From: Stan Hoeppner <stan@hardwarefreak.com>
To: Marc MERLIN <marc@merlins.org>, linux-raid@vger.kernel.org
Subject: Re: Very long raid5 init/rebuild times
Date: Wed, 22 Jan 2014 01:55:34 -0600 [thread overview]
Message-ID: <52DF7976.6070808@hardwarefreak.com> (raw)
In-Reply-To: <20140121163755.GG10140@merlins.org>
On 1/21/2014 10:37 AM, Marc MERLIN wrote:
> On Mon, Jan 20, 2014 at 11:35:40PM -0800, Marc MERLIN wrote:
>> Howdy,
>>
>> I'm setting up a new array with 5 4TB drives for which I'll use dmcrypt.
>>
>> Question #1:
>> Is it better to dmcrypt the 5 drives and then make a raid5 on top, or the opposite
>> (raid5 first, and then dmcrypt)
For maximum throughput and to avoid hitting a ceiling with one thread on
one core, using one dmcrypt thread per physical device is a way to
achieve this.
>> I used:
>> cryptsetup luksFormat --align-payload=8192 -s 256 -c aes-xts-plain64 /dev/sd[mnopq]1
Changing the key size or the encryption method may decrease latency a
bit, but likely not enough.
> I should have said that this is seemingly a stupid question since obviously
> if you encrypt each drive separately, you're going through the encryption
> layer 5 times during rebuilds instead of just once.
Each dmcrypt thread is handling 1/5th of the IOs. The low init
throughput isn't caused by using 5 threads. One thread would likely do
no better.
> However in my case, I'm not CPU-bound, so that didn't seem to be an issue
> and I was more curious to know if the dmcrypt and dmraid5 layers stacked the
> same regardless of which one was on top and which one at the bottom.
You are not CPU bound, nor hardware bandwidth bound. You are latency
bound, just like every dmcrypt user. dmcrypt adds a non trivial amount
of latency to every IO. Latency with serial IO equals low throughput.
Experiment with these things to increase throughput. If you're using
the CFQ elevator switch to deadline. Try smaller md chunk sizes, key
lengths, different ciphers, etc. Turn off automatic CPU frequency
scaling. I've read reports of encryption causing the frequency to drop
instead of increase.
In general, to increase serial IO throughput on a high latency path one
must:
1. Issue lots of IOs asynchronously
2. And/or issue lots of IOs in parallel
Or both. AFAIK both of these require code rewrites for md maintenance
operations.
Once in production, if your application workloads do 1 or 2 above then
you may see higher throughput than the 18MB/s you see with the init. If
your workloads are serial maybe not much more.
Common sense says that encrypting 16TB of storage at the block level,
using software libraries and optimized CPU instructions, is not a smart
thing to do. Not if one desires decent performance, and especially if
one doesn't need all 16TB encrypted.
If you in fact don't need all 16TB encrypted, and I'd argue very few do,
especially John and Jane Doe, then tear this down, build a regular
array, and maintain an encrypted directory or few.
If you actually *need* to encrypt all 16TB at the block level, and
require decent performance, you need to acquire a dedicated crypto
board. One board will cost more than your complete server. The cost of
such devices should be a strong clue as to who does and does not need to
encrypt their entire storage.
--
Stan
next prev parent reply other threads:[~2014-01-22 7:55 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-21 7:35 Very long raid5 init/rebuild times Marc MERLIN
2014-01-21 16:37 ` Marc MERLIN
2014-01-21 17:08 ` Mark Knecht
2014-01-21 18:42 ` Chris Murphy
2014-01-22 7:55 ` Stan Hoeppner [this message]
2014-01-22 17:48 ` Marc MERLIN
2014-01-22 23:17 ` Stan Hoeppner
2014-01-23 14:28 ` John Stoffel
2014-01-24 1:02 ` Stan Hoeppner
2014-01-24 3:07 ` NeilBrown
2014-01-24 8:24 ` Stan Hoeppner
2014-01-23 2:37 ` Stan Hoeppner
2014-01-23 9:13 ` Marc MERLIN
2014-01-23 12:24 ` Stan Hoeppner
2014-01-23 21:01 ` Marc MERLIN
2014-01-24 5:13 ` Stan Hoeppner
2014-01-25 8:36 ` Marc MERLIN
2014-01-28 7:46 ` Stan Hoeppner
2014-01-28 16:50 ` Marc MERLIN
2014-01-29 0:56 ` Stan Hoeppner
2014-01-29 1:01 ` Marc MERLIN
2014-01-30 20:47 ` Phillip Susi
2014-02-01 22:39 ` Stan Hoeppner
2014-02-02 18:53 ` Phillip Susi
2014-02-03 6:34 ` Stan Hoeppner
2014-02-03 14:42 ` Phillip Susi
2014-02-04 3:30 ` Stan Hoeppner
2014-02-04 17:59 ` Larry Fenske
2014-02-04 18:08 ` Phillip Susi
2014-02-04 18:43 ` Stan Hoeppner
2014-02-04 18:55 ` Phillip Susi
2014-02-04 19:15 ` Stan Hoeppner
2014-02-04 20:16 ` Phillip Susi
2014-02-04 21:58 ` Stan Hoeppner
2014-02-05 1:19 ` Phillip Susi
2014-02-05 1:42 ` Stan Hoeppner
2014-01-30 20:36 ` Phillip Susi
2014-01-30 20:18 ` Phillip Susi
2014-01-22 19:38 ` Opal 2.0 SEDs on linux, was: " Chris Murphy
2014-01-21 18:31 ` Chris Murphy
2014-01-22 13:46 ` Ethan Wilson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52DF7976.6070808@hardwarefreak.com \
--to=stan@hardwarefreak.com \
--cc=linux-raid@vger.kernel.org \
--cc=marc@merlins.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).