[OpenAFS] Re: - SOLVED - Locked volumes

ProbaNet info@probanet.it
Thu, 15 Mar 2012 15:47:41 +0100


Il giorno ven, 09/03/2012 alle 14.40 -0600, Andrew Deason ha scritto:

> Everything you've said so far makes it sound like _something_ is getting
> dropped along the way, due to the rather broad nature of the
> problems/timeouts. And I take it the network layout you have for this is
> not exactly the simplest thing, is that correct? There's some firewalls
> and VPNs and maybe NATs getting traversed; is that right? My guess would
> be fragmented packets are getting lost, or maybe just packets over a
> certain size.

You're absolutely right. The net setup is that:
afsmn1, afsmn3, afsmn4, ..:
- bridge (KVM virtualization)
  over
- vlan (virtualizer host, vlan-N)
  over
- bond (virtualizer host, eth0 + eth1 + ..)
  over
- ethernet (virtualizer host)
- local net
- OpenVPN (on a local gateway machine)
- afsrm1 (OpenAFS + OpenVPN)

Maybe too mani levels of packet encapsulation?

> In addition to all that, you can run a more 'real' test of connectivity
> between the servers with rxperf. If you don't have rxperf, you can build

We tested a bit with a very simple method: netcat (we'll try rxperf in
the future, when things are a bit more "calm"):

afsrm1: netcat -t -l -p 8000 -v -v -n
afsmn1: netcat -u afsrm1 8000

Just chatting a bit between the 2 hosts we noticed that many messages
were lost..
After that we tried to introduce in our openvpn.conf files these lines,
in order to reduce effective packet size:

mssfix 1200
fragment 1200

That did the trick! :) We are testing that in 5 days now and everything
seems ok! Fast communications, no more timeouts or failures during
releases, correct ptdb/vldb propagation.. GOOD! :) We hope this can help
also other OpenAFS+OpenVPN users!

Now we have one last question about our setup: in afsrm1 (the remote
server) we used /var/lib/openafs/local/NetInfo (debian locations):
---
192.168.11.12
f 10.250.10.11
---
Is that correct?
Note: 192.168.11.0/24 is the remote subnet and 10.250.10.11 is the tun0
IP (openvpn). We see afsrm1 as a multihome (in VLLog/Ptlog, with udebug,
etc..). Is that a good or bad thing? Thank you again for all!!

Stefano
Fabio