Speeding up Linux disk encryption
In this blog post, we discuss how we optimized disk encryption performance in our data centers using a combination of kernel patches and custom configurations. We achieved significant improvements by eliminating unnecessary queuing and asynchronous behavior in the dm-crypt module and synchronizing Linux Crypto API calls. The resulting changes effectively doubled the throughput and halved the latency for encrypted disk operations, while maintaining strong security guarantees. The performance improvement is particularly important for our caching infrastructure, where worst-case response times have been significantly reduced without any impact on overall cache performance. We believe that these optimizations can benefit other users of Linux disk encryption as well, and we are working towards including them in the mainline kernel source tree.
Company
Cloudflare
Date published
March 25, 2020
Author(s)
Ignat Korchagin
Word count
5149
Hacker News points
None found.
Language
English