Ability to Disable TLS transport

T

tt2468

Active Member
Proxmox Subscriber
Jan 24, 2019
13
1
43
44
Hi all,

I'm in a situation where I'm being heavily bottlenecked by my PBS's TLS speed. I'm running PBS as a VM on a Synology RS1221RP+, and when I run a benchmark against the repository, the TLS speed is the clear bottleneck. Additionally, the CPU usage of the PBS vm gets pinned to 100% during backups. I can directly affect TLS speed by adding vCPUs to the PBS VM.

Is it possible to disable the TLS transport for PBS, like you can do for example with migrations in PVE? We're running this in a datacenter environment. If someone were to gain the ability to intercept our internal network traffic, I would have far bigger worries than whether or not they're siphoning our backups data.

Benchmark test results:
Code: 
root@prox-cpu1:~# proxmox-backup-client benchmark --repository root@pam@[pbsip]:storage
Uploaded 436 chunks in 5 seconds.
Time per request: 11601 microseconds.
TLS speed: 361.53 MB/s
SHA256 speed: 1914.23 MB/s
Compression speed: 752.73 MB/s
Decompress speed: 992.74 MB/s
AES256/GCM speed: 2304.00 MB/s
Verify speed: 648.16 MB/s
┌───────────────────────────────────┬────────────────────┐
│ Name                              │ Value              │
╞═══════════════════════════════════╪════════════════════╡
│ TLS (maximal backup upload speed) │ 361.53 MB/s (29%)  │
├───────────────────────────────────┼────────────────────┤
│ SHA256 checksum computation speed │ 1914.23 MB/s (95%) │
├───────────────────────────────────┼────────────────────┤
│ ZStd level 1 compression speed    │ 752.73 MB/s (100%) │
├───────────────────────────────────┼────────────────────┤
│ ZStd level 1 decompression speed  │ 992.74 MB/s (83%)  │
├───────────────────────────────────┼────────────────────┤
│ Chunk verification speed          │ 648.16 MB/s (86%)  │
├───────────────────────────────────┼────────────────────┤
│ AES256 GCM encryption speed       │ 2304.00 MB/s (63%) │
└───────────────────────────────────┴────────────────────┘
 
  • Like
Reactions: lucius_the
Hi!
this is not currently possible.
 
Last edited:
+1 to this... TLS is a huge bottleneck for me as well.

TLS speed: 169.14 MB/s
SHA256 speed: 429.66 MB/s
Compression speed: 418.15 MB/s
Decompress speed: 619.55 MB/s
AES256/GCM speed: 1164.14 MB/s
Verify speed: 257.23 MB/s

Although I'm not sure why that is. TLS per se should not be this slow. What is actually measured under "TLS speed" test ?
 
don't forget PBS datastore is millions of small files so HDD will slowdown before TLS limit.
if already SSD, you can try installing PBS alongside PVE keeping NAS as NFS or cifs datastore.
it's not recommended but if you know what you do, it's works great.
 
the TLS benchmark tests both TLS and HTTP/2.0 performance - it basically tests uploading chunks to the server (which immediately discards them, so no storage involved on either end). HTTP/2.0 can be slower than expected if your link has higher latency.
 
Hm... 10 Gbps link, I believe latency should be great. But... still surprised that TLS would slow it down this much. Oh well.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back