<html>Hello Kevin<br /><br />Thanks a lot for your response.<br /><br />1) Regarding the speedtest, my firewall is limiting the speed to around 6.5Gbit/s. It's a fanless device and not capable to let me use the full 10Gbit/s. I host my hardware in my living room and can't install more powerfull, beacuse it would be too noisy and too big... My wife and kids will kill me :-)<br /><br />2) For the NIC currently in use: it's an Intel I219-LM (rev 10). Maybe the are better models around. But I don't believe, they would lower the CPU usage by magnitude(s). But I let me educate if I'm wrong.<br /><br />3) The CPU in use has the AES-NI flag set in "/proc/cpuinfo". So a litte acceleration is already in use.<br /><br />In the old days when using pfSense on a PC Engines Alix, I was using a mini PCI crypto accelerator card. And it could double or tripple the OpenVPN speed. So it seemed to me, that QAT could do the same for Tor.<br /><br />Andreas<br /><br />On Monday, April 11, 2022 15:58 CEST, Thoughts <thoughts@kevinsthoughts.com> wrote:<br /> <blockquote type="cite" cite="9af3b12e-4615-722a-83ed-7eaa2d4d035d@kevinsthoughts.com">Two suggestions:<br /><br />1) Run speedtest (https://www.speedtest.net) from behind your firewall<br />and verify your actual bandwidth (or at least get a good approximation<br /><smile>).<br /><br />2) Check the brand of NIC in your current machine. Intel NICs are<br />reportedly much more efficient than RealTek for handling large number of<br />packets - which is why they are recommended for most firewall machines. <br />Suspect that logic would apply for a Tor Relay as well.<br /><br />Suspect you also want a CPU with AES-NI support. Check the specs on the<br />web, AES-NI should be called out. "cat /proc/cpuinfo | grep aes" will<br />also tell you if your running some flavor of linux.<br /><br />Kevin<br /><br />ps. Dig around on the web for firewall hardware recommendations. I know<br />I've seen some tables on throughput for pfsense, shouldn't be too hard<br />to find and might throw some light on the situation.<br /><br />pps. Very jealous of your connectivity!<br /><br />On 4/10/2022 2:32 PM, Andreas Bollhalder wrote:<br />> Hi all<br />><br />> I have my first Tor relay up und running. It's currently installed on<br />> a little desktop computer with an Intel i5 9500T CPU. My Internet<br />> connection is 10Gb/s symetric. From this bandwidth, I would be able to<br />> spend a good part for supporting the Tor network.<br />><br />> With that little machine, it seems that it would max out at somewhere<br />> at ~30 MBytes/s. For my definitive Tor relay hardware, I'm currently<br />> researching some options, which would be capable of handling Tor<br />> traffic at the rate of 200 to 300MBytes. Even it would be used<br />> nowadays, but who knows whats coming in the future and I hope this<br />> relay would last 5 years ore so.<br />><br />> It looks to me, that with a normal CPU, it's impossible to reach my<br />> goal. But then I encountered, that Intel has the Quick Assist<br />> Technoloy (QAT) integrated in some of their products (ie. Atom C3xx8).<br />> This QAT can be used with OpenSSL as a hardware accelerator for<br />> encryption. There also exist dedicated PCIe cards with QAT (ie.<br />> Netgate CPIC-8955).<br />><br />> Searching the Internet, I couldn't find any information if QAT would<br />> be helpful with Tor. But Tor uses the OpenSSL library and this can use<br />> the QAT acceleration. Is there anyone who has tried this und can share<br />> his expirience?<br />><br />> Thanks in advance<br />> Andreas<br />><br />> _______________________________________________<br />> tor-relays mailing list<br />> tor-relays@lists.torproject.org<br />> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays<br />_______________________________________________<br />tor-relays mailing list<br />tor-relays@lists.torproject.org<br />https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</blockquote><br /><br /> </html>