My tests with Encrypted Raid:
Though you guys might be interested.
I created loop devices out of 3 100 meg files. Ram should be able to cache these.
Code:
root:/dev# losetup /dev/loop1 /x/test/1
root:/dev# losetup /dev/loop2 /x/test/2
root:/dev# losetup /dev/loop3 /x/test/3
Here I encrypted each raid drive separately:
Code:
root:/dev# cryptsetup create e1 loop1
Enter passphrase:
root:/dev# cryptsetup create e2 loop2
Enter passphrase:
root:/dev# cryptsetup create e3 loop3
Enter passphrase:
root:/dev# cd mapper
root:/dev/mapper# mdadm --create --verbose /dev/md0 --level=5 --chunk=64 --raid-devices=3 e1 e2 e3
mdadm: layout defaults to left-symmetric
mdadm: size set to 102336K
mdadm: array /dev/md0 started.
Testing:
Code:
root:/dev/mapper# hdparm -t /dev/md0
/dev/md0:
Timing buffered disk reads: 128 MB in 3.04 seconds = 42.07 MB/sec
root:/dev/mapper# hdparm -t /dev/md0
/dev/md0:
Timing buffered disk reads: 164 MB in 3.02 seconds = 54.28 MB/sec
In the second test I put the encryption on top of the raid block, so only one thread was handling the encryption.
Code:
root:/dev# mdadm --create --verbose /dev/md1 --level=5 --chunk=64 --raid-devices=3 loop0 loop2 loop3
mdadm: layout defaults to left-symmetric
mdadm: size set to 102336K
mdadm: array /dev/md1 started.
root:/dev# cryptsetup create eraid md1
Enter passphrase:
Testing array without any encryption:
Code:
hdparm -t md1
md1:
Timing buffered disk reads: 198 MB in 0.76 seconds = 259.27 MB/sec
root@black:/dev# hdparm -t md1
md1:
Timing buffered disk reads: 198 MB in 0.64 seconds = 311.56 MB/sec
And testing with encryption:
Code:
root:/dev# hdparm -t /dev/mapper/eraid
/dev/mapper/eraid:
Timing buffered disk reads: 130 MB in 3.01 seconds = 43.17 MB/sec
/dev/mapper/eraid:
Timing buffered disk reads: 136 MB in 3.04 seconds = 44.80 MB/sec
So the large encryption block on top is slightly faster than individual encrypted blocks. However, the downside is that if I ever wanted to change my password I would have to backup all the data first. With the raid block sitting on encrypted device blocks, I can change the password one drive at a time without backing up the data.
I tested this on a dual core laptop. I'll see if my cheap AMD quad core (only 512K per L2 cache and no L3 cache) can do any better with separate encryption blocks.
Bookmarks