Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
There seems to be a fair amount of discussion about the performance of LUKS, especially the kcryptd process as it appears to be single-threaded. My current setup is 3x2TB drives in a soft RAID5 (md), which has a LUKS volume ontop. When writing, I get around 40MB/s which could be better given a 3GHz quad CPU.
The low performance could be related to the fact only 1 kcryptd runs per device (this device being /dev/md1). My question is; would it be better to have a seperate LUKS volume per HDD, and them forming a RAID5 from these? This should spawn a kcrypt process per physical device (3) instead of just 1.
Has anyone tried this setup and does it make any difference on read/write performance?
40MB/s writing to RAID 5 is pretty good, especially with only three spindles.
I don't think your CPU has anything to do with it. Remember a "write" on
RAID 5 requires a two reads, a calculation, and two writes. Assuming a
16K block size, each 16K requires 4 disk operations, or one operation
per 4K. At 40 MB/s, you're getting 1000 IOPs.
Let us know when you benchmark it the other way, but I think
you'll see precious little difference - CPUs are WAY faster
than drives, so no matter what you do with the CPU the
drives are still only going to write the data at a certain
speed.
As to which is BETTER, I'd decide that by not based on
performance, but on logical design. To me, the RAID is at
the physical level - that data just happens to be on those
drives, but it could just as easily be anywhere else.
Which data should be encrypted is a _logical_ choice rather
than a _physical_ one. Logical sits on top of physical, so
encryption on top of RAID.
Thanks for the replies. Personally I don't see why the encryption layer cannot go on the lowest level, pending some testing. I set this up using 3 loopback devices and it worked OK, however it was on the same phyiscal hard disks so performance couldn't be tested. Another plus point I can see is resizing RAID arrays should be easier if the encryption was the lowest level as you only have to resize the RAID array. Otherwise you have to resize the RAID array first, then the LUKS "container".
When I initially configured this array it was unecrypted and the performance was quite a bit higher that when it is encrypted (I can't remember the actual numbers). Maybe extra kcryptd processes will help? I have a bunch of old drives laying about and will test the performance difference and post back. I'm not expecting much difference but it's worth a test
raymor, going by your information, would you expect read/write rates to increase with the number of physical disks? I could test this too..
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.