encryption - 加密与未加密 EBS 卷 AWS

Question

我们正在 EBS 优化的 m3.xlarge EC2 实例上测试标准 EBS 卷、带加密的 EBS 卷。

在分析测试结果时，我们了解到

与不带加密的 EBS 相比，带加密的 EBS 卷在读、写、读/写操作期间花费的时间更少。
我认为由于每个 I/O 请求的额外加密开销，加密 EBS 卷上的延迟会产生影响。

EBS 加密卷比普通 EBS 卷更快的适当原因是什么？

预期结果应该是 EBS 应该产生比加密 EEBS 更好的结果。

结果:

加密的 EBS 结果:

sysbench 0.4.12:  multi-threaded system evaluation benchmark

Running the test with following options:
Number of threads: 8
Initializing random number generator from timer.


Extra file open flags: 16384
8 files, 512Mb each
4Gb total file size
Block size 16Kb
Calling fsync() at the end of test, Enabled.
Using synchronous I/O mode
Doing sequential write (creation) test
Threads started!
Done.

Operations performed:  0 Read, 262144 Write, 8 Other = 262152 Total
Read 0b  Written 4Gb  Total transferred 4Gb  (11.018Mb/sec)
  705.12 Requests/sec executed

Test execution summary:
    total time:                          371.7713s
    total number of events:              262144
    total time taken by event execution: 2973.6874
    per-request statistics:
         min:                                  1.06ms
         avg:                                 11.34ms
         max:                               3461.45ms
         approx.  95 percentile:               1.72ms

EBS 结果:

sysbench 0.4.12:  multi-threaded system evaluation benchmark

Running the test with following options:
Number of threads: 8
Initializing random number generator from timer.


Extra file open flags: 16384
8 files, 512Mb each
4Gb total file size
Block size 16Kb
Calling fsync() at the end of test, Enabled.
Using synchronous I/O mode
Doing sequential write (creation) test
Threads started!
Done.

Operations performed:  0 Read, 262144 Write, 8 Other = 262152 Total
Read 0b  Written 4Gb  Total transferred 4Gb  (6.3501Mb/sec)
  406.41 Requests/sec executed

Test execution summary:
    total time:                          645.0251s
    total number of events:              262144
    total time taken by event execution: 5159.7466
    per-request statistics:
         min:                                  0.88ms
         avg:                                 19.68ms
         max:                               5700.71ms
         approx.  95 percentile:               6.31ms

请帮我解决这个问题。

Answer 1

这在概念上肯定是出乎意料的，也得到了 Amazon EBS Encryption 的证实。 :

[...] and you can expect the same provisioned IOPS performance on encrypted volumes as you would with unencrypted volumes with a minimal effect on latency. You can access encrypted Amazon EBS volumes the same way you access existing volumes; encryption and decryption are handled transparently and they require no additional action from you, your EC2 instance, or your application. [...] [emphasis mine]

Amazon EBS Volume Performance总体上提供了有关 EBS 性能的更多详细信息 - 从这个角度来看，但纯推测，也许使用加密意味着某些默认值 Pre-Warming Amazon EBS Volumes :

When you create any new EBS volume (General Purpose (SSD), Provisioned IOPS (SSD), or Magnetic) or restore a volume from a snapshot, the back-end storage blocks are allocated to you immediately. However, the first time you access a block of storage, it must be either wiped clean (for new volumes) or instantiated from its snapshot (for restored volumes) before you can access the block. This preliminary action takes time and can cause a 5 to 50 percent loss of IOPS for your volume the first time each block is accessed. [...]

无论哪种方式，我都建议在预热两个新 EBS 卷后重新运行基准测试，以防您尚未这样做。