[OpenAFS] WAN speed

jukka.tuominen@finndesign.fi jukka.tuominen@finndesign.fi
Thu, 22 Mar 2012 01:37:19 +0200 (EET)

> On 21.03.2012 18:09, jukka.tuominen@finndesign.fi wrote:
>> Hi,
>> All communication must be encrypted.
> Ok, so you have enabled the fs crypt function in OpenAFS?
> That feature is about to change with new RX standard, but current crypt
> function is:
> 1. very insecure
> 2. very very slow
> 3. very very CPU hungry
> Over all: do not use it, more likely try to use VPN.
Hmmm... How feasible is VPN serving the number of concurrent users the
OpenAFS is capable of? Integrated to GDM login, seamless single-sign-on?
At least it sounds like I'm better off waiting for the new RX standard.
When is this due?

>> Any suggestions how to go about trying to pinpoint the main cause of the
>> slow WAN speed? I’ve tried to google solutions to this for quite a while
>> without luck. Also, is there an easy and reliable method to test the
>> effect of each change (a script hopefully)?
> Depends on the values you did not wrote?
> For me the slowness in WAN is about latency.
> But in 100Mbit network cell servers and 100mbit client in WAN/Internet,
> I get >2 MB/sec from my servers.

Because the communication is much more two ways than basic Internet use
(homedir in AFS), the 5Mb out is a clear cap. But still, it seems like a
~200Kb traffic from client to server is already on the limit. E.g. Firefox
keeps writing to Homedir constantly with a speed that leaves afs
communication behind. I know that you can tweak Firefox'es behavior (and I
have), but still it happens, and it shouldn't be an issue if the speed was
better. 2MB would make it much more practical, I think.

>> Some base information about the test environment:
>> - Ubuntu 10.4 based server & clients (hopefully virtualized during
>> testing)
>> - The latest stable OpenAFS from the ppa repository (1.6.0)
>> - Internet connection: 100Mb in, 5Mb out (according to speedtest.net)
>> - Anything else needed?
> Server configuration? Hardware?
These should be the defaults (common network settings and OpenAFS). I
tried to tweak them at some point, but without a noteable improvement).
The server currently runs virtualised and on a relatively old Intel
machine. Together with the issues recarding encryption this could be an
issue. I tried to run it on bare metal at some point, but again, no
notable improvement. Since the encryption is critical (in some way or
another), It's been on from the beginning. I guess it's time to test its
influence, at least.

> Client settings, cache in client, cache size?
Defaults as well, as far as I know. Disk cache is on with 750MB on a
separate 1GB partition. Otherwise the system is a bit exotic, I guess. The
system partition acts pretty much like a live cd. All session chances,
other than afscache, are written on a ramdisk. The OS partition is
read-only, the afscache partition read/write. I use constantly clients on
bare metal (oldish and relatively new), virtualised (vmware and virtualbox
with no vmtools installed), and my favourite, boot from USB memory stick
straight to my AFS account :) All use identical HD image. At earlier
point, there was no such complicated structure, but yet again, it was no
faster than the current system.

br, jukka

>> Any help is greatly appreciated,
>> br, jukka
> MfG,
> Lars Schimmer
> --
> -------------------------------------------------------------
> TU Graz, Institut für ComputerGraphik & WissensVisualisierung
> Tel: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
> Fax: +43 316 873-5402       PGP-Key-ID: 0x4A9B1723
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info