[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Re: Maximizing contribution with own ASN + IPv6 — exit vs guard, IPv6 exit, AS diversity



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello.

> Given that AS diversity is scarce, is an exit relay the highest-value
> use here, or does a high-bandwidth guard already help significantly
> from an underrepresented AS?

An exit on an underrepresented AS with underrepresented upstreams is the
most valuable contribution, but a high-bandwidth non-exit is still very
useful. If you're looking for diversity, make sure to check bgp.tools to
see what upstreams are in use. A unique AS that's single-homed Cogent
isn't as valuable as a unique AS that has underrepresented upstreams.

> IPv6 exit support seems uncommon — is enabling IPv6Exit on my exit a
> meaningful gap to fill, and any caveats?

Yes! Supporting IPv6 is very useful! I think Tor is planning on one day
deprecating relays that are not dual stack, although I don't know how
soon that is. There are no caveats, as long as the IPv6 is working.

> Any recommendations on exit policy and per-IP layout within my prefix
> to balance reachability and abuse handling?

Be 100% sure your provider is on board. Even if you own the IP range and
you're the abuse contact, many providers won't want to announce a prefix
that puts them or their contract at a colo facility at risk.

As for exit policy, you can start with ReducedExitPolicy if you haven't
run an exit before. Verify with your provider, since sometimes they
might want you to disable 22, 465, and 587 which are enabled by default
even on ReducedExitPolicy.

> If I run multiple relays, is the new cryptographic family scheme
> (FamilyId / tor --keygen-family) the right approach over legacy
> MyFamily?

For now, you have to use both. In the near future, the legacy scheme
will be deprecated and removed, but until then you still have to use it.

Regards,
forest
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQtr8ZXhq/o01Qf/pow+TRLM+X4xgUCaj2p1AAKCRAw+TRLM+X4
xpTwAQDBcsYk2eKC9g3zgLJj40mseQpRtjD6mBxvHeBFdXeuLwD9GoKuW7IVYhUU
YvOSq4bbNFdXRD9bIcbmY93XulrCGQs=
=P5gK
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx