-
Notifications
You must be signed in to change notification settings - Fork 256
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Performance] Very slow performance when run gocryptfs over CIFS/SSHFS #764
Comments
I know this is an old issue, but I just started using gocryptfs since a few days and notice the same behaviour. There is a remote storage system mounted via sshfs on my computer:
The connection is quite busy, the speed is just around 3 MB/s with pure sshfs (without gocryptfs).
Speed on this mount is much lower, just around 400 kB/s. I am aware of these issues and I know about the option -noprealloc. Nonetheless, I was not able to get usable speed results when using gocryptfs over sshfs. Any help is highly appreciated! Storage: Debian 12 (OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023) |
@ontheair81 what's your ping time to the storage? Testing right now I see, somewhat surprisingly, no difference between sshfs and gocryptfs-on-sshfs:
|
I have to admit, that the problem seems not to be related to gocryptfs: So maybe there is something wrong with the initially used computer, or the problem is related to the type of connection there (MPLS network in a company). Or the ping is too bad (around 60 ms, to answer your question). Sorry for the noise and thank you for this great software! |
@rfjakob Do you have any thoughts around the analysis and reason why gocryptfs adds those constant I would expect that gocryptfs shouldn't degrade performance unnecessarily, as better performance is always better than worse performance 😉 |
I'm not sure where the getxattr calls are coming from. You cab maybr see
that in the gocryptfs "-fusedebug" log. Maybe selinux, maybe acls.
But I think for performance they don't matter, as sshfs returns "operation
not supported" an the call is not sent over the network.
The fstat calls are maybe a result of pwrite64() vs write().
…On Mon, 11 Mar 2024, 15:24 Oleksandr Povar, ***@***.***> wrote:
@rfjakob <https://github.com/rfjakob> Do you have any thoughts around the
analysis and reason why gocryptfs adds those constant lgetxattr calls
(which later are translated to FSTAT SSH FS calls)? Those calls seem very
redundant and could indeed degrade the performance, which is exactly what I
observed. Of course the level of degradation depends on roundtrip time and
throughput and of course if you have extremely low ping, you will not feel
it much.
I would expect that gocryptfs shouldn't degrade performance unnecessarily,
as better performance is always better than worse performance 😉
—
Reply to this email directly, view it on GitHub
<#764 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACGA74BSJTI4QE2RNZZYMDYXW5AFAVCNFSM6AAAAAAZ5Z3MUWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOBYGU3DIOBRG4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Setup:
The encrypted dir is mounted via sshfs, gocryptfs is mounted over it.
Scenario:
The software is simply writing to a file in continuous mode (I verified that via
strace
, it constantly invokeswrite()
). It's notdd
, so chunks could be of different size and could arrive at random rate (as I'm uploading file via HTTP).If I write directly to unencrypted mount, I get roughly 110 Mbit/s. If I write over gocryptfs I get around 15 MBit/s. That's quite a drop.
CPU is low when running over gocryptfs, so it's IO bound.
I tried to investigate a bit and to do that I run sshfs with the following flags:
That give me a log of SSH operations. Surprisingly when running over gocryptfs I observe the following log:
When I write directly to unencrypted drive I see writes without reads:
You can see immediate difference:
I believe it is the reason of slowdown.
I tried to
trace
thegocryptfs
itself in the middle of the upload (see full trace in the attachments; it's covering a period somewhere during the upload) and found a couple of interesting things:10
.lgetxattr
)Do you have any idea what is the cause of this? Why does it have to read while I stream write to a file? And more importantly, why is it reading those attributes regularly? Is there any config to tweak that behavior?
Thank you! Am happy to run another diagnostics if you have idea what to run 😊
Full log:
strace-gocryptfs.txt
Thank you for your time and the awesome product!!
P.S.
I did not run detailed analysis with CIFS, but the speed is comparable, so I suppose the issue is the same.
P.P.S.
If I enable SSH compression sometimes I am able to avoid those reads after writes (I guess because the data is still in buffers). In that case I get the same speed as on the unencrypted directory. But that is not stable and after some time the speed drops as well.
The text was updated successfully, but these errors were encountered: