How to secure network link in NFSv4?
fantoosh bantoosh
fantoosh at hotmail.com
Thu Aug 9 16:49:28 EDT 2007
Dear All,
I am interested in doing some performance evaluation of NFSv4. I want
to evaluate the overhead on the filesystem operations when we enable
integrity and encryption of NFS traffic. This will give me an idea
whether to use secure channel with our NFS servers or not. I have
machines with linux 2.6.13-15.
- My first question is: for the sake of evaluation, what would be the
easiest way (requiring least setup) to enable network security for
NFS? I probably have two options:
a) tunnel the NFS traffic through SSH as explained in
http://www.vanemery.com/Linux/NFSv4/NFSv4-no-rpcsec.html#sshtun
b) setup kerberos and use sec=krb5p mount option Is there any other way I
can easily setup a secure channel between NFS client and a server?
- My second question is: of the above two which one is the best option
that will represent the overhead of NFS with secure channel? I would
imagine that the first option (with SSH port forwarding) will incur
more overhead than the second one due to memory copy and messaging
between the NFS and SSH process. Can anyone please confirm this and
suggest and quick way to setup NFS with secure channel in way that
will correctly represent the NFS overhead? Pointers to setup examples,
if any, will be very helpful.
Thanks.
Regards,
Fantoosh
_________________________________________________________________
Recharge--play some free games. Win cool prizes too!
http://club.live.com/home.aspx?icid=CLUB_wlmailtextlink
More information about the NFSv4
mailing list