LUKS and intel AES extension performance

Finally I've just got cpu with AES-NI to play with. And finally I was able to check performance gain using hadrware with LUKS volumes.
Edit: most important info, tested CPU was Intel Xeon X5650.

First of all I've checked block device speed (which was 2 SAS 300GB RAID1 set) without encryption. Device has ext4 and I used bonnie++ as usual.


Then I checked LUKS aes-xts-plain volume with 512bit key.


And last one which was kinda tricky to get, was LUKS aes-xts-plain volume with 512b key, but encrypted with standard asm_x64 aes module. To get this to work I have to close LUKS volume, unload aes_ni module, and then open again LUKS volume. In theory I should be able to change encryption module prioryty in /proc/crypto using cryptotools, but I wasn't able to do so under Centos 6.2. But the most important the performace was like:


Funny thing, but nonencrypted volume was slower than aes-ni encrypted LUKS one. Not much, but you can see it. Writes and reads are faster, rewrites bit slower.
But the most important, there is difference between aes-ni and non-hardware encrypted luks. Which for writes is ~80% gain, for rewrites it's ~41% and for
reads it's ~48%. Considering that test device was kinda slow that possibly was not the whole aes-ni performance, cause crypted volume got that same speed as noncrypted one. Wasn't able to check it on faster block device, cause storage connected to this server got iSCSI interface and transfer was limited by that to about 1Gbps.

Another important thing was CPU load during tests. Standard aes-x86 was taking whole cpu core power almost during whole test, while aes-ni one was taking 18-80%, and was about 40% average. So you gain better performance using less cpu resources. That is something and definitively my next cpu would have aes extension.

Check part 2 if you want:


Hi Ɓukasz, can you perform in your environment some test how luks will behave with/without nobarrier and noatime on ext4? Currently my only setup with this is my work-laptop and could not fiddle with that.

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Main menu

Article | by Dr. Radut