Subject: cgd-on-vnd results on Xen
To: None <port-xen@NetBSD.org>
From: Johnny C. Lam <jlam@pkgsrc.org>
List: port-xen
Date: 10/04/2005 03:37:45
I use big files in my filesystems for file-backed guest domains. I'd
like to set up some cgd(4) devices in my guest domains to protect
against the data being slurped off the dom0 partition and read. To
help decide which type of cgd setup I should choose, I wanted to see
the effect of using various cgd-over-vnd configurations in my Xen
setup.
I'm running NetBSD-3.0_BETA on a dual-proc Xeon 3.2GHz box with 2GB
RAM and Ultra320 SCSI disks, and dom0 was allocated 128MB of memory
usage. What I did was run the following in dom0:
dd if=/dev/zero of=/dev/rcgd0d bs=... # for writes
dd if=/dev/rcgd0d of=/dev/null bs=... # for reads
using various block sizes for transfer on cgd-on-vnd devices backed
by a 5GB file on my filesystem. The dom0 filesystem is FFSv2 with
16KB blocks and 2KB fragments.
My results for various cgd configurations and block sizes were:
32KB 16KB 8KB
algorithm write read write read write read (MB/s)
------------------------------------------------------------------------
none 80.24 63.47 59.94 54.95 46.66 43.16
aes-cbc 128 33.48 24.24 29.13 22.12 25.21 19.89
aes-cbc 192 30.52 20.90 26.99 20.34 22.65 18.37
aes-cbc 256 27.02 20.20 25.17 18.10 22.15 17.16
3des-cbc 192 14.39 10.94 14.00 12.22 12.64 11.48
blowfish-cbc 128 37.49 31.73 32.45 27.70 27.36 24.46
32KB 16KB 8KB
algorithm write read write read write read (%)
------------------------------------------------------------------------
none 100.00 100.00 100.00 100.00 100.00 100.00
aes-cbc 128 41.72 38.19 48.60 40.25 54.03 46.08
aes-cbc 192 38.04 32.93 45.03 37.02 48.54 42.56
aes-cbc 256 33.67 31.83 41.98 32.94 47.47 39.76
3des-cbc 192 17.93 17.23 23.36 22.24 27.09 26.60
blowfish-cbc 128 46.72 49.99 54.14 50.41 58.64 56.67
The second table displays the same results as the first, but expresses
the results using percentages instead of the raw throughput numbers.
The results for the first line, "none", of each table were from running:
dd if=/dev/zero of=/dev/rvnd0a bs=... # for writes
dd if=/dev/rvnd0a of=/dev/null bs=... # for reads
The "none" results are supposed to be baseline measurements for
comparisons against the throughput for the basic vnd disk-on-file
abstraction. I freely admit this is a naive benchmark because I was
too lazy to install and run bonnie. However, I hope this information
is still somewhat useful to other people trying to set up something
similar.
Cheers,
-- Johnny Lam <jlam@pkgsrc.org>