarily in a single ZFS system. If data redundancy is required (so that data is protected against physical device failure), then this is ensured by the user when they organize devices into vdevs, either by using a mirrored vdev or a RaidZ vdev. Data on a single device vdev may be lost if the device develops a fault. Data on a mirrored or RaidZ vdev will only be lost if enough disks fail at the same time (or before the system has resilvered any replacements due to recent disk failures). A ZFS vdev will continue to function in service if it is capable of providing at least one copy of the data stored on it, although it may become slower due to error fixing and resilvering, as part of its self-repair and data integrity processes. However ZFS is designed to not become unreasonably slow due to self-repair (unless directed to do so by an administrator) since one of its goals is to be capable of uninterrupted continual use even during self checking and self repair.
Since ZFS device redundancy is at vdev level, this also means that if a pool is stored across several vdevs, and one of these vdevs completely fails, then the entire pool content will be lost. This is similar to other RAID and redundancy systems, which require the data to be stored or capable of reconstruction from enough other devices to ensure data is unlikely to be lost due to physical devices failing. Therefore, it is intended that vdevs should be made of either mirrored devices or a RaidZ array of devices, with sufficient redundancy, for important data, so that ZFS can automatically limit and where possible avoid data loss if a device fails. Backups and replication are also an expected part of data protection.
Vdevs can be manipulated while in active use. A single disk can have additional devices added to create a mirrored vdev, and a mirrored vdev can have physical devices added or removed to leave a larger or smaller number of mirrored devices, or a single device. A RaidZ vdev cannot be converted to or from a mirror, although additional vdevs can always be added to expand storage capacity (which can be any kind including RaidZ). A device in any vdev can be marked for removal, and ZFS will de-allocate data from it to allow it to be removed or replaced.
Of note, the devices in a vdev do not have to be the same size, but ZFS may not use the full capacity of all disks in a vdev, if some are larger than other. This only applies to devices within a single vdev. As vdevs are independent, ZFS does not care if different vdevs have different sizes or are built from different devices.
Also as a vdev cannot be shrunk in size, it is common to set aside a small amount of unused space (for example 1-2GB on a multi-TB disk), so that if a disk needs replacing, it is possible to allow for slight manufacturing variances and replace it with another disk of the same nominal capacity but slightly smaller actual capacity.
In addition to devices used for main data storage, ZFS also allows and manages devices used for caching purposes. These can be single devices or multiple mirrored devices, and are fully dedicated to the type of cache designated. Cache usage and its detailed settings can be fully deleted, created and modified without limit during live use. A list of ZFS cache types is given later in this article.
ZFS can handle devices formatted into partitions for certain purposes, but this is not common use. Generally caches and data pools are given complete devices (or multiple complete devices).
The top level of data management is a ZFS pool (or zpool). A ZFS system can have multiple pools defined. The vdevs to be used for a pool are specified when the pool is created (others can be added later), and ZFS will use all of the specified vdevs to maximize performance when storing data – a form of striping across the vdevs. Therefore, it is important to ensure that each vdev is sufficiently redundant, as loss of any vdev in a pool would cause loss of the pool, as with any other striping.
A ZFS pool can be expanded at any time by adding new vdevs, including when the system is 'live'. The storage space / vdevs already allocated to a pool cannot be shrunk, as data is stored across all vdevs in the pool (even if it is not yet full). However, as explained above, the individual vdevs can each be modified at any time (within stated limits), and new vdevs added at any time, since the addition or removal of mirrors, or marking of a redundant disk as offline, do not affect the ability of that vdev to store data.
Within pools, ZFS recognizes two types of data store:
Since volumes are presented as block devices, they can also be formatted with any other file system, to add ZFS features to that file system, although this is not usual practice. For example, a ZFS volume can be created, and then the block device it presents can be partitioned and formatted with a file system such as ext4 or NTFS. This can be done either locally or over a network (using iSCSI or similar). The resulting file system will be accessible as normal, but will also gain ZFS benefits such as data resilience, data integrity/scrubbing, snapshots, and additional option for data compression.
Snapshots are an integral feature of ZFS. They provide immutable (read only) copies of the file system at a single point in time, and even very large file systems can be snapshotted many times every hour, or sustain tens of thousands of snapshots. Snapshot versions of individual files, or an entire dataset or pool, can easily be accessed, searched and restored. An entire snapshot can be cloned to create a new "copy", copied to a separate server as a replicated backup, or the pool or dataset can quickly be rolled back to any specific snapshot. Snapshots can also be compared to each other, or to the current data, to check for modified data.Snapshots do not take much disk space, but when data is deleted, the space will not be marked as free until any data is no longer referenced by the current system or any snapshot.
Generally ZFS does not expect to reduce the size of a pool, and does not have tools to reduce the set of vdevs that a pool is stored on. (Tools to remove vdevs have been rolled out in Oracle ZFS and also exist for some derivatives of OpenZFS but are not yet generally released in OpenZFS for platforms generally). Therefore as of 2018, to remove an entire vdev that is in active use, or to reduce the size of a pool, the data stored on it must be moved to another pool or a temporary copy made (or if easier, it can be deleted and later restored from backups/copies) so that the devices making up the vdev can be freed for other use or the pool deleted and recreated using fewer vdevs or a smaller size.
Additional capacity can be added to a pool at any time, simply by adding more devices if needed, defining the unused devices into vdevs and adding the new vdevs to the pool.
The capacity of an individual vdev is generally fixed when it is defined. There is one exception to this rule: single drive and mirrored vdevs can be expanded to larger (but not smaller) capacities, without affecting the vdev's operation, by adding larger disks and replacing/removing smaller disks, as shown in the example below.
A pool can be expanded into unused space, and the datasets and volumes within a pool can be likewise expanded to use any unused pool space. Datasets do not need a fixed size and can dynamically grow as data is stored, but volumes, being block devices, need to have their size defined by the user, and must be manually resized as required (which can be done 'live').
One major feature that distinguishes ZFS from other file systems is that it is designed with a focus on data integrity by protecting the user's data on disk against silent data corruption caused by data degradation, current spikes, bugs in disk firmware, phantom writes (the previous write did not make it to disk), misdirected reads/writes (the disk accesses the wrong block), DMA parity errors between the array and server memory or from the driver (since the checksum validates data inside the array), driver errors (data winds up in the wrong buffer inside the kernel), accidental overwrites (such as swapping to a live file system), etc.
A 1999 study showed that neither any of the then-major and widespread filesystems (such as UFS, Ext, XFS, JFS, or NTFS), nor hardware RAID (which has some issues with data integrity) provided sufficient protection against data corruption problems. Initial research indicates that ZFS protects data better than earlier efforts. It is also faster than UFS and can be seen as its replacement.
Within ZFS, data integrity is achieved by using a Fletcher-based checksum or a SHA-256 hash throughout the file system tree. Each block of data is checksummed and the checksum value is then saved in the pointer to that block—rather than at the actual block itself. Next, the block pointer is checksummed, with the value being saved at its pointer. This checksumming continues all the way up the file system's data hierarchy to the root node, which is also checksummed, thus creating a Merkle tree. In-flight data corruption or phantom reads/writes (the data written/read checksums correctly but is actually wrong) are undetectable by most filesystems as they store the checksum with the data. ZFS stores the checksum of each block in its parent block pointer so the entire pool self-validates.
When a block is accessed, regardless of whether it is data or meta-data, its checksum is calculated and compared with the stored checksum value of what it "should" be. If the checksums match, the data are passed up the programming stack to the process that asked for it; if the values do not match, then ZFS can heal the data if the storage pool provides data redundancy (such as with internal mirroring), assuming that the copy of data is undamaged and with matching checksums. It is optionally possible to provide additional in-pool redundancy by specifying copies=2 (or copies=3 or more), which means that data will be stored twice (or three times) on the disk, effectively halving (or, for copies=3, reducing to one third) the storage capacity of the disk. Additionally some kinds of data used by ZFS to manage the pool are stored multiple times by default for safety, even with the default copies=1 setting.
If other copies of the damaged data exist or can be reconstructed from checksums and parity data, ZFS will use a copy of the data (or recreate it via a RAID recovery mechanism), and recalculate the checksum—ideally resulting in the reproduction of the originally expected value. If the data passes this integrity check, the system can then update all faulty copies with known-good data and redundancy will be restored.
For ZFS to be able to guarantee data integrity, it needs multiple copies of the data, usually spread across multiple disks. Typically this is achieved by using either a RAID controller or so-called "soft" RAID (built into a file system).
While ZFS can work with hardware RAID devices, ZFS will usually work more efficiently and with greater protection of data, if it has raw access to all storage devices, and disks are not connected to the system using a hardware, firmware or other "soft" RAID, or any other controller which modifies the usual ZFS-to-disk I/O path. This is because ZFS relies on the disk for an honest view, to determine the moment data is confirmed as safely written, and it has numerous algorithms designed to optimize its use of caching, cache flushing, and disk handling.
If a third-party device performs caching or presents drives to ZFS as a single system, or without the low level view ZFS relies upon, there is a much greater chance that the system will perform less optimally, and that a failure will not be preventable by ZFS or as quickly or fully recovered by ZFS. For example, if a hardware RAID card is used, ZFS may not be able to determine the condition of disks or whether the RAID array is degraded or rebuilding, it may not know of all data corruption, and it cannot place data optimally across the disks, make selective repairs only, control how repairs are balanced with ongoing use, and may not be able to make repairs even if it could usually do so, as the hardware RAID card will interfere. RAID controllers also usually add controller-dependent data to the drives which prevents software RAID from accessing the user data. While it is possible to read the data with a compatible hardware RAID controller, this isn't always possible, and if the controller card develops a fault then a replacement may not be available, and other cards may not understand the manufacturer's custom data which is needed to manage and restore an array on a new card.
Therefore, unlike most other systems, where RAID cards or similar are used to offload resources and processing and enhance performance and reliability, with ZFS it is strongly recommended these methods not be used as they typically reduce the system's performance and reliability.
If disks must be connected through a RAID or other controller, it is recommended to use a plain HBA (host adapter) or fanout card, or configure the card in JBOD mode (i.e. turn off RAID and caching functions), to allow devices to be attached but the ZFS-to-disk I/O pathway to be unchanged. A RAID card in JBOD mode may still interfere, if it has a cache or depending upon its design, and may detach drives that do not respond in time (as has been seen with many energy-efficient consumer-grade hard drives), and as such, may require Time-Limited Error Recovery (TLER)/CCTL/ERC-enabled drives to prevent drive dropouts, so not all cards are suitable even with RAID functions disabled.
RAID-Z is a data/parity distribution scheme like RAID-5, but uses dynamic stripe width: every block is its own RAID stripe, regardless of blocksize, resulting in every RAID-Z write being a full-stripe write. This, when combined with the copy-on-write transactional semantics of ZFS, eliminates the write hole error. RAID-Z is also faster than traditional RAID 5 because it does not need to perform the usual read-modify-write sequence.
As all stripes are of different sizes, RAID-Z reconstruction has to traverse the filesystem metadata to determine the actual RAID-Z geometry. This would be impossible if the filesystem and the RAID array were separate products, whereas it becomes feasible when there is an integrated view of the logical and physical structure of the data. Going through the metadata means that ZFS can validate every block against its 256-bit checksum as it goes, whereas traditional RAID products usually cannot do this.
In addition to handling whole-disk failures, RAID-Z can also detect and correct silent data corruption, offering "self-healing data": when reading a RAID-Z block, ZFS compares it against its checksum, and if the data disks did not return the right answer, ZFS reads the parity and then figures out which disk returned bad data. Then, it repairs the damaged data and returns good data to the requestor.
RAID-Z and mirroring do not require any special hardware: they do not need NVRAM for reliability, and they do not need write buffering for good performance or data protection. With RAID-Z, ZFS provides fast, reliable storage using cheap, commodity disks.
There are three different RAID-Z modes: RAID-Z1 (similar to RAID 5, allows one disk to fail), RAID-Z2 (similar to RAID 6, allows two disks to fail), and RAID-Z3 (Also referred to as RAID 7 allows three disks to fail). The need for RAID-Z3 arose recently because RAID configurations with future disks (say, 6–10 TB) may take a long time to repair, the worst case being weeks. During those weeks, the rest of the disks in the RAID are stressed more because of the additional intensive repair process and might subsequently fail, too. By using RAID-Z3, the risk involved with disk replacement is reduced.
Mirroring, the other ZFS RAID option, is essentially the same as RAID 1, allowing any number of disks to be mirrored. Like RAID 1 it also allows faster read and resilver/rebuild speeds since all drives can be used simultaneously and parity data is not calculated separately, and mirrored vdevs can be split to create identical copies of the pool.
ZFS has no tool equivalent to fsck (the standard Unix and Linux data checking and repair tool for file systems). Instead, ZFS has a built-in scrub function which regularly examines all data and repairs silent corruption and other problems. Some differences are:
ZFS is a 128-bit file system, so it can address 1.84 × 1019 times more data than 64-bit systems such as Btrfs. The maximum limits of ZFS are designed to be so large that they should never be encountered in practice. For instance, fully populating a single zpool with 2128 bits of data would require 3×1024 TB hard disk drives.
Some theoretical limits in ZFS are:
With Oracle Solaris, the encryption capability in ZFS is embedded into the I/O pipeline. During writes, a block may be compressed, encrypted, checksummed and then deduplicated, in that order. The policy for encryption is set at the dataset level when datasets (file systems or ZVOLs) are created. The wrapping keys provided by the user/administrator can be changed at any time without taking the file system offline. The default behaviour is for the wrapping key to be inherited by any child data sets. The data encryption keys are randomly generated at dataset creation time. Only descendant datasets (snapshots and clones) share data encryption keys. A command to switch to a new data encryption key for the clone or at any time is provided—this does not re-encrypt already existing data, instead utilising an encrypted master-key mechanism.
ZFS will automatically allocate data storage across all vdevs in a pool (and all devices in each vdev) in a way that generally maximises the performance of the pool. ZFS will also update its write strategy to take account of new disks added to a pool, when they are added.
As a general rule, ZFS allocates writes across vdevs based on the free space in each vdev. This ensures that vdevs which have proportionately less data already, are given more writes when new data is to be stored. This helps to ensure that as the pool becomes more used, the situation does not develop that some vdevs become full, forcing writes to occur on a limited number of devices. It also means that when data is read (and reads are much more frequent than writes in most uses), different parts of the data can be read from as many disks as possible at the same time, giving much higher read performance. Therefore, as a general rule, pools and vdevs should be managed and new storage added, so that the situation does not arise that some vdevs in a pool are almost full and others almost empty, as this will make the pool less efficient.
Pools can have hot spares to compensate for failing disks. When mirroring, block devices can be grouped according to physical chassis, so that the filesystem can continue in the case of the failure of an entire chassis.
Storage pool composition is not limited to similar devices, but can consist of ad-hoc, heterogeneous collections of devices, which ZFS seamlessly pools together, subsequently doling out space to clarification needed] as needed. Arbitrary storage device types can be added to existing pools to expand their size.[
The storage capacity of all vdevs is available to all of the file system instances in the zpool. A quota can be set to limit the amount of space a file system instance can occupy, and a reservation can be set to guarantee that space will be available to a file system instance.
ZFS uses different layers of disk cache to speed up read and write operations. Ideally, all data should be stored in RAM, but that is usually too expensive. Therefore, data is automatically cached in a hierarchy to optimize performance versus cost; these are often called "hybrid storage pools". Frequently accessed data will be stored in RAM, and less frequently accessed data can be stored on slower media, such as solid state drives (SSDs). Data that is not often accessed is not cached and left on the slow hard drives. If old data is suddenly read a lot, ZFS will automatically move it to SSDs or to RAM.
ZFS caching mechanisms include one each for reads and writes, and in each case, two levels of caching can exist, one in computer memory (RAM) and one on fast storage (usually solid state drives (SSDs)), for a total of four caches.
|Where stored||Read cache||Write cache|
|First level cache||In RAM||Known as ARC, due to its use of a variant of the adaptive replacement cache (ARC) algorithm. RAM will always be used for caching, thus this level is always present. The efficiency of the ARC algorithm means that disks will often not need to be accessed, provided the ARC size is sufficiently large. If RAM is too small there will hardly be any ARC at all; in this case, ZFS always needs to access the underlying disks which impacts performance considerably.||Handled by means of "transaction groups" – writes are collated over a short period (typically 5 – 30 seconds) up to a given limit, with each group being written to disk ideally while the next group is being collated. This allows writes to be organized more efficiently for the underlying disks at the risk of minor data loss of the most recent transactions upon power interruption or hardware fault. In practice the power loss risk is avoided by ZFS write journaling and by the SLOG/ZIL second tier write cache pool (see below), so writes will only be lost if a write failure happens at the same time as a total loss of the second tier SLOG pool, and then only when settings related to synchronous writing and SLOG use are set in a way that would allow such a situation to arise. If data is received faster than it can be written, data receipt is paused until the disks can catch up.|
|Second level cache||On fast storage devices (which can be added or removed from a "live" system without disruption in current versions of ZFS, although not always in older versions)||Known as L2ARC ("Level 2 ARC"), optional. ZFS will cache as much data in L2ARC as it can, which can be tens or hundreds of gigabytes in many cases. L2ARC will also considerably speed up deduplication if the entire deduplication table can be cached in L2ARC. It can take several hours to fully populate the L2ARC from empty (before ZFS has decided which data are "hot" and should be cached). If the L2ARC device is lost, all reads will go out to the disks which slows down performance, but nothing else will happen (no data will be lost).||Known as SLOG or ZIL ("ZFS Intent Log"), optional but an SLOG will be created on the main storage devices if no cache device is provided. This is the second tier write cache, and is often misunderstood. Strictly speaking, ZFS does not use the SLOG device to cache its disk writes. Rather, it uses SLOG to ensure writes are captured to a permanent storage medium as quickly as possible, so that in the event of power loss or write failure, no data which was acknowledged as written, will be lost. The SLOG device allows ZFS to speedily store writes and quickly report them as written, even for storage devices such as HDDs that are much slower. In the normal course of activity, the SLOG is never referred to or read, and it does not act as a cache; its purpose is to safeguard data in flight during the few seconds taken for collation and "writing out", in case the eventual write were to fail. If all goes well, then the storage pool will be updated at some point within the next 5 to 60 seconds, when the current transaction group is written out to disk (see above), at which point the saved writes on the SLOG will simply be ignored and overwritten. If the write eventually fails, or the system suffers a crash or fault preventing its writing, then ZFS can identify all the writes that it has confirmed were written, by reading back the SLOG (the only time it is read from), and use this to completely repair the data loss.
This becomes crucial if a large number of synchronous writes take place (such as with ESXi, NFS and some databases), where the client requires confirmation of successful writing before continuing its activity; the SLOG allows ZFS to confirm writing is successful much more quickly than if it had to write to the main store every time, without the risk involved in misleading the client as to the state of data storage. If there is no SLOG device then part of the main data pool will be used for the same purpose, although this is slower.
If the log device itself is lost, it is possible to lose the latest writes, therefore the log device should be mirrored. In earlier versions of ZFS, loss of the log device could result in loss of the entire zpool, although this is no longer the case. Therefore, one should upgrade ZFS if planning to use a separate log device.
A number of other caches, cache divisions, and queues also exist within ZFS. For example, each vdev has its own data cache, and the ARC cache is divided between data stored by the user and metadata used by ZFS, with control over the balance between these.
ZFS uses a copy-on-write transactional object model. All block pointers within the filesystem contain a 256-bit checksum or 256-bit hash (currently a choice between Fletcher-2, Fletcher-4, or SHA-256) of the target block, which is verified when the block is read. Blocks containing active data are never overwritten in place; instead, a new block is allocated, modified data is written to it, then any metadata blocks referencing it are similarly read, reallocated, and written. To reduce the overhead of this process, multiple updates are grouped into transaction groups, and ZIL (intent log) write cache is used when synchronous write semantics are required. The blocks are arranged in a tree, as are their checksums (see Merkle signature scheme).
An advantage of copy-on-write is that, when ZFS writes new data, the blocks containing the old data can be retained, allowing a snapshot version of the file system to be maintained. ZFS snapshots are consistent (they reflect the entire data as it existed at a single point in time), and can be created extremely quickly, since all the data composing the snapshot is already stored, with the entire storage pool often snapshotted several times per hour. They are also space efficient, since any unchanged data is shared among the file system and its snapshots. Snapshots are inherently read-only, ensuring they will not be modified after creation, although they should not be relied on as a sole means of backup. Entire snapshots can be restored and also files and directories within snapshots.
Writeable snapshots ("clones") can also be created, resulting in two independent file systems that share a set of blocks. As changes are made to any of the clone file systems, new data blocks are created to reflect those changes, but any unchanged blocks continue to be shared, no matter how many clones exist. This is an implementation of the Copy-on-write principle.
ZFS file systems can be moved to other pools, also on remote hosts over the network, as the send command creates a stream representation of the file system's state. This stream can either describe complete contents of the file system at a given snapshot, or it can be a delta between snapshots. Computing the delta stream is very efficient, and its size depends on the number of blocks changed between the snapshots. This provides an efficient strategy, e.g., for synchronizing offsite backups or high availability mirrors of a pool.
Dynamic striping across all devices to maximize throughput means that as additional devices are added to the zpool, the stripe width automatically expands to include them; thus, all disks in a pool are used, which balances the write load across them.
ZFS uses variable-sized blocks, with 128 KB as the default size. Available features allow the administrator to tune the maximum block size which is used, as certain workloads do not perform well with large blocks. If data compression is enabled, variable block sizes are used. If a block can be compressed to fit into a smaller block size, the smaller size is used on the disk to use less storage and improve IO throughput (though at the cost of increased CPU use for the compression and decompression operations).
In ZFS, filesystem manipulation within a storage pool is easier than volume manipulation within a traditional filesystem; the time and effort required to create or expand a ZFS filesystem is closer to that of making a new directory than it is to volume manipulation in some other systems.
Pools and their associated ZFS file systems can be moved between different platform architectures, including systems implementing different byte orders. The ZFS block pointer format stores filesystem metadata in an endian-adaptive way; individual metadata blocks are written with the native byte order of the system writing the block. When reading, if the stored endianness does not match the endianness of the system, the metadata is byte-swapped in memory.
This does not affect the stored data; as is usual in POSIX systems, files appear to applications as simple arrays of bytes, so applications creating and reading data remain responsible for doing so in a way independent of the underlying system's endianness.
Data deduplication capabilities were added to the ZFS source repository at the end of October 2009, and relevant OpenSolaris ZFS development packages have been available since December 3, 2009 (build 128).
Effective use of deduplication may require large RAM capacity; recommendations range between 1 and 5 GB of RAM for every TB of storage. Insufficient physical memory or lack of ZFS cache can result in virtual memory thrashing when using deduplication, which can cause performance to plummet, or result in complete memory starvation.
Other storage vendors use modified versions of ZFS to achieve very high data compression ratios. Two examples in 2012 were GreenBytes and Tegile. In May 2014, Oracle bought GreenBytes for its ZFS deduplication and replication technology.
As described above, deduplication is usually not recommended due to its heavy resource requirements (especially RAM) and impact on performance (especially when writing), other than in specific circumstances where the system and data are well-suited to this space-saving technique.
The authors of a 2010 study that examined the ability of file systems to detect and prevent data corruption, with particular focus on ZFS, observed that ZFS itself is effective in detecting and correcting data errors on storage devices, but that it assumes data in RAM is "safe", and not prone to error. The study comments that "a single bit flip in memory causes a small but non-negligible percentage of runs to experience a failure", with the probability of committing bad data to disk varying from 0% to 3.6% (according to the workload)," and that when ZFS caches pages or stores copies of metadata in RAM, or holds data in its "dirty" cache for writing to disk, no test is made whether the checksums still match the data at the point of use. Much of this risk can be mitigated in one of two ways:
For ZFS to protect data against disk failure, it needs to be configured with redundant storage - either RAID-Z or mirrored (so all data is copied to at least two disks). If a single disk is used, redundant copies of the data should be enabled which duplicates the data on the same logical drive - this is far less safe since it is vulnerable to the failure of the single disk. Using ZFS copies is a good feature to use on notebooks and desktop computers, since the disks are large and it at least provides some limited redundancy with just a single drive.
Historically, ZFS has not shipped with tools such as fsck to repair damaged file systems, because the file system itself was designed to self-repair, so long as it had been built with sufficient attention to the design of storage and redundancy of data. If the pool was compromised because of poor hardware, inadequate design or redundancy, or unfortunate mishap, to the point that ZFS was unable to mount the pool, traditionally there were no tools which allowed an end-user to attempt partial salvage of the stored data. This led to threads in online forums where ZFS developers sometimes tried to provide ad-hoc help to home and other small scale users, facing loss of data due to their inadequate design or poor system management.
Modern ZFS has improved considerably on this situation over time, and continues to do so:
After Oracle's Solaris 11 Express release, the OS/Net consolidation (the main OS code) was made proprietary and closed-source, and further ZFS upgrades and implementations inside Solaris (such as encryption) are not compatible with other non-proprietary implementations which use previous versions of ZFS.
When creating a new ZFS pool, to retain the ability to use access the pool from other non-proprietary Solaris-based distributions, it is recommended to upgrade to Solaris 11 Express from OpenSolaris (snv_134b), and thereby stay at ZFS version 28.
OpenSolaris 2008.05, 2008.11 and 2009.06 use ZFS as their default filesystem. There are over a dozen 3rd-party distributions, of which nearly a dozen are mentioned here. (OpenIndiana and illumos are two new distributions not included on the OpenSolaris distribution reference page.)
By upgrading from OpenSolaris snv_134 to both OpenIndiana and Solaris 11 Express, one also has the ability to upgrade and separately boot Solaris 11 Express on the same ZFS pool, but one should not install Solaris 11 Express first because of ZFS incompatibilities introduced by Oracle past ZFS version 28.
OpenZFS on OSX (abbreviated to O3X) is an implementation of ZFS for macOS. O3X is under active development, with close relation to ZFS on Linux and illumos' ZFS implementation, while maintaining feature flag compatibility with ZFS on Linux. O3X implements zpool version 5000, and includes the Solaris Porting Layer (SPL) originally written for MacZFS, which has been further enhanced to include a memory management layer based on the illumos kmem and vmem allocators. O3X is fully featured, supporting LZ4 compression, deduplication, ARC, L2ARC, and SLOG.
MacZFS is free software providing support for ZFS on macOS. The stable legacy branch provides up to ZFS pool version 8 and ZFS filesystem version 2. The development branch, based on ZFS on Linux and OpenZFS, provides updated ZFS functionality, such as up to ZFS zpool version 5000 and feature flags.
A proprietary implementation of ZFS (Zevo) was available at no cost from GreenBytes, Inc., implementing up to ZFS file system version 5 and ZFS pool version 28. Zevo offered a limited ZFS feature set, pending further commercial development; it was sold to Oracle in 2014, with unknown future plans.
FreeBSD's ZFS implementation is fully functional; the only missing features are kernel CIFS server and iSCSI, but the latter can be added using externally available packages. Samba can be used to provide a userspace CIFS server.
FreeBSD 7-STABLE (where updates to the series of versions 7.x are committed to) uses zpool version 6.
FreeBSD 8 includes a much-updated implementation of ZFS, and zpool version 13 is supported. zpool version 14 support was added to the 8-STABLE branch on January 11, 2010, and is included in FreeBSD release 8.1. zpool version 15 is supported in release 8.2. The 8-STABLE branch gained support for zpool version v28 and zfs version 5 in early June 2011. These changes were released mid-April 2012 with FreeBSD 8.3.
FreeBSD 9.2-RELEASE is the first FreeBSD version to use the new "feature flags" based implementation thus Pool version 5000.
MidnightBSD, a desktop operating system derived from FreeBSD, supports ZFS storage pool version 6 as of 0.3-RELEASE. This was derived from code included in FreeBSD 7.0-RELEASE. An update to storage pool 28 is in progress in 0.4-CURRENT and based on 9-STABLE sources around FreeBSD 9.1-RELEASE code.
NAS4Free, an embedded open source network-attached storage (NAS) distribution based on FreeBSD, has the same ZFS support as FreeBSD, ZFS storage pool version 5000. This project is a continuation of FreeNAS 7 series project.
Being based on the FreeBSD kernel, Debian GNU/kFreeBSD has ZFS support from the kernel. However, additional userland tools are required, while it is possible to have ZFS as root or /boot file system in which case required GRUB configuration is performed by the Debian installer since the Wheezy release.
As of 31 January 2013, the ZPool version available is 14 for the Squeeze release, and 28 for the Wheezy-9 release.
Although the ZFS filesystem supports Linux-based operating systems, difficulties arise for Linux distribution maintainers wishing to provide native support for ZFS in their products due to potential legal incompatibilities between the CDDL license used by the ZFS code, and the GPL license used by the Linux kernel. To enable ZFS support within Linux, a loadable kernel module containing the CDDL-licensed ZFS code must be compiled and loaded into the kernel. According to the Free Software Foundation, the wording of the GPL license legally prohibits redistribution of the resulting product as a derivative work, though this viewpoint has caused some controversy.
One potential workaround to licensing incompatibility was trialed in 2006, with an experimental port of the ZFS code to Linux's FUSE system. The filesystem ran entirely in userspace instead of being integrated into the Linux kernel, and was therefore not considered a derivative work of the kernel. This approach was functional, but suffered from significant performance penalties when compared with integrating the filesystem as a native kernel module running in kernel space. As of 2016, the ZFS on FUSE project appears to be defunct.
As of August 2014[update], ZFS on Linux uses the OpenZFS pool version number 5000, which indicates that the features it supports are defined via feature flags. This pool version is an unchanging number that is expected to never conflict with version numbers given by Oracle.
Another native port for Linux was developed by KQ InfoTech in 2010. This port used the zvol implementation from the Lawrence Livermore National Laboratory as a starting point. A release supporting zpool v28 was announced in January 2011. In April 2011, KQ Infotech was acquired by sTec, Inc., and their work on ZFS ceased. Source code of this port can be found on GitHub.
The work of KQ InfoTech was ultimately integrated into the LLNL's native port of ZFS for Linux.
While the license incompatibility may arise with the distribution of compiled binaries containing ZFS code, it is generally agreed that distribution of the source code itself is not affected by this. In Gentoo, configuring a ZFS root filesystem is well documented and the required packages can be installed from its package repository. Slackware also provides documentation on supporting ZFS, both as a kernel module and when built into the kernel.
The question of the CDDL license's compatibility with the GPL license resurfaced in 2015, when the Linux distribution Ubuntu announced that it intended to make precompiled OpenZFS binary kernel modules available to end-users directly from the distribution's official package repositories. In 2016, Ubuntu announced that a legal review resulted in the conclusion that providing support for ZFS via a binary kernel module was not in violation of the provisions of the GPL license. Others, such as the Software Freedom Law Center followed Ubuntu's conclusion, while the FSF and SFC reiterated their opposing view.
Ubuntu 16.04 LTS ("Xenial Xerus"), released on April 21, 2016, allows the user to install the OpenZFS binary packages directly from the Ubuntu software repositories. as of 2019[update], no legal challenge has been brought against Canonical regarding the distribution of these packages.
A port of open source ZFS was attempted in 2010 but after a hiatus of over one year development ceased in 2012. In October 2017 a new port of OpenZFS was announced by Jörgen Lundman at OpenZFS Developer Summit.
List of Operating Systems, distributions and add-ons that support ZFS, the zpool version it supports, and the Solaris build they are based on (if any):
|OS||Zpool version||Sun/Oracle Build #||Comments|
|Oracle Solaris 11.3||37||0.5.11-0.175.3.1.0.5.0|
|Oracle Solaris 10 1/13 (U11)||32|
|Oracle Solaris 11.2||35||0.5.11-0.175.2.0.0.42.0|
|Oracle Solaris 11 2011.11||34||b175|
|Oracle Solaris Express 11 2010.11||31||b151a||licensed for testing only|
|OpenSolaris (last dev)||22||b134|
|OpenIndiana||5000||b147||distribution based on illumos; creates a name clash naming their build code 'b151a'|
|Nexenta Core 3.0.1||26||b134+||GNU userland|
|NexentaStor Community 3.0.1||26||b134+||up to 18 TB, web admin|
|NexentaStor Community 3.1.0||28||b134+||GNU userland|
|NexentaStor Community 4.0||5000||b134+||up to 18 TB, web admin|
|NexentaStor Enterprise||28||b134 +||not free, web admin|
|GNU/kFreeBSD "Squeeze" (as of 1/31/2013)||14||Requires package "zfsutils"|
|GNU/kFreeBSD "Wheezy-9" (as of 2/21/2013)||28||Requires package "zfsutils"|
|zfs-fuse 0.7.2||23||suffered from performance issues; defunct|
|ZFS on Linux 0.6.5.8||5000||0.6.0 release candidate has POSIX layer|
|KQ Infotech's ZFS on Linux||28||defunct; code integrated into LLNL-supported ZFS on Linux|
|BeleniX 0.8b1||14||b111||small-size live-CD distribution; once based on OpenSolaris|
|Schillix 0.7.2||28||b147||small-size live-CD distribution; as SchilliX-ON 0.8.0 based on OpenSolaris|
|StormOS "hail"||distribution once based on Nexenta Core 2.0+, Debian Linux; superseded by Dyson OS|
|Jaris||Japanese Solaris distribution; once based on OpenSolaris|
|MilaX 0.5||20||b128a||small-size live-CD distribution; once based on OpenSolaris|
|FreeNAS 8.0.2 / 8.2||15|
|FreeNAS 8.3.0||28||based on FreeBSD 8.3|
|FreeNAS 9.1.0||5000||based on FreeBSD 9.1|
|NAS4Free 10.2.0.2/10.3.0.3||5000||based on FreeBSD 10.2/10.3|
|EON NAS (v0.6)||22||b130||embedded NAS|
|EON NAS (v1.0beta)||28||b151a||embedded NAS|
|napp-it||28/5000||Illumos/Solaris||Storage appliance; OpenIndiana (Hipster), OmniOS, Solaris 11, Linux (ZFS management)|
|OmniOS CE||28/5000||illumos-OmniOS branch||minimal stable/LTS storage server distribution based on Illumos, community driven|
|SmartOS||28/5000||Illumos b151+||minimal live distribution based on Illumos (USB/CD boot); cloud and hypervisor use (KVM)|
|macOS 10.5, 10.6, 10.7, 10.8, 10.9||5000||via MacZFS; superseded by OpenZFS on OS X|
|macOS 10.6, 10.7, 10.8||28||via ZEVO; superseded by OpenZFS on OS X|
|Ubuntu Linux 16.04 LTS, 18.04 LTS, 18.10||5000||native support via installable binary module, wiki.ubuntu.com/ZFS|
ZFS was designed and implemented by a team at Sun led by Jeff Bonwick, Bill Moore and Matthew Ahrens. It was announced on September 14, 2004, but development started in 2001. Source code for ZFS was integrated into the main trunk of Solaris development on October 31, 2005, and released as part of build 27 of OpenSolaris on November 16, 2005. Sun announced that ZFS was included in the 6/06 update to Solaris 10 in June 2006, one year after the opening of the OpenSolaris community.
The name at one point was said to stand for "Zettabyte File System", but by 2006 was no longer considered to be an abbreviation. A ZFS file system can store up to 256 quadrillion zettabytes (ZB).
In September 2007, NetApp sued Sun claiming that ZFS infringed some of NetApp's patents on Write Anywhere File Layout. Sun counter-sued in October the same year claiming the opposite. The lawsuits were ended in 2010 with an undisclosed settlement.
The first indication of Apple Inc.'s interest in ZFS was an April 2006 post on the opensolaris.org zfs-discuss mailing list where an Apple employee mentioned being interested in porting ZFS to their Mac OS X operating system. In the release version of Mac OS X 10.5, ZFS was available in read-only mode from the command line, which lacks the possibility to create zpools or write to them. Before the 10.5 release, Apple released the "ZFS Beta Seed v1.1", which allowed read-write access and the creation of zpools,; however, the installer for the "ZFS Beta Seed v1.1" has been reported to only work on version 10.5.0, and has not been updated for version 10.5.1 and above. In August 2007, Apple opened a ZFS project on their Mac OS Forge web site. On that site, Apple provided the source code and binaries of their port of ZFS which includes read-write access, but there was no installer available until a third-party developer created one. In October 2009, Apple announced a shutdown of the ZFS project on Mac OS Forge. That is to say that their own hosting and involvement in ZFS was summarily discontinued. No explanation was given, just the following statement: "The ZFS project has been discontinued. The mailing list and repository will also be removed shortly." Apple would eventually release the legally required, CDDL-derived, portion of the source code of their final public beta of ZFS, code named "10a286". Complete ZFS support was once advertised as a feature of Snow Leopard Server (Mac OS X Server 10.6). However, by the time the operating system was released, all references to this feature had been silently removed from its features page. Apple has not commented regarding the omission.
Apple's "10a286" source code release, and versions of the previously released source and binaries, have been preserved and new development has been adopted by a group of enthusiasts. The MacZFS project acted quickly to mirror the public archives of Apple's project before the materials would have disappeared from the internet, and then to resume its development elsewhere. The MacZFS community has curated and matured the project, supporting ZFS for all Mac OS releases since 10.5. The project has an active mailing list. As of July 2012, MacZFS implements zpool version 8 and ZFS version 2, from the October 2008 release of Solaris. Additional historical information and commentary can be found on the MacZFS web site and FAQ.
The 17th September 2013 launch of OpenZFS included ZFS-OSX, which will become a new version of MacZFS, as the distribution for Darwin.
With ZFS in Oracle Solaris: as new features are introduced, the version numbers of the pool and file system are incremented to designate the format and features available. Features that are available in specific file system versions require a specific pool version.
Distributed development of OpenZFS involves feature flags and pool version 5000, an unchanging number that is expected to never conflict with version numbers given by Oracle. Legacy version numbers still exist for pool versions 1–28, implied by the version 5000. Illumos uses pool version 5000 for this purpose. Future on-disk format changes are enabled / disabled independently via feature flags.
|Latest FOSS stable release|
|Latest Proprietary stable release|
|Latest Proprietary beta release|
|ZFS Filesystem Version Number||Release date||Significant changes|
|1||OpenSolaris Nevada build 36||First release|
|2||OpenSolaris Nevada b69||Enhanced directory entries. In particular, directory entries now store the object type. For example, file, directory, named pipe, and so on, in addition to the object number.|
|3||OpenSolaris Nevada b77||Support for sharing ZFS file systems over SMB. Case insensitivity support. System attribute support. Integrated anti-virus support.|
|4||OpenSolaris Nevada b114||Properties: userquota, groupquota, userused and groupused|
|5||OpenSolaris Nevada b137||System attributes; symlinks now their own object type|
|6||Solaris 11.1||Multilevel file system support|
|ZFS Pool Version Number||Release date||Significant changes|
|1||OpenSolaris Nevada b36||First release|
|2||OpenSolaris Nevada b38||Ditto Blocks|
|3||OpenSolaris Nevada b42||Hot spares, double-parity RAID-Z (raidz2), improved RAID-Z accounting|
|4||OpenSolaris Nevada b62||zpool history|
|5||OpenSolaris Nevada b62||gzip compression for ZFS datasets|
|6||OpenSolaris Nevada b62||"bootfs" pool property|
|7||OpenSolaris Nevada b68||ZIL: adds the capability to specify a separate Intent Log device or devices|
|8||OpenSolaris Nevada b69||ability to delegate zfs(1M) administrative tasks to ordinary users|
|9||OpenSolaris Nevada b77||CIFS server support, dataset quotas|
|10||OpenSolaris Nevada b77||Devices can be added to a storage pool as "cache devices"|
|11||OpenSolaris Nevada b94||Improved zpool scrub / resilver performance|
|12||OpenSolaris Nevada b96||Snapshot properties|
|13||OpenSolaris Nevada b98||Properties: usedbysnapshots, usedbychildren, usedbyrefreservation, and usedbydataset|
|14||OpenSolaris Nevada b103||passthrough-x aclinherit property support|
|15||OpenSolaris Nevada b114||Properties: userquota, groupquota, usuerused and groupused; also required FS v4|
|16||OpenSolaris Nevada b116||STMF property support|
|17||OpenSolaris Nevada b120||triple-parity RAID-Z|
|18||OpenSolaris Nevada b121||ZFS snapshot holds|
|19||OpenSolaris Nevada b125||ZFS log device removal|
|20||OpenSolaris Nevada b128||zle compression algorithm that is needed to support the ZFS deduplication properties in ZFS pool version 21, which were released concurrently|
|21||OpenSolaris Nevada b128||Deduplication|
|22||OpenSolaris Nevada b128||zfs receive properties|
|23||OpenSolaris Nevada b135||slim ZIL|
|24||OpenSolaris Nevada b137||System attributes. Symlinks now their own object type. Also requires FS v5.|
|25||OpenSolaris Nevada b140||Improved pool scrubbing and resilvering statistics|
|26||OpenSolaris Nevada b141||Improved snapshot deletion performance|
|27||OpenSolaris Nevada b145||Improved snapshot creation performance (particularly recursive snapshots)|
|28||OpenSolaris Nevada b147||Multiple virtual device replacements|
|29||Solaris Nevada b148||RAID-Z/mirror hybrid allocator|
|30||Solaris Nevada b149||ZFS encryption|
|31||Solaris Nevada b150||Improved 'zfs list' performance|
|32||Solaris Nevada b151||One MB block support|
|33||Solaris Nevada b163||Improved share support|
|34||Solaris 11.1 (0.5.11-0.175.1.0.0.24.2)||Sharing with inheritance|
|35||Solaris 11.2 (0.5.11-0.175.2.0.0.42.0)||Sequential resilver|
|36||Solaris 11.3||Efficient log block allocation|
|37||Solaris 11.3||LZ4 compression|
|38||Solaris 11.4||xcopy with encryption|
|39||Solaris 11.4||reduce resilver restart|
|40||Solaris 11.4||Deduplication 2|
|41||Solaris 11.4||Asynchronous dataset destroy|
|42||Solaris 11.4||Reguid: ability to change the pool guid|
|43||Solaris 11.4, Oracle ZFS Storage Simulator 8.7||RAID-Z improvements and cloud device support.|
|44||Solaris 11.4||Device removal|
|5000||OpenZFS||Unchanging pool version to signify that the pool indicates new features after pool version 28 using ZFS feature flags rather than by incrementing the pool version|
Note: The Solaris version under development by Sun since the release of Solaris 10 in 2005 was codenamed 'Nevada', and was derived from what was the OpenSolaris codebase. 'Solaris Nevada' is the codename for the next-generation Solaris OS to eventually succeed Solaris 10 and this new code was then pulled successively into new OpenSolaris 'Nevada' snapshot builds. OpenSolaris is now discontinued and OpenIndiana forked from it. A final build (b134) of OpenSolaris was published by Oracle (2010-Nov-12) as an upgrade path to Solaris 11 Express.
So we finally decided to unpimp the name back to ZFS, which doesn't stand for anything.
The largest SI prefix we liked was 'zetta' ('yotta' was out of the question)