Announcement

Collapse
No announcement yet.

Cloudflare Improving Linux Disk Encryption Performance - Doubling The Throughput

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • pal666
    replied
    Originally posted by anarki2 View Post
    "Doubling The Throughput" sounds fishy to say the least, coz that's only possible if FDE at least halves throughput, which I seriously doubt.
    cloudflare doesn't compile linux kernels, it just passes data between storage and network card. i.e. it is "do nothing" vs "decrypt"
    in their test fde reduced throughput from 1126 MB/s to 147 MB/s which is several times more than "halves"
    Last edited by pal666; 29 March 2020, 07:51 AM.

    Leave a comment:


  • Zan Lynx
    replied
    Originally posted by caligula View Post

    Not really. The NVMe drives suffer from temp / write throttling and focusing more computation on that tiny area makes the situation worse.
    I'm not sure you're thinking of the same drives that I am. The Pro line of Samsung drives do AES encryption at line speed. As far as I am aware they do this all the time whether or not you configured a key, because this is how they implement Secure Erase. That command randomizes the key and applies TRIM to the entire drive. It's done instantly and no writes are required.

    Datacenter NVMe drives are not tiny little M.2 drives with heat problems. They are long slab hotswap cards, usually wired up with U.2. They don't have heat problems.

    Pretty much the only NVMe drives with problems are these first-gen PCIe 4.0 drives because they're all based on overclocked PCIe 3 controllers. Then shoved into a tiny space with no fan under the GPU.

    Leave a comment:


  • caligula
    replied
    Originally posted by Zan Lynx View Post

    Your best approach to NVMe encryption would be to find a drive with hardware encryption that you can trust. Doing it on the drive controller is the best place for it. If only you could be sure it was doing it correctly.
    Not really. The NVMe drives suffer from temp / write throttling and focusing more computation on that tiny area makes the situation worse.

    Leave a comment:


  • Zan Lynx
    replied
    Originally posted by Termy View Post
    That sounds nice, hopefully it will be mainlined soon™
    My 3800x caps out at around 2.1gb/s. So PCIe4 would be kind of pointless ^^
    Your best approach to NVMe encryption would be to find a drive with hardware encryption that you can trust. Doing it on the drive controller is the best place for it. If only you could be sure it was doing it correctly.

    Leave a comment:


  • Buntolo
    replied
    Originally posted by willmore View Post
    Anyone got a way to email the author? I'm curious how their changes effect ARM. I don't believe they have the same FPU context issues for their crypto instructions. Then again the ARM crypto modules may be labled differently.
    Couldn't find an email, your best bet is asking on the Disqus comment section on the Cloudflare blog:
    In this post, we will investigate the performance of disk encryption on Linux and explain how we made it at least two times faster for ourselves and our customers!


    or on his twitter:

    Leave a comment:


  • Termy
    replied
    That sounds nice, hopefully it will be mainlined soon™
    My 3800x caps out at around 2.1gb/s. So PCIe4 would be kind of pointless ^^

    Leave a comment:


  • anarki2
    replied
    Originally posted by caligula View Post

    So, are you saying they should not have done it?
    ? I said nothing close to that. I said this is a clickbait article, not more, not less.

    Leave a comment:


  • caligula
    replied
    Originally posted by anarki2 View Post

    In which case it's exactly what I thought it was: they didn't double throughput but halve overhead instead, completely different things. In any case, it must be single-digit percentage increase in real-world actual throughput, since the performance hit is already so small.
    So, are you saying they should not have done it?

    Leave a comment:


  • anarki2
    replied
    Originally posted by archsway View Post

    Depends on what type of drive you are using:
    In which case it's exactly what I thought it was: they didn't double throughput but halve overhead instead, completely different things. In any case, it must be single-digit percentage increase in real-world actual throughput, since the performance hit is already so small.

    Leave a comment:


  • archsway
    replied
    Originally posted by anarki2 View Post
    "Doubling The Throughput" sounds fishy to say the least, coz that's only possible if FDE at least halves throughput, which I seriously doubt.
    Depends on what type of drive you are using:

    Originally posted by Cloudflare
    For the purpose of this post we will use the fastest disks available out there - that is no disks.

    Leave a comment:

Working...
X