[8608] in Info-AFS_Redistribution
Re: SSH-AFS multihomed server problem
daemon@ATHENA.MIT.EDU (Jeffrey Hutzelman)
Mon Mar 26 19:49:16 2001
Date: Mon, 26 Mar 2001 18:42:45 -0600 (CST)
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Atro.Tossavainen@helsinki.fi
cc: info-afs@transarc.com, ssh-afs@monkey.org
In-Reply-To: <200103261013.f2QAD0G07066@sirppi.helsinki.fi>
Message-ID: <Pine.LNX.3.95L.1010326183058.883J-100000@zalon.pc.cs.cmu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Mon, 26 Mar 2001, Atro Tossavainen wrote:
> The interface and all other traffic through it work fine, but if the
> interface is up, SSH logins to any workstations whose primary interface
> is ATM failed. We're running AFS 3.6 build 2.0 and SSH 1.2.27 with Dug
> Song's AFS patches.
>
> Snooping on the Ethernet and ATM interfaces simultaneously shows what
> is happening as soon as the password is entered:
>
> workstation-atm -> server-ethernet UDP D=750 S=1983 LEN=76
> server-atm -> workstation-atm UDP D=1983 S=750 LEN=169
> workstation-atm -> server-atm ICMP Destination unreachable (Bad port)
>
> I.e. kaserver (I believe?) is replying on the wrong interface, and the
> workstation is not expecting this.
Indeed, the kaserver is responding to krb4 UDP requests on the wrong
interface. Unfortunately, this is a very hard problem to fix, because
there is no portable way of finding out the destination address of a
received UDP packet short of creating a separate socket for each
interface. Rx deals by ignoring the source IP address of packets received
for a client connection, instead using only the epoch, cid, and source
port.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
