[OpenAFS-devel] Rx over TCP to solve some NAT & Firewall issues?

[Erland Lewin]

I'm fairly new to AFS, and wanted to bounce an idea off the list.

 From my perspecitve, a major hindrance to wider use of AFS is that it 
is difficult to access AFS for users behind a NAT and/or firewall. In my 
case, I want to access my afs shares from my laptop wherever I connect 
to the network.

If I understand correctly, all AFS communication from server to client 
uses UDP to the callback port 7001 on the client. This is the traffic 
that is most likely to have problems with NAT and firewalls.

If the client started by making a TCP connection the server on port 
7001, and the server sent all callback traffic to that client over that 
TCP connection, it seems to me that that would solve a number of problems.

Possible problems with this approach are:
- TCP may cause worse performance than UDP.
- Can multiple users behind the same NAT be handled?
- For large servers, the number of TCP connections may become too great

I'm not proposing that this be the default behaviour - but for those 
servers that are prepared to live with the above limitations, it would 
be great to be able to access AFS shares in more situations.

Thoughts?

Best regards,

  Erland