lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <OFDBA54FBA.FB6F3D10-ON802576E4.002FCA7A-802576E4.002FFBCF@ie.ibm.com>
Date:	Fri, 12 Mar 2010 08:47:21 +0000
From:	Mathias Buren <mathias.buren@...ibm.com>
To:	linux-kernel@...r.kernel.org
Subject: Re: RAID + LUKS + LVM performance

Matthias Schniedermeyer <ms@...d.de> wrote on 2010-03-11 17:36:04:

> Re: RAID + LUKS + LVM performance
>
> Matthias Schniedermeyer
>
> to:
>
> Mathias Buren
>
> 2010-03-11 17:39
>
> Cc:
>
> linux-kernel
>
> On 11.03.2010 13:08, Mathias Buren wrote:
> >
> > Hi,
> >
> > (please cc me as I'm not subscribed)
> >
> > I've a friend who's going to set up a fileserver consisting of 8x 1.5TB
> > HDDs, an 8-port PCI-E RAID card (Areca ARC-1220 @
> > http://www.areca.com.tw/products/pcie.htm ) etc.
> > The plan is create a RAID5 array spanning all the disks, then create 4
> > partitions. These 4 partitions would be encrypted using LUKS (Twofish
or
> > AES256).
> > These 4 encrypted partition would be set up in RAID0 using Linux'
software
> > (mdadm), then LVM would be used on top of that (one big PV, one big VG
and
> > a big LV or so).
> >
> > The reason for this is that kcryptd is not multithreaded (afaik). By
having
> > 4 encrypted partitions, then md0 on top of them, I'm forcing 4 kcryptd
> > processes to run on all four cpu cores whenever something is written to
the
> > disks, which should improve (encryption) performance.
> >
> > Is this a good way of doing it, or is there a smarter way?
>
> The setup you describe would only work with SSDs. HDDs would seek
> themselves to death.
>
> The problem is the RAID-0 over the 4 partitions. At that point you would
> need, instead of the 4 partitions, something that is round-robin. So
> that the mapping of the (physical) blocks from the upper to the lower
> would be effectivly linear/unchanged.
>
> AFAIK something like that is (currently) not possible.
>
>
>
>
>
> Bis denn
>
> --
> Real Programmers consider "what you see is what you get" to be just as
> bad a concept in Text Editors as it is in women. No, the Real Programmer
> wants a "you asked for it, you got it" text editor -- complicated,
> cryptic, powerful, unforgiving, dangerous.
>

Hm. But I thought, since the hw RAID card does its own RAID5 thing on the
harddrives, that they wouldn't seek themselves do death. Perhaps they
would, anyway...

What's the best way to set this up then? Or will kcryptd be able to
encrypt/decrypt everything fast enough anyway (~>5-600MB/s I'd say)?

Mathias

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ