I think rx over tcp is the way to go. In addition to the nat benefits, you also get all the latest congestion control tweaks. I think nfs has shown that this can work well. In fact nfs v4 will only run over tcp.
The usual suggestion is to open ports 7000-7009 and increase udp timeouts. 10 minutes timeouts should be plenty, that's how often the cache manager pings active servers. The usual el-cheapo nat has 30-60 second timeouts, and that's too short. The problem is that the client often has no control over the nat. My own laptop is set up with two important anti-nat features. One is that it uses a small mtu, I think currently it's 576. Sending frags through a nat is suicide. The other feature is that it pings the servers once a minute. I've had no trouble with this setup, and have run several of these at the local coffee shop simultaneously. There is some server bug that gets in the way (see my message of a few days ago) but the client is in good shape. My laptop also has an important mobility feature. When I disconnect from a network I close down all rx connections first. That's partly so the cache manager won't get confused when I reconnect elsewhere, and partly to be nice to other clients that might want to write to files I have callbacks on. The problem is how to selectively turn these features on. You don't want them all the time. One idea is to turn them on if the client has a Marsnet address, but this doesn't work for firewalls, and what if your server is on Mars too? Another idea is to turn them on if rx connections keep getting lost, but this requires lengthy and annoying timeouts. I think a manual switch is the most reasonable way to do it, although that has problems too (how do you document it?). _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
