/plushcap/analysis/cloudflare/speeding-up-linux-disk-encryption

Speeding up Linux disk encryption

What's this blog post about?

In this blog post, we discuss how we optimized disk encryption performance in our data centers using a combination of kernel patches and custom configurations. We achieved significant improvements by eliminating unnecessary queuing and asynchronous behavior in the dm-crypt module and synchronizing Linux Crypto API calls. The resulting changes effectively doubled the throughput and halved the latency for encrypted disk operations, while maintaining strong security guarantees. The performance improvement is particularly important for our caching infrastructure, where worst-case response times have been significantly reduced without any impact on overall cache performance. We believe that these optimizations can benefit other users of Linux disk encryption as well, and we are working towards including them in the mainline kernel source tree.

Company
Cloudflare

Date published
March 25, 2020

Author(s)
Ignat Korchagin

Word count
5149

Language
English

Hacker News points
491


By Matt Makai. 2021-2024.