da Masu haɓaka Cloudflare sun saki bayani game da aikin da suke yi don inganta aikin ɓoye ɓoye a cikin kwayar Linux, wanda suka ambata cewa sun shirya faci don dm-crypt da tsarin tsarin Crypto API.
Tare da wannan, an yarda da gwajin roba ya ninka bandwidth don karatu da rubutu, da rabin laten. Lokacin gwaji akan injina na gaske, ɓoyayyen ɓoyayyen ya rage kusan matakin da aka gani lokacin aiki tare da diski ba tare da amfani da ɓoye bayanai ba.
Sha'awar inganta ɓoye-ɓoye bayanai akan diski saboda Cloudflare yana amfani da dm-crypt don ɓoye bayanai a kan mashinan da aka yi amfani da su don adana abubuwan cikin CDN. Dm-crypt yana aiki a matakin na'urar toshewa kuma yana ɓoye buƙatun I / O don rubutawa da ƙaddamar da buƙatun karantawa, yana aiki azaman ɗaki tsakanin na'urar toshewa da direban tsarin fayil.
Don kimanta aikin dm-crypt ta amfani da fakitin gwajin I / O mai sassauƙa, se ya auna saurin aiki tare da ɓoyayyun ɓoye kuma ba a ɓoye shi ba a kan diski na RAM wanda ke cikin RAM don kawar da canje-canje a cikin aikin diski.
Don bangarorin da ba a ɓoye ba, karanta da rubuta aikin sun kasance a 1126MB / s, amma lokacin da aka kunna ɓoye, saurin ya sauka sau 7 zuwa 147MB / s.
Da farko, ana zargin amfani da algorithms marasa inganci a cikin tsarin ƙirar kernel. Amma gwaje-gwajen sun yi amfani da saurin aes-xts algorithm tare da mabuɗan ɓoyayyen 256, waɗanda aikinsu yayin gudanar da aikin "cryptsetup benchmark" ya ninka sama da ninki biyu fiye da sakamakon da aka samu yayin gwada faifan RAM.
Gwaje-gwaje tare da tutocin dm-crypt don daidaita aikin bai yi aiki ba: Lokacin amfani da tutar –perf-same_cpu_crypt, aikin ma ya ragu zuwa 136MB / s, kuma yayin amfani da tutar –perf-submit_from_crypt_cpus sai kawai ta ƙaru zuwa 166MB / s.
Bincike mai zurfi na dabaru na aiki ya nuna cewa dm-crypt ba sauki bane kamar yadda ake gani.
Lokacin da aka karɓi buƙatar rubutu daga mai kula da FS, dm-crypt ba ya aiwatar da shi nan da nan, amma yana sanya shi a kan layin "kcryptd", wanda ba a fahimtarsa nan da nan, amma lokacin da kyakkyawan lokaci ya faru. Daga jerin gwano, ana aika buƙatar zuwa Linux Crypto API don ɓoyewa.
Lokacin karatun farko, layukan dm-crypt "kcryptd_io" buƙatar karɓar bayanai daga naúrar. Después na ɗan lokaci, ana samun bayanan kuma ana layin "kcryptd" don yanke hukunci.
Kcryptd yana aika buƙata zuwa Linux Encryption API, wanda ke warware bayanin asynchronously. Buƙatar ba koyaushe ke bi duk layuka ba, amma a cikin mafi munin yanayi, rubuta buƙata an saita akan layuka har sau 4 da kuma bukatar karantawa har sau 3. Duk bugawa a cikin wutsiya yana haifar da jinkiri, waxannan sune mahimman dalilai don raguwa mai yawa a cikin aikin dm-crypt.
La'akari da cewa tuki na zamani sun zama masu sauri da wayo, tsarin bunkasuwar kayan aiki a cikin kwayar Linux an bita kuma an sake tsara wasu tsarin tsarin, Injiniyoyin Cloudflare sun ƙara sabon yanayin aiki zuwa dm-crypt, kawar da amfani da ƙarin layi da kiran asynchronous.
Yanayin ya sami damar ta tutar "Force_inline" ta daban kuma tana kawo dm-crypt a cikin sifar wakili mai sauki wanda ke rufin asiri da kuma warware masu shigowa. Haɗin kai tare da Crypto API an inganta shi ta hanyar zaɓin bayyane na algorithms na ɓoyewa Suna aiki a cikin yanayin aiki tare kuma basa amfani da layukan buƙata.
Lokacin gwajin kaya akan ainihin sabobin, sabon aiwatarwar ya nuna aikin kusa da daidaitaccen aiki wanda ke aiki ba tare da ɓoyewa ba, kuma haɗa ɓoyayyen abu akan sabobin tare da ɓoye Cloudflare bai shafi saurin amsawa ba.
Zuwa gaba, Cloudflare yana shirin canja wurin facin da aka shirya zuwa babban kwayar Linux, amma kafin hakan za a canza su, tunda an inganta su don wani nauyin kuma ba su rufe dukkan wuraren aikace-aikacen ba.
Source: https://blog.cloudflare.com