GELI performance with AES-NI

[Morbius]

Does anyone have any experience of how much AES-NI helps GELI performance?

I need to replace a faulty Phenom II based system, and I mainly want to reduce power consumption, so a core i3 would be a good choice, but it lacks AES-NI. I trying to decide whether it's worth going to an i5, or maybe an amd piledriver.

With a software implementation I find that moving files without geli is several times faster than geli to geli transfers even with 128bit AES-CBC.

 

[vermaden]

@Morbius

When You have AESNI, then 256bit AES XTS is not a problem, not a performance hit.

If You do not have AESNI, then 128bit AES CBC is MAX what I recommend (and use without AESNI).

 

[Morbius]

Have you measured the transfer rates for GELI vs ordinary UFS with AES-NI?

I know AES-NI is very much faster than software AES, but I'm not certain that AES is a simple limiting factor, the CPU usage of GELI seems a bit low for that.

 

[vermaden]

I only used both of these with ZFS and without AESNI.

256bit AES XTS was about 15 MB/s, while 128bit AES CBC is about 60-80MB/s on SSD.

 

[throAU]

Does anyone have any experience of how much AES-NI helps GELI performance?

I haven't done testing, but Intel indicate that using the AES-NI instructions is good for a 20-30x throughput increase vs doing AES without using the hardware support.

Bear in mind that a low power CPU may not be quite so low power if it is thrashing the CPU to run AES, vs. a "higher power" CPU that is essentially sitting idle (and can thus spend more time asleep or in a low power state) due to AES-NI support.

YMMV, depends on your workload, etc.

 

[Sebulon]

@Morbius

This might be an interesting read:
GELI Benchmarks

/Sebulon