From owner-freebsd-current@FreeBSD.ORG Fri Oct 3 14:13:01 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 437D016A4B3 for ; Fri, 3 Oct 2003 14:13:01 -0700 (PDT) Received: from smtp3.sentex.ca (smtp3.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAA7C43FE9 for ; Fri, 3 Oct 2003 14:12:58 -0700 (PDT) (envelope-from mike@sentex.net) Received: from avscan2.sentex.ca (avscan2.sentex.ca [199.212.134.19]) by smtp3.sentex.ca (8.12.9p2/8.12.9) with ESMTP id h93LCrHr085534 for ; Fri, 3 Oct 2003 17:12:53 -0400 (EDT) (envelope-from mike@sentex.net) Received: from localhost (localhost [127.0.0.1]) by avscan2.sentex.ca (Postfix) with ESMTP id 3AD5559C8B for ; Fri, 3 Oct 2003 17:12:58 -0400 (EDT) Received: from avscan2.sentex.ca ([127.0.0.1]) by localhost (avscan2.sentex.ca [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 08149-13 for ; Fri, 3 Oct 2003 17:12:58 -0400 (EDT) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by avscan2.sentex.ca (Postfix) with ESMTP id 0816459C86 for ; Fri, 3 Oct 2003 17:12:58 -0400 (EDT) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.9p1/8.12.9) with ESMTP id h93LCudK097053 for ; Fri, 3 Oct 2003 17:12:57 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <6.0.0.22.0.20031003153910.083e3410@209.112.4.2> X-Sender: mdtpop@209.112.4.2 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Fri, 03 Oct 2003 17:15:54 -0400 To: current@freebsd.org From: Mike Tancsa Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by Sentex Communications (avscan2/20030616p5) Subject: GEOM BDE stats / questions about crypto transformations X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Oct 2003 21:13:01 -0000 We are looking at doing some offsite backup at a generally physically secure location. Still we are not that trusting of our data living off site. So GEOM BDE seems to be a good fit to further reduce the risk. The hardware we have is a 2.2 Celeron as well as a HiFn card to assist with 3des transformations. (basically one backup server here at HQ pushing off big dump files via ssh) and other stuff with FAST_IPSEC tunnels to the off site location. For storage, we have a 3ware 7810 with RAID5. The link speed between us is anywhere from 10Mb/s to 40Mb/s (depends on what is available during the time of day-- we only will use excess bandwidth) This should allow us to fully backup our data in 24hrs. I wanted to make sure I could write out to the disk with at least that speed. Doing a simple test with bonnie as well as simulating it via scp, its a bit close. -------Sequential Output-------- ---Sequential Input-- --Random-- -Per Char- --Block--- -Rewrite-- -Per Char- --Block--- --Seeks--- Machine MB K/sec %CPU K/sec %CPU K/sec %CPU K/sec %CPU K/sec %CPU /sec %CPU 5 4000 16746 56.0 17152 29.4 11675 24.7 24569 68.9 34602 27.7 129.7 3.1 5EH 4000 4961 17.1 5145 9.1 3720 8.0 9996 28.8 12347 11.3 119.5 2.9 5E 4000 4953 17.1 5132 9.4 3790 7.9 10522 30.6 13125 12.3 120.1 2.8 5 = Regular RAID 5 UFS mount 5EH = RAID 5 with HiFn crpto card from Soekris on a BDE encrypted mount 5E = BDE encrypted mount The hiFn card doesnt seem to make much difference as it only offloads MD5 calculations. However, overall the CPU is lower when running with the hifn card defined in the kernel. It makes a large difference in CPU usage when scp'ing a file across using 3des. Perhaps when the new Soekris card which does AES comes out, these numbers will speed up. In the mean time is anyone using this in production ? Are you using any USB keys for the storing the pass phrase ? If so, can you give me some details as to how you set it up ? Thanks, ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike