FreeBSD root on a geli-encrypted ZFS pool
Fabian Keil
freebsd-listen at fabiankeil.de
Sun Mar 18 17:37:30 UTC 2012
"Matthew X. Economou" <xenophon at irtnog.org> wrote:
> Fabian Keil writes:
> > Anyway, it's a test without file system so the ZFS overhead isn't
> > measured. I wasn't entirely clear about it, but my assumption was
> > that the ZFS overhead might be big enough to make the difference
> > between HMAC/MD5 and HMAC/SHA256 a lot less significant.
>
> Got it. That also makes sense. I'll put this on my to-test list.
Great.
> > I'm currently using sector sizes between 512 and 8192 so I'm not
> > actually expecting technical problems, it's just not clear to me
> > how much the sector size matters and if 4096 is actually the best
> > value when using ZFS.
>
> The geli(8) manual page claims that larger sector sizes lower the
> overhead of GEOM_ELI keying initialization and encryption/decryption
> steps by requiring fewer of these compute-intensive setup operations
> per block.
I think the setup operations per block should stay the same,
but the total number of setup operations decrease if(f) increasing
the sector size decreases the number of sectors required to write
the data.
That however should depend on the data and I don't see why
increasing the sector size should always be an improvement.
Geli can't read or write less than a sector, so if the workload
is randomly reading or writing a few hundred bytes, a sector
size of 512 bytes should be superior to a sector size of 4 kB.
Probably a sector size of 4 kB is good for some workloads,
but clearly it can't be the best for all, and it's not obvious
to me that it's the best for most.
Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20120318/5428ffc3/signature.pgp
More information about the freebsd-stable
mailing list