Softraid performance: CRYPTO on top of RAID 1?

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Softraid performance: CRYPTO on top of RAID 1?

Erling Westenvik-2
Hi folks,

Anyone having any experience with putting an softraid CRYPTO partition
on top of a softraid RAID 1? In terms of performance?

I'd like to build a file server that favors redundancy, availability and
privacy over performance. The latter within limits though, hence my
initial question. Private use only. Me, my family and ... friends.

I'm planning to use 3 x 1TB drives in RAID 1. No FDE since
"availability" involves the possibility of unattended booting; like
after a power outage while being abroad/out of town, in which case I'd
have to ssh in to the box and bioctl(8) the encrypted volume. Otherwise
the PC is an old Pentium 4 3.40GHz with 3GB RAM which as of today runs
fine as a file server with 2 x 500GB disks in softraid RAID 1.

Sorry if my question does not belong on @misc. I've done quite some
homework but could not find information pertinent to my case and would
like to hear any arguments for or against before I spend many hours on
copying hundres of gigabytes to potentially no avail.

Regards,

Erling

Reply | Threaded
Open this post in threaded view
|

Re: Softraid performance: CRYPTO on top of RAID 1?

Joel Sing-3
On Tue, 2 Jul 2013, Erling Westenvik wrote:

> Hi folks,
>
> Anyone having any experience with putting an softraid CRYPTO partition
> on top of a softraid RAID 1? In terms of performance?
>
> I'd like to build a file server that favors redundancy, availability and
> privacy over performance. The latter within limits though, hence my
> initial question. Private use only. Me, my family and ... friends.
>
> I'm planning to use 3 x 1TB drives in RAID 1. No FDE since
> "availability" involves the possibility of unattended booting; like
> after a power outage while being abroad/out of town, in which case I'd
> have to ssh in to the box and bioctl(8) the encrypted volume. Otherwise
> the PC is an old Pentium 4 3.40GHz with 3GB RAM which as of today runs
> fine as a file server with 2 x 500GB disks in softraid RAID 1.

You would get much better throughput with a CPU that supports AESNI, however
unless you're wanting near-disk level performance, you shouldn't have any
problems. FWIW one of my servers (handles mail, etc) is a Sun Fire V210
(sparc64) machine with 2x1GHz CPU, 2GB RAM and a pair of SCSI drives - it
runs perfectly well in a similar CRYPTO on RAID 1 configuration. That said,
you'd be best to set it up and measure the performance to ensure it will meet
your needs.

> Sorry if my question does not belong on @misc. I've done quite some
> homework but could not find information pertinent to my case and would
> like to hear any arguments for or against before I spend many hours on
> copying hundres of gigabytes to potentially no avail.
>
> Regards,
>
> Erling
--

    "Action without study is fatal. Study without action is futile."
        -- Mary Ritter Beard

Reply | Threaded
Open this post in threaded view
|

Re: Softraid performance: CRYPTO on top of RAID 1?

Jiri B-2
On Thu, Jul 04, 2013 at 02:33:51AM +1000, Joel Sing wrote:
> [...snip...] FWIW one of my servers (handles mail, etc) is a Sun Fire V210
> (sparc64) machine with 2x1GHz CPU, 2GB RAM and a pair of SCSI drives - it
> runs perfectly well in a similar CRYPTO on RAID 1 configuration. That said,
> you'd be best to set it up and measure the performance to ensure it will meet
> your needs.

I'm confused. Is it possible to have RAID1 and CRYPTO on top of that as
boot device? It did not work for me...

jirib

Reply | Threaded
Open this post in threaded view
|

Re: Softraid performance: CRYPTO on top of RAID 1?

Andrey Mitroshin
In reply to this post by Joel Sing-3
>similar CRYPTO on RAID 1 configuration

Could you please supply some details of how did you do that?

On Thu, Jul 04, 2013 at 02:33:51AM +1000, Joel Sing wrote:

> On Tue, 2 Jul 2013, Erling Westenvik wrote:
> > Hi folks,
> >
> > Anyone having any experience with putting an softraid CRYPTO partition
> > on top of a softraid RAID 1? In terms of performance?
> >
> > I'd like to build a file server that favors redundancy, availability and
> > privacy over performance. The latter within limits though, hence my
> > initial question. Private use only. Me, my family and ... friends.
> >
> > I'm planning to use 3 x 1TB drives in RAID 1. No FDE since
> > "availability" involves the possibility of unattended booting; like
> > after a power outage while being abroad/out of town, in which case I'd
> > have to ssh in to the box and bioctl(8) the encrypted volume. Otherwise
> > the PC is an old Pentium 4 3.40GHz with 3GB RAM which as of today runs
> > fine as a file server with 2 x 500GB disks in softraid RAID 1.
>
> You would get much better throughput with a CPU that supports AESNI, however
> unless you're wanting near-disk level performance, you shouldn't have any
> problems. FWIW one of my servers (handles mail, etc) is a Sun Fire V210
> (sparc64) machine with 2x1GHz CPU, 2GB RAM and a pair of SCSI drives - it
> runs perfectly well in a similar CRYPTO on RAID 1 configuration. That said,
> you'd be best to set it up and measure the performance to ensure it will meet
> your needs.
>
> > Sorry if my question does not belong on @misc. I've done quite some
> > homework but could not find information pertinent to my case and would
> > like to hear any arguments for or against before I spend many hours on
> > copying hundres of gigabytes to potentially no avail.
> >
> > Regards,
> >
> > Erling
> --
>
>     "Action without study is fatal. Study without action is futile."
>         -- Mary Ritter Beard

Reply | Threaded
Open this post in threaded view
|

Re: Softraid performance: CRYPTO on top of RAID 1?

Erling Westenvik-2
In reply to this post by Jiri B-2
On Wed, Jul 03, 2013 at 05:20:30PM -0400, Jiri B wrote:
> On Thu, Jul 04, 2013 at 02:33:51AM +1000, Joel Sing wrote:
> > [...snip...] FWIW one of my servers (handles mail, etc) is a Sun Fire V210
> > (sparc64) machine with 2x1GHz CPU, 2GB RAM and a pair of SCSI drives - it
> > runs perfectly well in a similar CRYPTO on RAID 1 configuration. That said,
> > you'd be best to set it up and measure the performance to ensure it will meet
> > your needs.
>
> I'm confused. Is it possible to have RAID1 and CRYPTO on top of that as
> boot device? It did not work for me...

Joel did not say that was his setup, did he? In my original post I
stated that I would avoid FDE because of the need to boot the machine
unattended. I assumed Joel's setup were similar.

But it would be really interesting to have softraid FDE on top of RAID.
Can it be done? I tried a couple of times yesterday with both i386 and
amd64 current, but it did not work for me either; boot(8) appeared not
being able to find the kernel.

Reply | Threaded
Open this post in threaded view
|

Re: Softraid performance: CRYPTO on top of RAID 1?

Joel Sing-3
In reply to this post by Jiri B-2
On Thu, 4 Jul 2013, Jiri B wrote:
> On Thu, Jul 04, 2013 at 02:33:51AM +1000, Joel Sing wrote:
> > [...snip...] FWIW one of my servers (handles mail, etc) is a Sun Fire
> > V210 (sparc64) machine with 2x1GHz CPU, 2GB RAM and a pair of SCSI drives
> > - it runs perfectly well in a similar CRYPTO on RAID 1 configuration.
> > That said, you'd be best to set it up and measure the performance to
> > ensure it will meet your needs.
>
> I'm confused. Is it possible to have RAID1 and CRYPTO on top of that as
> boot device? It did not work for me...

No, that will not work since the boot loader will not know how to handle the
nested volumes - the OP said:

> I'm planning to use 3 x 1TB drives in RAID 1. No FDE since
> "availability" involves the possibility of unattended booting; like
> after a power outage while being abroad/out of town, in which case I'd
> have to ssh in to the box and bioctl(8) the encrypted volume.

And that will work, since you boot off RAID 1 and then bring up a CRYPTO
volume manually. Once we do stacked properly we should have RAID1C and you
would be able to boot from that...
--

    "Action without study is fatal. Study without action is futile."
        -- Mary Ritter Beard

Reply | Threaded
Open this post in threaded view
|

Re: Softraid performance: CRYPTO on top of RAID 1?

Erling Westenvik-2
On Sat, Jul 06, 2013 at 01:28:28AM +1000, Joel Sing wrote:

> On Thu, 4 Jul 2013, Jiri B wrote:
> > On Thu, Jul 04, 2013 at 02:33:51AM +1000, Joel Sing wrote:
> > > [...snip...] FWIW one of my servers (handles mail, etc) is a Sun Fire
> > > V210 (sparc64) machine with 2x1GHz CPU, 2GB RAM and a pair of SCSI drives
> > > - it runs perfectly well in a similar CRYPTO on RAID 1 configuration.
> > > That said, you'd be best to set it up and measure the performance to
> > > ensure it will meet your needs.
> >
> > I'm confused. Is it possible to have RAID1 and CRYPTO on top of that as
> > boot device? It did not work for me...
>
> No, that will not work since the boot loader will not know how to handle the
> nested volumes - the OP said:

Thanks for clarifying.

> > I'm planning to use 3 x 1TB drives in RAID 1. No FDE since
> > "availability" involves the possibility of unattended booting; like
> > after a power outage while being abroad/out of town, in which case I'd
> > have to ssh in to the box and bioctl(8) the encrypted volume.
>
> And that will work, since you boot off RAID 1 and then bring up a CRYPTO
> volume manually. Once we do stacked properly we should have RAID1C and you
> would be able to boot from that...

Perhaps a long shot, but would it be very wrong to assume that such a
future boot loader would know how to handle *already existing* nested
volumes? Like, if I prepare a RAID1C already partitioned for (or with
room left for) the OS, but run the OS from a standalone disk while we
wait for a boot loader that does stacking properly?

(Given the amount of time to copy a terabyte or two of data, I would
certainly be willing to give it a shot. No guarantees expected, of
course..)

Cheers,

Erling

Reply | Threaded
Open this post in threaded view
|

Re: Softraid performance: CRYPTO on top of RAID 1?

Hugo Osvaldo Barrera
In reply to this post by Erling Westenvik-2
On 2013-07-02 02:26, Erling Westenvik wrote:
> Hi folks,
>
> Anyone having any experience with putting an softraid CRYPTO partition
> on top of a softraid RAID 1? In terms of performance?

I recently built my NAS, and tried both CRYPTO and no softraid and noticed
a pretty big difference.

With cypto, speed didn't exceed 2.3MBps. Without it, speed is stable at
about 9.3MBps.
When inspecting this, CPU stays at ~100%, in both scenarios (Mostly due
to my network connection being encrypted as well).

Note that I have gigabit ethernet, and actual network speed CAN reach
faster speeds; it was purely my CPU which limited me.

Just in case, my CPU *does not* support AESNI. I'm pretty sure you
mileage *will* vary if yours does.

In the end, I used an unencrypted disk for delicate stuff, and a
non-encrypted one for non-delicate stuff (music/movies/etc).

Both tests were done with 200GB of random files (movies mostly).

>
> I'd like to build a file server that favors redundancy, availability and
> privacy over performance. The latter within limits though, hence my
> initial question. Private use only. Me, my family and ... friends.

Since privacy is a priority for you, then make sure the CPU supports
AESNI, I'm confident you'll get better performance with no privacy
drawback. I've no hardware to actually test this, but I'm pretty confident
the difference is noticable.

>
> I'm planning to use 3 x 1TB drives in RAID 1. No FDE since
> "availability" involves the possibility of unattended booting; like
> after a power outage while being abroad/out of town, in which case I'd
> have to ssh in to the box and bioctl(8) the encrypted volume. Otherwise
> the PC is an old Pentium 4 3.40GHz with 3GB RAM which as of today runs
> fine as a file server with 2 x 500GB disks in softraid RAID 1.

We mentioned this at some point off-list, but I'd like to document this in
case anybody's interesed: my OS runs of a 4GiB USB drive, which keeps as
many SATA ports as possibe available, while maintaining availability. A
RAID1 on two of these drives would be great, since they don't have the
best record when it comes to durability.

>
> Sorry if my question does not belong on @misc. I've done quite some
> homework but could not find information pertinent to my case and would
> like to hear any arguments for or against before I spend many hours on
> copying hundres of gigabytes to potentially no avail.

I did. :) Granted, it wan't fun, but it wan't too much work either,
since I left it while I was AFK, so it didn't bother me in the least.

>
> Regards,
>
> Erling
>

Cheers,

--
Hugo Osvaldo Barrera

[demime 1.01d removed an attachment of type application/pgp-signature]