pefs benchmark

September 16, 2009 by · 2 Comments 

pefs is a stacked cryptographic filesystem for FreeBSD. It has started as a Goggle Summer of Code’2009.

I’ve just come across performance comparison of eCryptfs against plain ext4 filesystem on Ubuntu, benchmark I was going to perform on my own.

I run dbench benchmarks regularly while working on pefs. But use it mostly as a stress test tool. I haven’t reached the point I can start working on improving performance yet. But measuring pefs overhead is going to be interesting.

Unfortunately I fail to interpret dbench results from the article. They’ve used dbench 4, while I’m using dbench 3 from ports. But never the less result of 4-8 Mb/s looks too strange for me.

I’ve benchmarked 4 and 16 dbench clients on zfs, pefs with salsa20 encryption (256 bit key) on top of same zfs partition and pefs with aes encryption (128 bit key, ctr mode). I executed benchmark for 3 times in each setup.

First of all, cipher throughput:
salsa20 ~205.5 Mb/s
aes128 ~81.3 Mb/s

Benchmark results:

dbench zfs/pefs 4 clients

dbench zfs/pefs 16 clients

In both cases (4 and 16 clients) CPU was limiting factor, disks where mostly idle. This explains such divergence in zfs results, I’ve actually benchmarked zfs arc cache performance. Because of unpredictable zfs inner workings one can get the best aes128 result surprisingly close to the worst salsa20 one (salsa20 is ~2.5 times faster than aes128).

The graph comparing average values:
dbench zfs/pefs 4 clients

Conclusion is that pefs is 2x times slower. But that shouldn’t be solely because of encryption. From my previous testing I can conclude that it’s mostly filesystem overhead:

  • Current pefs implementation avoids data caching (to prevent double caching and restrain one’s paranoia). I had version using buffer management for io (bread/bwrite) it’s performance was awful, something like 20-30 Mb/s with salsa20 encryption.
  • Sparse files (add file resizing here too) is implemented very poorly: it requires exclusive lock and fills gap with zeros. While this “gap” is likely to be filled by application really soon.
  • Lookup operation is very expensive. It calls readdir and decrypts name for each directory entry.

eCryptfs IOzone benchmark also shows 2x difference

About gleb

Comments

2 Responses to “pefs benchmark”
  1. Puma says:

    good work!

Trackbacks

Check out what others are saying about this post...
  1. [...] Gleb Kurtsou Just another FreeBSD Committers Blogs weblog « pefs benchmark [...]