From owner-freebsd-stable@FreeBSD.ORG Fri May 29 09:30:49 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2332A106566B for ; Fri, 29 May 2009 09:30:49 +0000 (UTC) (envelope-from cryx-freebsd@h3q.com) Received: from mail.h3q.com (mail.h3q.com [213.73.89.199]) by mx1.freebsd.org (Postfix) with ESMTP id 7C4668FC16 for ; Fri, 29 May 2009 09:30:48 +0000 (UTC) (envelope-from cryx-freebsd@h3q.com) Received: (qmail 33688 invoked from network); 29 May 2009 09:30:46 -0000 Received: from unknown (HELO snowwhite.local) (smtpsend@89.247.104.154) by mail.h3q.com with AES256-SHA encrypted SMTP; 29 May 2009 09:30:46 -0000 Message-ID: <4A1FAB45.4040904@h3q.com> Date: Fri, 29 May 2009 11:30:45 +0200 From: Philipp Wuensche User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302) MIME-Version: 1.0 To: Dan Naumov References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-stable@freebsd.org Subject: Re: ZFS on top of GELI / Intel Atom 330 system X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 May 2009 09:30:49 -0000 Dan Naumov wrote: > Is there anyone here using ZFS on top of a GELI-encrypted provider on > hardware which could be considered "slow" by today's standards? What > are the performance implications of doing this? The reason I am asking > is that I am in the process of building a small home NAS/webserver, > starting with a single disk (intending to expand as the need arises) > on the following hardware: > http://www.tranquilpc-shop.co.uk/acatalog/BAREBONE_SERVERS.html This > is essentially: Intel Arom 330 1.6 Ghz dualcore on an Intel > D945GCLF2-based board with 2GB Ram, the first disk I am going to use > is a 1.5TB Western Digital Caviar Green. > > I had someone run a few openssl crypto benchmarks (to unscientifically > assess the maximum possible GELI performance) on a machine running > FreeBSD on nearly the same hardware and it seems the CPU would become > the bottleneck at roughly 200 MB/s throughput when using 128 bit > Blowfish, 70 MB/s when using AES128 and 55 MB/s when using AES256. > This, on it's own is definately enough for my neeeds (especially in > the case of using Blowfish), but what are the performance implications > of using ZFS on top of a GELI-encrypted provider? I have a zpool mirror on top of two 128bit GELI blowfish devices with Sectorsize 4096, my system is a D945GCLF2 with 2GB RAM and a Intel Arom 330 1.6 Ghz dualcore. The two disks are a WDC WD10EADS and a WD10EACS (5400rpm). The system is running 8.0-CURRENT amd64. I have set kern.geom.eli.threads=3. This is far from a real benchmarks but: Using dd with bs=4m I get 35 MByte/s writing to the mirror (writing 35 MByte/s to each disk) and 48 MByte/s reading from the mirror (reading with 24 MByte/s from each disk). My experience is that ZFS is not much of an overhead and will not degrade the performance as much as the encryption, so GELI is the limiting factor. Using ZFS without GELI on this system gives way higher read and write numbers, like reading with 70 MByte/s per disk etc. greetings, philipp