Luks encryption of external drive - performance

Hi. Does anyone have experience with using Luks encryption on external drive connected to the router. I'm interested in performance issues if any. Does anyone has tested or experienced performance issues with that? Any tips for optimal performance?

In theory, the performance penalty should be the same on an external drive than on an internal one; I guess it all depends on the CPU on your device. Considering how easy is to make a couple of tests, I would do them myself with my own hardware and my specific use case, rather than rely on tests done by others on different hardware and under different premises.

I tried drive encryption some while ago. Keep in mind that performance comparisons between different CPUs (and indeed different CPU architectures) are difficult at best.

That said,

  • on a Western Digital My Book Live with its 800 MHz PowerPC CPU
  • with no hardware acceleration*
  • with the drive connected to its SATA port (so no USB bottleneck)
  • with AES-CBC

I got, if memory serves, around 8~10 MB/s, although I feel that it could even have been lower. Again, adjust expectations to your SoC type and CPU speed, I'm pretty sure you can't even get those numbers on a router SoC.

*) at the time. apm821xx has received hardware crypto support in the meantime, throughput is now reportedly at drive speed.

Use server/nas/pc with x86 CPU and AES-NI Support.

Ok, the only application for that external drive is logging. So not much writing to disk. My most concern is not the read/write speed, but how much encryption could influence CPU doing other tasks such as packet processing.

It pretty much depends on how frequently you write to that disk, and how long does the CPU takes to encrypt each write... With a fast CPU and some small writes now and then, you are not going to notice it at all; if you write so much that the CPU is constantly busy encrypting data, then your traffic speed is going to be impacted.