[dm-crypt] Poor performane (idle cpu)

Arno Wagner arno at wagner.name
Mon Feb 8 02:50:28 CET 2010

On Mon, Feb 08, 2010 at 02:16:54AM +0100, Jakob Sandgren wrote:
> Hi,
> I'm using dm-crypt for several mappings with a hardware raid backend. 
> Using a raw read from the raid device (e.g sda) gives ~250MB/s
> But when I read from an encrypted mapping, I just get ~70MB/s. That
> should be fine if I at least have the kcryptd process using a core at
> 100%, but that is not the case. Three of my four cores is 99% idle and
> one core is 50% idle (aprox.).

Which means your core is too slow to support the full 250MB/s
> I have recently upgraded my hardware from an older quadcore system
> (AMD) to a new Core I7 (860) and expected improved performance and
> when I did not get that, then did I do some more investegation and
> found out above. I have also read posts from others having the same
> problems, but no explanation.

I suspect as the core can support only about 140MB/s encryption
speed, the accesses get broken. It is well possible that
if your array would only give 120MB/s it would still have
that rate encrypted.

> Anyone who has an explanation for this or a hint if one could
> "tune" anything to get better performance? 

You may try to encrypt the individual disks and do the
RAID on top of the decrypted disks. That way you should
have more cores participate in the crypto. The problem
with this is of course that this requires the flexibility  
of software RAID and hardware RAID cannot do it.

You can also try larger stripe sizes, but that should
make only a minor difference.
You can also try slow your RAID down to something
like 120MB/s in ordert o stay within what a single
core can decrypt.

Just a note on multicore speed: It is often better to have
fewer faster cores than more slower ones. Your problem
is an exapmle for that.


> Output from "cryptsetup status":
> /dev/mapper//dev/mapper/shared1 is active:
>   cipher:  aes-cbc-essiv:sha256
>   keysize: 128 bits
>   device:  /dev/mapper/areca_0_1-shared1_raw
>   offset:  1032 sectors
>   size:    3145726968 sectors
>   mode:    read/write
> Best Regards,
> Jakob
> -- 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

More information about the dm-crypt mailing list