[OpenAFS] WAN speed

Thomas Smith theitsmith@gmail.com
Wed, 21 Mar 2012 17:12:47 -0700

On Mar 21, 2012, at 4:37 PM, jukka.tuominen@finndesign.fi wrote:

>> On 21.03.2012 18:09, jukka.tuominen@finndesign.fi wrote:
>>> Hi,
>>> All communication must be encrypted.
>> Ok, so you have enabled the fs crypt function in OpenAFS?
> Right
>> That feature is about to change with new RX standard, but current =
>> function is:
>> 1. very insecure
>> 2. very very slow
>> 3. very very CPU hungry
>> Over all: do not use it, more likely try to use VPN.
> Hmmm... How feasible is VPN serving the number of concurrent users the
> OpenAFS is capable of? Integrated to GDM login, seamless =
> At least it sounds like I'm better off waiting for the new RX =
> When is this due?

Our cell is fairly small, but I would say that it all depends on the =
amount of bandwidth you have as well as how well your VPN server is =
configured (and how well it performs).

In my situation, I have a 25/5 cable connection. Attached to this is an =
ASA 5520. I've got nearly a dozen site-to-site VPN tunnels configured =
(all using ASA 5505s) as well as allowing up to 14 VPN clients to =

Through this one cable connection, there are about 40 local users on the =
Internet all day as well as every remote office (around 50 users =
combined) accessing AFS and a number of Citrix applications. Most use =
the site-to-site VPN tunnels but some users use VPN clients when they're =
traveling. (There is no public access to our servers, so they're =
required to use the VPN.)

99% of our AFS users are Windows, all with crypt enabled (the =
default)--I have yet to hear of a single perform-related issue from any =

We've been operating very well in this configuration for over a year =