[OpenAFS] 1.4.2 fileserver keep getting large number of blocked connections

Matthew Cocker cockerm@gmail.com
Thu, 2 Aug 2007 07:34:57 +1200


------=_Part_62935_1458252.1185996897843
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

We do a similar thing for our locally developed cost recover solution. The
clients pass the version over in the initial handshake. If the version is
less than our required minimum the server rejects with a you need to upgrade
message. The only way we have found to force standards in our lossely
coupled campus.

Cheers

Matt

On 8/2/07, Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
>
> Derrick Brashear wrote:
> >
> >
> > On 8/1/07, *Todd M. Lewis* <utoddl@email.unc.edu
> > <mailto:utoddl@email.unc.edu>> wrote:
> >
> >     Is there a way to tell the fileservers not to talk to clients below
> a
> >     certain rev, or only allow reads? That should encourage them to
> upgrade.
> >     Or leave. Not nice maybe, but if old clients can DoS your servers...
> >
> >
> >
> > The version probe is not guaranteed to be reliable, and can have custom
> > version strings for site-built software.
>
> That is why it would be implemented as a list of version strings loaded
> from a file.   Organizations could decide what versions they want to
> block.  We wouldn't do it for them.  It would simply provide an
> additional tool that could be used to assist in forcing upgrades.
>
>
>

------=_Part_62935_1458252.1185996897843
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

We do a similar thing for our locally developed cost recover solution. The clients pass the version over in the initial handshake. If the version is less than our required minimum the server rejects with a you need to upgrade message. The only way we have found to force standards in our lossely coupled campus.
<br><br>Cheers<br><br>Matt<br><br><div><span class="gmail_quote">On 8/2/07, <b class="gmail_sendername">Jeffrey Altman</b> &lt;<a href="mailto:jaltman@secure-endpoints.com">jaltman@secure-endpoints.com</a>&gt; wrote:</span>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Derrick Brashear wrote:<br>&gt;<br>&gt;<br>&gt; On 8/1/07, *Todd M. Lewis* &lt;<a href="mailto:utoddl@email.unc.edu">
utoddl@email.unc.edu</a><br>&gt; &lt;mailto:<a href="mailto:utoddl@email.unc.edu">utoddl@email.unc.edu</a>&gt;&gt; wrote:<br>&gt;<br>&gt;&nbsp;&nbsp;&nbsp;&nbsp; Is there a way to tell the fileservers not to talk to clients below a<br>&gt;&nbsp;&nbsp;&nbsp;&nbsp; certain rev, or only allow reads? That should encourage them to upgrade.
<br>&gt;&nbsp;&nbsp;&nbsp;&nbsp; Or leave. Not nice maybe, but if old clients can DoS your servers...<br>&gt;<br>&gt;<br>&gt;<br>&gt; The version probe is not guaranteed to be reliable, and can have custom<br>&gt; version strings for site-built software.
<br><br>That is why it would be implemented as a list of version strings loaded<br>from a file.&nbsp;&nbsp; Organizations could decide what versions they want to<br>block.&nbsp;&nbsp;We wouldn&#39;t do it for them.&nbsp;&nbsp;It would simply provide an
<br>additional tool that could be used to assist in forcing upgrades.<br><br><br></blockquote></div><br>

------=_Part_62935_1458252.1185996897843--