ZFS Native Encryption is slow on Intel Atom #11525
Labels
Status: Triage Needed
New issue which needs to be triaged
Type: Defect
Incorrect behavior (e.g. crash, hang)
System information
Describe the problem you're observing
ZFS native encryption is very slow compared to non-encrypted datasets and ZFS on LUKS. It shouldn't be a CPU throughput problem, as both cryptsetup and Openssl reach very high speeds during benchmarks. I've performed most tests with debian stable (buster) and ZFS 0.8.6-1. In the end I updated to debian testing (bullseye) to confirm with ZFS 2.0.1-2 (last test), which has the same problem.
Describe how to reproduce the problem
Setup:
perf top
shows kernelaes_aesni_encrypt
at 60% when runningdd
on encrypted datasets)dd if=/dev/zero of=/foo/foo bs=1M count=20k
zpool export tank && zpool import tank (-l)
dd if=/foo/foo of=/dev/null bs=1M
no encryption
zpool in luks (aes-xts-plain64 512b key)
zfs native encryption
dataset creation commands:
aes-256-gcm:
aes-128-gcm:
aes-128-ccm:
aes-256-ccm:
aes-256-gcm on ZFS 2.0.1-2 (zfs-2.0.1-2, zfs-kmod-2.0.1-2) after updating from debian buster to bullseye:
cryptsetup benchmark
openssl speed (aesni)
openssl speed (software)
The text was updated successfully, but these errors were encountered: