On Sun, Jul 25, 2010 at 06:54:55AM -0400, Zetas wrote:
> I've been doing some performance tests and i'd like to see what you guys think
> of what im getting, if it could be faster by setting the rvm log and/or data
> files differently or what.

RVM shouldn't make that much of a difference as it is only used for the
meta-data (directory contents and attribute information). A file would
get transferred directly from a container file on the server in /vicepa/
to the client's container file in /var/lib/coda/cache/.

Now the file transfer protocol will probably never set speed records.
All packets are sent using UDP so everything including retransmissions
runs completely in userspace. RPC2/SFTP has a trick up it's sleeve that we
aren't really using that much anymore, it can send to several machines
in parallel overlapping waiting for ack's and sends a file to three
servers in the same amount of time it takes to send it to a single one.
(on the other hand this is only possible because timing wise we cannot
saturate the link with only a single data transfer)

> Over the openvpn we have, i get about 210Kbps, so it would seem the open
> Internet is about 5 times faster. I expected some performance hit form the
> security, but not that much.

Well, openvpn requires additional trips back up to userspace, to the
OpenVPN daemon, which encrypts and then sends it back out. This
introduces additional latency and the SFTP window is pretty small, only
about 32KB at most and typically around 8KB so latency is definitely
noticable. The throughput is windowsize / roundtrip time, i.e. if you
are seeing about 210 Kbps, then the RTT through the openvpn is probably
~40ms, while the direct connection is getting around 5ms RTT.

This is all if you are talking about a client fetching files from a
server. When writing to the server things are very different (files are
written back in small chunks) and when resolving between servers the
data may be going back and forth several times as all sides are shipping
each other a set of possibly missed operations and compare each other's
directory contents at the end to see if resolution succeeded.

> if we have to go over the open Internet to gain that performance boost, what
> kind of innate security does coda provide, is there any kind data encryption

It uses AES-based packet level encryption. The encryption is heavily
inspired by IPsec, effectively IPsec but implemented at the UDP level
and managed by the application instead of the operating system.

See also secure/README.secure in the RPC2 sources,

    http://www.coda.cs.cmu.edu/cgi-bin/gitweb.cgi?p=rpc2.git;a=blob;f=secure/README.secure;h=b220eda9d3bdc543e6e49cc0dccee0c9ffb67b2d;hb=HEAD

Jan