[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Impact on running a tor relay on other internet services?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Impact on running a tor relay on other internet services?
From: Thoughts <thoughts@xxxxxxxxxxxxxxxxxx>
Date: Wed, 27 Jul 2022 19:29:40 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 01 Aug 2022 16:03:15 -0400
In-reply-to: <790ac9cd-4cdb-0220-a381-f52677feac1e@kevinsthoughts.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <790ac9cd-4cdb-0220-a381-f52677feac1e@kevinsthoughts.com>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0

Perhaps a related data point: per nyx I'm currently seeing about 20Kincoming connections but only 3.3K outbound. Shouldn't those be aboutthe same given I'm running a non-exit middle node?


On 7/27/2022 3:12 PM, Thoughts wrote:

Hi all - I've been running a TOR non-exit relay for several monthsnow. Its rare, but I'm seeing what I believe is the occasionalconnection attack, with my relay complaining about the number ofconnections and suggesting I reduce capacity. Those are rare, andmost of the time my server is running at about 20% CPU. Duringattacks, which seem unrelated to my Tor Upload/Download rate, CPUjumps to well over 100% (quad core, so 400% is max).
I'd normally just ignore this, but it seems to be impacting otheraspects of my network experience: Messenger Rooms will unexpectedclose, NetFlix gets "unable to stream this title", family complainsabout slow and dropped connections, etc. Just had it happen a fewminutes ago with a Messenger Room and sure enough, CPU is at 130%,even though I'm only pumping about 15MB/Sec (37.5MB/S limit, 56.2burst, 40.3 observered) over my gigabit ISP connection. Speedtestshows the performing within acceptable parameters.
So contemplating what I can do, since this is bothersome. I've comeup with a few alternatives, and curious about your thoughts:
1) Do some type of connection limiting at my PFSense Plus firewall. Perhaps limiting things to, say, 30 connections per IP address? Noteven sure that is possible, but figure it might lighten the load onthe TOR server.
2) Drop being a TOR non-exit relay and convert to a bridge. Not surehow long, if ever, it would take for my IP address, which is nowpublic, to fade off of block lists... Not ideal, but at least as abridge I'd still be servicing the environment.
3) Try connection limiting via iptables on the TOR host. Just seemslike doing that at the firewall would be better.
Thoughts?

Kevin

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: [tor-relays] Warn:
Next by Author: Re: [tor-relays] easy way to test my exit policy
Previous by thread: Re: [tor-relays] tor 0.4.6 reached end of life
Next by thread: [tor-relays] When will relays disappear form tor metrics
Index(es):
- Author
- Thread