[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Load Balancing



On Fri, Sep 21, 2007 at 03:06:39PM -0700, Michael_google gmail_Gersten wrote:
> If you have a web page with 30 sub-fetches (images, style sheets,
> script files, etc), then they will all fetch over a single circuit.
> 
> It does NOT make sense from a performance point of view. Since
> everything will be encrypted, regardless of which circuit it takes,
> there is no performance impact.

Actually, here's one reason why using circuits one by one rather than
all at once is good for performance and ultimately good for security.

Imagine you make five circuits preemptively. Scenario one is that you
use them one by one, discarding them and switching to a new one when the
current one becomes dirty (defined as "first used more than 10 minutes
ago"). Scenario two is that you use all five of them for fetching your
big web site, discarding them when they become dirty.

Now compare the two scenarios in terms of total number of circuits the
user needs to make over the course of a day.

Once upon a time, the value of "10 minutes" was actually more like 1
minute. You see, the shorter it is, the fewer actions from the user are
linkable with each other based on being in the same circuit. But Tor
server operaters complained they were using 100% cpu because they were
constantly handling new circuit creation requests. So we moved it back to
10 minutes -- bad for user security, but necessary to keep things working.

If the user started churning through circuits at five times the current
rate, we may end up forced to move the "10 minute" value back even farther
to compensate, resulting in even more user connections becoming linkable.

Now, this isn't the whole story. Maybe there are really
good security improvements that can be had by not fetching
the whole site over a single connection -- see e.g. item #1 on
https://tor.eff.org/volunteer#Research or (a more tenuous connection)
http://freehaven.net/anonbib/#pet05-serjantov
But on the third hand, see
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SplitStreams

Until somebody works through both the security issues and the performance
issues in a convincing way, we will likely just stick with the current
behavior.

--Roger