Re: [tor-relays] inet_csk_bind

Re: [tor-relays] inet_csk_bind_conflict

To: Anders Trier Olesen <anders.trier.olesen@xxxxxxxxx>

Subject: Re: [tor-relays] inet_csk_bind_conflict

From: Christopher Sheats <yawnbox@xxxxxxxxxxxxxxxx>

Date: Mon, 5 Dec 2022 20:33:16 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=emeraldonion.org; dmarc=pass action=none header.from=emeraldonion.org; dkim=pass header.d=emeraldonion.org; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UQAjp2yEs2RHkEVVAyBtPUjgTiPpE1KQ9uE9dyWJG2k=; b=Rn2VKuHEPgkLgJY5vbpa48f2hOqGLpHlp6D+APv5H470wexdkl+HkBdZxd3zLk+9jWzixJ7LLziAscYNKw8sEf5uiC+vIp8VSJpNTXqKDvZ1NDGJwq+ewheIcgPLDhry0wfRMjjuybf8vy894VFvmCsgZXmh2lfkDk+a1BxK89qnUMdzehtLBicVEVCfgq3oWBMzF8y+Em5eWBeM/hKTbpk7KhxQ6NcKWE+x7l1fMcLkApVf8SorsCdDXvz3mcmd4lZ7FB3ArAK7gM5Lx8kyXDGyQKHxY8NsyMy1G7Qn12lYZzJU8T+P4rk32uCUbbtv0CRd0l/bn3mWGHoX38x6CA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aealWZfU10yhCug6E0iqMRezOVaEdp2kFUSV+dVJPzqpH5AKdcAtrD2zcRVrG4TCpNV5bAKLbqDlMr3YtvZs9Ui8+IFGvv8ZYBOz4tELB/ubgBDVSPgZ6nc5uy7jMyF5z0HOtXxsfoVQXdOy6TSGJpsq31H3fpHayyjSya5kHOpm3GM+izjb6OtTz1tLs2dVkBg1EzbhlQ+0jHHitx8GXSfL6MAIdXUay3Ep0SUp0jahP12wiK8XvKmGUf0RXZcTkcQJon2vdo9ue8XAoRmH2cC0t+7Ng5bvGxOKHvkDXWUbj6MI6yjJoDmYc7DGXTpmWcxLLs+XTonMvrhJi5cq9A==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=emeraldonion.org;

Cc: "tor-relays@xxxxxxxxxxxxxxxxxxxx" <tor-relays@xxxxxxxxxxxxxxxxxxxx>

Delivered-to: archiver@xxxxxxxx

Delivery-date: Tue, 06 Dec 2022 06:10:48 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=emeraldonionorg.onmicrosoft.com; s=selector2-emeraldonionorg-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UQAjp2yEs2RHkEVVAyBtPUjgTiPpE1KQ9uE9dyWJG2k=; b=sholLc569A+D792yNT7Vk/ni2J8u7E+B0NeRJ0ipolH1MlBTVvmHy36f/dTx+rle8ZgbGKFrWrAxIANRnLvjCEVHfy0JdQXVx241MZn8FVfVv5b8Hc38VzisGqDbQQN6bTjZRE9ZZEQOEBc9c/13Aey1zVGJRnST/tgkNq9Kvdw=

In-reply-to: <CAJepwD1vFe+WdAn2g97fqHX92=PtvLVr1dLo5KXknSpyK2eMhg@mail.gmail.com>

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays $exit, non-exit, bridge$" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

References: <B11BC7C2-89A1-47AC-B640-E601AD3E496F@emeraldonion.org> <CAJepwD1vFe+WdAn2g97fqHX92=PtvLVr1dLo5KXknSpyK2eMhg@mail.gmail.com>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Thread-index: AQHZBcR2ygactS1plku5VGzU/qixaK5cAfkAgAPEDIA=

Thread-topic: [tor-relays] inet_csk_bind_conflict

server1:~$ ss -s

Total: 454644

TCP: 465840 (estab 368011, closed 36634, orphaned 7619, timewait 11466)

Transport Total IP IPv6

RAW 0 0 0

UDP 48 48 0

TCP 429206 413815 15391

INET 429254 413863 15391

FRAG 0 0 0

81% inet_csk_bind_conflict

server2:~$ ss -s

Total: 460089

TCP: 477026 (estab 367786, closed 42817, orphaned 7456, timewait 17239)

Transport Total IP IPv6

RAW 0 0 0

UDP 71 71 0

TCP 434209 418235 15974

INET 434280 418306 15974

FRAG 1 1 0

80% inet_csk_bind_conflict

(total combined throughput at the time of measurement was ~650 Mbps symmetrical per transit provider metrics, this low throughput volume is common when inet_csk_bind_conflict is this high)

Re OutboundBindAddress - yes, for both v4 and v6

Re kernel version - 5.15.0-56-generic (jammy). Foundation for Applied Privacy recommended that we try the nightly repo which apparently includes the IP_BIND_ADDRESS_NO_PORT change. However that merge request mentions a workaround of modifying net.ipv4.ip_local_port_range, which we've already performed.

Christopher Sheats (yawnbox)

Executive Director

Emerald Onion

Signal: +1 206.739.3390

Website: https://emeraldonion.org/

Mastodon: https://digitalcourage.social/@EmeraldOnion/

On Dec 3, 2022, at 3:02 AM, Anders Trier Olesen <anders.trier.olesen@xxxxxxxxx> wrote:

Hi Christopher

How many open connections do you have? (`ss -s`)
Do you happen to use OutboundBindAddress in your torrc?

What I think we need is for the Tor developers to include this PR in a release: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/579
Once that has happened, I think the problem should go away, as long as you run a recent enough Linux kernel that supports IP_BIND_ADDRESS_NO_PORT (since Linux 4.2).

- Anders

fre. 2. dec. 2022 kl. 09.24 skrev Christopher Sheats <yawnbox@xxxxxxxxxxxxxxxx>:
Hello tor-relays,

We are using Ubuntu server currently for our exit relays. Occasionally, exit throughput will drop from ~4Gbps down to ~200Mbps and the only observable data point that we have is a significant increase in inet_csk_bind_conflict, as seen via 'perf top', where it will hit 85% [kernel] utilization.

A while back we thought we solved with with two /etc/sysctl.conf settings:
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_tw_reuse = 1

However we are still experiencing this problem.

Both of our (currently, two) relay servers suffer from the same problem, at the same time. They are AMD Epyc 7402P bare-metal servers each with 96GB RAM, each has 20 exit relays on them. This issue persists after upgrading to 0.4.7.11.

Screenshots of perf top are shared here: https://digitalcourage.social/@EmeraldOnion/109440197076214023

Does anyone have experience troubleshooting and/or fixing this problem?

Cheers,

--
Christopher Sheats (yawnbox)
Executive Director
Emerald Onion
Signal: +1 206.739.3390
Website: https://emeraldonion.org/
Mastodon: https://digitalcourage.social/@EmeraldOnion/

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays