From owner-freebsd-security@FreeBSD.ORG Thu Sep 25 09:50:17 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 851C416A4B3; Thu, 25 Sep 2003 09:50:17 -0700 (PDT) Received: from bas.flux.utah.edu (bas.flux.utah.edu [155.98.60.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD43943FFD; Thu, 25 Sep 2003 09:50:16 -0700 (PDT) (envelope-from danderse@flux.utah.edu) Received: from bas.flux.utah.edu (localhost [127.0.0.1]) by bas.flux.utah.edu (8.12.9/8.12.5) with ESMTP id h8PGoGLj085791; Thu, 25 Sep 2003 10:50:16 -0600 (MDT) (envelope-from danderse@bas.flux.utah.edu) Received: (from danderse@localhost) by bas.flux.utah.edu (8.12.9/8.12.5/Submit) id h8PGoGXP085790; Thu, 25 Sep 2003 10:50:16 -0600 (MDT) Date: Thu, 25 Sep 2003 10:50:16 -0600 From: "David G. Andersen" To: Robert Watson Message-ID: <20030925105016.C80664@cs.utah.edu> References: <20030925100650.B80664@cs.utah.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from rwatson@freebsd.org on Thu, Sep 25, 2003 at 12:37:13PM -0400 cc: freebsd-security@freebsd.org Subject: Re: unified authentication X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2003 16:50:17 -0000 Robert Watson just mooed: > > > > http://www.fs.net/ > > And one of the very nice things about the SFS implementation is that it > plugs into loop-back NFS on the client, so you don't need special kernel > changes, which is what has made the OpenAFS and Arla stuff so difficult. > On the other hand, there's presumably the expected observable performance > difference... It's suprisingly not bad. The network and crypto are usually the limiting factors. From two machines in the same building going through one router: SFS> /usr/bin/time dd if=/dev/zero of=foo bs=8k count=1k 8388608 bytes transferred in 1.677283 secs (5001308 bytes/sec) 1.87 real 0.00 user 0.10 sys >From a linux NFS client, same dd, same lan, no interposed router, 1.14 elapsed, 0.01 user, 0.02 system. DM's eval suggests that their performance for things like FreeBSD kernel compiles is is usually better than NFS over TCP, barely worse than NFS over UDP, and 25%ish slower than the local filesystem. In other words, it's within the realm of the OK. I don't like compiling with my object trees over any remote filesystem, but I find keeping my source tree on SFS to be about the same as keeping it on NFS. The 'rex' authentication system they've built is pretty slick, but has the downside that my fingers think "ssh" when I want to login... -Dave -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ I do not accept unsolicited commercial email. Do not spam me.