[OpenAFS] Re: [SAGE] Code to demo NFS/UDP weakness?
Wed, 02 Aug 2006 10:03:12 -0700
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=ISO-8859-1
Daniel Clark wrote:
> On 8/2/06, Skylar Thompson <firstname.lastname@example.org> wrote:
>> With this system list, I can see where AFS might be better. You might
>> also check NFSv4, though.
> NFSv4 is even worse in terms of platform support. There isn't even
> very good support for it in recent-ish GNU/Linux distributions, and
> nothing before AIX 5.3+ supports it. Not to mention that the doc that
> I (mostly couldn't) find was incomplete and often didn't mesh with
> current reality. The one exception to this was AIX 5.3; IBM has a nice
> Redbook on NFSv4 for that platform. Sun in theory supports it well,
> but I couldn't find a "how to set up a NFSv4 client on Solaris" type
> document anywhere.
It is pretty new. When I looked at it, I was mostly looking at FreeBSD
server/Red Hat client support. There was a kernel patch for the FreeBSD
server that worked fairly well in 5-RELEASE, and the Red Hat client
could mount it.
>> > If you can point me to a site describing how to set up Kerberized
>> > NFSv3 across all of these platforms, I'd love to see it.
>> I know the Linux one here:
> The URL would seem to indicate that this actually references NFS
> version *4* :-)
>> > Also I'm not a Kerberized NFSv3 expert, but it would be hard for me =
>> > believe that it would solve *all* of the numerous NFSv3 security
>> > problems.
>> >> Where I work, we're moving off AFS to Kerberized NFS because AFS
>> can be
>> >> difficult to work with.
>> > You must have limited platform support requirements :-)
>> Indeed. In fact, I come from a FreeBSD environment where AFS isn't eve=
>> an option. ;)
> Doesn't ARLA work fine for *BSD?
Isn't ARLA just the client? All our file servers ran FreeBSD (a bit of
religion/tradition there that predated me), so we'd need a server
implementation as well. It appears that the AFS project on FreeBSD is
pretty much dead.
>> > I've also admined both, and have had far more problems with NFSv3,
>> > esp. with things sort-of-but-not-really working in difficult-to-debu=
>> > ways, weird performance issues, and the automounter code, which is
>> > different for each platform, can work in inconsistant ways, and ofte=
>> > requires a reboot of the machine to fix.
>> I find that sticking with server platforms with known-good NFS
>> implementations (i.e. not Linux) and UDP is a good approach. FreeBSD a=
>> Solaris have both done well in my experience. The Linux NFS server
>> implementation has given no end of problems.
> We use Data OnTAP, which in theory is supposed to have one of the/the
> best NFS implementations available. All of the real problems are
That's mainly been my experience too. I've also had problems with
firewalls improperly fragmenting large NFS packets, which is why UDP help=
-- Skylar Thompson (email@example.com)
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (SunOS)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----