> On Sun, Jul 25, 2010 at 06:54:55AM -0400, Zetas wrote:
>> I've been doing some performance tests and i'd like to see what you guys think
>> of what im getting, if it could be faster by setting the rvm log and/or data
>> files differently or what.
>
> RVM shouldn't make that much of a difference as it is only used for the
> meta-data (directory contents and attribute information). A file would
> get transferred directly from a container file on the server in /vicepa/
> to the client's container file in /var/lib/coda/cache/.
>
> Now the file transfer protocol will probably never set speed records.
> All packets are sent using UDP so everything including retransmissions
> runs completely in userspace. RPC2/SFTP has a trick up it's sleeve that we
> aren't really using that much anymore, it can send to several machines
> in parallel overlapping waiting for ack's and sends a file to three
> servers in the same amount of time it takes to send it to a single one.
> (on the other hand this is only possible because timing wise we cannot
> saturate the link with only a single data transfer)
>
>> Over the openvpn we have, i get about 210Kbps, so it would seem the open
>> Internet is about 5 times faster. I expected some performance hit form the
>> security, but not that much.
>
> Well, openvpn requires additional trips back up to userspace, to the
> OpenVPN daemon, which encrypts and then sends it back out. This
> introduces additional latency and the SFTP window is pretty small, only
> about 32KB at most and typically around 8KB so latency is definitely
> noticable. The throughput is windowsize / roundtrip time, i.e. if you
> are seeing about 210 Kbps, then the RTT through the openvpn is probably
> ~40ms, while the direct connection is getting around 5ms RTT.
>
> This is all if you are talking about a client fetching files from a
> server. When writing to the server things are very different (files are
> written back in small chunks) and when resolving between servers the
> data may be going back and forth several times as all sides are shipping
> each other a set of possibly missed operations and compare each other's
> directory contents at the end to see if resolution succeeded.
>
>> if we have to go over the open Internet to gain that performance boost, what
>> kind of innate security does coda provide, is there any kind data encryption
>
> It uses AES-based packet level encryption. The encryption is heavily
> inspired by IPsec, effectively IPsec but implemented at the UDP level
> and managed by the application instead of the operating system.
>
> See also secure/README.secure in the RPC2 sources,
>
>     http://www.coda.cs.cmu.edu/cgi-bin/gitweb.cgi?p=rpc2.git;a=blob;f=secure/README.secure;h=b220eda9d3bdc543e6e49cc0dccee0c9ffb67b2d;hb=HEAD
>
> Jan
>
>

Jan,

Awesome, thanks for such a complete explanation, im glad to see it has innate
security, looks like we will go over the open internet to achieve the speed
boost.

-David