[OpenAFS-devel] 1.3.X: Problem with many connections exhausting resources?

Niklas Edmundsson Niklas.Edmundsson@hpc2n.umu.se
Wed, 25 May 2005 16:17:24 +0200 (MEST) 

On Wed, 25 May 2005, Roland Kuhn wrote:

> Sorry, I can't help you, but your talking about NAT makes me wonder if 1.3.X 
> has something built in that makes it NATable? My experience with 1.2.X was 
> rather unsatisfactory as it sometimes works, but sometimes (I assume when 
> several clients behind the NAT want something from the same server outside) 
> just fails for some minutes and then starts working again.
>
> The problem is by no means esoteric: We have a HPC cluster doing data 
> analysis and the configuration files are in a different cell. I think I don't 
> have to give reasons why we don't want and also cannot give public IP 
> addresses to the cluster nodes.
>
> To give a bit more background in case someone has already solved this: 
> everything is on Linux2.4, the (possible) NAT gateway would be on the AFS 
> database server and all fileservers of the local cell also are connected to 
> the private network. And for the quick ones: rsync doesn't cut it for our 
> case ;-)

We have done this for approx three years by:
* Having the NAT machine being a NAT machine ONLY, WITHOUT an AFS
   client/server/etc. If you as much as breath "afs" on the NAT box it
   breaks. Yes, this means a dedicated machine but for low loads any
   old box would do.
* Our NAT machine runs Linux 2.4, patched to have larger timeouts so
   the AFS callbacks work. This was tunable in good old 2.0 kernels
   with ipfwadm, but someone came up with the good idea that patching
   the kernel was a more modern approach. The patch is available at
  /afs/hpc2n.umu.se/lap/linux-kernel/2.4.30/src/patches/afs_udp_conntrack.patch
* Rebooting the NAT box usually means restarting AFS on all clients as
   the udp forwarding is lost.

This combined with the standard set of firewalling rules should get 
you going. Have fun.


/Nikke
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se     |    nikke@hpc2n.umu.se
---------------------------------------------------------------------------
  *   <- Tribble        <- Tribble doing jumping jacks
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=