On Sat, Sep 26, 2020 at 04:50:34PM +0000, tri(a)postix.net wrote:
Hi all,
For those who use encryption on your OSDs, what effect do you see on
your NVMe, SSD and HDD vs non-encrypted OSDs? I tried to find some
info on this subject but there isn't much detail available.
>From experience, dmcrypt is CPU-bound and becomes a bottleneck when
>used on very fast NVMe. Using aes-xts, one can only expect around
>1600-2000GB/s with 256/512 bit keys.
There's two things to point out as improvements for you.
1. CloudFlare's writeup about reducing latency in dm-crypt earlier this
year:
https://blog.cloudflare.com/speeding-up-linux-disk-encryption/
2. An internal observation, that I don't think was well published yet,
that disabling CONFIG_CRYPTO_STATS may provide significant CPU reduction
(CPU time spent in crypto_stats_* specifically).
--
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
E-Mail : robbat2(a)gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136