Speeding-Up GELI on NAS4Free
If you are using GELI to encrypt ZFS disk as I do, there is a slight issue with default NAS4Free configuration. Disk access is slow and everything points toward encryption as culprit.
To test encryption speed, one approach can be to load zero geom and encrypt a few bytes.
kldload geom_zero
geli onetime -e aes-xts -l 128 -s 4096 /dev/gzero
dd if=/dev/gzero.eli of=/dev/null bs=1M count=256My result was around 40 MB/s. Definitely not what I expected nor it comes even close to what’s needed to support full disk speed.
Further we can see that hardware crypto is supported and that GELI is not using it:
dmesg | grep AESNI
Features2=0x43d8e3bf<SSE3,PCLMULQDQ,…,TSCDLT,^^AESNI^^,RDRAND>``
geli list | grep Crypto
Crypto: software
Crypto: software
Crypto: softwareBy default NAS4Free doesn’t load AES encryption module. And AES without hardware support is not as impressive as one would expect.
Fortunately, it is simple to load it. Going to System, Advanced, loader.conf, and adding aesni_load=YES is all that is needed. After reboot, we can check if module is properly loaded:
kldstat | grep aesni.ko
7 1 0xffffffff8ab3d000 bd50 aesni.ko
geli list | grep Crypto
Crypto: hardware
Crypto: hardware
Crypto: hardwareIf one repeats previous test, now speed is more reasonable 350 MB/s. Manually enabling hardware encryption module definitely pays off!
Here are results I saw on my ZFS machines:
| Processor | Mode | Without AES-NI | With AES-NI |
|---|---|---|---|
| Intel Core i3-4010U @1.70GHz | XTS | 60 MB/s | 780 MB/s |
| CBC | 75 MB/s | 750 MB/s | |
| Intel Atom C2558 @2.40GHz | XTS | 40 MB/s | 350 MB/s |
| CBC | 45 MB/s | 350 MB/s |
PS: Yes, this works for FreeNAS too.
PPS: You can also load module for temporary testing using kldload aesni.
[2018-07-22: NAS4Free has been renamed to XigmaNAS as of July 2018]