[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Load Balancing/High Availability Hidden Services

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Load Balancing/High Availability Hidden Services
From: benjamin barber <barberb@xxxxxxxxxxx>
Date: Thu, 12 Mar 2015 10:53:44 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 12 Mar 2015 13:53:58 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=CrcyegInY7uwPusVtkr1dQEzzj01J4lhH2VgLpncz8Q=; b=TwQsKASIrpocuCrEugzooY+Nbs1uUonyf1FbBru301JHHiO6oEnQHWG4qr2oFf96fu hAgwl21QFX3ZUpE6yQ1S66lhonPD/IwhTbsoNvKM9aBaleFUQHLi5RkdD04Gk3/1Hm00 il+t03QF+Vue57Y8P3qHatjbH3RnoAF5/sHwWF9T/QpfnKT20Thkpw/yJsME13V0LvhU DhLpectBziBZjlzxtg6lasJjBdqJs5dgwjHj8qBm0jpvIAw3W07gr+IkZbRZzmIi0Ixk Q933ABeoguttGBX9kOZlqQlpvvn2kUixSiR3/KqPYoU0ueUtRQBbCsTTDIowmZrhquPR Fp6A==
In-reply-to: <5501C53B.9020504@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <A6DD5B99-8E6D-4B21-AC82-14E92C8C6332@xxxxxxxxxxx> <87d24f8mb1.fsf@xxxxxxxxxx> <5501932E.80703@xxxxxxxxxx> <5501C53B.9020504@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

I myself have been making solar powered servers running tor, and have built
a CMS vi-chan derivative which publishes .torrents for the bittorrent
maelstrom browser.

On Thu, Mar 12, 2015 at 9:56 AM, s7r <s7r@xxxxxxxxxx> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hi Donncha,
>
> Your idea is indeed very interesting. I am eager to see it in
> practice. If you have the time, me and TheCthulhu (cc'ed) could
> provide the infrastructure and necessary system administration hours
> to test this.
>
> While your current solution is a way to use load balancing and
> redundancy, which means spreading the resource usage over multiple
> machines, checkout my questions about maximizing a single HS server as
> close as possible to its total capacity:
>
> https://lists.torproject.org/pipermail/tor-talk/2015-March/037173.html
>
> Please email directly if you want to start this, we will document each
> step and share the results with everyone here. Maybe this will give
> some hints for writing a proposal for load balancing and high capacity
> hidden services which could be merged with the proposal of second
> generation hidden services.
>
> On 3/12/2015 3:22 PM, Donncha O'Cearbhaill wrote:
> >
> >
> > On 11/03/15 17:40, George Kadianakis wrote:
> >> MacLemon <tor@xxxxxxxxxxx> writes:
> >>
> >>> Hoi!
> >>>
> >>> I'm looking into ideas for creating âload balancedâ or âhigh
> >>> availabilityâ hidden services. Mostly pertaining to web servers
> >>> serving large-ish static files. (Let's say 5-100MB each.)
> >>>
> >>> Load balanced as in not all requests end up at the same box to
> >>> speed up downloads. High availability as in the service is
> >>> still available if one box goes down or is taken offline for
> >>> maintenance.
> >>>
> >>> So, not exactly your usual distributed-cluster setup.
> >>>
> >>>
> >>> From what I understand it would not make sense to run the same
> >>> HS Key on multiple boxes since the descriptors would overwrite
> >>> each other every few minutes.
> >>>
> >>> I don't think one can do something like Round-Robin DNS with
> >>> HS.
> >>>
> >>> So the only way I can imagine this to work is a central
> >>> redirection node that know about all the nodes and more or less
> >>> intelligently/randomly 302 redirects each file request to a
> >>> known-to-it server.
> >>>
> >>> This still leaves a single-point-of-failure in form of the
> >>> redirection server but would at least distribute the traffic
> >>> load across multiple servers and cope for nodes coming and
> >>> going.
> >>>
> >>> Has anyone done something like this?
> >>>
> >>
> >> An application-layer load balancer like HAProxy might be able to
> >> help you.
> >>
> >> Unfortunately, there is not something equivalent to DNS Round
> >> Robin for hidden services yet. There are some ideas on how to do
> >> this on the Introduction Point-layer, but a proposal still needs
> >> to be written. For further reading:
> >> https://lists.torproject.org/pipermail/tor-dev/2014-April/006788.html
> >>
> >>
> https://lists.torproject.org/pipermail/tor-dev/2014-May/006812.html
> >>
> >
> > I've been thinking a little about this problem. It seems like one
> > simple solution would be to find a way of combining the
> > descriptors/introduction points from multiple Tor HS instances into
> > one hidden service descriptor from which the client can pick intro
> > points at random.
> >
> > To implement such a solution like that, there needs to be a means
> > for the hidden service instances to communicate with other. They
> > can then either selected a common set of intro points or combine
> > the individual sets of intro points selected by each instance.
> >
> > In one straight forward implementation a hidden service operator
> > could set up a Tor relay and a hidden service on each of their
> > load-balancing nodes. These load balancing hidden services SHOULD
> > have different hidden service keys and could use stealth
> > authentication for privacy (so that their introduction points are
> > encrypted).
> >
> > A management server would contain the actual hidden service key
> > but would not need to run any hidden services. The role of the
> > management server would be to regularly fetch descriptors for the
> > load-balancing hidden services, combine the introduction points
> > into a single descriptor for the hidden service which is then
> > published as normal.
> >
> > After the signature on the hidden service descriptor is verified
> > there is the hidden service protocol doesn't user the permanent
> > key/onion address. As such there is no need for each of the relays
> > to have a copy of the hidden service key.
> >
> > I think this provides a couple of advantages:
> >
> > - The hidden service key only needs to be in one place. The
> > machine holding the key would generate very little traffic and
> > would not be locatable by the publically known hidden service
> > attacks.
> >
> > - The hidden service key could be stored encrypted on the
> > management server.
> >
> > - If any of the load balancing relays are compromised an operator
> > simply needs to stop including its introduction points in the
> > descriptor. This should minimise the need to 'revoke' hidden
> > service keys.
> >
> > The number of introduction points in a HS descriptor is currently
> > limited to 10 in Tor. This sets a limit on the number of
> > load-balancing nodes that could be deployed at present.
> >
> > This approach doesn't require any changes to the Tor code base at
> > all. I hope to implement a management server in the next few weeks
> > to test how this works in practice.
> >
> > It would be great to get any feedback about this proposal!
> >
> > Regards, Donncha
> >
> >
> >
> >
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
>
> iQEcBAEBCAAGBQJVAcU7AAoJEIN/pSyBJlsRPfQH/2e9sdD+7Vhh1l7DMImJo7/Q
> uPaU7T7pOXEbNhrzS3hvsGyPfuNK1fKuKXoLCFq8Dx+hM0S1ciyo6OJ456wqtg3E
> DO1bFivBxA+/y/CvY51Kz4kssZ0sNOc4GOejw1HB7pHw8sKLzZvTKQcPJIBY+ome
> 5sN6Twy3y1B9rzPQNEJFJYb8FtmUOlQZvr08yzm7VCB7dJFx5cNr72m+xbTnSoRY
> s+heUFmuu9lU+YOBkin+NpkmsQ32knQg1y8H4MJBgOdb59mopWah2BSI6wJC0RXy
> arBjeMoP2xsLWV6qIpCKLGn1mX34q5eLLFyYf6kgcHIG94z+6/+XByywjDdZx0U=
> =+dvW
> -----END PGP SIGNATURE-----
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Load Balancing/High Availability Hidden Services
  - From: MacLemon
- Re: [tor-talk] Load Balancing/High Availability Hidden Services
  - From: George Kadianakis
- Re: [tor-talk] Load Balancing/High Availability Hidden Services
  - From: Donncha O'Cearbhaill
- Re: [tor-talk] Load Balancing/High Availability Hidden Services
  - From: s7r

Prev by Author: Re: [tor-talk] Blocking Baseless Speculation
Next by Author: [tor-talk] Are webmail providers biased against Tor?
Previous by thread: Re: [tor-talk] Load Balancing/High Availability Hidden Services
Next by thread: Re: [tor-talk] Load Balancing/High Availability Hidden Services
Index(es):
- Author
- Thread