Hi Gordon and Matthias,
I've split your discussion from the original thread "Running exit-node in Germany" and created a new one.
I fully agree with you that the Raspberry Pi is the perfect device to let others run a Tor Relay Node very easily. What follows is a long mail about my experiences and more thoughts about the Pi as relay.
On Thu, Aug 1, 2013 at 5:29 PM, Gordon Morehouse
<gordon@xxxxxxxxxxxx> wrote:
Matthias Redies:
> Ok that is good to know. Right know I will probably run it on 1-1.5 Mbps
> and later on 3-4 Mbps. What is the maximum your raspberry is capable to
> do? Please let me know if you publish your tutorial.
I had it pushing about 1.5Mbps and crashing only about once a week
before I started having TCP connect floods and had to take it offline
until I could pay attention for a while. I'm still tuning it. It
crashed much, much more often before some basic tuning, though.
I'm running a relay node on a Raspberry Pi at my VDSL home
connection for several weeks now (provider "Deutsche Telekom",
connection is 50mbps down, 10 up) and I didn't run into such issues so far.
My current configuration has only the following two non-default options:
DisableDebuggerAttachment 0
AvoidDiskWrites 1
(Plus, I run it as relay only by disabling the socks proxy with "SocksPort 0".)
As you can see, it forwards on average between 2-4mbps (256-512 kB/sec) and there're peaks as high as 5.5mbps (~700 kB/s). The throughput varies depending on the day of week and time of day and therefore I believe the low average isn't the Raspberry's fault. I guess, if I set a higher advertised value, then I would see a more constant throughput closer to the peak value. Currently, it's set to 10mbps:
RelayBandwidthRate 1024 KB
RelayBandwidthBurst 1024 KB
(Note that the Pi is definitely not able to forward 10mbps of Tor traffic, but it would be great to max it out 24/7.)
The logged throughput is also consistent with what I saw with the console traffic monitor "nload" (suggested command line options for nicer units and less refreshes: nload -u K -U G -t 3000). I guess, I saw even higher peaks there. Monitoring everything with "arm" is also nice but far too CPU intensive.
More information about my setup:
- I have the B revision with 512 MB memory
- running stock Raspbian
- installed "tor" package 0.2.3.25-1 from the Raspbian repository
- CPU is overclocked using "raspi-config" to 950 MHz
Before I overclocked the Pi, I saw a similar average throughput.
When you search for "rasp" at Tor Atlas or Globe (e.g.
http://globe.rndm.de/#/search/query=rasp) , you can see that there're already more than 40 devices running. My node performs quite well compared to others and I would argue that it's in the top 5 among all Raspberry Pi nodes so far.
I've attached the summary output of "openssl speed" for my overclocked Pi (950 MHz) to this mail. As you can see, the numbers are higher than the reference one (I guess probably due to overclocking and different OpenSSL version).
I've also attached the log of notices of the last 4 days (unfortunately no longer logs available). Within four days there was only one "Your computer is too slow to handle this many circuit creation requests!" warning and one "Failed to hand off onionskin.". In general I would say, I haven't seen any serious issues so far.
And my plan is to publish my results to the entire list, because at $35,
Raspberry Pis can make *great* relays for slower home broadband, but
they need a little tender loving care first. :)
I totally agree with you. Recently, there has been
quite some buzz about the OnionPi howto (
http://learn.adafruit.com/onion-pi/overview) but its main goal wasn't
providing a long-running relay node. In my opinion, this should get addressed separately and made as simple as possible for novices. My guess is that many people want to contribute bandwidth, but they do not want to deal with Linux specifics (and definitely do not want to get into any trouble with the police). They need a plug-and-forget solution: attach the Pi to the router and leave it running in the closet for months. If it has to be restarted, Tor Weather can send them an email.
What do you think about documenting the setup of the relay in the Tor wiki?
I'm not very familiar with the Tor Project yet, but to me it looks like the wiki will be the best place. Other people can contribute as well and it will be visible enough. It would be good if there's an always up-to-date wiki page which could become the reference for new users.
The idea of the Raspberry Pi as relay node could be even further expanded:
- Matthias already mentioned that there should be a specific image for it. I agree!
- New users would prefer a simple webinterface to configure the relay (basically a Vidalia as webinterface :-)
- Such a webinterface should also show statistics e.g., "Your node has forwarded 1 TB in the last 4 weeks." This will show people that their contribution made a difference and it will make them happy and more confident about it. Eventually, they'll convince others to run a relay as well.
I won't have the time to realize these ideas, but maybe others want to jump in. Further work and testing could be coordinated on this mailing list?
I hope to have something up in a week or two, I need to watch it for a
while and continue to tweak, and maybe develop a solution for the TCP
storms that can bring down a lot of consumer routers, before publishing
for all.
I run a regular Linux PC as router which forwards all the traffic of the
Pi. The machine has more than enough CPU power and therefore I haven't
seen any issues there. Since the two months that I run the relay node on the Pi, my Linux PC router has frozen twice (which didn't happen before). But I'm not sure that it can be related to the forwarding of the relay node traffic.
For a broader adaption it's definitely necessary
to look into the behavior of the most popular routers e.g., the ones
given out by the major providers. These things could be documented on the Tor Wiki as well.