[OpenAFS] Re: [SAGE] Code to demo NFS/UDP weakness?

Daniel Clark dclark@pobox.com
Wed, 2 Aug 2006 12:58:14 -0400


On 8/2/06, Skylar Thompson <skylar@cs.earlham.edu> wrote:
> With this system list, I can see where AFS might be better. You might
> also check NFSv4, though.

NFSv4 is even worse in terms of platform support. There isn't even
very good support for it in recent-ish GNU/Linux distributions, and
nothing before AIX 5.3+ supports it. Not to mention that the doc that
I (mostly couldn't) find was incomplete and often didn't mesh with
current reality. The one exception to this was AIX 5.3; IBM has a nice
Redbook on NFSv4 for that platform. Sun in theory supports it well,
but I couldn't find a "how to set up a NFSv4 client on Solaris" type
document anywhere.

> > If you can point me to a site describing how to set up Kerberized
> > NFSv3 across all of these platforms, I'd love to see it.
>
> I know the Linux one here:
>
> http://www.citi.umich.edu/projects/nfsv4/linux/

The URL would seem to indicate that this actually references NFS version *4* :-)

> > Also I'm not a Kerberized NFSv3 expert, but it would be hard for me to
> > believe that it would solve *all* of the numerous NFSv3 security
> > problems.
> >
> >> Where I work, we're moving off AFS to Kerberized NFS because AFS can be
> >> difficult to work with.
> >
> > You must have limited platform support requirements :-)
>
> Indeed. In fact, I come from a FreeBSD environment where AFS isn't even
> an option. ;)

Doesn't ARLA work fine for *BSD?

> > I've also admined both, and have had far more problems with NFSv3,
> > esp. with things sort-of-but-not-really working in difficult-to-debug
> > ways, weird performance issues, and the automounter code, which is
> > different for each platform, can work in inconsistant ways, and often
> > requires a reboot of the machine to fix.
>
> I find that sticking with server platforms with known-good NFS
> implementations (i.e. not Linux) and UDP is a good approach. FreeBSD and
> Solaris have both done well in my experience. The Linux NFS server
> implementation has given no end of problems.

We use Data OnTAP, which in theory is supposed to have one of the/the
best NFS implementations available. All of the real problems are
client-side.

--
Daniel Clark
dclark@pobox.com