Software encryption performance using G3250

[n12365]

I currently have a FreeNAS setup with an Intel Pentium G3250 (3.2 GHz), 16gb of ram, 6 drives in a raid-z2 configuration, and a 1 Gbps NIC. This configuration is able to saturate the 1 Gbps link and I have been very happy with the performance. However, I am considering going to encrypted drives and the G3250 doesn't have AES-NI hardware support. I am concerned the G3250 won't be powerful enough to do software encryption and still saturate the 1 Gbps link. Does anyone have any experience using encryption with a similar setup?

 

[Mirfster]

Some info per the manual:

If the system has a lot of disks, there will be a performance hit if the CPU does not support AES-NI or if no crypto hardware is installed. Without hardware acceleration, there will be about a 20% performance hit for a single disk. Performance degradation will continue to increase with more disks. As data is written, it is automatically encrypted and as data is read, it is decrypted on the fly. If the processor does support the AES-NI instruction set, there should be very little, if any, degradation in performance when using encryption. This forum post compares the performance of various CPUs.

May want to consider a CPU that does support AES-NI...

 

[DrKK]

Also:

Whole-pool encryption is a sucker's bet. The risk to your pool goes up tremendously, and if you pause to think about it, the benefit you're receiving is probably very close to zero in any practical sense.

If you have a few files you'd like to encrypt (e.g., various pr0n or financial documents), then it is certainly much, much, much less risk to simply create an encrypted file volume (e.g., TrueCrypt) and store that on the NAS, versus doing a whole pool encryption.

 

[Yatti420]

Also:

Whole-pool encryption is a sucker's bet. The risk to your pool goes up tremendously, and if you pause to think about it, the benefit you're receiving is probably very close to zero in any practical sense.

If you have a few files you'd like to encrypt (e.g., various pr0n or financial documents), then it is certainly much, much, much less risk to simply create an encrypted file volume (e.g., TrueCrypt) and store that on the NAS, versus doing a whole pool encryption.

Exactly.. It's just not friendly enough to pick up and use imho.. If your not willing to test and know every aspect of that encryption system etc.. Don't use it!.. If something goes wrong or you forget that key or password you need it's game over.. I don't use it personally.. It's easier to encrypt specific files and store them on the NAS..