Date: Thu, 23 Feb 2023 04:51:03 +0100 (CET) From: Sysadmin Lists <sysadmin.lists@mailfence.com> To: freebsd-fs <freebsd-fs@freebsd.org> Subject: Re: speeding up zfs send | recv (update) Message-ID: <409401259.92260.1677124263649@ichabod.co-bxl> In-Reply-To: <741387429.91447.1677122934622@ichabod.co-bxl> References: <866d6937-a4e8-bec3-d61b-07df3065fca9@sentex.net> <CAOtMX2gifUmgqwSKpRGcfzCm_=BX_szNF1AF8WTMfAmbrJ5UWA@mail.gmail.com> <f6ea3387-faf8-4c63-d1e7-906fa397b00b@sentex.net> <a38578c6-b633-249d-90f0-0652377d76c0@quip.cz> <c229a502-fb76-ec6a-a56b-934d3b56e474@sentex.net> <1031e2b0-b245-1dc6-a499-8f4da3796543@quip.cz> <46455168-d7f1-6ca9-ad2f-9bcd3359e0f3@sentex.net> <78c78aec-a34b-f188-ef96-8ced9a1eda35@quip.cz> <CAOjFWZ7k7ANwcGyNCoYMg%2BLUBzAz2VyNfxQo5rKcrYj8XFgG3Q@mail.gmail.com> <741387429.91447.1677122934622@ichabod.co-bxl>
next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_92257_810470091.1677124263648 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Feb 22, 2023 at 7:28 PM, Sysadmin Lists <sysadmin.lists@mailfence.com> w= rote: On Feb 22, 2023 at 1:43 PM, Freddie Cash <fjwcash@gmail.com> wrote: [Sorry for top part, GMail sucks for replies.] If this is a LAN or private WAN where you trust the network, piping the sen= d stream through netcat will remove ssh from the equation. That's what we switched to using once it became almost impossible to get th= e "none" cipher working with ssh on FreeBSD. We use ssh to connect to the remote server and enable a netcat listener on = port X, then pipe the send through netcat to the remote system on port X. T= hat way it's logged and uses ssh for authentication. We easily saturate gigabit links between our ZFS systems using netcat. Cheers, Freddie Typos due to smartphone keyboard. On Wed., Feb. 22, 2023, 1:31 p.m. Miroslav Lachman, <000.fbsd@quip.cz> wrot= e: On 22/02/2023 22:08, mike tancsa wrote: > On 2/22/2023 4:03 PM, Miroslav Lachman wrote: >> Interresting numbers. I think I am the only one who get best speed=20 >> with chacha20-poly1305@openssh.com >> >> >> It seems the speed of SSH is limited by single core performance which=20 >> is very poor on this machine (Intel(R) Pentium(R) Dual=C2=A0 CPU E2160).= =20 >> Even if CPU has 50% idle, ssh runs on 99.8% of single core. >=20 > The CPU I have has > aesni0: <AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS> on motherboard >=20 > which probably helps. That explains it aesni0: No AES or SHA support. >> I know there were some HPN patches to ssh, beside that is there any=20 >> option I can try to use less CPU? >> >> I will play with cpuset to pin ssh on one core and everything else on=20 >> the other core. >=20 > It looks like you are running into a CPU bottleneck TBH Yes. Pinning on cores with cpuset helps a bit (about +3MiB/s) but=20 without some tweaks on ssh I will not gain more speed :( Thank you for your help! Miroslav Lachman You could pipe the stream through an encrypting program before piping to netcat, then decrypt on the recieving end. $ zfs send | crypt | netcat ipaddr 2222 $ netcat -vl 2222 | crypt | zfs recv I don't know if zfs can handle that, but worth a try. $ man crypt =C2=A0 =C2=A0 The enigma utility, also known as crypt is a very simple encr= yption =C2=A0 =C2=A0 =C2=A0program, working on a =E2=80=9Csecret-key=E2=80=9D basi= s.=C2=A0 It operates as a filter, i.e., =C2=A0 =C2=A0 =C2=A0it encrypts or decrypts a stream of data from standard = input, and writes =C2=A0 =C2=A0 =C2=A0the result to standard output.=C2=A0 Since its operatio= n is fully symmetrical, =C2=A0 =C2=A0 =C2=A0feeding the encrypted data stream again through the eng= ine (using the =C2=A0 =C2=A0 =C2=A0same secret key) will decrypt it. -- Sent with https://mailfence.com Secure and private email Seems to work: # zfs create zroot/test # mount -t zfs zroot/test /mnt/test # date > /mnt/test/testfile # zfsnap snapshot -p testsend- zroot/test # zfs list -t snap zroot/test NAME ... zroot/test@testsend-2023-02-22_19.46.15--1m ... # nc -l 2222 | crypt | zfs recv zroot/newtest Enter key: # zfs send zroot/test@testsend-2023-02-22_19.46.15--1m | crypt | nc -w 5 lo= calhost 2222 Enter key: # zfs list zroot/newtest NAME=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 USED=C2=A0 AVAIL=C2=A0 =C2=A0= =C2=A0REFER=C2=A0 MOUNTPOINT zroot/newtest=C2=A0 =C2=A0 96K=C2=A0 70.7G=C2=A0 =C2=A0 =C2=A0 =C2=A096K=C2= =A0 none -- Sent with https://mailfence.com Secure and private email ------=_Part_92257_810470091.1677124263648 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline <div style=3D'font-family:Times New Roman; color:#000000; font-size:18px;'>= <br><br><div>On Feb 22, 2023 at 7:28 PM, Sysadmin Lists <sysadmin.lists@= mailfence.com> wrote:<blockquote type=3D"cite" cite=3D"<741387429.91447.= 1677122934622@ichabod.co-bxl>"><div style=3D"font-family:Times New Roman; c= olor:#000000; font-size:18px;"><br><div>On Feb 22, 2023 at 1:43 PM, Freddie= Cash <fjwcash@gmail.com> wrote:<blockquote type=3D"cite" cite=3D"<CA= OjFWZ7k7ANwcGyNCoYMg+LUBzAz2VyNfxQo5rKcrYj8XFgG3Q@mail.gmail.com>"><div dir= =3D"auto">[Sorry for top part, GMail sucks for replies.]<div dir=3D"auto"><= br></div><div dir=3D"auto">If this is a LAN or private WAN where you trust = the network, piping the send stream through netcat will remove ssh from the= equation.<div dir=3D"auto"><br></div><div dir=3D"auto">That's what we swit= ched to using once it became almost impossible to get the "none" cipher wor= king with ssh on FreeBSD.</div><div dir=3D"auto"><br></div><div dir=3D"auto= ">We use ssh to connect to the remote server and enable a netcat listener o= n port X, then pipe the send through netcat to the remote system on port X.= That way it's logged and uses ssh for authentication.</div><div dir=3D"aut= o"><br></div><div dir=3D"auto">We easily saturate gigabit links between our= ZFS systems using netcat.<br></div><div dir=3D"auto"><br></div><div dir=3D= "auto"><br><br><div data-smartmail=3D"gmail_signature" dir=3D"auto">Cheers,= <br>Freddie<br><br>Typos due to smartphone keyboard.</div></div></div></div= ><br><div class=3D""><div dir=3D"ltr" class=3D"">On Wed., Feb. 22, 2023, 1:= 31 p.m. Miroslav Lachman, <<a href=3D"mailto:000.fbsd@quip.cz">000.fbsd@= quip.cz</a>> wrote:<br></div><blockquote class=3D"" style=3D"margin:0 0 = 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 22/02/2023 22:08, mi= ke tancsa wrote:<br> > On 2/22/2023 4:03 PM, Miroslav Lachman wrote:<br> >> Interresting numbers. I think I am the only one who get best speed= <br> >> with <a href=3D"mailto:chacha20-poly1305@openssh.com" target=3D"_b= lank" rel=3D"noreferrer">chacha20-poly1305@openssh.com</a><br> >><br> >><br> >> It seems the speed of SSH is limited by single core performance wh= ich <br> >> is very poor on this machine (Intel(R) Pentium(R) Dual CPU E= 2160). <br> >> Even if CPU has 50% idle, ssh runs on 99.8% of single core.<br> > <br> > The CPU I have has<br> > aesni0: <AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS> on motherboard= <br> > <br> > which probably helps.<br> <br> That explains it<br> aesni0: No AES or SHA support.<br> <br> >> I know there were some HPN patches to ssh, beside that is there an= y <br> >> option I can try to use less CPU?<br> >><br> >> I will play with cpuset to pin ssh on one core and everything else= on <br> >> the other core.<br> > <br> > It looks like you are running into a CPU bottleneck TBH<br> <br> Yes. Pinning on cores with cpuset helps a bit (about +3MiB/s) but <br> without some tweaks on ssh I will not gain more speed :(<br> <br> Thank you for your help!<br> <br> Miroslav Lachman<br> <br> <br></blockquote></div></blockquote><div><br></div><div><div>You could pipe= the stream through an encrypting program before piping to</div><div>netcat= , then decrypt on the recieving end.</div><div><br></div><div>$ zfs send | = crypt | netcat ipaddr 2222</div><div>$ netcat -vl 2222 | crypt | zfs recv</= div><div><br></div><div>I don't know if zfs can handle that, but worth a tr= y.</div></div><div><br></div><div>$ man crypt</div><div><div> = The enigma utility, also known as crypt is a very simple encryption</div><d= iv> program, working on a =E2=80=9Csecret-key=E2=80=9D b= asis. It operates as a filter, i.e.,</div><div> it= encrypts or decrypts a stream of data from standard input, and writes</div= ><div> the result to standard output. Since its op= eration is fully symmetrical,</div><div> feeding the enc= rypted data stream again through the engine (using the</div><div> &nb= sp; same secret key) will decrypt it.</div></div><div><br></div><div>= <br></div></div></div> --=20 Sent with https://mailfence.com =20 Secure and private email</blockquote><div><br></div><div>Seems to work:</di= v><div><br></div><div><div># zfs create zroot/test</div><div># mount -t zfs= zroot/test /mnt/test</div><div># date > /mnt/test/testfile</div><div># = zfsnap snapshot -p testsend- zroot/test</div><div># zfs list -t snap zroot/= test</div><div>NAME ...</div><div>zroot/test@testsend-2023-02-22_19.46.15--= 1m ...</div><div><br></div><div><div># nc -l 2222 | crypt | zfs recv zroot/= newtest</div><div>Enter key:</div></div><div><br></div><div># zfs send zroo= t/test@testsend-2023-02-22_19.46.15--1m | crypt | nc -w 5 localhost 2222</d= iv><div>Enter key:</div><div><br></div><div># zfs list zroot/newtest</div><= div>NAME USED AVAIL &n= bsp; REFER MOUNTPOINT</div><div>zroot/newtest 96K&= nbsp; 70.7G 96K none</div></div></div><div>= <br></div></div> --=20 Sent with https://mailfence.com =20 Secure and private email ------=_Part_92257_810470091.1677124263648--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?409401259.92260.1677124263649>