GEOM BDE stats / questions about crypto transformations

From: Mike Tancsa <mike_at_sentex.net> Date: Fri, 03 Oct 2003 17:15:54 -0400 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:24 UTC

We are looking at doing some offsite backup at a generally physically 
secure location.  Still we are not that trusting of our data living off 
site.  So GEOM BDE seems to be a good fit to further reduce the risk.  The 
hardware we have is a 2.2 Celeron as well as a HiFn card to assist with 
3des transformations. (basically one backup server here at HQ pushing off 
big dump files via ssh) and other stuff with FAST_IPSEC tunnels to the off 
site location. For storage, we have a 3ware 7810 with RAID5. The link speed 
between us is anywhere from 10Mb/s to 40Mb/s (depends on what is available 
during the time of day-- we only will use excess bandwidth) This should 
allow us to fully backup our data in 24hrs. I wanted to make sure I could 
write out to the disk with at least that speed.

Doing a simple test with bonnie as well as simulating it via scp, its a bit 
close.

               -------Sequential Output-------- ---Sequential Input-- 
--Random--
               -Per Char- --Block--- -Rewrite-- -Per Char- --Block--- 
--Seeks---
Machine    MB K/sec %CPU K/sec %CPU K/sec %CPU K/sec %CPU K/sec %CPU  /sec %CPU
5        4000 16746 56.0 17152 29.4 11675 24.7 24569 68.9 34602 27.7 129.7  3.1
5EH      4000  4961 17.1  5145  9.1  3720  8.0  9996 28.8 12347 11.3 119.5  2.9
5E       4000  4953 17.1  5132  9.4  3790  7.9 10522 30.6 13125 12.3 120.1  2.8

5   = Regular RAID 5 UFS mount
5EH = RAID 5 with HiFn crpto card from Soekris on a BDE encrypted mount
5E  = BDE encrypted mount

The hiFn card doesnt seem to make much difference as it only offloads MD5 
calculations.  However, overall the CPU is lower when running with the hifn 
card defined in the kernel.  It makes a large difference in CPU usage when 
scp'ing a file across using 3des.  Perhaps when the new Soekris card which 
does AES comes out, these numbers will speed up.

In the mean time is anyone using this in production ?  Are you using any 
USB keys for the storing the pass phrase ?  If so, can you give me some 
details as to how you set it up ?

Thanks,

	---Mike
--------------------------------------------------------------------
Mike Tancsa,                          	          tel +1 519 651 3400
Sentex Communications,     			  mike_at_sentex.net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada			  www.sentex.net/mike