[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] We're trying out guard-n-primary-guards-to-use=2

On 2022-07-06 21:19, Roger Dingledine wrote:

But it was replaced with a new overload (boo), from way too many Tor
clients running at a few cloud providers. The main result for relay
operators is greatly increased file descriptor use, with a few IP
addresses or /24's generating the majority of the new connections.

If your relay is bumping up against its file descriptor limits,
or otherwise suffering (e.g. more memory usage than desired), one
reasonable option for you might be to set some iptables-level connection
limiting. More details in this ticket:
https://gitlab.torproject.org/tpo/core/tor/-/issues/40636#note_2818529



I'm running the small non-exit 8F6A78B1EA917F2BF221E87D14361C050A70CCC3.
Since mid-may the relay has been under heavy load. I had to limit my bandwidth using "RelayBandwidthRate" in torrc to about 90% of my real BW to be able to use internet for myself. This solved my laggy internet.
Since the 2nd of July the number of (non torrelay) tor connections to my relay skyrocketed from about 3500 to 20000. 
A week ago I implemented  connection limits per Toralf's post:
iptables -A INPUT -p tcp --destination-port  443 -m connlimit --connlimit-mask 32 --connlimit-above 30 -j DROP 
This reduced the number of connections to about 10000.

I just now noticed that the relay is flagged as overloaded. What to do?
Decrease the connection limit from 32 to .. what?
Decrease my RelayBandwidthRate even more? Seems like giving in to the DoSer.

Logfile:
Jul 10 02:58:39.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [8169 similar message(s) suppressed in last 14820 seconds] Jul 10 03:32:28.000 [notice] General overload -> Ntor dropped (220414) fraction 5.8677% is above threshold of 0.5000% 

Metrics port:
tor_relay_load_onionskins_total{type="tap",action="processed"} 697956
tor_relay_load_onionskins_total{type="tap",action="dropped"} 0
tor_relay_load_onionskins_total{type="fast",action="processed"} 0
tor_relay_load_onionskins_total{type="fast",action="dropped"} 0
tor_relay_load_onionskins_total{type="ntor",action="processed"} 503071860
tor_relay_load_onionskins_total{type="ntor",action="dropped"} 323369
tor_relay_load_onionskins_total{type="ntor_v3",action="processed"} 503071860
tor_relay_load_onionskins_total{type="ntor_v3",action="dropped"} 323369
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays