[OpenAFS] AFS-Client behind masquerading firewall

[aeneous@speakeasy.org]

> +-----
> |   DA> AFS _does_ work behind a masquerading firewall provided that you
> |   set the  DA> UDP timeouts high enough to allow callbacks to occur.
> | When do callbacks occur? Only within some time after a client request or
> | anytime? On the same ports as the request or on a separate one?
> +--->8
> 
> Any time a file which has been retrieved by a client changes on the server. 
> This could be weeks or months after the file was originally retrieved by 
> the cache manager on the client.

Actually, only up to approximately 4.5 hours.  The lease (callback) expiration 
time is chosen by the file server based on how widely the file is shared. 
Though perhaps other heuristics would be more effective, this one is cheap and 
pretty good.  The purpose is to limit the amount of state which the server 
must maintain, and to avoid making unneccessary callback RPCs to clients 
(which may be "broken, hung, or dead".)

As an aside, this is something that Microsoft got wrong when they reinvented leases in the SMB context.  They have leases ("batch oplocks") now, but they NEVER expire.  It's bizarre, because this concept is so prevalent in the literature.  It really looks like some bright guy at Microsoft figured out leases all on his own, but sort of missed one crucial detail.  If only they could read...