[prev in list] [next in list] [prev in thread] [next in thread]
List: intermezzo-devel
Subject: Re: Secure connections and intermezzo
From: "Shirish H. Phatak" <shirish () nustorage ! com>
Date: 2000-12-28 0:30:56
[Download RAW message or body]
Hi,
Peter Braam wrote:
> Hi Shirish,
>
> I think that you should check if stunnel is tcp based. The problem with tcp
> based tunnels running tcp connections in explained on the CIPE WWW site and
> leads to nasty quality degradations. It relates to two levels of flow
> control and congestion avoidance. With UDP, which stunnel now supports, you
> should be OK.
>
The stunnel we are using is TCP based, I could not find any UDP variant; I am
probably missing something. IMHO, the cipe problem does not apply directly to
our port forwarding setup. In this setup we are using port forwarding so
effectively three connections are being pipelined:
Local TCP1 WAN TCP Local TCP2
client <--> stunnel client<--> stunnel server <--> file server
What I do know of this setup from our dataman lab experiments is that there
might still be some problems with the local tcp throttling but that should not
lead to significant performance problems. The cipe scenario appears to apply
only when we run a VPN over ssh where raw ip traffic is forwarded over the
tunnel so the tcps are effectively stacked
top tcp
client <------------------------------> file server
^
^
|---pppd <--> ssh<-----> sshd <---> pppd---|
IP to data bottom tcp data to IP
The second setup gives true vpn capabilities since you actually have
addressable end points in the setup, but you pay by having stacked tcp's.
However with intermezzo the ports are fixed so we don't need this, I just bind
to local ip addresses at both server and client.
-Shirish
>
> - Peter -
>
> > -----Original Message-----
> > From: intermezzo-devel-admin@lists.sourceforge.net
> > [mailto:intermezzo-devel-admin@lists.sourceforge.net]On Behalf Of
> > Shirish H. Phatak
> > Sent: Wednesday, December 27, 2000 3:23 PM
> > To: intermezzo-devel@lists.sourceforge.net; braam@mountainviewdata.com;
> > gord@fig.org
> > Subject: Secure connections and intermezzo
> >
> >
> > Hi,
> >
> > I have a WAN setup with two lento's communicating with each other
> > via port forwarding using the stunnel package. This is similar to the
> > port forwarding setup described by gord. The main difference is that
> > instead of using ssh I am using stunnel which can be easily daemonized
> > and that this setup this is now a connection between two different
> > hosts one of which is behind a masquerading firewall. This allows for
> > secure
> >
> > I am going to see how well this setup behaves. Currently I have it
> > replicating a 17G volume.
> >
> > -Shirish
> >
> >
> > _______________________________________________
> > intermezzo-devel mailing list
> > intermezzo-devel@lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/intermezzo-devel
> >
>
> _______________________________________________
> intermezzo-devel mailing list
> intermezzo-devel@lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/intermezzo-devel
_______________________________________________
intermezzo-devel mailing list
intermezzo-devel@lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/intermezzo-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic