ZFS Snapshot Replication - Encryption?

[RichTJ99]

Hi,

I was following the manual on ZFS Snapshot replication from my freenas box #1 to box #3.

https://doc.freenas.org/9.3/freenas_storage.html#replication-tasks

It says:

If the security policy allows it, temporarily change the “Encryption Cipher” to Disabled until the initial replication is complete. This will turn off encryption but will speed up the replication. The “Encryption Cipher” can then be changed to Standard or Fast for subsequent replications

I seem to only have two options under encryption - standard or fast. How do i turn off encryption for the first few replication tasks?

Thanks,
Rich

 

[danb35]

Are you using FreeNAS 9.3? Because the link you give is from the 9.3 manual. The 9.10 manual is consistent with what you're seeing: http://doc.freenas.org/9.10/storage.html#replication-tasks

And I don't believe it's the case that turning off encryption will speed up anything with any reasonably modern system. Over the weekend, I set up an initial replication of a 1.5-TB dataset on my main server to my FN10 test box; that ran at near wire speed. If you're replicating over a 10G network, the encryption might make a difference, but I doubt you'll see any difference over GbE.

 

[Ericloewe]

You can't. Replication is piped over SSH, and the openSSH guys dropped support for unencrypted SSH connections.

FreeNAS 10 will have an alternative transport for the replication stream to allow for unencrypted connections.

 

[danb35]

...and "unencrypted SSH" is kind of an oxymoron anyway...

 

[RichTJ99]

Sorry - I am running 9.10 not 9.3.

I am replicating from a physical freenas to a vm freenas & am only getting about 30% of the 1gb connection on that transfer. If i grab a file from the physcial freenas box onto my windows desktop I get the rest of the 70% gb speed.

I was thinking the slow transfer between the two boxes could be related to the encryption. Guess not?

 

[Ericloewe]

Might be, I did experience slow replication two days ago when I finally replicated stuff from the new server to the old one. Didn't have the time to properly check what the bottleneck was, but I suspect I may have been memory bandwidth limited on the Push side (only a single RAM channel, which sounds painful since each block has to be decompressed, compressed again and then encrypted, besides all other tasks).

 

[RichTJ99]

So i am a little confused on how this replication is supposed to work. I set it up & i am getting messages on the sending box (freenas1 - data source) - all say successful.

On the new box (freenas 3 - zfs replication receiver), it shows all the zfs data in its storage (as expected).

I have a user (rich) on the freenas 3 box. I setup a CIFS share & point it to one of the zfs datasets. I am unable to browse to it.

Second - my main zfs storage (called shared - 7.2tb) isnt an option i can choose from with the cifs share.

So i am wondering if my data is actually saved.



Separately - my freenas 2 box is setup to Rsync from Freenas 1 to freenas 2. That data i can browse to without issue.

Any ideas on how to check?


Should freenas 3 be doing snapshots also?

 

[depasseg]

By default a replicated (the destination) dataset is set as read only in order to protect the data (this is generally used as a backup copy). You shouldn't be creating snapshots of the same replicated data (the snapshots are already in the provided via replication).

Does "rich" on freenas 3 have permissions to the replicated dataset?

And it's a good practice to create a subdataset (like "from-Freenas-1") to replicate into on the destination system. This way it doesn't interfere with the normal operation on that server.

 

[RichTJ99]

Well on freenas 3, root/wheel is the owner/group & I had rich added to the 'wheel' group so i think it would be OK. I didnt play with permissions but i think i need to check if the 'group' by default has read rights to the folder - as i didnt change anything.

I am still a little confused:

Freenas 1:
I have multiple zfs replications - such as CSG - the dataset is Pool/CSG - CSG is the ZFS replication folder from freenas1 to freenas3- it shows up on freenas 3 under Back/CSG.

Should I be able to add a CIFS share on freeans 3 to shared & just have access to all the data or am i missing a step (assuming permissions are good)? While its read only i should be OK to read it?

Separately can i view the multiple snapshot data on freenas 3 or is the replication only the latest replicated data?

 

[depasseg]

Should I be able to add a CIFS share on freeans 3 to shared

I'm not sure I understand what you are doing. But you should be able to share a dataset from freenas 3, even if it's readonly.

Separately can i view the multiple snapshot data on freenas 3 or is the replication only the latest replicated data?

Yes, the replicated dataset will have everything the original has (which includes all snapshots).

 

[RichTJ99]

Thanks - the first question you understood :) - I am unable to read it at all.

How would i access the old snapshots on freenas 3? If i am adding a cifs share i just add it to the main directory - not sure where to find the older version (snapshot) data?

 

[depasseg]

How would i access the old snapshots on freenas 3?

Like you normally do - via the snapshots tab in the GUI.

not sure where to find the older version (snapshot) data?

Are you talking about the "previous versions" tab in windows? I haven't played with that.

 

[RichTJ99]

Sorry - i meant the older snapshots.

On freenas 3 should i see snapshots from freenas1 from the zfs replication?

 

[RichTJ99]

Do you think that ZFS replication is more CPU intensive than Rsync?

 

[depasseg]

No I don't.

 

[depasseg]

On freenas 3 should i see snapshots from freenas1 from the zfs replication?

Yes. Assuming you created the job in the GUI, your destination will be exactly the same as the source. Optionally, you can configure the destination to keep the snapshots that have expired on the source (but this will take up more space).