Re: Best configuration for encrypted software RAID 1?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, May 21, 2013 at 8:15 PM, SilverTip257 <silvertip257@xxxxxxxxx> wrote:
>
> On Tue, May 21, 2013 at 3:53 PM, Markus Falb <wnefal@xxxxxxxxx> wrote:
>
> >
> > On 15.Mai.2013, at 18:22, Dave Johansen wrote:
> >
> > > My main question is will it be better to encrypt the RAID itself or
> > > the two partitions used by the RAID?
> >
> > encrypt data once and let md mirror the encrypted stuff
> >
>
> Certainly the simplest.
> +1 for LVM inside the LUKS volume  ;)
>
>
> > or
> > let md mirror and encrypt data twice, once per raid member.
> >
>
> In my example, my swap was striped, so it made sense (but with the price of
> RAM there's hardly an excuse for swapping to disk!).
>
>
> >
> > Encryption is CPU hungry.
> >
>
> I'll second this.  I've noticed the iowait is fairly high on my offsite
> encrypted backup server (backups are on software raid with LUKS on top).
>  And the kcryptd process consumes a fair bit of cpu time.
>
>
> > Performance wise the winner seems clear.
> >
>
> And kcrypd isn't SMP aware [0] (unless that has changed) so there's another
> bottleneck.
>
> [0] http://www.redhat.com/archives/dm-devel/2009-April/msg00151.html

Thanks for all the feedback. I just wanted to make sure that there
wasn't some gotcha that I was missing or any slight tweak that would
improve performance, but it sounds like there's not.
Thanks,
Dave
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux