Open Stack

On 19-01-09 15:13:29, Dave Holland wrote:
> Hello,
> 
> I've just started investigating Cinder volume encryption using Queens
> (RHOSP13) with a Ceph/RBD backend and the performance overhead is...
> surprising. Some naive bonnie++ numbers, comparing a plain vs encrypted
> volume:
> 
> plain: write 1400MB/s, read 390MB/s
> encrypted: write 81MB/s, read 83MB/s
> 
> The encryption was configured with:
> 
> openstack volume type create --encryption-provider nova.volume.encryptors.luks.LuksEncryptor --encryption-cipher aes-xts-plain64 --encryption-key-size 256 --encryption-control-location front-end LuksEncryptor-Template-256
> 
> Does anyone have a similar setup, and can share their performance
> figures, or give me an idea of what percentage performance impact I
> should expect? Alternatively: is AES256 overkill, or, where should I
> start looking for a misconfiguration or bottleneck?
> 

I haven't tested yet, but that doesn't sound right, it sounds like it's
not using aes-ni (or tha amd equiv).  256 may be higher than is needed
(256 aes has some attacks that 128 does not iirc as well) but should
drop perf that much unless it's dropping back to sofware.

-- 
Matthew Thode
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190109/837967f5/attachment.sig>