[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Not using slow circuits (was Re: Tor slow no matter what I do.)

On Thu, Jan 31, 2008 at 09:00:18PM -0800, Mike Perry wrote:
> > I don't see how that helps much.  Circuit setup generally isn't the
> > cause of slowdowns.  Normally, going through a server with 25KB/s is the
> > slowest point in the 3-point chain.
> Actually, it /is/ likely that one setting here is actually doing
> something.. "CircuitBuildTimeout 5" may have a survival of the fittest
> style effect. If you tweak the circuit setup down to only 5 seconds,
> only those servers who have ~1 second latency or less are going to be
> able be members of your circuit, so you effectively will be weeding
> out slow and congested nodes from your paths.
> Of course, there are anonymity implications here.. You are ultimately
> reducing the set of routers you are using, but on the other hand, you
> are automatically avoiding overloaded nodes, which technically is good
> for load balancing.. 
> I'd be interested to hear Roger, Nick and Paul weigh in on this idea.
> Are there good reasons to keep circuits alive that have nodes in them
> so overloaded that it can take them up to a minute to build a circuit?

Right. I think it was the Foxtor folks at CMU who first suggested the
idea of measuring latency of a circuit once it's built (or measuring
time to build a circuit) and dropping circuits that are "too slow".

There are two problems with just doing it via CircuitBuildTimeout

a) If many people do this, and if a high fraction of circuits are judged
inadequate, then we're really pumping up the amount of cpu work that
each node needs to do -- and it's all wasted work too. Servers aren't
quite on the edge of being overloaded anymore these days, since we raised
the circuit rotation period to 10 minutes a few years ago. But I already
feel that 10 minutes is too high, and if we have to raise it any higher
because people are DoSing the servers with public key operations, that
would be bad. Consider the extreme where all the servers get overloaded
by this denial of service attack, and all the clients keep giving up
and starting again after just a few seconds, causing even more load,
causing even more clients to give up and start again, ...

b) People on slow networks will never establish a circuit with a low
default. If you're on a modem, your local network connection is otherwise
full or slow, or your net connection is lossy, then you sometimes need
the whole minute just to get enough cells back and forth.

What about a design where the client keeps a rolling record of recent
circuit build times it's seen, and discards circuits that take more
than the 75th percentile? Or 90%, or first standard dev, or whatever
is good. Perhaps Mike or Kevin/Damon have stats on the distribution of
circuit build times? :)

(It's unclear what anonymity impact this might have, but it might be
substantial: if a lot of our potential paths through the network involve
a slow link, and we discard all those potential paths, that would make
a big difference. On the other hand, that's exactly the point.)