A Comparison of Cryptographic Algorithms for Software RAID-5

Linux Software RAID Performance Comparisons

The Problem

Several cryptographic algorithms are available for use with software RAID-5. While there is a great deal of analysis available regarding the relative security of these algorithms, less information is available regarding performance when used for software RAID-5.

The cryptsetup command has an align-payload option that the man page claims should be set to the "full stripe boundary" of the underlying RAID. The graphs in the right hand column verify that this is true.

The Controller

The Test System

The Test Matrix

Conclusion

AES-128 is fastest, followed by AES-256, twofish, and then blowfish. This may be due to an assembler version of AES being available as a kernel module for Linux. However, all of the algorithms have similar performance for may workloads, and AES-256 is only significantly slower than AES-128 for multithreadded sequential reads. Hence there is no compelling reason to select AES-128 over AES-256.

Various payload alignment also produces similar results for most workloads. Small payload alignment shows some degradation in performance, whereas large payload alignment (512KB and 1MB) show the best performance over the wides range of testing.

Recommendation: AES-256 and payload-alignment of a full stripe size. (Note that the align-payload parameter for cryptsetup is in units of 512 byte sectors, although all the graphs presented here use kilobytes and megabytes.)

Sequential Single Threaded Tests

For sequential reads, all the algorithms have similar performance, with some small I/O 100% reads doing better on AES-128, twofish-127, and blowfish-128. For large I/O sizes, AES-128 is a clear winner.

Payload aligment provides similar performance at small I/O sizes, with 512KB and 1MB alignment having small advantages at larger I/O sizes.



Random Single Threaded Tests

For random reads, performance of all of the algorithms is similar, with AES-128 best for large I/O sizes.

Payload alignment is also similar, but for workloads with writes at larger I/O sizes, the 4KB alignment is clearly worse, and the the 512KB and 1M alignment is clearly better.



Sequential Multi-Threaded Tests

Multithreaded sequential reads show a clear differentiation between algorithms, with AES-128 outperforming all other algorithms.

Some deficiencies are clearly seen in small payload alignment sizes.



Random Multi-Threaded Tests

For multithreaded random tests, the algorithms are again similar, especially at small I/O sizes.

Payload alignment shows clear benefit to 512KB and 1MB payload sizes.