Roger Dingledine: > On Wed, Feb 21, 2018 at 01:13:00PM +0000, Vasilis wrote: >> I see a number of warning log messages on a dedicated server: >> [WARN] Your computer is too slow to handle this many circuit creation requests! > > You get that warning message when there are too many create cells coming > in, and your relay ends up sending back preemptively destroy cells for > some of them. That is, it tries to estimate internally how long it will > take to handle the current queue of create cells, and if the queue gets > so big that the one that just arrived will take several seconds before > it can be processed, Tor just sends back a destroy cell instead, and > gives you this warn. > > The flood of circuits created by the ddos storm will be causing this > sort of warning sometimes. For example, my FreeBogatov relay gets 30-70 > million create requests per 6 hours, and when that number goes over > about 100 million, there are times where it can't keep up. > > (Careful though because the heartbeat message about number of circuits > does not count circuits that come from client connections. That is, the > circuits in the heartbeat count are only circuits that come via other > relays. So non-Guards are giving you a reasonably accurate count, and > Guards are leaving out an unknown number of circuits from their count, > and that unknown number could be quite large.) > > Ultimately, the fix needs to be that more and more relays upgrade to a > version of Tor tht includes the DDoS mitigation. One of the main goals > of the mitigation is not to help *your* relay in particular, since hey > maybe your relay is huge and it can keep up, but rather to slow down the > mass of circuits heading towards *other* relays after yours. > > That is, you need *other* relays to deploy the mitigation in order to > help you. > https://en.wikipedia.org/wiki/Herd_immunity Makes sense great explanation, thank you! Wasn't planning to stop running/administering any of the relays. >> Setting the NumCPUs option to the actual number of CPUs (2) didn't help. > > Are you sure you only have 2 cores? These days each cpu has many cores, > so a system with 2 cpus could easily have 8 cores. It's an old processor with 2 CPU and 1 core per CPU. >> Is this hardware really too old/slow to run a relay on one ethernet Gigabit link? > > Well, there are times where it isn't able to keep up. But if you turn > off the relay or turn down its capacity, then it will just increase the > load on the other relays. So I think we shouldn't worry too much about > these warnings during this period of overload. > > Oh, I guess I should ask: are you using 0.3.3.2-alpha or a version with > the ddos mitigation? If not, that's a clear next step. I 'll upgrade to the alpha version and closely monitor its activity. Thanks, ~Vasilis
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays