Cloudflare Improving Linux Disk Encryption Performance - Doubling The Throughput

Written by Michael Larabel in Linux Storage on 25 March 2020 at 11:37 AM EDT. 23 Comments
LINUX STORAGE
Cloudflare employs Linux disk encryption on their servers and with some optimizations have made it at least two times faster throughput while also lowering the latency.

Cloudflare began exploring Linux disk encryption performance when finding it wasn't performing as well as they would like. Cloudflare engineers dug into the Linux kernel source tree and worked to avoid extra queuing and asynchronous behavior.

With a patch that adds a new flag to dm-crypt to not offload crypto operations and handle everything inline was one of the steps. The other essential change was implementing a Crypto API AES-XTS synchronous driver that uses AES-NI by default while falling back to generic AES if needed. Those patches are currently available via Cloudflare's GitHub.

Cloudflare engineers found with the changes they could more than double their throughput while the latency was about cut and half. This is helping Cloudflare already in production with their encrypted Linux servers but they still are exploring more areas to improve upon.
This post shows how an architecture review can double the performance of a system. Also we reconfirmed that modern cryptography is not expensive and there is usually no excuse not to protect your data.

We are going to submit this work for inclusion in the main kernel source tree, but most likely not in its current form. Although the results look encouraging we have to remember that Linux is a highly portable operating system: it runs on powerful servers as well as small resource constrained IoT devices and on many other CPU architectures as well. The current version of the patches just optimises disk encryption for a particular workload on a particular architecture, but Linux needs a solution which runs smoothly everywhere.

More details on this work via the Cloudflare Blog.
23 Comments
Related News
EXT4 In Linux 6.10 Adds FS_IOC_GETFSSYSFSPATH Support
Linux 6.10 NFSD Brings Optimizations & Preps For New nfsdctl Utility
Linux 6.10 Improves Performance For Opening Unencrypted Files
EROFS Adds Zstd & Btrfs Gets Minor Performance Work In Linux 6.10
Linux Patch Posted For NVMe Flexible Data Placement (FDP)
Microsoft Engineer Ports EXT2 File-System Driver To Rust
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
NVIDIA's Open GPU Linux Kernel Driver Will Soon Be The Default For Turing & Newer GPUs
Torvalds Voices Thoughts On Linux Mitigating Unexpected Arithmetic Overflows/Underflows
Germany's Sovereign Tech Fund Now Supporting FFmpeg
Linus Torvalds Is Doing More ARM64 Linux Testing Now That He Has A More Powerful System
Linus Torvalds On Dogfooding The Linux Kernel
ReactOS "Open-Source Windows" Making Good Strides On SMP CPU Support
Microsoft Engineer Ports EXT2 File-System Driver To Rust
KDE Making Good Progress On HDR, Better Gamescope Integration