[OpenAFS] WAN speed

Atro Tossavainen openafs@atrotossavainen.fi
Thu, 22 Mar 2012 01:55:19 +0200

> Hmmm... How feasible is VPN serving the number of concurrent users the
> OpenAFS is capable of?

I know somewhere where they terminated direct world access to AFS and
required users to go through VPN first.  It's not a bottleneck, at least
in that configuration.  The number of AFS users is likely magnitudes
smaller than in your projections, though.  But if you're not getting
adequate speed with even just one client, it doesn't sound like you
should be worrying about expansion first...

> Integrated to GDM login, seamless single-sign-on?

Nothing to do with that.  You have to start it manually after logging in
to your favourite operating system in that particular use case, and the
use of VPN is by no means specific to their AFS use.

> Because the communication is much more two ways than basic Internet use
> (homedir in AFS), the 5Mb out is a clear cap. But still, it seems like a
> ~200Kb traffic from client to server is already on the limit. E.g. Firefox
> keeps writing to Homedir constantly with a speed that leaves afs
> communication behind.

Even on a workstation connected through gigabit to the same network as
the (rather modestly loaded) AFS servers and nothing in the way, I
figured I wanted to use Firefox with a local profile directory.  Your
mileage may vary.  I wouldn't do it on a direct connect - I most
certainly wouldn't do it from at home or over another kind of WAN.

> I know that you can tweak Firefox'es behavior (and I have)

I found that was not good enough.  YMMV, as said.

Do you get a different reading if you leave out the encryption?  If it
is as Lars stated, a rather poor piece of work in every which way anyway,
you're probably better off not using it.

> These should be the defaults (common network settings and OpenAFS). I
> tried to tweak them at some point, but without a noteable improvement).
> The server currently runs virtualised and on a relatively old Intel
> machine.

What kind of speed do you get on directly connected AFS clients on the

> notable improvement. Since the encryption is critical (in some way or
> another), It's been on from the beginning. I guess it's time to test its
> influence, at least.

With VPNs at least, you don't have to run the encryption work on the
file server host.

Best regards, Atro