On Wed, March 26, 2008 7:15 pm, David Bear wrote: > I know there have been some outspoken voices on issues related to NAT. > > > I think my rather simple question might have a complex answer... but the > game is afoot. Our university is now talking about putting EVERYONE (end > user computings) in a NAT'ed network. > > I am wondering what kinds of issues we should be aware of (or watching > for) as it relates to AFS -- and possibly kerberos. > > I know this is very vague becuase we still have no idea if our kdc's and > file servers will placed within the nat'ed scopes or not -- but if we can > affect the architecture to avoid issues with afs we need to know what > those issues might be. > > Anyone have advice? For now, it's really best to push for real IP-addresses for the servers. There was a small discussion about mobile servers earlier on. Given static server-IP-adresses, most of the requests are initiated from the client. The only thing I can think of is the callback from the fileserver to the client. You need to make the lifetime of the NAT-entry long enough to allow the fileserver talking to the client. I think the actual time is some 5 min. The point here is that this may result in quasi-static NAT-entries ( # of fileserver x # of clients) in your NAT-box. This number maybe quite high.
HTH, T/Christof _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
