[OpenAFS] IP Masquerading NAT Linux kernel modification
Jeffrey Hutzelman
jhutz@cmu.edu
Mon, 29 Apr 2002 16:44:09 -0400 (EDT)
On 8 Feb 2002, Brandon S. Allbery wrote:
> On Fri, 2002-02-08 at 11:07, Ralph B. Robinson (Barry) wrote:
> > What is a fairly large timeout in seconds? Is there some known internal
> > limit in AFS that determines this, or is it just an empirical finding that
> > timeouts of some particular size just work?
>
> We ended up using half a day (43200sec) but we didn't have a lot of time
> to tune things; it just worked out to be the first acceptable balance
> between having things work and overflowing the masq port range that we
> found.
This is an old thread, but I'll answer anyway, because the answers given
are actually way too large. For an AFS client behind a NAT talking to a
fileserver outside the NAT, the NAT must not time out the client's UDP
port associations after less than 10 minutes. This is the frequency with
which the cache manager checks to be sure that fileservers are still up.
Since such checks involve contacting the servers in question, the cache
manager is guaranteed to generate traffic at least every 10 minutes.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA