SMB2 Signing and WAN Accelerator problems ...
realrichardsharpe at gmail.com
Wed Jul 31 10:17:15 MDT 2013
On Wed, Jul 31, 2013 at 8:00 AM, Christopher R. Hertel <crh at samba.org> wrote:
> Some of the WAN accelerator companies have, in the past, required that
> customers disable signing on both ends. I don't know if that works with
> SMB2, but the correct solution is for the WAN accelerators to become
> replica-only DCs and do "real" proxying.
It's simpler than that. They are passing the signature through
unchanged and seem only to be modifying the Message ID.
At first I thought that they assumed that Message IDs will appear
in-order from the client, but a few moment's thought will tell you
that they can appear out-of-order from the server, however, that's
easy to deal with.
Given that there will likely never be more than 16-bits worth of
messages outstanding at any time, and more likely never more than 10
bits worth, that represents a large saving.
More information about the samba-technical