A Comparison of Software RAID-5 With and Without Encryption

Linux Software RAID Performance Comparisons (2012)

The Problem

The use of encrypted RAID-5 has historicaly halved throughput when compared with unencrypted IO. Here we look at the performance degradation imposed by cryptography on an otherwise unloaded system.

The Controller

The Test System

The Test Matrix


The degradation in performance for encryption is about 5% for small block random reads, rising to 20% for large sequential writes. This is improved over earlier systems, which degraded by as much as 50%, probably because of improved memory bandwith.


RAID-5 means IO to the raw /dev/md0 device created with 'mdadm -C /dev/md0 /dev/sd[bcdef]2 -n 5 -l 5'

Encrypted RAID-5 means IO to the cryptographic device /dev/mapper/r0, created using 'cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h sha256'

Ext4fs over Encrypted RAID-5 means IO to a 1TB file created with 'dd if=/dev/zero of=/mnt/file bs=1024k count=1400000' on an ext4fs file system created with 'mke2fs -t ext4 -E stride=128,stripe-width=512 /dev/mapper/r0' that was mounted with 'mount /dev/mapper/r0 /mnt -o noatime,nodiratime'

Small Block Tests

Large Block Tests