Hi Dave, With the same key length and backend, we’ve done some quick checks at the time, but did not notice any significant performance impact (beyond a slight CPU increase). We did not test beyond the QoS limits we apply, though. Cheers, Arne
On 9 Jan 2019, at 16:13, Dave Holland <dh3@sanger.ac.uk> wrote:
Hello,
I've just started investigating Cinder volume encryption using Queens (RHOSP13) with a Ceph/RBD backend and the performance overhead is... surprising. Some naive bonnie++ numbers, comparing a plain vs encrypted volume:
plain: write 1400MB/s, read 390MB/s encrypted: write 81MB/s, read 83MB/s
The encryption was configured with:
openstack volume type create --encryption-provider nova.volume.encryptors.luks.LuksEncryptor --encryption-cipher aes-xts-plain64 --encryption-key-size 256 --encryption-control-location front-end LuksEncryptor-Template-256
Does anyone have a similar setup, and can share their performance figures, or give me an idea of what percentage performance impact I should expect? Alternatively: is AES256 overkill, or, where should I start looking for a misconfiguration or bottleneck?
Thanks in advance.
Dave -- ** Dave Holland ** Systems Support -- Informatics Systems Group ** ** 01223 496923 ** Wellcome Sanger Institute, Hinxton, UK **
-- The Wellcome Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.
-- Arne Wiebalck CERN IT