[OpenAFS-devel] Stop me before I NAT again...
Todd M. Lewis
Todd_Lewis@unc.edu
Tue, 30 Sep 2003 10:04:45 -0400
Mitch Collinsworth wrote:
> Question: what will this do if the client has an intermittent network
> connection. For example if I'm using a laptop on a wireless network
> and step into the elevator (where I lose my connection when the doors
> close), ride up 6 floors and then step out of the elevator (whereupon
> I regain my connection). Will the probes that are sent during my brief
> "disconnect" cause fileservers to be marked down?
Yes, but that's happening now every 10 minutes. We don't want to call
afs_CheckServers() more frequently than that. I just did it to test the
concept.
> Will they be
> immediately marked up when the next probe is sent?
Yes, that's what afs_CheckServers() does. That's where those
"fileserver blah.de.blah lost/found it's cookie" messages come from.
> Will this sequence
> of events cause more grief that this or will it be mostly painless due
> to the increased probing frequency?
If done right, only NATed boxes would send out increased traffic, and
those packets need never make it all the way to the server. I suggest
making a separate natkeep-like thread so as not to screw up the
afs_checkserver thread. (Or perhaps it could be part of afs_checkserver;
'd'have to look at it again.)
>>It's been on my list (which never shrinks). Ideally you don't need a
>>configure option, just run-time configuration.
I was thinking some people might not care to have the code in their
client daemons at all if they know they don't intend to run it.
Run-time config would be necessary either way. In particular, the user
need to be able to specify:
* 'on' or 'off'
* the interval between refreshes (shorter than the UDP timeout),
* the initial Time To Live (ttl) for the packets
* ???
Q: Should these be controllable the same way 'fs checks -interval NN'
works? (Just what 'fs' needs -- more subcommands.)
>> I'm happy to argue merits
>> with people about it if there are people who think I'm nuts.
Didn't mean to imply that. I meant that I've found myself initially
enthusiastic about what turned out to be bad ideas before, and I
wouldn't be surprised if those who understand better than I do how AFS
and networking in general work have reservations about this suggestion.
>> I'd have to look at code before I can make any code suggestions.
Guess I'll have to write some. :-)
No, seriously, studying afs_CheckServers() to see how it results in
packets being generated has been a daunting experience. I thought
figuring out which servers to toss UDP packets toward would be the hard
part. Turns out that's easy. Getting from there to packets going out
the back of the box is not at all obvious. I'll have to study the code
a few more times before I'm ready to attempt a real natkeep-like
implementation within OpenAFS.
(And we'll need a name for this, too. Is "natkeep" okay?)
> In general this sounds like a great idea. I'm not certain about the
> run-time configuration idea though. Again, what about mobile clients
> that may pop up behind a NAT one time and on their own IP the next?
They are broken now. (Well, okay, NAT is broken by design, but the user
doesn't appreciate the distinction.) Let's get the client NAT-proof, or
at least NAT-resistant, then tackle the mobile problem.
> I think we need to decide that either a) it's ok to make this change
> global for all clients, or b) it's not ok, only NAT-bound clients should
> do this, and therefore the client should somehow auto-discover if it's
> NAT-bound dynamically and adjust its behavior accordingly.
A straight-forward way to discover whether you're NATted is to send the
in and out addresses and ports as the data in a packet to a service
which returns the same info from the service's perspective. If the
ports don't match up, you're NATted. I don't know of such a service,
but it should be a breeze to put up. Would that be an AFS specific
thing, or is it generally useful to IP clients?
> Then it will
> be safe to let users install the client w/o a sysadmin having to watch
> over their shoulder to make sure they don't screw up. Or worse, if the
> wrong installation options being chosen means the clients can DOS the cell
> then it's only a matter of time before someone does this malitiously
> rather than accidentally...
At least initially, I'd say 'off' is the better default; turn it on as
experience indicates it's appropriate. Whether the client, sysadmin, or
user makes the call probably depends on how much work you want to put
into making each of those three smarter.
--
+--------------------------------------------------------------+
/ Todd_Lewis@unc.edu 919-962-5273 http://www.unc.edu/~utoddl /
/ Is a book on voyeurism a peeping tome? /
+--------------------------------------------------------------+