On Sat, 9 Dec 2006, Peter Braam wrote:
The CPU overhead of bulk data checksumming on servers should be quite high;
FWIW a simple test of sha1sum gives me 154 MB/s with my fairly recent CPU.
The additional cost (CPUs or HW crypto engines) required to achieve good
performance may be too high for most HPC users, at least for regular access
inside a cluster; it could be interesting to enable or disable checksumming
for classes of clients.
I've seen a little laptop running Solaris ZFS do checksumming at over a 1
GByte / sec. Probably finding the right algorithms is important here.
Certainly. SHA1 is a cryptographic hash, and I would not be surprised if
the ZFS checksum you saw in use were not.
It seems ZFS has 2 checksum algorithms, SHA256 (again a crypto hash) and
fletcher (3 versions):
http://opensolaris.org/os/community/zfs/source/#ZIO
http://cvs.opensolaris.org/source/xref/usr/src/uts/common/fs/zfs/fletcher.c
http://cvs.opensolaris.org/source/xref/usr/src/uts/common/fs/zfs/sha256.c
It looks like fletcher is terribly simple, and probably not suitable for
security purposes.
- is it mandatory to deploy a keytab on clients? I don't remember having
done that when testing AFS+krb5
Yes it's mandatory, this will add some burden to sysadmin. The reason is a
little bit involved, we hope root could always own valid secure contexts,
otherwise a failed callback RPC from server to client will lead to the
client be kicked out off cluster.
It sounds like an implementation problem that surfaces to the user. :-/
Maybe the operations you mention should be possible with unauthenticated
clients?
This was a choice to force the mount command to be authenticated.
Ok. Would it be difficult to make this a configuration option?
If AFS mounts without such a file or keys obtained otherwise, then they
allow mount without authentication.
They do: many well-known sites (including MIT, CMU and the US the Naval
Research Lab) have public AFS cells I can browse from home.
Cheers,
--
Jean-Marc Saffroy - [EMAIL PROTECTED]
_______________________________________________
Lustre-devel mailing list
[email protected]
https://mail.clusterfs.com/mailman/listinfo/lustre-devel
