Re: crypto vnd(4) question
David Vasek [va...@fido.cz] wrote: > On Mon, 24 Mar 2014, Chris Cappuccio wrote: > > >Keep in mind, vnd emulates 512 byte sectors because that's the default > >disklabel > >that it uses > > (You probably mean a disktab, not a disklabel.) I am aware of it. As vnd(4) > is a descendant of svnd(4), mixing different sector sizes should not be a > big problem. I think that the danger of hidden bugs is higher in the crypto > code when used together with emulated 4k-byte sectors, which is used (read: > tested) much less. I will try both variants, nonethless. Thank you. Yeah you have to edit the disktab file to specify the block size to vnd. I believe this is enough: 4k:\ :se#4096: vnconfig -t 4k vnd0 /xyz/blah Then the "on-disk" label can take over to describe your partitions and the disk size. vnconfig won't load the partition offset/sizes anyways, you would have to use disklabel -w or disklabel -R to write the partition info to the "disk".
Re: crypto vnd(4) question
On Mon, 24 Mar 2014, Chris Cappuccio wrote: Keep in mind, vnd emulates 512 byte sectors because that's the default disklabel that it uses (You probably mean a disktab, not a disklabel.) I am aware of it. As vnd(4) is a descendant of svnd(4), mixing different sector sizes should not be a big problem. I think that the danger of hidden bugs is higher in the crypto code when used together with emulated 4k-byte sectors, which is used (read: tested) much less. I will try both variants, nonethless. Thank you. Regards, David
Re: crypto vnd(4) question
David Vasek [va...@fido.cz] wrote: > Hello, > > I would like to ask you. Does anybody have a real life experience with a few > TB large encrypted vnd(4) image which hosts a filesystem which is > intensively written to and read from? In such a setup where the host device > is a 4k-byte sector drive and the vnd(4) emulates a 512-byte sector device, > is it robust enough? I suppose the vnd sectors would be used in groups of > eight or more (4096-byte fragments) and would be aligned to the host drive > sectors. Are there any issues? Is the double filesystem overhead and double > buffering a problem? > Keep in mind, vnd emulates 512 byte sectors because that's the default disklabel that it uses You are free to specify a different disklabel in /etc/disktab and use vnconfig -t xyz to get vnd to recognize the CHS, sector size and total sector parameters. I believe you also have to use vnconfig -t ... when you mount this image.
Re: crypto vnd(4) question
On Mon, 24 Mar 2014 13:52:52 +0100 (CET) David Vasek wrote: > On Sun, 23 Mar 2014, Robert wrote: > > > Hi, > > > > I have two external USB disks, 3TB and 4TB, in use like that. > > So far no problems, even after hard reboots (power outage). > > They are used for backups, and it's USB 2.0 - so I can't really say much > > about "intense writing"... > > Hi, > > thanks for your response. > > Did you tune the host filesystem in any way? What mount options do you use > for both the host filesystem and the one on the vnd image? > > By intensive writing I mean usage like "tar xzf ports.tar.gz" and such. It > is not "so much" intensive, but it possibly may cause problems > nonetheless. > > I already did some experiments with a 40 GB vnd image. I saw a little slow > tranfers over NFS (~ 6 MB/s and less when reading from the filesystem on a > vnd) and one complete lock up when the vnd was under read/write load. But > I was not able to reproduce the lock up later. > > Regards, > David > No tuning whatsoever. The powers that be said "thou shall not twist knobs" ;) Mount options for the file and VND: noatime, nodev, nosuid, softdep Performance: I get 6MB/sec, but I guess that's the USB2.0 limit. Those 8MB/sec over NFS is what I get as well (gbit LAN) for the internal disks - no matter if the server disk is softraid/crypto, or VND/crypto. On the client side all the nfsio start eating the CPU, and on the server side the nfsd. At some point the server/nfsd starts waiting for inode&biowait, and everything comes to a halt - until all the data is written to the disk. E.g., try to "dd if=/dev/zero of=/nfs/file bs=4k" and wait for a while (I guess until some cache fills up), or use ctrl-c. Good luck tuning NFS... Otherwise it works fine; as I said, I'm using it for backup with rsync (locally, not over NFS). Writing 1TB+ of files in one go was no problem. kind regards, Robert
Re: crypto vnd(4) question
On Sun, 23 Mar 2014, Robert wrote: Hi, I have two external USB disks, 3TB and 4TB, in use like that. So far no problems, even after hard reboots (power outage). They are used for backups, and it's USB 2.0 - so I can't really say much about "intense writing"... Hi, thanks for your response. Did you tune the host filesystem in any way? What mount options do you use for both the host filesystem and the one on the vnd image? By intensive writing I mean usage like "tar xzf ports.tar.gz" and such. It is not "so much" intensive, but it possibly may cause problems nonetheless. I already did some experiments with a 40 GB vnd image. I saw a little slow tranfers over NFS (~ 6 MB/s and less when reading from the filesystem on a vnd) and one complete lock up when the vnd was under read/write load. But I was not able to reproduce the lock up later. Regards, David
Re: crypto vnd(4) question
On Sun, 23 Mar 2014 19:17:58 +0100 (CET) David Vasek wrote: > Hello, > > I would like to ask you. Does anybody have a real life experience with a > few TB large encrypted vnd(4) image which hosts a filesystem which is > intensively written to and read from? In such a setup where the host > device is a 4k-byte sector drive and the vnd(4) emulates a 512-byte sector > device, is it robust enough? I suppose the vnd sectors would be used in > groups of eight or more (4096-byte fragments) and would be aligned to the > host drive sectors. Are there any issues? Is the double filesystem > overhead and double buffering a problem? > > AFAIK, it is the only alternative to softraid crypto discipline for > 4k-byte sector drives now. > > Thank you. > > Regards, > David > Hi, I have two external USB disks, 3TB and 4TB, in use like that. So far no problems, even after hard reboots (power outage). They are used for backups, and it's USB 2.0 - so I can't really say much about "intense writing"... kind regards, Robert
crypto vnd(4) question
Hello, I would like to ask you. Does anybody have a real life experience with a few TB large encrypted vnd(4) image which hosts a filesystem which is intensively written to and read from? In such a setup where the host device is a 4k-byte sector drive and the vnd(4) emulates a 512-byte sector device, is it robust enough? I suppose the vnd sectors would be used in groups of eight or more (4096-byte fragments) and would be aligned to the host drive sectors. Are there any issues? Is the double filesystem overhead and double buffering a problem? AFAIK, it is the only alternative to softraid crypto discipline for 4k-byte sector drives now. Thank you. Regards, David