non_burglar

It's not actually going that great, there is already infighting on the direction of the scripts.

Are you having trouble reading context?

No, I'm not applying 2005 security, I'm saying NFS hasn't evolved much since 2005, so throw it in a dedicated link by itself with no other traffic and call it a day.

Yes, iscsi allows the use of mounted luns as datastores like any other, you just need to use the user space iscsi driver and tools so that iscsi-ls is available. Do not use the kernel driver and args. This is documented in many places.

If you're gonna make claims to strangers on the internet, make sure you know what you're talking about first.

Yes, i have. Same security principles in 2005 as today.

Proxmox iscsi support is fine.

Oh, OK. I should have elaborated.

Yes, agreed. It's so difficult to secure NFS that it's best to treat it like a local connection and just lock it right down, physically and logically.

When i can, I use iscsi, but tuned NFS is almost as fast. I have a much higher workload than op, and i still am unable to bottleneck.

I don't know what you're on about, I'm talking about segregating with vlans and firewall.

If you're encrypting your San connection, your architecture is wrong.

Your workload just won't see much difference with any of them, so take your pick.

NFS is old, but if you add security constraints, it works really well. If you want to tune for bandwidth, try iSCSI , bonus points if you get zfs-over-iSCSI working with tuned block size. This last one is blazing fast if you have zfs at each and you do Zfs snapshots.

Beyond that, you're getting into very tuned SAN things, which people build their careers on, its a real rabbit hole.

You've mentioned that you dont care about systemd several times, but it's certainly not clear from your post.

Many companies contribute to the LF. Intel, Qualcomm, Samsung, oracle, redhat, are all platinum members. Are you concerned because poettering works for ms that they're going to privatize Linux?

What is your issue with run0?

If you don't care about systemd, then why post?

Sysvinit is done. It is not graceful at handling dependant services, it was hard to test, and customising a service was painful compared to unit files.

For someone who's been at Linux for 30 years, you clearly haven't spent any time fighting with init scripts.

Don't get me wrong, I'm not a fan of Poettering. His approach lacks any empathy for anyone who's entrenched in a current system and breaks stuff with his deployment approach.

But run0 solves a LOT of problems with sudo, problems that have always existed. Have you ever tried to deploy a sudoers file in an ecosystem of Linux systems relying on LDAP? Sudo definitely needs fixing.

This is a precursor to kicking X out of the country

According to this, 6.2.4.x is not affected.

OVS is fine, you can make live changes and something like spanning port traffic is a bit less hassle than using tc, but beyond that, it's not really an important component to a failover scenario over any other vswitch, since it has no idea what a TCP stream is.

For sure, if your thing is leaning into network configs, nothing wrong with it, especially if you have proper failover set up.

I think virtualized routing looks fun to the learning homelabber, and it is, but it does come with some caveats.