> Hi,
> We're currently running 6 different 100-200Mbit relay/guard nodes, and
> are looking at some issues moving on towards high performant exit nodes.
>
> There are some administrative issues ( needing another IP block due to
> the RIPE registration, our ISP doesn't want their name on the exit nodes
> that we are responsible for )
> which are generally minor ( are being resolved anyhow ) and then the big
> stumbling block.
>
> Right now, with iptables modifications ( raw tables hacks to disable
> conntrack, bucket increases, following the general best practices ) our
> firewall is running at high amounts of CPU, but coping. However, once we
> start introducing Exit Nodes into this equation, things turn sour.
>
> So, since we do not want to trust only routing level separation between
> Exit Nodes and internal networks, we're going to have to invest into new
> hardware that can cope with this. Before this, we tried Ingate firewalls,
> and they weren't capable of coping with the load of guard nodes.
>
> ( The traditional "linux box in front" doesn't quite cut it due to
> networking hardware in most cases. )
>
> So,
> in summary, when you get to the point of actively dealing with 8-900Mbps
> of Tor traffic ( on top of normal users and others) what hardware is needed
> to cope with firewalling?
>
Hey Dennis,