[cinder] volume encryption performance impact

Dave Holland dh3 at sanger.ac.uk
Wed Jan 9 15:13:29 UTC 2019


I've just started investigating Cinder volume encryption using Queens
(RHOSP13) with a Ceph/RBD backend and the performance overhead is...
surprising. Some naive bonnie++ numbers, comparing a plain vs encrypted

plain: write 1400MB/s, read 390MB/s
encrypted: write 81MB/s, read 83MB/s

The encryption was configured with:

openstack volume type create --encryption-provider nova.volume.encryptors.luks.LuksEncryptor --encryption-cipher aes-xts-plain64 --encryption-key-size 256 --encryption-control-location front-end LuksEncryptor-Template-256

Does anyone have a similar setup, and can share their performance
figures, or give me an idea of what percentage performance impact I
should expect? Alternatively: is AES256 overkill, or, where should I
start looking for a misconfiguration or bottleneck?

Thanks in advance.

** Dave Holland ** Systems Support -- Informatics Systems Group **
** 01223 496923 **    Wellcome Sanger Institute, Hinxton, UK    **

 The Wellcome Sanger Institute is operated by Genome Research 
 Limited, a charity registered in England with number 1021457 and a 
 company registered in England with number 2742969, whose registered 
 office is 215 Euston Road, London, NW1 2BE. 

More information about the openstack-discuss mailing list