IT Management

Starting with the zcrypt device driver version 2.1.0 (available since Novell SUSE Linux Enterprise 10 [SLES10] SP1 and RHEL5.1), the device driver provides a configurable polling thread. The polling thread queries the cryptographic adapter for finished cryptographic requests that were offloaded to the adapter.

To list the version of the currently loaded crypto device driver, enter:

cat /proc/driver/z90crypt

Figure 5 shows that enabling the polling thread uses the CEX2A adapter best. This advantage is especially noticeable in the ranges where the adapter isn’t fully utilized (one through eight parallel SSL connections). With the polling thread disabled, the handshake rate may decrease, depending on the number of parallel SSL connections. This occurs because finished cryptographic requests are fetched from the adapter only with a Linux kernel timer interrupt, which is every one one-hundredth of a second. This explains why 100 connections per second for a single SSL connection is the maximum handshake rate.

 

To fully exploit a CEX2A adapter (especially when the adapter isn’t fully utilized) when running in LPAR or as a guest under z/VM, turn on the device driver polling thread. If the polling thread is enabled, the benefit is faster retrieval of any finished cryptographic requests from the adapter. When enabling the polling thread, remember that there are slightly higher CPU costs for the polling thread itself. However, as seen before, the overall processor load dramatically drops when using a CEX2A adapter. All measurements shown in this article were conducted with the polling thread enabled, except for the polling thread comparison measurements.

When the cryptographic adapter is idle and there are no more outstanding cryptographic requests, the polling thread is inactive and there’s no additional overhead. Because there are additional CPU costs for the polling thread, it can be turned off. This is a trade-off between throughput and CPU cost (see Figure 6).

 

Configuring the Polling Thread

For older distributions (shipping device driver version 2.1.0), the polling thread is enabled by default. Starting with Novell SLES10 SP2 and RHEL 5.2, the polling thread is disabled by default. To load the device driver with an enabled polling thread, enter:

6 Pages