[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9321 [Tor]: Load balance right when we have higher guard rotation periods

Subject: Re: [tor-bugs] #9321 [Tor]: Load balance right when we have higher guard rotation periods
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 26 Jul 2014 12:22:48 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 26 Jul 2014 08:22:55 -0400
In-reply-to: <044.3fcd88228b5479fbb9fc1be127802f06@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.3fcd88228b5479fbb9fc1be127802f06@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9321: Load balance right when we have higher guard rotation periods
-------------------------+-------------------------------------------------
     Reporter:  arma     |      Owner:
         Type:  project  |     Status:  new
     Priority:  normal   |  Milestone:  Tor: 0.2.6.x-final
    Component:  Tor      |    Version:
   Resolution:           |   Keywords:  needs-proposal, tor-auth, tor-
Actual Points:           |  client, 026-triaged-1
       Points:           |  Parent ID:  #11480
-------------------------+-------------------------------------------------

Comment (by asn):

 I've done a bit of progress on this. I have a stupid Python script
 that you can point to a directory with consensus documents. It will
 parse them all (using stem), and for each guard it will spit out the
 number of consensuses it was mentioned in, as well as when was the
 earliest and the latest consensus it was in.

 The idea is that this script will have to be finished, and then
 somehow executed in the authorities. The script will spit out an
 output file that can be parsed by little-t-tor in the same fashion as
 the bandwidth authorities do (see measured_bw_line_parse()).

 Few questions that will need to be answered:

 - Will the script be called periodically and the authorities will have
   to parse the output file every once in a while? Or will the script
   be ran once, and then it's the job of the authorities to internally
   update their state with new information?

   I'm currently aiming for the former behavior, to minimize the amount
   of code that needs to be written for little-t-tor. OTOH, this means
   that authorities will need to keep 9 months worth of consensuses in
   their filesystem. As we move closer to completion of this task we
   will see if the former behavior is indeed better.

 - Where will the consensuses be fetched from? To run this script we
   need to have a directory filled with consensuses. How are we going
   to get those documents? rsync cronjob from metrics? Does this scale?
   What else can we do?

 - What should we do about consensus signatures? If we are fetching
   consensuses from metrics, it's reasonable that we don't want to
   trust them blindly. It would be nice if the script (or the auth)
   could validate the consensus signatures, but it's not an easy task:

   How will the script get the public keys of the auths? What if the
   auths set change? What if (as part of an attack) we are given a
   consensus with only one or two auth signatures? Should it be
   accepted even though it's signed by a minority of auths? Should our
   stupid script understand all these consesus security details?

 - What should happen if we are missing a few consensuses? Sometimes
   the auths fail to establish a consensus, so it's reasonable that a
   few consesuses will be missing if we look 9 months back. Should our
   Python script recognize their absense? What if half of the
   consesuses are missing? What if just one is missing? How should our
   script react?

 - We need to think how the guardiness information will be passed to
   clients (since clients need to change their path selection procedure
   according to the guardiness). Proposal 236 simply says:
   {{{
    The authorities include the age of each guard by appending
    '[SP "GV=" INT]' in the guard's "w" line.
   }}}
   But I don't think that's enough. What is an age anyway?

   Should we pass to clients information like "Node was a guard for
   3031/6574 consensuses during the past 9 months"? Should this be
   passed in the consensus as part of the 'w' line or something?

 - How should this be deployed?

   In the beginning it should parse 2-3 months worth of consesuses (the
   current guard lifetime period), and then as more clients upgrade we
   should make it parse 9-10 months (or whatever we decide) worth of
   consesuses?

 I'm planning to tackle these questions soon. Any feedback is helpful!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9321#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #12709 [BridgeDB]: Enable fte bridge distribution in BridgeDB
Next by Author: Re: [tor-bugs] #9321 [Tor]: Load balance right when we have higher guard rotation periods
Previous by thread: Re: [tor-bugs] #9321 [Tor]: Load balance right when we have higher guard rotation periods
Next by thread: Re: [tor-bugs] #9321 [Tor]: Load balance right when we have higher guard rotation periods
Index(es):
- Author
- Thread