On 19-01-09 15:13:29, Dave Holland wrote:
Hello,
I've just started investigating Cinder volume encryption using Queens (RHOSP13) with a Ceph/RBD backend and the performance overhead is... surprising. Some naive bonnie++ numbers, comparing a plain vs encrypted volume:
plain: write 1400MB/s, read 390MB/s encrypted: write 81MB/s, read 83MB/s
The encryption was configured with:
openstack volume type create --encryption-provider nova.volume.encryptors.luks.LuksEncryptor --encryption-cipher aes-xts-plain64 --encryption-key-size 256 --encryption-control-location front-end LuksEncryptor-Template-256
Does anyone have a similar setup, and can share their performance figures, or give me an idea of what percentage performance impact I should expect? Alternatively: is AES256 overkill, or, where should I start looking for a misconfiguration or bottleneck?
I haven't tested yet, but that doesn't sound right, it sounds like it's not using aes-ni (or tha amd equiv). 256 may be higher than is needed (256 aes has some attacks that 128 does not iirc as well) but should drop perf that much unless it's dropping back to sofware. -- Matthew Thode