[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Load balancing (with IPVS) multiple Tor daemons



> On 8 Jul 2017, at 08:36, nusenu <nusenu-lists@xxxxxxxxxx> wrote:
> 
> 
> 
> Clodo:
>> The objective it's making a single Tor Relay and using on the machine
>> many daemons on a multicore server.
>> I hope someone can give me a feedback if this kind of configuration can
>> be problematic for Tor network before test in a real environment.
> 
> there can only be a single tor instance at a given IP:ORPort because tor
> clients expect a specific tor relay at that location (public key as
> defined in consensus)

These things will break:
* if multiple tor daemons update the same onion keys at the same time,
  the key files may get corrupted or the cross-certification may not
  refer to the keys being used. This would break all Tor instances for
  any circuits after a week or a month (depending on the tor version).
* your relays will place additional load on the directory authorities
  by uploading multiple identical descriptors
* if these descriptors ever get out of sync, they will replace each
  other, causing unpredictable behaviour

Because clients expect to access the same process with the same identity:
* your relay will not be usable as an HSDir
* your relay will not be usable as an Introduction Point
* your relay will not be usable as a Rendezvous Point

> you can simple run 2 tor instances per public IP using different ORPorts

Tor uses multithreaded crypto already: depending on the speed of your
processor, you can get up to 400 Mbps per instance (250 Mbps is
typical).

You can also get a second IPv4 address, and run 2 Tor daemons on that
IP address as well.

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------



Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays