Skip to main content
NetApp Knowledge Base

How are NFS export-policies evaluated in ONTAP 9?

Last Updated:

Applies to

  • ONTAP 9
  • NFS


  • An export-policy is evaluated when a client attempts to access the NFS namespace and no existing access rule has been cached
    • During mount, the root volume export-policy is evaluated before the volume or qtree policy
    • The volume policy will be evaluated for all access afterward unless it is a qtree, and qtree-exports are enabled
  • When the policy is evaluated
    • The process is iterative and stops on the first match
    • When an error occurs in processing a clientmatch, access will be determined by preceding rules only
    • Access Cache entries will be created when evaluation completes
    • NAS Layer caches will store further Name Service information for the following
      • hostname
      • domain name
      • netgroup
  • Rules may be ordered to alleviate changes in Name Service availability
    • Each of the following groups should be further ordered from most to least restrictive
      1. IP address
      2. subnet
      3. hostname
      4. domain name
      5. netgroup
    • The clientmatch field further supports comma-delimited lists of IPs or hostnames
      • Each change in access can be on one line
      • Allows efficient grouping and evaluation for clients with the same access

Additional Information


Scan to view the article on your device