[OpenAFS] OpenAFS in a production environment

Tracy Di Marco White gendalia@gmail.com
Thu, 1 Sep 2005 22:29:37 -0500


------=_Part_13288_25436501.1125631777878
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 9/1/05, Lester Barrows <barrows@email.arc.nasa.gov> wrote:
>=20
> Hi Jeffrey,
>=20
> On Thursday 01 September 2005 6:43 pm, you wrote:

> OpenAFS _clients_ work fine behind a NAT that provides reasonable
> > connection tracking and does not time out UDP port associations too
> > quickly. For those that do time out such associations quickly, it is
> > possible to increase the frequency with which the cache manager polls=
=20
> the
> > fileserver, resulting in a "keep-alive" effect, but this has the
> > disadvantage of additional load on the network and fileservers.
>=20
> OpenAFS clients in excess of one system work poorly behind any NAT I've=
=20
> ever
> put them behind, be that hardware such as those on Cisco or Foundry=20
> routers,
> or software such as iptables with the Linux kernel. There may be a few=20
> types
> of NATs which work properly, and increasing polling frequency may indeed
> help, but from an architectural standpoint I wouldn't recommend placing
> several AFS clients behind a NAT. It's simply asking for trouble from my
> experience, which is the context in which my response was written.


I have three clients in my living room and five more clients in my home=20
office that all do AFS quite happily through a NAT. Only two of them are=20
OpenAFS, the rest are arla, and the only drawback I have seen is that reads=
=20
are somewhat slow with OpenAFS through the NAT. Reads are fine with arla an=
d=20
writes are close enough to wire/disk speeds for both OpenAFS & arla.

-Tracy

------=_Part_13288_25436501.1125631777878
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 9/1/05, <b class=3D"gmail_sendername">Lester Barrows</b> &lt;<a href=3D"=
mailto:barrows@email.arc.nasa.gov">barrows@email.arc.nasa.gov</a>&gt; wrote=
:<div><span class=3D"gmail_quote"></span><blockquote class=3D"gmail_quote" =
style=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8=
ex; padding-left: 1ex;">
Hi Jeffrey,<br><br>On Thursday 01 September 2005 6:43 pm, you wrote:</block=
quote><blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb=
(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">&gt; OpenAF=
S _clients_ work fine behind a NAT that provides reasonable
<br>&gt; connection tracking and does not time out UDP port associations to=
o<br>&gt; quickly.&nbsp;&nbsp;For those that do time out such associations =
quickly, it is<br>&gt; possible to increase the frequency with which the ca=
che manager polls the
<br>&gt; fileserver, resulting in a &quot;keep-alive&quot; effect, but this=
 has the<br>&gt; disadvantage of additional load on the network and fileser=
vers.<br><br>OpenAFS clients in excess of one system work poorly behind any=
 NAT I've ever
<br>put them behind, be that hardware such as those on Cisco or Foundry rou=
ters,<br>or software such as iptables with the Linux kernel. There may be a=
 few types<br>of NATs which work properly, and increasing polling frequency=
 may indeed
<br>help, but from an architectural standpoint I wouldn't recommend placing=
<br>several AFS clients behind a NAT. It's simply asking for trouble from m=
y<br>experience, which is the context in which my response was written.
</blockquote><div><br>
I have three clients in my living room and five more clients in my home
office that all do AFS quite happily through a NAT.&nbsp; Only two of
them are OpenAFS, the rest are arla, and the only drawback I have seen
is that reads are somewhat slow with OpenAFS through the NAT.&nbsp;
Reads are fine with arla and writes are close enough to wire/disk
speeds for both OpenAFS &amp; arla.<br>
<br>
-Tracy<br>
</div></div>

------=_Part_13288_25436501.1125631777878--