geli vs openssl, geli is much slower
Anonymous
freebsd at 0x7f.co
Wed Mar 9 18:11:19 UTC 2016
Hello All,
The disk encryption on my NAS (RAIDZ1 + ZFS + GELI (aes-128-xts)) is
running much slower than expected (80MB/S). It seems that GELI is much
slower than openssl for aes-128-xts (and aes-128-cbc as well). The
results might be similar for other ciphers, but I only verified
aes-128-xts and aes-128-cbc.
My NAS is running 9.3, but I was able to replicate on FreeBSD 10.2
(recent VM image) on a different machine (i7-4770HQ).
* OpenSSL w/o AES-NI:
OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp aes-128-xts
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-xts 49702.86k 140889.72k 358413.11k 444357.17k 482859.72k
* OpenSSL w/ AES-NI (not relevant, for demonstration purpose):
openssl speed -elapsed -evp aes-128-xts
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-xts 417564.07k 1253833.96k 2302266.40k 2993555.43k 3411513.42k
* w/ gzero:
dd if=/dev/zero of=/dev/gzero.eli bs=1m count=1000
1000+0 records in
1000+0 records out
1048576000 bytes transferred in 13.107259 secs (79999640 bytes/sec)
geli is only seing 76MB/s (4k sector) while openssl (even at 1k sector sizes) is
doing 433 MB/s.
Am I comparing apples and oranges? Is this to be expected?
NOTE: It should not be related to AES-NI since my processor (an X3450)
doesn't support AES-NI, and I was seeing similar results.
NOTE2:
# uname -a
FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE #0 r286666: Wed Aug 12
15:26:37 UTC 2015
root at releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
# openssl version
OpenSSL 1.0.1p-freebsd 9 Jul 2015
More information about the freebsd-performance
mailing list