On 2025-11-17 14:23:23 -0500 (-0500), Jonathan Proulx wrote: [...]
So you do have clients with "private" network addreses using floating ip that access your AFS cell normally? [...]
Yes, currently one of the public cloud providers who donates resources to OpenDev has, for reasons I don't understand, mandated that only user-defined RFC-1918 networks can be attached to server instances so that all Internet access from server instances requires NAT. We have OpenAFS 1.8.13 currently running on Ubuntu 24.04 LTS virtual machine instances in three regions there, all connecting to the Internet through floating IPs, which is how they communicate with our Internet-connected AFS fileservers (all of which are in other cloud providers). We haven't done anything special for these, though it's probably worth pointing out that they aren't performing write operations into AFS, and are merely unauthenticated Web front-ends anonymously serving content from read-only AFS replica volumes. It's possible that our limited usage pattern in this case is what's saving us from encountering the problems you're having. -- Jeremy Stanley