To test encryption speed, one approach can be to load zero geom and encrypt a few bytes.
# kldload geom_zero # geli onetime -e aes-xts -l 128 -s 4096 /dev/gzero # dd if=/dev/gzero.eli of=/dev/null bs=1M count=256
My result was around 40 MB/s. Definitely not what I expected nor it comes even close to what’s needed to support full disk speed.
Further we can see that hardware crypto is supported and that GELI is not using it:
# dmesg | grep AESNI Features2=0x43d8e3bf<SSE3,PCLMULQDQ,…,TSCDLT,AESNI,RDRAND> # geli list | grep Crypto Crypto: software Crypto: software Crypto: software
By default NAS4Free doesn’t load AES encryption module. And AES without hardware support is not as impressive as one would expect.
Fortunately, it is simple to load it. Going to
loader.conf, and adding
YES is all that is needed. After reboot, we can check if module is properly loaded:
# kldstat | grep aesni.ko 7 1 0xffffffff8ab3d000 bd50 aesni.ko # geli list | grep Crypto Crypto: hardware Crypto: hardware Crypto: hardware
If one repeats previous test, now speed is more reasonable 350 MB/s. Manually enabling hardware encryption module definitely pays off!
Here are results I saw on my ZFS machines:
|Processor||Mode||Without AES-NI||With AES-NI|
|Intel Core i3-4010U @1.70GHz||XTS||60 MB/s||780 MB/s|
|CBC||75 MB/s||750 MB/s|
|Intel Atom C2558 @2.40GHz||XTS||40 MB/s||350 MB/s|
|CBC||45 MB/s||350 MB/s|
PS: Yes, this works for FreeNAS too.
PPS: You can also load module for temporary testing using