From: Milan Broz <mbroz@redhat.com>
To: Igor Novgorodov <igor@novg.net>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] AES-XTS performance
Date: Mon, 15 Nov 2010 15:25:07 +0100 [thread overview]
Message-ID: <4CE142C3.1070408@redhat.com> (raw)
In-Reply-To: <566573504.20101115153604@novg.net>
On 11/15/2010 01:36 PM, Igor Novgorodov wrote:
> Hello!
> I've got a question regarding encryption performance with
> XTS mode in dm-crypt, which is too low for what i
> get.
>
> Test system:
> - Supermicro X8DTH-6F
> - 1 x 4-Core Xeon E5620 with HyperThreading & AES-NI
> - 12Gb RAM DDR3 Reg ECC
>
> Preparation:
> # mount -t tmpfs tmpfs -o size=4G /mnt/tmpfs
> # dd if=/dev/zero of=/mnt/tmpfs/image
> # losetup /dev/loop0 /mnt/tmpfs/image
Loop is not ideal device to test but it is not the problem.
The main problem is that dm-crypt uses only one core per device.
If you want to do some tests, try this patch
http://lkml.org/lkml/2010/11/12/344
(but there is still some issues and it will not help much
if only one process generates IOs.)
> And with CBC mode we get reasonable read performance (for AES-NI), but
> writing is as almost slow as before:
I think the write slowdown is partially loop problem here.
> What is the problem here?
> With aes-cbc-plain64 i get ~560Mb read, and another slow write ~110Mb.
Nice to benchmarking, but do not use plain/plain64 in CBC mode for data.
(It is vulnerable.)
> Any suggestions? Why write speed is so low?
Can you please try patch above? Will it help here?
(There are more possible fixes but stability is the No.1 here,
and we have still some unresolved problems with that.)
> And why with XTS i get 50% speed drop, is that normal?
In principle, XTS run 2x AES operation in comparison to CBC mode,
so I would say it is expected.
> In Windows with Trucrypt internal benchmark i get 1.6Gb/s
> AES encryption speed with AES-NI even on low-end Core i5-620.
You cannot compare internal benchmark to dm-crypt over loop.
dm-crypt uses 512b sectors and mainly block layer limits it here.
If you use device-mapper zero target as backing device you can get
better numbers but still it is comparing something different.
Milan
next prev parent reply other threads:[~2010-11-15 14:25 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-15 12:36 [dm-crypt] AES-XTS performance Igor Novgorodov
2010-11-15 14:25 ` Milan Broz [this message]
2010-11-16 6:53 ` Igor Novgorodov
2010-11-16 7:31 ` Igor Novgorodov
2010-11-16 9:25 ` Milan Broz
2010-11-16 11:32 ` Igor Novgorodov
2010-11-16 12:00 ` Milan Broz
2010-11-17 10:03 ` Igor Novgorodov
2010-11-17 23:39 ` Jakob-Tobias Winter
2010-11-15 14:38 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CE142C3.1070408@redhat.com \
--to=mbroz@redhat.com \
--cc=dm-crypt@saout.de \
--cc=igor@novg.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox