Excerpts from mail: 10-Feb-94 Re: PC Interconnection usin.. Marcus
[EMAIL PROTECTED] (1937)
> NFS itself doesn't scale well -- so it would be unreasonable to expect
> an NFS server to service thousands of machines regardless of whether its
> files live in AFS or UFS. Even if the protocol would support it, it's
> not clear to me that the AFS cache will scale well either.If one had
> only a small number of user level NFS client processes shared between
> clients, another problem crops up; which is that system calls are
> synchronous. So, while the process is blocked in the kernel trying to
> get user A's files, user B's NFS request (even for a file already in the
> cache) will hang. A user who happened to sniff at files in /afs could
> cause especially interesting results.
Actually, NFS scales reasonably well.
With 10,000 accounts, we put 1000 accounts on each NFS server,
probalistically, only 10% of those are reading or writing a file at a
time, so the system does just fine.
We migrated off NFS over the Summer of 1992, not because NFS didn't
scale, but because managing those 1000 filesystems on each server was a
nightmare. The AFS Volume management system enabled us to move those
filesystems dynamically when they got too full or too hot.
The AFS system scales just fine.
What does NOT scale, is the intermediate server technology, like the
NFS-to-AFS translator. No good technology for load balancing is
incorporated there. The semantic differences of AFS and NFS filesystems
cause havoc. And, as you pointed out, the cache managers could be
browsed.
For intermediate servers to scale, they must balance load, be robust
across crashes so that required state information can be recovered, and
they must be secure. I am reasonably sure that the AFS-to-NFS server
meets none of these criteria at the present time. Now I am coming to
understand that PC Venus does not either. Does anyone know of
intermediate servers with AFS on one side, and PC's and Macs on the
other that DO?
Excerpts from mail: 10-Feb-94 Re: PC Interconnection usin.. Marcus
[EMAIL PROTECTED] (1937)
> It seems to me that NFS has a more basic security flaw; in most (all?)
> implementations, authentication only happens at login time. That means
> it should be possible for the bad guy, especially one that can sniff on
> the network, to high-jack an existing connection. That's difficult to
> fix without source to both the client & server sides, but one might at
> least ask that the initial authentication exchange not send passwords in
> the clear.
The MIT uid mapping technology allows for expiration of mappings, and
explicit destruction of the mappings. Alas, I'm not knowledgeable
enough about security issues to speak intelligently about the
highjacking issue. For all I know, you may be completely right.
-wdc
