[OpenAFS] Re: client behind NAT firewall

[Andrew Deason]

On Wed, 06 Aug 2014 15:33:02 -0400
Dale Pontius <pontius@btv.ibm.com> wrote:

> Obviously this was client side, but I find it hard to believe that
> keeping a connection mapped for the 2 hours mentioned elsewhere would
> be necessary.

Maybe not "necessary", but at least in the past it was possible for
fileserver -> client communication to occur several hours after the last
client -> fileserver communication. Jaap Winius found this by
experimenting with the port mapping timeouts on his equipment:
<https://lists.openafs.org/pipermail/openafs-info/2011-May/036014.html>

The reasoning I think I had for that (it's somewhere in there) was that
various probes only happen when we have callbacks recorded for a
particular client or fileserver. With no callbacks, no probes occur, so
we can go a long time without any communication. And even with no
callbacks, there are a few situations where a fileserver can try to
contact a client again. I haven't looked at this area in a long time,
though; I may have that wrong.

This situation should be better now than it was when that thread was
made. But I'm just mentioning that to show that the idea of
hours-long-mappings is not unheard-of.

-- 
Andrew Deason
adeason@sinenomine.net