On 2013-07-02 02:26, Erling Westenvik wrote: > Hi folks, > > Anyone having any experience with putting an softraid CRYPTO partition > on top of a softraid RAID 1? In terms of performance?
I recently built my NAS, and tried both CRYPTO and no softraid and noticed a pretty big difference. With cypto, speed didn't exceed 2.3MBps. Without it, speed is stable at about 9.3MBps. When inspecting this, CPU stays at ~100%, in both scenarios (Mostly due to my network connection being encrypted as well). Note that I have gigabit ethernet, and actual network speed CAN reach faster speeds; it was purely my CPU which limited me. Just in case, my CPU *does not* support AESNI. I'm pretty sure you mileage *will* vary if yours does. In the end, I used an unencrypted disk for delicate stuff, and a non-encrypted one for non-delicate stuff (music/movies/etc). Both tests were done with 200GB of random files (movies mostly). > > I'd like to build a file server that favors redundancy, availability and > privacy over performance. The latter within limits though, hence my > initial question. Private use only. Me, my family and ... friends. Since privacy is a priority for you, then make sure the CPU supports AESNI, I'm confident you'll get better performance with no privacy drawback. I've no hardware to actually test this, but I'm pretty confident the difference is noticable. > > I'm planning to use 3 x 1TB drives in RAID 1. No FDE since > "availability" involves the possibility of unattended booting; like > after a power outage while being abroad/out of town, in which case I'd > have to ssh in to the box and bioctl(8) the encrypted volume. Otherwise > the PC is an old Pentium 4 3.40GHz with 3GB RAM which as of today runs > fine as a file server with 2 x 500GB disks in softraid RAID 1. We mentioned this at some point off-list, but I'd like to document this in case anybody's interesed: my OS runs of a 4GiB USB drive, which keeps as many SATA ports as possibe available, while maintaining availability. A RAID1 on two of these drives would be great, since they don't have the best record when it comes to durability. > > Sorry if my question does not belong on @misc. I've done quite some > homework but could not find information pertinent to my case and would > like to hear any arguments for or against before I spend many hours on > copying hundres of gigabytes to potentially no avail. I did. :) Granted, it wan't fun, but it wan't too much work either, since I left it while I was AFK, so it didn't bother me in the least. > > Regards, > > Erling > Cheers, -- Hugo Osvaldo Barrera [demime 1.01d removed an attachment of type application/pgp-signature]
