Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.
On Wednesday 23 January 2008 11:07:40 Paul Court wrote: > > On Tue, Jan 22, 2008 at 05:56:55PM +0000, Paul Court wrote: > >> Hello, > > ---8<--- Snip ---8<--- > > > you ask drbd to enable the "data-integrity feature", > > which prepends each data block with its digest (you configured sha1, > > which is overkill here, md5 or even crc32 would do fine) before > > sending them over the wire. > > the receiving side then calculates a digest of that data block > > using the same algorithm, and naturally, this re-calculated digest, > > and the digest transfered with the data block should match exactly. > > I notice there are a few other places where I have used sha1. Are there > any other recomendations for the other values? (cram-hmac-alg & > verify-alg)? Well obviously crc32c is expected to be faster than md5 which in turn is expected to be faster than sha1. But cram-hmac-alg is only used during the initial handshake upon connect, and verify-alg only during device verification, whereas data-integrity-alg is used for every single replication and sync packet throughout your connection's lifetime. So selecting a faster data-integrity-alg has more impact on performance than selecting a faster algorithm for the other two. > Is it possible to disable encryption, I'm not sure someone snooping on > my packets is something I need to worry about with a cross over cable? DRBD currently does _not_ use encryption. It does use cryptographic algorithms, yes, but only for authentication (cram-hmac-alg) and message digest (data-integrity-alg, verify-alg) purposes. Cheers, Florian -- : Florian G. Haas : LINBIT Information Technologies GmbH : Vivenotgasse 48, A-1120 Vienna, Austria When replying, there is no need to CC my personal address. I monitor the list on a daily basis. Thank you.