how swap is managed in freenas

[marsuf]

I would like to know how swap space is managed in freenas.

Does it use zfs for swap? If it is the case checksum is disabled?

Looking in freebsd mailing lists, it seem that is recomended to don't use zfs for swap, and if it is used, is recomended that checksums are disabled.

I would like to know what path has taken freenas, because using swap without checksum, it breaks all the security that we want with zfs + ECC, etc.

 

[cyberjock]

FreeNAS assigns a 2GB partition(default size but is configurable in the GUI) to every disk you format with ZFS(not sure about UFS). So naturally the swap space is not protected from corruption any more than a swap file(or swap space) on another file system and/or OS.

You should not normally be using swap space in FreeBSD. Unlike other OSes(like Windows) using swap is not supposed to be a "matter of course" for your system. If you are, then you need to add more RAM to your system. The swap space is only available to prevent the system from crashing in the event that more RAM is needed than you had anticipated.

The swap space is encrypted with AES-256, so it is not a security risk. However, if a disk starts failing, that could result in corruption of contents in RAM. As you have no doubt realized, this would be very bad. But this shouldn't be happening since you are a good system admin and have installed enough RAM to make sure you aren't using swap space. :)

 

[marsuf]

I think that if encryption is used, then the swap is protected from corruption. (It doesn't offer the same level of protection of zfs that it will retry to read from the other disk).

I suppose that if there is corruption, the swap could no be decrypted, and freenas will panic. not? It is enough for me.

One question

1- Is there some known problem using swap (not backed by zfs) and zfs ? I am thinking in use 8g memory + 8 gb swap. I know that the performance
may not be good, if it begins trashing.

 

[cyberjock]

I think that if encryption is used, then the swap is protected from corruption. (It doesn't offer the same level of protection of zfs that it will retry to read from the other disk).

I suppose that if there is corruption, the swap could no be decrypted, and freenas will panic. not? It is enough for me.

Nope. It doesn't work like that. The "corrupted" data will still decrypt, but you get GIGO.. Garbage In -> Garbage Out. FreeNAS may panic from the corruption regardless of if it is encrypted or not. Encryption doesn't change the likelihood of the system panicing. The risk is still the same.

So no, your logic is incorrect.

One question

1- Is there some known problem using swap (not backed by zfs) and zfs ? I am thinking in use 8g memory + 8 gb swap. I know that the performance
may not be good, if it begins trashing.

Swap is not an alternative to RAM like it is for Windows. If you are in a situation where you are actually using the swap, that means that you should be upgrading RAM. This isn't like Windows where swap, if enabled, is designed to be used.

Additionally, if you aren't using swap, that doesn't mean that if performance sucks more RAM isn't the solution. It only means that your system isn't trying to allocate more RAM than your system has.

The two reasons why swap exists is:

1. If you have to do a disk replacementa and the new disk is slightly smaller because of a firmware revision, you can absorb that loss by not using a swapspace on that disk. This can and does happen from time-to-time.
2. If you run out of RAM and have no swapspace then the system is almost guaranteed to panic. With swapspace, instead of the panic the system will continue running but may perform slower. Which would you prefer for system uptime? :) It also allows the system to continue functioning until you can order new RAM and schedule a time to install it.

 

[marsuf]

Nope. It doesn't work like that. The "corrupted" data will still decrypt, but you get GIGO.. Garbage In -> Garbage Out. FreeNAS may panic from the corruption regardless of if it is encrypted or not. Encryption doesn't change the likelihood of the system panicing. The risk is still the same.

So no, your logic is incorrect.

If freenas use AES-256, then it must use: geli(8). Reading the man page it says that it supports HMAC/SHA256 as integration verification, then detect corruption is possible. I undesrstand that if corruption happnes it will be detected and the system
will panic (I rather that it panics that the corruption spreads).

Swap is not an alternative to RAM like it is for Windows. If you are in a situation where you are actually using the swap, that means that you should be upgrading RAM. This isn't like Windows where swap, if enabled, is designed to be used.

Additionally, if you aren't using swap, that doesn't mean that if performance sucks more RAM isn't the solution. It only means that your system isn't trying to allocate more RAM than your system has.

The two reasons why swap exists is:

1. If you have to do a disk replacementa and the new disk is slightly smaller because of a firmware revision, you can absorb that loss by not using a swapspace on that disk. This can and does happen from time-to-time.
2. If you run out of RAM and have no swapspace then the system is almost guaranteed to panic. With swapspace, instead of the panic the system will continue running but may perform slower. Which would you prefer for system uptime? :) It also allows the system to continue functioning until you can order new RAM and schedule a time to install it.

In UNIX if there is a shortage of memory the process is killed when there isn't enough memory for fork/brk system calls and others, but the system doesn't panic.
I believed that recent versions of FreeBSD 64 bits using zfs with shortage of memory didn't panic anymore. Isn't the case? Do you know of remaining problems of zfs on FreeBSD related to shortage of memory? (I haven't used FreeBSD in the last 12 years, and my knowledge about this is reading mailing lists and other UNIXes).[/QUOTE]

 

[Dusan]

If freenas use AES-256, then it must use: geli(8). Reading the man page it says that it supports HMAC/SHA256 as integration verification, then detect corruption is possible. I undesrstand that if corruption happnes it will be detected and the system will panic (I rather that it panics that the corruption spreads).

Yes, FreeNAS uses geli. And yes, geli supports HMAC/SHA256, but it is optional. FreeNAS does not enable data integrity verification in geli for two reasons: 1. geli data integrity verification consumes 11% of the diskspace (when using 4k sectors) leaving only 89% available for data; 2. in FreeNAS you can use encryption only with ZFS, ZFS already includes checksumming, it would not make sense to do it twice.

In UNIX if there is a shortage of memory the process is killed when there isn't enough memory for fork/brk system calls and others, but the system doesn't panic.

That may be true in the userland. But, what happens if the kernel runs out of memory? Kernel panic. ZFS is able to consume a lot of kernel memory.