[55] in Info-AFS_Redistribution
Running AFS in weird networks
daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Thu Jan 17 18:02:32 1991
From: marc@irc.cbm.dec.com
To: info-afs@transarc.com
Date: Thu, 17 Jan 91 17:04:43 EST
What are the ramifications of running AFS in a network based on a
firewall? At DEC, we have a large internal network which has full
routing internally. We are running packet screens which keep out most
packets from external machines, with certain exceptions. (Connections
which are disallowed receive a "Host Unreachable" error) There are
also machines ("external machines") which have 2 IP addresses, one on
the internal DEC network, and one on a fully Internet accessible class
C network. These machines do not act as gateways, and do not pass
packets.
Assuming I can't get the Powers That Be inside DEC to allow AFS
packets to be passed freely (although I haven't checked, this is
surely the case), what would happen if I ran one of the external
machines as one AFS server in a cell which also consisted of servers
inside the internal network, inaccesible from the outside? Making the
external machine the primary afs server is an option.
Now, the real question: Assuming this server was running all
components of the afs environment (file server, volume location
server, etc), would Internet sites be able to use the volumes which
were actually located on this external machine? What servers other
than the primary server in the CellServDB are connections attempted
to? If the volume location database points to the external machine as
a replication (or r/w) site for the volume, will it be accesible?
Will authentication work as expected?
Marc Horowitz
