zlacker

[parent] [thread] 2 comments
1. rfoo+(OP)[view] [source] 2022-06-21 20:48:29
> in-transit encryption with TLS

Last I checked it spawns a HAProxy on the client and points the in-kernel NFS client to this HAProxy on lo, is this still the case?

And, out of curiosity: now that EFS claims 600us average read latency, would the extra hop matter?

replies(2): >>acdha+w >>geertj+os
2. acdha+w[view] [source] 2022-06-21 20:51:49
>>rfoo+(OP)
It currently uses stunnel to encrypt the connection — I only started it a couple of years ago but have never seen a reference to HAProxy.
3. geertj+os[view] [source] 2022-06-22 00:33:21
>>rfoo+(OP)
The sibling comment is correct. The EFS mount helper starts up and manages an stunnel process. We have not seen a significant impact on latency from the stunnel process.
[go to top]