[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Impact on running a tor relay on other internet services?
Perhaps a related data point: per nyx I'm currently seeing about 20K
incoming connections but only 3.3K outbound. Shouldn't those be about
the same given I'm running a non-exit middle node?
On 7/27/2022 3:12 PM, Thoughts wrote:
Hi all - I've been running a TOR non-exit relay for several months
now. Its rare, but I'm seeing what I believe is the occasional
connection attack, with my relay complaining about the number of
connections and suggesting I reduce capacity. Those are rare, and
most of the time my server is running at about 20% CPU. During
attacks, which seem unrelated to my Tor Upload/Download rate, CPU
jumps to well over 100% (quad core, so 400% is max).
I'd normally just ignore this, but it seems to be impacting other
aspects of my network experience: Messenger Rooms will unexpected
close, NetFlix gets "unable to stream this title", family complains
about slow and dropped connections, etc. Just had it happen a few
minutes ago with a Messenger Room and sure enough, CPU is at 130%,
even though I'm only pumping about 15MB/Sec (37.5MB/S limit, 56.2
burst, 40.3 observered) over my gigabit ISP connection. Speedtest
shows the performing within acceptable parameters.
So contemplating what I can do, since this is bothersome. I've come
up with a few alternatives, and curious about your thoughts:
1) Do some type of connection limiting at my PFSense Plus firewall.
Perhaps limiting things to, say, 30 connections per IP address? Not
even sure that is possible, but figure it might lighten the load on
the TOR server.
2) Drop being a TOR non-exit relay and convert to a bridge. Not sure
how long, if ever, it would take for my IP address, which is now
public, to fade off of block lists... Not ideal, but at least as a
bridge I'd still be servicing the environment.
3) Try connection limiting via iptables on the TOR host. Just seems
like doing that at the firewall would be better.
Thoughts?
Kevin
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays