[Libguestfs] Re: client-side LUKs + NBD over internet?

On Mon, Jun 10, 2024 at 08:38:02PM +0000, netpleb wrote: Sorry, at devconf.cz this week, so things are a little chaotic/busy ... It makes it possible. Separate from the LUKS issue, whether it's a good idea to expose an NBD socket to the whole world is interesting. I would certainly be looking at TLS client certificates to try to control who can connect, and being careful to sandbox the machine running nbdkit. https://libguestfs.org/nbdkit-tls.1.html I'm going to guess that round trips and/or the client not using multi-conn are killing your performance. Multi-conn is really essential when trying to get good performance when you have large latencies. nbd-client -connections parameter should let you control it. Another potential issue would be that the client is making lots of tiny requests and not coallescing. There are various filters including nbdkit-log-filter and nbdkit-stats-filter which let you view this. You could also play with nbdcopy, since it allows you to control all the parameters, like multi-conn, requests in flight, request size, etc. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html