[OpenAFS-devel] Re: fileserver -> client NAT ping
Harald Barth
haba@kth.se
Wed, 14 Aug 2013 23:01:23 +0200 (CEST)
> The addresses in use are not a hint that there is a problem.
I say it's a hint, but we might want a better hint.
Can we somehow follow uuids when ports are changing because of NAT? I
mean after the first timeout, so we don't need to timeout again.
> Nor is
> there is guarantee that sending the packets in an attempt to elicit a
> response is likely to prevent the traffic flow from being blocked.
Can we detect if it "gets better"? Of course we should not send
an infinite number of packets somewhere.
But if we _guess_ it's NAT/stateful-firewall and then starting to ping
say every 290 seconds and ending the ping if there is no response 3
times in a row should not be that harmfull.
The question is how to figure out if this actually makes things
better, but we won't know if we don't try. I volunteer for testing
such a patch, but I'd like to have a way of logging
* client X starts to be under NAT-ping
* client X ends to be under NAT-ping
Harald.