Hi Jeffrey,
On Thursday 01 September 2005 6:43 pm, you wrote:
> OpenAFS _clients_ work fine behind a NAT that provides reasonable
> connection tracking and does not time out UDP port associations too
> quickly. For those that do time out such associations quickly, it is
> possible to increase the frequency with which the cache manager polls the
> fileserver, resulting in a "keep-alive" effect, but this has the
> disadvantage of additional load on the network and fileservers.
OpenAFS clients in excess of one system work poorly behind any NAT I've ever
put them behind, be that hardware such as those on Cisco or Foundry routers,
or software such as iptables with the Linux kernel. There may be a few types
of NATs which work properly, and increasing polling frequency may indeed
help, but from an architectural standpoint I wouldn't recommend placing
several AFS clients behind a NAT. It's simply asking for trouble from my
experience, which is the context in which my response was written.
I have three clients in my living room and five more clients in my home office that all do AFS quite happily through a NAT. Only two of them are OpenAFS, the rest are arla, and the only drawback I have seen is that reads are somewhat slow with OpenAFS through the NAT. Reads are fine with arla and writes are close enough to wire/disk speeds for both OpenAFS & arla.
-Tracy
