[OpenAFS] Re: client behind NAT firewall
Tue, 05 Aug 2014 18:21:55 +0200
On 08/05/14 17:36, Andrew Deason wrote:
> On Tue, 05 Aug 2014 16:12:41 +0200
> Alex <firstname.lastname@example.org> wrote:
>> Thank you all for answering, I guess we should test it more carefully
>> to check how it will work. Parallel access is a must for us.The main
>> concern is the possibility that one client overwrites modifications of
>> another one who is editing the file in the same time.
> That is always possible, even without NAT. If you have 2 clients writing
> to the same area of a file simultaneously, there is no way to
> automatically 'merge' the contents; the one who wrote last will win.
> File data is conceptually managed in 'chunks' which vary from around
> 128KiB to 1MiB; so if you write to the same e.g. 1MiB area of a file
> at the same time from 2 clients, that 1MiB will either be entirely what
> one client wrote, or the other client.
> If you need to be writing to the same file from multiple clients, you
> need to synchronize/serialize them somehow. This can be done with
> whole-file locks, or some other synchronization mechanism outside of the
yes, what I meant is that I need the client to be aware that some other
client is editing, (and refresh the cache), which is the function of
callback if I am not mistaken. As I understand, this is not possible
behind a NAT firewall which has inbound ports (like 7001) closed.
> On Tue, 5 Aug 2014 15:51:10 +0200
> Stephan Wiesand <email@example.com> wrote:
>> On 2014-08-05, at 9:30, Alex <firstname.lastname@example.org> wrote:
>>> -all Openafs servers are behind the same NAT firewall. Firewall
>>> rules can be changed.
>> I'm not that NAT savvy... how could this possibly work (more than one
> I assume that Alex means there are multiple public-facing IPs; they are
> just handled by the same device that handles the translation/firewall.
for testing yes, but after that one other problem would be to split
storage (volumes) between different machines.
> But in case it's not clear: Alex, you need one IP per openafs server
> that a client will contact to. You can't run 5 servers off of 1 public
> IP right now or anything like that.
I wasn't clear enough, by "servers" I was referring to different
processes (as BOS server, authentication etc). For now they are all
running on the same machine.