[OpenAFS] Openafs vs Red Hat's Netkey
Marcus Watts
mdw@hic-haec-hoc.org
Mon, 09 Dec 2013 19:31:11 -0500
Steve Gaarder writes:
...
> >> Then try copying a large file from AFS to the client's local storage,
...
> Now it gets weird. Iperf shows the same performance with or without
> IPSEC. But if I run iperf under IPSEC, openafs performance jumps back up
> to normal and stays there for several minutes. Does this give anyone any
> ideas?
..
Sounds like some kind of MTU/packet fragmentation problem.
Since this is copying files from the server; the server
should be trying to ship over lots of packets that are as large
as possible - perhaps in your case they're winding up slightly larger.
If you can find a way to capture both the packets on the wire, and
the unencrypted packets on at least one end, you might wind up seeing
interesting weirdnes.
-Marcus Watts