GEOM BDE stats / questions about crypto transformations
Mike Tancsa
mike at sentex.net
Fri Oct 3 14:13:01 PDT 2003
We are looking at doing some offsite backup at a generally physically
secure location. Still we are not that trusting of our data living off
site. So GEOM BDE seems to be a good fit to further reduce the risk. The
hardware we have is a 2.2 Celeron as well as a HiFn card to assist with
3des transformations. (basically one backup server here at HQ pushing off
big dump files via ssh) and other stuff with FAST_IPSEC tunnels to the off
site location. For storage, we have a 3ware 7810 with RAID5. The link speed
between us is anywhere from 10Mb/s to 40Mb/s (depends on what is available
during the time of day-- we only will use excess bandwidth) This should
allow us to fully backup our data in 24hrs. I wanted to make sure I could
write out to the disk with at least that speed.
Doing a simple test with bonnie as well as simulating it via scp, its a bit
close.
-------Sequential Output-------- ---Sequential Input--
--Random--
-Per Char- --Block--- -Rewrite-- -Per Char- --Block---
--Seeks---
Machine MB K/sec %CPU K/sec %CPU K/sec %CPU K/sec %CPU K/sec %CPU /sec %CPU
5 4000 16746 56.0 17152 29.4 11675 24.7 24569 68.9 34602 27.7 129.7 3.1
5EH 4000 4961 17.1 5145 9.1 3720 8.0 9996 28.8 12347 11.3 119.5 2.9
5E 4000 4953 17.1 5132 9.4 3790 7.9 10522 30.6 13125 12.3 120.1 2.8
5 = Regular RAID 5 UFS mount
5EH = RAID 5 with HiFn crpto card from Soekris on a BDE encrypted mount
5E = BDE encrypted mount
The hiFn card doesnt seem to make much difference as it only offloads MD5
calculations. However, overall the CPU is lower when running with the hifn
card defined in the kernel. It makes a large difference in CPU usage when
scp'ing a file across using 3des. Perhaps when the new Soekris card which
does AES comes out, these numbers will speed up.
In the mean time is anyone using this in production ? Are you using any
USB keys for the storing the pass phrase ? If so, can you give me some
details as to how you set it up ?
Thanks,
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
More information about the freebsd-current
mailing list