>> Hmmm... How feasible is VPN serving the number of concurrent users the
>> OpenAFS is capable of?
>
> I know somewhere where they terminated direct world access to AFS and
> required users to go through VPN first.  It's not a bottleneck, at least
> in that configuration.  The number of AFS users is likely magnitudes
> smaller than in your projections, though.  But if you're not getting
> adequate speed with even just one client, it doesn't sound like you
> should be worrying about expansion first...

The correct (future oriented) behavior is still more important than speed.
If I can only choose one, that is. There is no rush currently when it
comes to number of concurrent users, but there shouldn't be any
limitations to it. If nothing else, Moore's law is on our side :)

>
>> Integrated to GDM login, seamless single-sign-on?
>
> Nothing to do with that.  You have to start it manually after logging in
> to your favourite operating system in that particular use case, and the
> use of VPN is by no means specific to their AFS use.

That's what I thought, and it sounds like a problem against the concept
design. You should be able to just log into your account straight from the
boot and spreading processes seamlessly among other similar computer
nodes.
>
>> Because the communication is much more two ways than basic Internet use
>> (homedir in AFS), the 5Mb out is a clear cap. But still, it seems like a
>> ~200Kb traffic from client to server is already on the limit. E.g.
>> Firefox
>> keeps writing to Homedir constantly with a speed that leaves afs
>> communication behind.
>
> Even on a workstation connected through gigabit to the same network as
> the (rather modestly loaded) AFS servers and nothing in the way, I
> figured I wanted to use Firefox with a local profile directory.  Your
> mileage may vary.  I wouldn't do it on a direct connect - I most
> certainly wouldn't do it from at home or over another kind of WAN.
>
>> I know that you can tweak Firefox'es behavior (and I have)
>
> I found that was not good enough.  YMMV, as said.

I understand this, but the configuration is such that you have
_everything_ in AFS and you can access it from any Liitin client. This is
purposefully so.

>
> Do you get a different reading if you leave out the encryption?  If it
> is as Lars stated, a rather poor piece of work in every which way anyway,
> you're probably better off not using it.

I haven't tried it yet (and it's getting quite late now), but I will try
it anyway to verify if it's the issue.
>
>> These should be the defaults (common network settings and OpenAFS). I
>> tried to tweak them at some point, but without a noteable improvement).
>> The server currently runs virtualised and on a relatively old Intel
>> machine.
>
> What kind of speed do you get on directly connected AFS clients on the
> LAN?

I need to verify this, but as far as I remember, it's some MBs. Basic use
is fine, but if you move GB's it's clearly slower than normal networking
over SSH.

br, jukka

>
>> notable improvement. Since the encryption is critical (in some way or
>> another), It's been on from the beginning. I guess it's time to test its
>> influence, at least.
>
> With VPNs at least, you don't have to run the encryption work on the
> file server host.
>
> Best regards, Atro
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>


_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Reply via email to