[OpenAFS] Openafs vs Red Hat's Netkey

Marcus Watts mdw@hic-haec-hoc.org
Mon, 09 Dec 2013 19:31:11 -0500

Steve Gaarder writes:
> >> Then try copying a large file from AFS to the client's local storage,
> Now it gets weird.  Iperf shows the same performance with or without 
> IPSEC.  But if I run iperf under IPSEC, openafs performance jumps back up 
> to normal and stays there for several minutes.  Does this give anyone any 
> ideas?

Sounds like some kind of MTU/packet fragmentation problem.
Since this is copying files from the server; the server
should be trying to ship over lots of packets that are as large
as possible - perhaps in your case they're winding up slightly larger.
If you can find a way to capture both the packets on the wire, and
the unencrypted packets on at least one end, you might wind up seeing
interesting weirdnes.

				-Marcus Watts