mledford
Cadet
- Joined
- Feb 12, 2015
- Messages
- 2
I want to use SMB3 for encrypted connections however the performance hit is much more than I expected. I have searched high and low and it appears to me that it should be faster but I might be missing something.
My software:
The connecting client is Mac OS X 10.10. I start out with having "smb encrypt = auto" so the connections are not encrypted. I have verified it is not encrypted by using wireshark. I repeatably transfer a 1 GB file from the client to the server in ~10 seconds. This works out to roughly 100 MB per second. If I go back and turn "smb encrypt = mandatory" the same file takes ~2 minutes 5 seconds. That works out roughly to 8 MB per second. I have verified it is encrypted by using wireshark. When I look at top in the console while encryption is turned on and the file is being transfered the samba process is peaking one of the cores at 100% so that appears to be the performance bottleneck. This is expected if you were to do the encryption without any acceleration. However, my CPU does implement AES-NI.
Now, I know that GLEI uses my hardware's AES-NI instructions to do fast encryption of the disk however it's not clear if samba also takes advantage of it. So I did some research and came across a Samba posting that said they offload AES to GSSAPI and that it is up to the vendors to implement the optimization of offloading it to the AES-NI instructions. I haven't been able to locate if FreeBSD's implementation does offload it or not. Given my performance it appears that it doesn't.
My questions are:
My software:
- FreeNAS-9.3-STABLE-201502110455
- ASRock C2750D4I
- Intel(R) Atom(TM) CPU C2750 @ 2.40GHz
- 2 x 8GB DDR3 PC3-12800 Unbuffered ECC
- 6 x WD Red 3TB - WD30EFRX, raidz2, using GLEI
The connecting client is Mac OS X 10.10. I start out with having "smb encrypt = auto" so the connections are not encrypted. I have verified it is not encrypted by using wireshark. I repeatably transfer a 1 GB file from the client to the server in ~10 seconds. This works out to roughly 100 MB per second. If I go back and turn "smb encrypt = mandatory" the same file takes ~2 minutes 5 seconds. That works out roughly to 8 MB per second. I have verified it is encrypted by using wireshark. When I look at top in the console while encryption is turned on and the file is being transfered the samba process is peaking one of the cores at 100% so that appears to be the performance bottleneck. This is expected if you were to do the encryption without any acceleration. However, my CPU does implement AES-NI.
Now, I know that GLEI uses my hardware's AES-NI instructions to do fast encryption of the disk however it's not clear if samba also takes advantage of it. So I did some research and came across a Samba posting that said they offload AES to GSSAPI and that it is up to the vendors to implement the optimization of offloading it to the AES-NI instructions. I haven't been able to locate if FreeBSD's implementation does offload it or not. Given my performance it appears that it doesn't.
My questions are:
- Should I expect better SMB3 encryption speeds given my hardware and software?
- If so is there a configuration I am missing to enable the better performance?