[15494] in Athena Bugs
Pruning stale cells?
daemon@ATHENA.MIT.EDU (John Hawkinson)
Sun Sep 14 05:10:48 1997
Date: Sun, 14 Sep 1997 05:10:46 -0400
To: afsreq@MIT.EDU
Cc: bugs@MIT.EDU
From: John Hawkinson <jhawk@MIT.EDU>
Discussion of denial-of-service attacks induced by "ls -l"-ing /afs (and
suchlike) caused me to wonder how much time in such an operation is wasted
timing out on nonexistant cells.
Out of 151 cells in the CellServDB, 31 had no vlservers that responded.
(13 had at least one vlserver that did not respond).
I've attached the list below, I think these should probably all be removed
from the CellServDB.
Just for kicks, in doing this earlier today, I got a distribution of the
versions running on various vlservers:
82 get version call failed with code -1, errno 0
51 AFS version: Base configuration afs3.4 5.28
48 AFS version: Base configuration afs3.4 5.16
32 AFS version: Base configuration afs3.4 5.00
32 AFS version: Base configuration afs3.3 1.68;\
Nbapi-3.3-1.68.compile.fixes 1.1;
27 AFS version: Base configuration afs3.4 5.13
20 AFS version: Base configuration afs3.4 4.34
12 AFS version: Base configuration afs3.3 1.59
9 AFS version: Base configuration afs3.4 4.39
7 AFS version: CML not accessible: No version Information
5 AFS version: C afs3.4 5.00
4 AFS version: Base configuration ports 1.55
3 AFS version: AFS Version: afs3.3 1.68
2 AFS version: Base configuration ports 1.54
2 AFS version: Base configuration afs3.4 5.10
2 AFS version: C afs3.4 5.16
1 AFS version: Base configuration afs3.4 4.44
1 AFS version:
(that is per-vlserver host, not per-cell).
I probed for liveness using
rxdebug <HOST> 7003
Versions were probed with "rxdebug <HOST> 7003 -version", but
various servers that did not respond to version queries did respond
to regular inquiries.
It appears that it takes XXX seconds to for afs to timeout per-cell.
The following cells appear to be referenced in root.afs without entries
in the CellServDB:
ibm.uk
mathematik-cip.uni-stuttgart.de
umr.edu
urz.uni-magdeburg.de
wu-wien.ac.at
With all the non-answering cells removed (actually I fs newcell'd
their address to 255.255.255.255, which makes them behave like the
local cell), ls -l of /afs took 6 minutes 0 seconds. For reference, it
seems to take about 58 seconds for ls -ld /afs/zurich.ibm.ch to timeout
without the fs newcell kludge, and it has only a single server.
I suspect some cells in the CellServDB are missing from root.afs, also,
but I haven't checked.
Thanks!
--jhawk
ps: Any reason that afsreq is not a visible list in moira?
(Cells for which no servers answered):
afs.brain.de
bcc.ac.uk
belwue.uni-tuebingen.de
bu.edu
cards.com
cheme.cmu.edu
cipool.uni-stuttgart.de
cs.arizona.edu
cs.brown.edu
cs.wisc.edu
ctp.se.ibm.com
cva.ai.mit.edu
dsg.stanford.edu
gg.caltech.edu
ifh.de
iway.org
kiewit.dartmouth.edu
le.caspur.it
media-lab.mit.edu
ncat.edu
pi.infn.it
postech.ac.kr
rl.ac.uk
stars.com
stars.reston.unisys.com
telos.com
theory.cornell.edu
thermo-a.mw.tu-muenchen.de
uni-hohenheim.de
urz.uni-magdeburg.de
zurich.ibm.ch
