Reading through the archives I have found several people say that 
encrypting via an svnd device isn't much slower than writing directly to 
a raw unencrypted disk. While I found this to be true for svnd devices 
backed by files, svnd devices backed by whole disks and disk partitions 
are extremely slow. I have tried tuning many parameters, namely the 
fragment and block size and the cylinders per group in the disklabel 
associated with the svnd, but nothing has improved the performance.

I am running 4.1 on a single i386 800MHz P3. The encrypting of an 
underlying device (file, partition, disk) works perfectly otherwise. I 
also double checked my procedure at  
https://www.mainframe.cx/~ckuethe/encrypted_disks.html.

Not knowing what to tune to speed things up, I started by using all 
combinations of the following in the svnd disklabel (assuming they get 
passed to newfs):

fragment size: 2K, 4K
block size: 16K, 32K
cyl. per group: 16, 1568, 1936, 4K, 8K, 16K (sometimes after newfs'ing, 
cpg was reset to some other value? That's where the 1568 and 1936 come from)

I have also tried mounting the svnd device using the async and noatime 
flags, but that doesn't really matter.

Using vnconfig, I also tried associating the svnd device with the raw 
direct access device (i.e. /dev/rwd1[ac]), but then fdisk'ing on the 
svnd device complains. I tried this because I thought there may be a 
double buffering issue.

I also tried encryption with and without a salt file, but that didn't 
make any noticeable difference.

Here are some write performance numbers using dd and cp:
* for dd I used block sizes of 512, 1K, 2K, 4K, 8K, 16K
* for cp I used the command `cd /<enc-dev>; time cp -R /bin /sbin .`
* all dd commands made files > 40MB, which is more than 4 times the 
disk's cache

Direct disk (no svnd)
  dd: 49MB/s - 100MB/s
  cp: 2.43s real

svnd backed by disk (wd1c)
  dd: 248K - 500K
  cp: 1m21.44s real

svnd backed by partition (wd1a)
  dd: 1.8MB/s - 2.8MB/s
  cp: 11.53s real

svnd backed by file
  dd: 8.6MB/s - 9.7MB/s
  cp: 2.66s real

The system was dedicated to these tests and the CPU was about 80% idle 
during the running of the dd and cp commands.

What I really want is to encrypt the whole disk or a single partition 
covering the whole disk. If I could get the write performance of the 
disk/partition up to "svnd backed by file" speeds, I would be happy. 
This is my network backup server where almost 20 machines backup to, so 
1MB/s to 2MB/s just isn't going to cut it.

In case somebody asks, I want to encrypt my backup data because I 
periodically pull the disk and store it at my girlfriends office.

Any performance enhancing suggestions or alternate methods would be 
greatly appreciated. I have thought about encrypting each backup using 
openssl, but I would have to script something for that. I am looking for 
automation and I feel vnconfig with encryption does it, just not very 
quickly.

-pachl