加密的Vs未加密的EBS卷AWS

时间:2014-06-20 08:04:04

标签: encryption amazon-web-services amazon-ec2

我们正在EBS优化的m3.xlarge EC2实例上测试标准EBS卷,EBS卷加密。

在分析测试结果时,我们开始知道

与没有加密的EBS相比,使用加密的EBS卷在读取,写入,读取/写入操作期间花费的时间更短。 我认为由于每个I / O请求都有额外的加密开销,因此会对加密的EBS卷产生延迟的影响。

EBS加密卷比正常EBS卷更快的恰当原因是什么?

预期结果应该是EBS应该产生比加密EEBS更好的结果。

结果:

已编译的EBS结果: 

sysbench 0.4.12:  multi-threaded system evaluation benchmark

Running the test with following options:
Number of threads: 8
Initializing random number generator from timer.


Extra file open flags: 16384
8 files, 512Mb each
4Gb total file size
Block size 16Kb
Calling fsync() at the end of test, Enabled.
Using synchronous I/O mode
Doing sequential write (creation) test
Threads started!
Done.

Operations performed:  0 Read, 262144 Write, 8 Other = 262152 Total
Read 0b  Written 4Gb  Total transferred 4Gb  (11.018Mb/sec)
  705.12 Requests/sec executed

Test execution summary:
    total time:                          371.7713s
    total number of events:              262144
    total time taken by event execution: 2973.6874
    per-request statistics:
         min:                                  1.06ms
         avg:                                 11.34ms
         max:                               3461.45ms
         approx.  95 percentile:               1.72ms

EBS结果: 

sysbench 0.4.12:  multi-threaded system evaluation benchmark

Running the test with following options:
Number of threads: 8
Initializing random number generator from timer.


Extra file open flags: 16384
8 files, 512Mb each
4Gb total file size
Block size 16Kb
Calling fsync() at the end of test, Enabled.
Using synchronous I/O mode
Doing sequential write (creation) test
Threads started!
Done.

Operations performed:  0 Read, 262144 Write, 8 Other = 262152 Total
Read 0b  Written 4Gb  Total transferred 4Gb  (6.3501Mb/sec)
  406.41 Requests/sec executed

Test execution summary:
    total time:                          645.0251s
    total number of events:              262144
    total time taken by event execution: 5159.7466
    per-request statistics:
         min:                                  0.88ms
         avg:                                 19.68ms
         max:                               5700.71ms
         approx.  95 percentile:               6.31ms

请帮我解决这个问题。

1 个答案:

答案 0 :(得分:1)

这在概念上肯定是意外的,并且也由Amazon EBS Encryption确认:

  

[...]和您可以在加密卷上获得与未加密卷相同的预配置IOPS性能,但对延迟的影响最小。您可以像访问现有卷一样访问加密的Amazon EBS卷;加密和解密是透明处理的,它们不需要您,您的EC2实例或您的应用程序的其他操作。 [...] [强调我的]

Amazon EBS Volume Performance提供了有关EBS性能的更多详细信息 - 从这个角度来看,但纯粹的推测,可能使用加密意味着某些默认Pre-Warming Amazon EBS Volumes

  

创建任何新EBS卷(通用(SSD),预配置IOPS(SSD)或磁盘)或从快照还原卷时,会立即为您分配后端存储块。但是,第一次访问存储块时,必须先将其擦除(对于新卷)或从其快照(对于已还原的卷)进行实例化,然后才能访问该块。此初步操作需要一些时间,并且每次访问每个块时都会导致卷的IOPS损失5到50%。 [...]

无论哪种方式,我建议在预热两个新的EBS卷之后重新运行基准,以防你还没有这样做。

相关问题
最新问题