[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Raising AuthDirMaxServersPerAddr to 4?



Hi all,

On 2 Jun 2019, at 05:22, Roger Dingledine <arma@xxxxxxxxxxxxxx> wrote:

I've been talking to a longtime exit relay operator, who is in the
odd position of having a good 1gbit network connection, but only one
IP address.

He used to push an average of 500mbit on his exit relay, but then the
HSDir DoS flatlined his relay for a while (!), and now, perhaps due to
the bwauth variability, his exit relay only recovered to maybe 200mbit.
He is running a second exit relay on that IP address, but also perhaps
due to the bwauth variability, it hasn't attracted much attention either.

I'd like to confirm the problem before we make major network changes.
(And I'd like to know how widespread it is.)

Which bandwidth authorities are limiting the consensus weight of these
relays? Where are they located?

Are the relays' observed bandwidths limiting their consensus weight?

Here's how the operator can find out:
https://trac.torproject.org/projects/tor/wiki/doc/MyRelayIsSlow#TorNetworkLimits

If the relays are being measured by longclaw's sbws instance, we should
also look at their detailed measurement diagnostics.

longclaw's bandwidth file is available at:
http://199.58.81.140/tor/status-vote/next/bandwidth

The real answer is to fix the bandwidth measurement infrastructure.

Do we have funding to continue to improve the bandwidth measurement
infrastructure? Or to maintain it?

If we don't have any grants in the pipeline, now would be a good time to
start some.

But
while we're patiently waiting for progress there, I've been thinking
to raise moria1's AuthDirMaxServersPerAddr to 4, i.e. to allow 4 relays
per IP address onto the network.

I don't think it would significantly increase our risk due to Sybil
attacks, whereas there is a clear benefit in terms of some more 100's
of mbits of good exit relay capacity.

I will propose this change to the dir-auth list in a bit, but here is
your chance to point out surprising impacts that I haven't thought of.

Splitting bandwidth between multiple relays has privacy implications,
because traffic is easier to track between instances.

It also increases the size of the consensus.

So we should choose a value for AuthDirMaxServersPerAddr that is
a compromise between these competing goals.

Why is 4 better than 3 or 5?

T
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev