1 基于SPDK的CurveBS PFS存储引擎10/17/22 2 Why ●为了减少使用cpu做内存copy，减少系统调用 ●发挥某些被操作系统屏蔽的功能，例如nvme write zero ●根据阿里《When Cloud Storage Meets RDMA》的说法 ●在100Gbps网络带宽时，内存带宽成为瓶颈 ●Intel Memory Latency Checker (MLC)测试得到的CPU内存带宽是 5 为什么用PFS ●对代码比较熟悉 ●找一个能管理裸盘，具有产品级可靠性的代码挺难的 ●PFS支持类POSIX文件的接口，与使用EXT4的存储引擎代码很像， 所以容易移植现有代码到PFS存储引擎 ●CurveBS对文件系统元数据的操作非常少，对文件系统的要求不高， 所以不需要元数据高性能，这方面PFS也合适10/17/22 6 对PFS的修改 ●基于阿里开源的PFS ●不再基于daemon模式，而是直接使用pfs ●不再基于daemon模式，而是直接使用pfs core api ●依然向外提供管理工具, 例如 pfs ls、cp、rm等 ●增加spdk驱动10/17/22 7 新增PFS接口 ●增加pfs_pwritev和pfs_preadv接口 ●ssize_t pfs_preadv(int fd, const struct iovec *iov, int iovcnt, off_t offset); ●ssize_t

https://aspenmesh.io/how-to-capture-packets-that-dont-exist/ Optical Tap Network Analyzer Encrypted traffic w/PFS Intra node traffic HTTP/2 awareness Contextual data 16 ©2021 Aspen Mesh. All rights reserved. EP

Linux专有块设备协议 • iSCSI • 广泛支持的外部设备协议（块，磁带等）Curve云原生存储支持块设备 • 通过NBD，只支持Linux • 通过SDK API，目前只支持Linux • PFS • 扩大使用范围 • 通过iSCSI支持更多系统，例如Windows, 类UNIX系统等，使用两项基础 技术 • TCP/IP • SCSI • 替代SAN • 可靠性、稳定性方面有自

ciphersuites: 599 • Testing cipher strings and allowing only PFS ciphersuites • Switching from AES128 to AES256 Testing cipher strings and allowing only PFS ciphersuites To see which ciphersuites have been selected allowing only a few ciphersuites, e.g. only ciphersuites with PFS (Perfect Forward Secrecy). Let’s try to allow only ciphersuites with PFS using TLSCipher* parameters. Attention: The result will not TLSCipherAll and TLSCipherAll13 you need to experiment with the agent, proxy or server. So, to allow only PFS ciphersuites you may need to add up to three parameters TLSCipherCert=EECDH+aRSA+AES128 TLSCipher

ciphersuites: • Testing cipher strings and allowing only PFS ciphersuites • Switching from AES128 to AES256 Testing cipher strings and allowing only PFS ciphersuites To see which ciphersuites have been selected allowing only a few ciphersuites, e.g. only ciphersuites with PFS (Perfect Forward Secrecy). Let’s try to allow only ciphersuites with PFS using TLSCipher* parameters. Attention: The result will not TLSCipherAll and TLSCipherAll13 you need to experiment with the agent, proxy or server. So, to allow only PFS ciphersuites you may need to add up to three parameters TLSCipherCert=EECDH+aRSA+AES128 TLSCipher

ciphersuites: • Testing cipher strings and allowing only PFS ciphersuites • Switching from AES128 to AES256 Testing cipher strings and allowing only PFS ciphersuites To see which ciphersuites have been selected allowing only a few ciphersuites, e.g. only ciphersuites with PFS (Perfect Forward Secrecy). Let’s try to allow only ciphersuites with PFS using TLSCipher* parameters. Attention: The result will not TLSCipherAll and TLSCipherAll13 you need to experiment with the agent, proxy or server. So, to allow only PFS ciphersuites you may need to add up to three parameters TLSCipherCert=EECDH+aRSA+AES128 TLSCipher

ciphersuites: 778 • Testing cipher strings and allowing only PFS ciphersuites • Switching from AES128 to AES256 Testing cipher strings and allowing only PFS ciphersuites To see which ciphersuites have been selected allowing only a few ciphersuites, e.g. only ciphersuites with PFS (Perfect Forward Secrecy). Let’s try to allow only ciphersuites with PFS using TLSCipher* parameters. Attention: The result will not TLSCipherAll and TLSCipherAll13 you need to experiment with the agent, proxy or server. So, to allow only PFS ciphersuites you may need to add up to three parameters TLSCipherCert=EECDH+aRSA+AES128 TLSCipher

ciphersuites: 762 • Testing cipher strings and allowing only PFS ciphersuites • Switching from AES128 to AES256 Testing cipher strings and allowing only PFS ciphersuites To see which ciphersuites have been selected allowing only a few ciphersuites, e.g. only ciphersuites with PFS (Perfect Forward Secrecy). Let’s try to allow only ciphersuites with PFS using TLSCipher* parameters. Attention: The result will not TLSCipherAll and TLSCipherAll13 you need to experiment with the agent, proxy or server. So, to allow only PFS ciphersuites you may need to add up to three parameters TLSCipherCert=EECDH+aRSA+AES128 TLSCipher

ciphersuites: • Testing cipher strings and allowing only PFS ciphersuites • Switching from AES128 to AES256 Testing cipher strings and allowing only PFS ciphersuites To see which ciphersuites have been selected allowing only a few ciphersuites, e.g. only ciphersuites with PFS (Perfect Forward Secrecy). Let’s try to allow only ciphersuites with PFS using TLSCipher* parameters. Attention: The result will not TLSCipherAll and TLSCipherAll13 you need to experiment with the agent, proxy or server. So, to allow only PFS ciphersuites you may need to add up to three parameters TLSCipherCert=EECDH+aRSA+AES128 TLSCipher

ciphersuites: • Testing cipher strings and allowing only PFS ciphersuites • Switching from AES128 to AES256 Testing cipher strings and allowing only PFS ciphersuites To see which ciphersuites have been selected allowing only a few ciphersuites, e.g. only ciphersuites with PFS (Perfect Forward Secrecy). Let’s try to allow only ciphersuites with PFS using TLSCipher* parameters. Attention: The result will not TLSCipherAll and TLSCipherAll13 you need to experiment with the agent, proxy or server. So, to allow only PFS ciphersuites you may need to add up to three parameters TLSCipherCert=EECDH+aRSA+AES128 TLSCipher