On Thu, 2014-08-07 at 12:46 -0500, Andrew Deason wrote: > On Wed, 06 Aug 2014 15:33:02 -0400 > Dale Pontius <[email protected]> wrote: > > > Obviously this was client side, but I find it hard to believe that > > keeping a connection mapped for the 2 hours mentioned elsewhere would > > be necessary. > > Maybe not "necessary", but at least in the past it was possible for > fileserver -> client communication to occur several hours after the last > client -> fileserver communication. Jaap Winius found this by > experimenting with the port mapping timeouts on his equipment: > <https://lists.openafs.org/pipermail/openafs-info/2011-May/036014.html>
More specifically, cases where only one client is touching a volume or that volume is read only won't cause problems; nor will many modifications coming often from multiple clients, since normal NAT timeouts will be sufficient except in rare cases (like the time I recall from years ago when someone tried using AFS behind a commodity NAT router with something like a 10 second UDP NAT timeout. That one was a double whammy because of both the short timeout and that NTP had fallen into a pattern that was just outside the timeout, causing the small UDP NAT table to overflow in about half an hour, if I recall correctly). It's when they are occasional that you can run into problems --- and these problems will often not be obvious, since they will only have a noticeable effect sporadically and only some time after the actual triggering event, which is pretty much the worst possible case for detecting and recognizing them. -- brandon s allbery kf8nh sine nomine associates [email protected] [email protected] unix openafs kerberos infrastructure xmonad http://sinenomine.net
