[tor-onions] Garbage collection of abandoned onion servers

rhatto rhatto at torproject.org
Thu Feb 9 22:12:16 UTC 2023 

On Sun, Dec 25, 2022 at 08:14:30PM +0100, p13dz p13dz via tor-onions wrote:
>    Hello,
>    We've built a solution to scale our onion server horizontally using
>    Kubernetes horizontal autoscaler. It's basically an onionbalance &
>    a set of wrappers to regenerate its config file depending on the set of
>    running TorHiddenService instances.

Very interesting!

I wonder if you plan to release this solution as a free/open source
software at some point.

>    Each time we scale the set of servers up, we start new Tor onion
>    servers on random addresses (that's what onionbalance expects), and
>    their descriptors are then merged into the single one by onionbalance.
>    When we delete old instances, their onion addresses are abandoned.
>    We want to be good citizens and not to clutter Tor's DHT with abandoned
>    records. My question basically is whether the Tor ecosystem
>    automatically deletes abandoned descriptors or not. If yes, we can keep
>    our system simpler. If not, we'll have to make the system stateful and
>    try to reuse our existing onions as much as possible.

TL;DR I think you can keep your system simple :)

Please others correct if I'm wrong, but as far as I understand you don't
have to worry about having disposable Onion Service addresses.

This does not overload Tor's "DHT-like" HSDir structure (which in fact is
a hash ring in constant renewal).

From the [rend-spec-v3]:

    2.2.2. When to publish a hidden service descriptor [WHEN-HSDESC]
    
       Hidden services periodically publish their descriptor to the responsible
       HSDirs. The set of responsible HSDirs is determined as specified in
       [WHERE-HSDESC].
    
       Specifically, every time a hidden service publishes its descriptor, it also
       sets up a timer for a random time between 60 minutes and 120 minutes in the
       future. When the timer triggers, the hidden service needs to publish its
       descriptor again to the responsible HSDirs for that time period.

    [...]

    2.2.5. Expiring hidden service descriptors [EXPIRE-DESC]
    
       Hidden services set their descriptor's "descriptor-lifetime" field to 180
       minutes (3 hours). Hidden services ensure that their descriptor will remain
       valid in the HSDir caches, by republishing their descriptors periodically as
       specified in [WHEN-HSDESC].

So a descriptor vanishes from the HSDirs after a while if it's not
regularly published. (See also section [HASHRING] and other sections in
that document for more info).

[rend-spec-v3]: https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/rend-spec-v3.txt

-- 
Silvio Rhatto
pronouns he/him
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-onions/attachments/20230209/6beb303b/attachment.sig>

More information about the tor-onions mailing list