[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Running a Tor exit node on an academic network?
* The Library has electronic subscriptions to certain services that
are based on IP addresses only. Proposal: block exit connections to
those IP addresses given a list or build a list as needed. The
eventual list could be thousands of IP addresses long which would have
a undetermined impact on Tor's performance.
I run CoralCDN (http://www.coralcdn.org/), although I also used to work
with Roger on the Free Haven Project. We have many of the same issues with
running CoralCDN, which is deployed at ~150 PlanetLab sites, most at
universities. We push out a bit over 2 TB per day in web traffic to > 1
Part of our solution for handling some of these issues to to limit
bandwidth consumption, part is to enforce blacklists for websites that
send abuse complaints (although operating at the HTTP layer this is a bit
easier for us), and part is to make sure we add all the appropriate HTTP
HTTP headers like X-Forwarded-For, Via, and Proxy-Connection all
communicate to the third-party services performing address authentication
(such as the ACM or IEEE digital library) that the communication is from
elsewhere. While you certainly won't be able to / don't want to identify
the correct X-Forwarded-For address, you can at least synthesize some fake
one (perhaps just a 10.x.x.x address). But again, this operates at the
* They're not confident that Tor will obey its exit policies.
Proposal: include kernel-level software firewall and possibly a
hardware-based firewall device on the Tor box.
* They're concerned about bandwidth (although this one is not a
biggie). Proposal: limit to 5% of my departments bandwidth (5MBit/s)
and then explore burst settings and see how this impacts our
Our experience is that universities don't care as much about peak
bandwidth as they do about steady-state traffic: 5 Mbit/s at steady state
translates to over 50 GB / day. We've found many universities get
uncomfortable around 15-20 GB / day. In CoralCDN, we employ
application-level bandwidth tracking that allows higher burst rates, but
ensure that steady-state consumption over the long period stays below this
high water mark.