[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Hardware sizing for physical exit node

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Hardware sizing for physical exit node
From: lists@xxxxxxxxxxxxxxx
Date: Wed, 10 Jul 2024 15:27:16 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 10 Jul 2024 09:27:44 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=for-privacy.net; s=easymail; t=1720618049; bh=S2q3W3DhW7Np38znILLyPKFBrgT72I5RUkny+j20eHU=; h=From:To:Subject:Date:In-Reply-To:References:From; b=bnZL0lJs+MmNtGm0C9CKmVLnk6TgnfmieKKo8il6MMR+fqUn0wZ/MPBktQnWQRdVa /ct93FkAVl+jA6avlf9GYg917wo5AlG+gSm7LroJxH7am2Vr5tZrX/qdv5FmXUJIkz 5MiM+Y4SWC+To1t3zmqdzZHhKoFKLnJmhexYXnXHyVZB+aik7poTZliV3O0sQLxT77 G1bbGI1qZfb8q/wGKRwVe2tXJQmPBZIuOvo0RRe4yEmKGr8Pd9XnJJURnJhvDduW0I lk2h0EanAehLqJVVA1LnFTJR20SVGKj9udHH4ctUwQluFr7FWsPlaJmmIOxa4LMjBL ZBYIX5LRal0sg==
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=for-privacy.net; s=easymail; t=1720618048; bh=S2q3W3DhW7Np38znILLyPKFBrgT72I5RUkny+j20eHU=; h=From:To:Subject:Date:In-Reply-To:References:From; b=R8dHIbzw+dpOEiTaefQEENYOEvO5kVHAM879ENWi30pX391iVlSAdBx/ly15uragi X3FjbI0c7y/j0IF4ElRofgCmiqjyAYMi6YIECE/R9cHDlpstrmMFMA6baHNKz0AO+n u5P5GymkvSHjLwpyGMLG9RFgPRWXrdVtr78+jiRMvLaFuPlGGwxlYjIUsUJp7y8KKq rJ99AYgH713/MmdwoyHGhHuZIrbVUIK64xxmIs36QXLNivG1Ucwypbz9AA+Ypq8x4d IlesQSUTtsOnbSz/NP9GwPt3Jn7VCgxVmAeqmHXYE1Mr4vhl0yHwyXUtNfwq3xkG4I YsRvCTGlG1e+g==
In-reply-to: <aab8b118-bb6b-4481-a305-2f00e77b0244@osservatorionessuno.org>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <aab8b118-bb6b-4481-a305-2f00e77b0244@osservatorionessuno.org>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Mittwoch, 10. Juli 2024 00:32:04 CEST Osservatorio Nessuno via tor-relays 
wrote:

> we are planning to get some hardware to run a physical Tor exit node,
> starting with a 1Gbps dedicated, unmetered uplink (10Gbps downlink). We
> will also route a /24 on it, so we will have large availability of
> addresses to run multiple instances. We have been running a few exit
> nodes so far, but never on our own hardware.

Your bottleneck is the 1G uplink.
For comparison, I have 2x Xeon E5-2680v2 10C/20T and 256Gb RAM
2x 10G nic (LACP bond) and I can not achieve 10G throughput with it.
As a rule of thumb, I would always count one instance per thread or core.
I have 40T and 40 tor exit instances.

F3Netze has specified the hardware in Contact info:
https://metrics.torproject.org/rs.html#search/185.220.100.

> Which is the bandwith limit per core/Tore instance? Or what can we
> expect to be the bottleneck?

That depends on the CPU clock speed. Fast Ryzen or Epyc's can do 50-70 MiB/s 
per core/instance.

> Due to some other requirements we need for some experiments (SFP ports,
> coreboot support, etc) we can mainly choose between these 2 CPUs:
> 	Intel i5-1235U
> 	Intel i7-1255U
> 
> The cost between the two models is significant enough in our case to
> pick the i7 only if it's really useful.
> 
> In both cases with 32GB of DDR5 RAM (we can max to 64 if needed, but is
> it?).
> 
> Should this allow us to saturate the uplink?

Guards need more resources than exits since the introduction of congestion-
control and because of DDoS I would use 64GB RAM for a guard.
With your IP space and 1G uplink, I would take the i5 with 32Gb, save the 
money and maybe add a second server later. Or if you build the hardware 
yourself, look for a used Epyc or Ryzen server. 16 or 32 core with high _base_ 
clock. Used server hardware from the data center is like new.

> To summarize, with this bandwith, this hardware and a /24 how many Tor
> exit nodes should be ideal to run considering that each of them could
> have their own address?

https://metrics.torproject.org/rs.html#search/185.220.101.
We are 5 relay orgs sharing a /24. Currently 5x 2x10G(or 25G)
With now 8 relays per IP, over 2000 instances can run in a /24 subnet. It 
would be nice if you share the subnet with 1-2 other relay operators.

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Hardware sizing for physical exit node
  - From: Osservatorio Nessuno via tor-relays

Prev by Author: Re: [tor-relays] Tor Metrics 'Running' flag is back for bridges who don't publish the OrPort
Next by Author: Re: [tor-relays] DDOS alerts from my provider
Previous by thread: [tor-relays] Hardware sizing for physical exit node
Next by thread: Re: [tor-relays] Hardware sizing for physical exit node
Index(es):
- Author
- Thread