From: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>
To: linux-btrfs@vger.kernel.org
Subject: Re: send/receive for encrypted backup purposes
Date: Sat, 9 Jan 2016 20:05:16 +0100 [thread overview]
Message-ID: <1452365502@msgid.manchmal.in-ulm.de> (raw)
In-Reply-To: <568FCF45.1060007@gmail.com>
Austin S. Hemmelgarn wrote...
> (...) If you only ever
> need to access the device locally on the network served by the router
> however, I'd actually suggest ATAoE over iSCSI or NBD, it's a lot more
> efficient and technically more secure because it's non-routable (it runs
> directly over the link layer, which means you avoid the overhead of IP and
> TCP, and has the added advantage that you technically don't need anything
> but the kernel driver on the client side).
Although pretty offtopic ... AoE is not routable but don't sell this
as a security feature. If you cannot configure ACLs, you're doomed
anyway. The only security model AoE provides is the client's MAC
address but spoofing is really not a problem.
So in short:
* AoE is really simple to set up but if there's even a remote chance
some evil guy is in your network (i.e. ethernet broadcast domain),
just forget it. Also AoE completely relies on the ethernet checksums
to detect data curruption, and I had some funny experiences because
of that.
* NBD has (or had the last time I checked some 15 months ago) some
serious issues on client side if the server becomes unavailable,
including data loss. Yes, I should debug this one day.
* iSCSI probably provides everything you want. At the price of having
to understand how to set it up. I failed several times and
eventually gave up, your mileage may vary.
Christoph
next prev parent reply other threads:[~2016-01-09 19:05 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-08 13:44 send/receive for encrypted backup purposes Martin Steigerwald
2016-01-08 14:00 ` Christoph Anton Mitterer
2016-01-08 14:02 ` Swâmi Petaramesh
2016-01-08 14:07 ` Christoph Anton Mitterer
2016-01-08 14:40 ` Austin S. Hemmelgarn
2016-01-08 14:49 ` Christoph Anton Mitterer
2016-01-08 15:04 ` Austin S. Hemmelgarn
2016-01-08 15:01 ` Austin S. Hemmelgarn
2016-01-09 19:05 ` Christoph Biedl [this message]
2016-01-11 12:50 ` Austin S. Hemmelgarn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1452365502@msgid.manchmal.in-ulm.de \
--to=linux-kernel.bfrz@manchmal.in-ulm.de \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.