[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Clone nodes

On Wed, Sep 26, 2007 at 01:27:57AM -0400, Gregory Maxwell wrote:
> What would be the implication of running multiple copies of tor with
> identical configuration and duplicated private key data on a single
> IP:PORT with a TCP connection based load-balancer in front of them?
> To the outside world it would look like a single host/node.

The main different that comes to mind is that when users ask your router
to extend to another router, you could end up with redundant (duplicate)
connections to those other routers. So it would strain the number of
file descriptors each router needs to use, and many are already running
at their limits.

> Would it break the Tor network?
> I've configured this on a private testing tor network and it appears
> to work without problems, but it is a huge pain to build a fake tor
> network big enough to do real testing.  I don't want to connect my
> clone nodes to the public network if there is a risk of causing
> breakage. ;)

I don't think it would be catastrophic if you want to do it for testing.

In fact, once upon a time, we had a feature called "router twins"
that is exactly what you describe.  We were hoping it would provide
better robustness for a given server -- this was back in the day when we
were using actual onions to lay circuits, and envisioning actual reply
onions rather than the current rendezvous design, so there was a need
for servers to be around for hours or even days after you built an onion.

But it is mildly harmful, so please don't do it long-term in a widespread

> The reasons I am interested in doing this are largely external to tor,
> although if it works without trouble it could be used to scale a tor
> node in the fortuitous event that there was ever enough traffic at one
> point to justify it (i.e. an exit enclave running on a popular site).

It seems like a smarter move would be to teach Tor to load balance between
multiple Tor servers if they all share the IP address of the destination.

But see