<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font size="2">Hi, <br>
</font></p>
<p><font size="2">my personnal experience with many many instances
on never redundant hardware (I know diversity in hardware,
locations...): <br>
</font></p>
<p><font size="2">This is Exit specific: <br>
</font></p>
<p><font size="2">1) never more than 4GB ram per core and never less
than 2 cores per IP, let me explain: <br>
</font></p>
<p><font size="2">a) most people will tell you that instances run
per core, so why 2 cores? <br>
</font></p>
<p><font size="2">+ because of DDOS and similar attacks, then the
instance is jumping to the other core and is much a higher cost
to kill than on their own (1 core).</font></p>
<p><font size="2">This has the effect of putting the attack
investment way above average and is going to save your instance
from falling back months earlier than its current reputation
level.<br>
</font></p>
<p><font size="2">b) An IP will receive complaints and be banned
(even when not from solely your ISP), not a VPS contract. <br>
+ you want to avoid compromising other instances and this is why
many IPs-max4GB is important: this spreads your hardware
potential accross diversified IP affected by individual
probabilities of being banned somewhere.</font></p>
<p><font size="2">2) CPU work from tore is basic, RAM is the
amplitude: you want a maximum of modern to medium-old CPUs
threads, <br>
save on your cpu choice (but study their known vulnerabilities)
for an even number of heads, prefer cpus with most threads.</font></p>
<p><font size="2"><br>
</font></p>
<p><font size="2">TO CONCLUDE:</font></p>
<p><font size="2">64GB ram for 10Gbps is normally overkill : <br>
</font></p>
<p><font size="2">10Gbps (octets) 24/7 is 3300 TeraB-Y-T-E-S /
month, this one hardware cap.<br>
I have never witnessed a conventional (relay) 1Gpbs-2BG-1thread
tor instance outperforming 10MB-Y-T-E-S, this is kind of a
Tor-cap.</font></p>
<p><font size="2">This is inviting to never overkill with a 10Gbps+
connection less than 100 x 10MB-Y-T-E-S (and this even when
stipulating max bandwidth to some infinite number in your
torrc).<br>
<br>
</font></p>
<p><font size="2">My answer: with 10Gbps unlimited bandwidth, have
100 threads (50 to 100 cores) at the cheapest CPU and 2GB to 4
GB per thread (more than 64GB in total).<br>
My answer for virtualized instances : when you do make the
unsecured choice of polling your ram on KVM (or alternative)
then the above works with 64GB ram. This is a bad idea.<br>
<br>
<br>
</font></p>
<p><font size="2">This is real world experience and I understand
that theory is suggesting very different perfomances <br>
namely : what?!!! 10MB for 2GB ram?!!!.</font></p>
<p><font size="2">yep. <br>
</font></p>
<p><font size="2"><br>
</font></p>
<p><font size="2">Carlos.<br>
</font></p>
<p><font size="2"><br>
</font></p>
<p><font size="2"><br>
</font></p>
<div class="moz-cite-prefix">On 7/10/24 12:32 AM, Osservatorio
Nessuno via tor-relays wrote:<br>
</div>
<blockquote type="cite"
cite="mid:aab8b118-bb6b-4481-a305-2f00e77b0244@osservatorionessuno.org">Hi
everyone,
<br>
we are planning to get some hardware to run a physical Tor exit
node, starting with a 1Gbps dedicated, unmetered uplink (10Gbps
downlink). We will also route a /24 on it, so we will have large
availability of addresses to run multiple instances. We have been
running a few exit nodes so far, but never on our own hardware.
<br>
<br>
Which is the bandwith limit per core/Tore instance? Or what can we
expect to be the bottleneck?
<br>
<br>
Due to some other requirements we need for some experiments (SFP
ports, coreboot support, etc) we can mainly choose between these 2
CPUs:
<br>
Intel i5-1235U
<br>
Intel i7-1255U
<br>
<br>
The cost between the two models is significant enough in our case
to pick the i7 only if it's really useful.
<br>
<br>
In both cases with 32GB of DDR5 RAM (we can max to 64 if needed,
but is it?).
<br>
<br>
Should this allow us to saturate the uplink?
<br>
<br>
To summarize, with this bandwith, this hardware and a /24 how many
Tor exit nodes should be ideal to run considering that each of
them could have their own address?
<br>
<br>
Thanks!
<br>
_______________________________________________
<br>
tor-relays mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
<br>
</blockquote>
<pre class="moz-signature" cols="72">--
PGP updated every second week : please actualize our communication every time.</pre>
</body>
</html>