[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: opening up (exit policy) a bit ...

Thus spake John Case (case@xxxxxxxxxxxxxxxx):

> On Sat, 8 May 2010, Mike Perry wrote:
> >>This means that your non-Exit flagged node will be weighted like an
> >>Exit flagged node for the exit position, but will be weighted as if
> >>you were a non-scarce middle or guard node for the other positions.
> >>
> >>In sort, you would in theory get slightly more total load than if you
> >>were an actual Exit.
> >
> >On second thought, this is not fully correct. You will in theory get
> >slightly more load than if you were just a Guard/Middle node. Since we
> >do not currently balance among different exit port classes, you might
> >still get less load than a full-on Exit when Exits are scarce, because
> >80 might not carry that much traffic in terms of bytes as other ports.
> >
> >Not an easy question to answer in either case. Having good answers to
> >these questions might help us refine our load balancing algoriths
> >further.
> Thanks.  So, it's hard to say, but I can assume there will be significant 
> exit traffic, even with just one TCP port valid for exit...
> I suppose I could see the ratio of actual connections by simply running 
> 'netstat', yes ?  If my orport and dirport are 9001/9030, and I am 
> allowing port 80 exit, then all netstat connections showing port 80 are 
> exit connections, so I could (roughly) calculate these numbers myself, 
> right ?

Yes. Though this brings up the other approxmiation of the load
balancing algorithms, which is that we balance per-connection, which
have non-uniform bandwidth use across ports and protocols. According
to http://www.cs.washington.edu/homes/yoshi/papers/Tor/PETS2008_37.pdf,
92.5% of the connections through Tor are HTTP, accounting for 58% of
the traffic.

So you should see a much larger number of TCP connections (and
possibly also total traffic) as comparted to if you also added port
443 and/or 6667 to gain the Exit flag. Especially if you are a Guard.

The extra data that we would need beyond that published in the paper
above is a data rate per connection by port, in addition to connection
duration information. Gathering this data in a safe fashion, and
figuring out how to use it are open questions (though probably not
terribly difficult ones).

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpSN38AZyXj7.pgp
Description: PGP signature