- tor-relays - lists.torproject.org

Re: Guidance on optimal Tor relay server configurations - Best CPUs to Lower Colocation Costs for 10Gbps+ Tor Relays
by Tor at 1AEO 01 Apr '25

01 Apr '25

AMD EPYC 8534P and AMD EPYC 9535 are the best CPUs to minimize monthly colocation cost, based on two main factors of power (watts) and rack size, for Tor relay servers at 10 Gbps+ with 128 threads. Power seems to be largest contributor to colocation cost and CPU seems to be largest contributor to power. Open to thoughts / additional insights to lower colocation costs. The comments about EPYC were very helpful, especially as I've only had Intel until now. I've started moving to EPYC 8534P. After comparing options, AMD’s EPYC line currently offers the most power-efficient CPUs for 128+ threads—outperforming even the new Xeon 6E cores in threads-per-watt (and threads-per-watt weighted by clock speed) from 200 to 500 watts TDP. Selection criteria: - >=128 threads - lowest TDP wattage (also using "AMD configurable TDP (cTDP)" - maximizing PCIe version (5.0) - PCIe lanes (>= x96) - DDR5 RAM capacity (>=576GB) - DDR5 RAM speed (>= 4800 MT/s) For scenarios needing more than 128 threads, consider: - AMD EPYC 9634: 168 threads, 2.25 GHz base, min TDP 240W - AMD EPYC 9845: 320 threads, 2.1 GHz base, min TDP 320W For older generation systems (PICe 4.0 or DDR4), EPYC 7702 and EPYC 7763 were best options. Brief table: Name Series # of CPU Cores # of Threads Base Clock Max. Boost Clock All Core Boost Speed L3 Cache Default TDP Min TDP AMD Configurable TDP (cTDP) Socket Count PCI Express® Version System Memory Type Memory Channels System Memory Specification Per Socket Mem BW AMD EPYC™ 8534P EPYC 8004 Series 64 128 2.3 GHz Up to 3.1 GHz 3.1 GHz 128 MB 200W 155 155-225W 1P PCIe® 5.0 x96 DDR5 6 Up to 4800 MT/s 230.4 GB/s AMD EPYC™ 9634 EPYC 9004 Series 84 168 2.25 GHz Up to 3.7 GHz 3.1 GHz 384 MB 290W 240 240-300W 1P / 2P PCIe® 5.0 x128 DDR5 12 Up to 4800 MT/s 460.8 GB/s AMD EPYC™ 9535 EPYC 9005 Series 64 128 2.4 GHz Up to 4.3 GHz 3.5 GHz 256 MB 300W 240 240-300W 1P / 2P PCIe® 5.0 x128 DDR5 12 Up to 6400 MT/s 614 GB/s AMD EPYC™ 9845 EPYC 9005 Series 160 320 2.1 GHz Up to 3.7 GHz 3.25 GHz 320 MB 390W 320 320-400W 1P / 2P PCIe® 5.0 x128 DDR5 12 Up to 6400 MT/s 614 GB/s ~200 AMD CPU full list: https://www.amd.com/en/products/specifications/server-processor.html >> On Friday, February 21st, 2025 at 2:40 AM, mail--- via tor-relays <tor-relays(a)lists.torproject.org> wrote: >> >>> Hi, >>> >>>> Summary from your email - did I miss anything? >>> >>> Yes, with the general disclaimer (not to sound like a lawyer) that your mileage may vary. For example we run everything bare metal on FreeBSD and run a mix of guard/middle/exit relays. Running the same workload virtualized or on another operating system may impact the performance/overhead (either positively or negatively). Also your RAM budget of 4 GB per relay may be a bit on the safe side, I don't think it would hurt to lower this. >>> >>>> What are the primary factors that justify running up to two Tor relays per physical core (leveraging SMT) versus a one-to-one mapping? >>> >>> Tor relays sadly don't scale well. They fluctuate on a daily basis (the Tor network as a whole does) and even their general utilization is kind of unpredictable. So I think there are two approaches to this: >>> >>> 1) Run 1 relay per physical core, accepting that your CPU will idle a large amount of the time (50%+ in our case). >>> >>> 2) Run multiple Tor relays per physical core until you saturate 90-95% of your CPU cycles, accepting additional system overhead/congestion. >>> >>> There is no right or wrong here. In our case we went with running multiple relays per core because we want to utilize the (very expensive) hardware we run on as much as possible. Every CPU cycle not spent on privacy enhancing services is a wasted CPU cycle from our point of view ;). >>> >>>> Is one-to-one mapping of Tor relay to core/thread the most compute- and system-efficient approach? >>> >>> Yes, this should lower the amount of congestion (interrupts and stuff). In this sense it can also be beneficial to lock your NIC/irq threads to specific cores. >>> >>>> Are the clock speeds you listed base or turbo numbers (3.4, 2.25 and 2.0 Ghz)? >>> >>> Base indeed. No CPU is able to consistently maintain their turbo speed on this many cores. When all cores are utilized, the base speed pretty much is the max speed in practice. >>> >>>> From your real world scenario #2 and advice for the "fastest/best hardware", would this type of server work well for a $20k budget? >>> >>> Looks like a capable server. That CPU looks powerful enough but keep in mind that it has a rather low clockspeed, so you will be running many medium speed relays. Nothing wrong with that since CPUs with this many cores simply don't/can't have high base clocks. Also I think 512 GB of RAM would be enough unless you run a *lot* of relays on it (which may be a viable strategy to utilize your CPU fully). >>> >>> Just a note: in my experience the Epyc platform (especially when self-build) provides a bit more bang for your buck. For example a AMD Epyc 9969 with 192 cores/384 threads(a)2.25 Ghz baseclock will probably outperform the Intel 6980P considerably (for Tor workloads at least), while being much cheaper (listing price at least). But of course this greatly depends on where you buy the server or parts so your mileage may vary. When I look around here locally a complete self-build system with the 192 core Epyc, 512 GB RAM and a 100 Gb/s NIC would cost ~12k excluding VAT before any tax benefits. But your proposed server will work perfectly fine as well so if you prefer a brand, go for it :). >>> >>>> Assuming one relay per core/thread, would this setup be capable of saturating 40 Gbps, given that 10 Gbps typically saturated with ~31.5 physical cores + ~31.5 SMT threads at 2 Ghz and thus 256 relays vs ~63 relays translates roughly to 4×10 Gbps = 40 Gbps? >>> >>> Assuming you get the Tor relays to saturate their cores, yes. That CPU should be able to push 40 Gb/s of Tor traffic. Our ~2019 64 core/128 thread Epyc pushes 10 Gb/s of Tor traffic on a bit less than half it's capacity. And your CPU is newer (better IPC hopefully if Intel finally stepped up their game since 2019), has much more cache and runs on DDR5 while having a bit lower base clock. So it should perform at least similar but probably better than ours. >>> >>> Do you have the network capacity covered already? If you plan to do 40 Gb/s, then you also need enough peers/upstream capacity. The required networking equipment and connections themselves for this can also be costly. >>> >>> Cheers, >>> >>> tornth >>> >>> Feb 20, 2025, 08:42 by tor(a)1aeo.com: >>> >>>> Excellent information, especially the real world scenarios! Exactly what I was looking for! >>>> >>>> Summary from your email - did I miss anything? >>>> >>>> To saturate 10 Gbps connection: >>>> 1) IPv4 Allocation: Use between 5 and 20. Much lower than 256 in a /24! >>>> 2) Tor Relay Count: Run roughly ~40 to ~150, depending on CPU clock speed, i.e. faster clock, fewer relays needed. >>>> 3) CPU Utilization: 1 Tor relay per physical core preferred but okay to scale to 1 Tor relay per threads/SMT as well, up to 2x Tor relays per core/thread >>>> 4) RAM requirements: Maintain a 4:1 RAM-to-core/relay ratio (4GB per core/relay), including extra 32GB per server to cover DoS, OS, networking, etc. overheads >>>> >>>> In general, some ideals but not required: >>>> CPU clock speed: Higher CPU clock speed, better relay performance >>>> RAM: Fewer relays, lower RAM requirements >>>> RAM: Add ~32GB to overall RAM capacity sizing for OS, DNS, networking, DoS, etc. >>>> IPv4: One IPv4 per relay with common traffic ports >>>> >>>> Scaling: Start with 1 Tor relay per physical core, then add 1 Tor relay per thread/SMT and stop at 2 Tor relays per each core / thread. >>>> >>>> What are the primary factors that justify running up to two Tor relays per physical core (leveraging SMT) versus a one-to-one mapping? >>>> Ex: 37-74 for ~18.5 physical + SMT and 63-126 for ~31.5 physical + SMT. >>>> >>>> Is one-to-one mapping of Tor relay to core/thread the most compute- and system-efficient approach? >>>> >>>> Are the clock speeds you listed base or turbo numbers (3.4, 2.25 and 2.0 Ghz)? I'm assuming base. Not sure if anybody has data on how these impact Tor relays? >>>> >>>> From your real world scenario #2 and advice for the "fastest/best hardware", would this type of server work well for a $20k budget? >>>> A single-socket Xeon 6980P (128 physical cores, 256 threads, base clock 2.0 GHz, turbo up to 3.9 GHz) with 1024GB DDR5 (maintaining a 4:1 ratio) and an AIOM Mellanox NIC be optimal? Assuming one relay per core/thread, would this setup be capable of saturating 40 Gbps, given that 10 Gbps typically saturated with ~31.5 physical cores + ~31.5 SMT threads at 2 Ghz and thus 256 relays vs ~63 relays translates roughly to 4×10 Gbps = 40 Gbps? >>>> >>>> For those curious, according to ChatGPT o3-mini-high deep research: >>>> 1) 20% cap on bandwidth contributions for exit relays is roughly 50+ Gbit/s for the largest operators. >>>> 2) 10% of Tor's consensus weight in terms of bandwidth for 2025 is roughly 90-95 Gbps of sustained bandwidth. In 2022, it would have been ~68 Gbps. >>>> I don't plan to have this issue any time soon, but good to be aware! >>>> >>>> Screenshots of the lengthy responses below and attached. >>>> >>>> [image.png] >>>> >>>> [image.png] >>>> [image.png] >>>> [image.png] >>>> >>>> Sent with[Proton Mail](https://proton.me/mail/home)secure email. >>>> >>>> On Tuesday, February 18th, 2025 at 2:23 PM, mail(a)nothingtohide.nl <mail(a)nothingtohide.nl> wrote: >>>> >>>>> Hi, >>>>> >>>>> Many people already replied, but here are my (late) two cents. >>>>> >>>>>> 1) If a full IPv4 /24 Class C was available to host Tor relays, what are some optimal ways to allocate bandwidth, CPU cores and RAM to maximize utilization of the IPv4 /24 for Tor? >>>>> >>>>> "Optimal" depends on your preferences and goals. Some examples: >>>>> >>>>> - IP address efficiency: run 8 relays per IPv4 address. >>>>> - Use the best ports: 256 relays (443) or 512 relays (443+80). >>>>> - Lowest kernel/system congestion: 1 locked relay per core/SMT thread combination, ideally on high clocked CPUs. >>>>> - Easiest to manage: as few relays as possible. >>>>> - Memory efficiency: only run middle relays on very high clocked CPUs (4-5 Ghz). >>>>> - Cost efficiency: run many relays on 1-2 generations old Epyc CPUs with a high core count (64 or more). >>>>> >>>>> There are always constraints. The hardware/CPU/memory and bandwidth/routing capability available to you are probably not infinite. Also the Tor Project maximizes bandwidth contributions to 20% and 10% for exit relay and overall consensus weight respectively. >>>>> >>>>> With 256 IP addresses on modern hardware, it will be very hard to not run in to one of these limitations long before you can make it 'optimal'. Hardware wise, one modern/current gen high performance server only running exit relays will easily push enough Tor traffic to do more than half of the total exit bandwidth of the Tor network. >>>>> >>>>> My advice would be: >>>>> 1) Get the fastest/best hardware with current-ish generation CPU IPC capabilities you can get within your budget. To lower complexity with keeping congestion in control, one socket is easier to deal with than a dual socket system. >>>>> >>>>> (tip for NIC: if your switch/router has 10 Gb/s or 25 Gb/s ports, get some of the older Mellanox cards. They are very stable (more so than their Intel counterparts in my experience) and extremely affordable nowadays because of all the organizations that throw away their digital sovereignty and privacy of their employees/users to move to the cloud). >>>>> >>>>> 3) Start with 1 Tor relay per physical core (ignoring SMT). When the Tor relays have ramped up (this takes 2-3 months for guard relays) and there still is considerable headroom on the CPU (Tor runs extremely poorly at scale sadly, so this would be my expectation) then move to 1 Tor relay per thread (SMT included). >>>>> >>>>> (tip: already run/'train' some Tor relays with a very limited bandwidth (2 MB/s or something) parallel to your primary ones and pin them all to 1-2 cores to let them ramp up in parallel to your primary ones. This makes it *much* less cumbersome to scale up your Tor contribution when you need/want/can do that in the future). >>>>> >>>>> 4) Assume at least 1 GB of RAM per relay on modern CPUs + 32 GB additionally for OS, DNS, networking and to have some headroom for DoS attacks. This may sound high, especially considering the advice in the Tor documentation. But on modern CPUs (especially with a high clockspeed) guard relays can use a lot more than 512 MB of RAM, especially when they are getting attacked. Middle and exit relays require less RAM. >>>>> >>>>> Don't skimp out on system memory capacity. DDR4 RDIMMs with decent clockspeeds are so cheap nowadays. For reference: we ran our smaller Tor servers (16C(a)3.4Ghz) with 64 GB of RAM and had to upgrade it to 128 GB because during attacks RAM usage exceeded the amount available and killed processes. >>>>> >>>>> 5) If you have the IP space available, use one IPv4 address per relay and use all the good ports such as 443. If IP addresses are more scarce, it's also not bad to run 4 or 8 relays per IP address. Especially for middle and exit relays the port doesn't matter (much). Guard relays should ideally always run on a generally used (and generally unblocked) port. >>>>> >>>>>> 2) If a full 10 Gbps connection was available for Tor relays, how many CPU cores, RAM and IPv4 addresses would be required to saturate the 10 Gbps connection? >>>>> >>>>> That greatly depends on the CPU and your configuration. I can offer 3 references based on real world examples. They all run a mix of guard/middle/exit relays. >>>>> >>>>> 1) Typical low core count (16+SMT) with higher clockspeed (3.4 Ghz) saturates a 10 Gb/s connection with ~18.5 physical cores + SMT. >>>>> 2) Typical higher core count (64+SMT) with lower clockspeed (2.25 Ghz) saturates a 10 Gb/s connection with ~31.5 physical cores + SMT. >>>>> 3) Typical energy efficient/low performance CPU with low core count (16) with very low clockspeed (2.0 Ghz) used often in networking appliances saturates a 10 Gb/s connection with ~75 physical cores (note: no SMT). >>>>> >>>>> The amount of IP addresses required also depends on multiple factors. But I'd say that you would need between the amount and double the amount of relays of the mentioned core+SMT count in order to saturate 10 Gb/s. This would be 37-74, 63-126 and 75-150 relays respectively. So between 5 and 19 IPv4 addresses would be required at minimum, depending on CPU performance level. >>>>> >>>>> RAM wise the more relays you run, the more RAM overhead you will have. So in general it's better to run less relays at a higher speed each than run many at a low clock speed. But since Tor scales so badly you need more Relays anyway so optimizing this isn't easy in practice. >>>>> >>>>>> 3) Same for a 20 Gbps connection, how many CPU cores, RAM and IPv4 addresses are required to saturate? >>>>> >>>>> Double the amount compared to 10 Gb/s. >>>>> >>>>> Good luck with your Tor adventure. And let us know your findings with achieving 10 Gb/s when you get there :-). >>>>> >>>>> Cheers, >>>>> >>>>> tornth >>>>> >>>>> Feb 3, 2025, 18:14 by tor-relays(a)lists.torproject.org: >>>>> >>>>>> Hi All, >>>>>> >>>>>> Looking for guidance around running high performance Tor relays on Ubuntu. >>>>>> >>>>>> Few questions: >>>>>> 1) If a full IPv4 /24 Class C was available to host Tor relays, what are some optimal ways to allocate bandwidth, CPU cores and RAM to maximize utilization of the IPv4 /24 for Tor? >>>>>> >>>>>> 2) If a full 10 Gbps connection was available for Tor relays, how many CPU cores, RAM and IPv4 addresses would be required to saturate the 10 Gbps connection? >>>>>> >>>>>> 3) Same for a 20 Gbps connection, how many CPU cores, RAM and IPv4 addresses are required to saturate? >>>>>> >>>>>> Thanks! >>>>>> >>>>>> Sent with[Proton Mail](https://proton.me/mail/home)secure email.

1 0

Tor Relay Deployment Dilemma: Single 40Gbps Server or Four 10Gbps Machines?
by Tor at 1AEO 01 Apr '25

01 Apr '25

Looking for feedback on my Tor relay configuration decision: Assuming both options cost the same and provide the same aggregate bandwidth—and by “better,” I mean improved advertised bandwidth, reliability, and diversity—is it preferable to deploy: Option A: One hardware server on a 40Gbps link, or Option B: Four hardware servers, each on a 10Gbps link, located in different geographic areas and/or with different upstream providers? I lean toward Option B because it offers advantages in advertised bandwidth, reliability, and diversity. Additionally, does the ideal choice depend on whether the relays serve as exit nodes or as guard/middle nodes? Also, is there a more comprehensive way to define “better” for this context? I appreciate any suggestions or refinements!

2 2

Happy Families - Relay Operator Friendlyness
by nusenu 30 Mar '25

30 Mar '25

Hi Marco, moving the discussion from: https://gitlab.torproject.org/tpo/core/tor/-/issues/41033#note_3181625 to tor-relays as the features in the issue have already been implemented by Nick and the discussion has evolved into a more general direction. > I think many people have > HiddenService instances in addition to their relay instances. > HiddenService instances must then be configured not to use default > FamilyId * if tor automatically detect and use those. > Ultimately, > @nickm has to decide how much work he wants to put into c-tor. > (Especially auto detecting KeyDir on all OS requires a lot of time > to test.) Happy families is not relevant for onion services. I sense a misunderstanding of "FamilyId *". It only looks for family keys in the "keys" subfolder of a specific tor instance's DataDirectory or within the directory given in "FamilyKeyDirectory". See also the man page section: "KeyDirectory" because "keys" is just the default but can be configured. It does not search across the all "keys" subfolders of multiple tor instances on the same server, which would fail anyway with proper filesystem permissions, because one tor instance should not be able to read another tor instance's data directory if setup correctly. kind regards, nusenu -- https://nusenu.github.io

1 0

Self hosting bridge at home - de-anonymization risk?
by bjewrn2a＠anonaddy.com 30 Mar '25

30 Mar '25

> All Tor relays -- even non-exit relays -- are in a public list. Many > sites and services block access to all traffic coming from a Tor relay > IP address. Either they don't understand how Tor works or (more likely, > in my experience) they're just hostile to Tor. > > If you host a relay on your home IP, you'll likely find that you are > blocked from streaming services and other web sites (Cloudflare, for > one, facilitates this and by some reports they control about 30% of web > traffic). Thanks Ron, I will bear that in mind. Want to try it anyway and see how it goes.

1 0

Re: Self hosting bridge at home - de-anonymization risk?
by Zachary 29 Mar '25

29 Mar '25

Hello, I just wanted to make a comment on hosting a relay at home. > Many sites and services block access to all traffic coming from a Tor relay IP address Having hosted a relay at my house for over a year and in an institutional setting prior to that, I have ran into very few instances of this personally. It does indeed happen and often it's extremely hard to troubleshoot because you don't realize what the problem is. > If you host a relay on your home IP, you'll likely find that you are blocked from streaming services and other web sites I personally don't use many streaming services, but people I live with use them as their main source of entertainment. They haven't been blocked from any streaming services, at least so far. The only two things (that I remember/think are important) that I've been "banned" from for being a Tor Guard/Middle relay are: 1. Insurance company 2. My bank I live in a small town and have a good working relationship with my bank, who I was able to get in touch with their hosting provider to whitelist my IP (and when it rarely changes due to a router switch-out etc. they have been very good and whitelisted my new IP no questions asked.) As for the insurance company, which is a large nationwide provider, there is no feasible way to get in contact with anyone who even knows what I am talking about. The only solution to access them unfortunately is to use my phone as a cellular hotspot to get a different WAN IP. This doesn't always work because some routers don't announce themselves in a traceroute, but it can be very useful to run a traceroute to the website you are blocked on to see what router is actually blocking the traffic. That way when you contact the site operator you can point them in the right direction (if they are willing to help you.) If a website's upstream hosting provider is blocking the traffic, you would want to tell the website operator to tell their hosting provider that so they don't chase a red herring. I'm not downplaying your concerns, they are 100% valid, just sharing that in my experience it has been a non-issue (except the insurance company lol.) Of course, if my bank wasn't a small local organization and they weren't willing to assist, then it would be a different story entirely and I would feel very different about it. Just for perspective, my Pihole has caused vastly more issues cutting off legitimate content than being blocked for being a relay. Just wanted to share my thoughts. (: Zachary ----------- On Saturday, March 29th, 2025 at 7:00 AM, tor-relays-request(a)lists.torproject.org <tor-relays-request(a)lists.torproject.org> wrote: > Send tor-relays mailing list submissions to > tor-relays(a)lists.torproject.org > > To subscribe or unsubscribe via email, send a message with subject or > body 'help' to > tor-relays-request(a)lists.torproject.org > > You can reach the person managing the list at > tor-relays-owner(a)lists.torproject.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of tor-relays digest..." > > Today's Topics: > > 1. Re: Self hosting bridge at home - de-anonymization risk? > (Ron Risley) > 2. Re: Self hosting bridge at home - de-anonymization risk? (mpan) > 3. Self hosting bridge at home - de-anonymization risk? > (bjewrn2a(a)anonaddy.com) > 4. Re: Self hosting bridge at home - de-anonymization risk? > (gerard(a)bulger.co.uk) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 27 Mar 2025 07:50:44 -1000 > From: Ron Risley ronqtorrelays(a)risley.net > > Subject: [tor-relays] Re: Self hosting bridge at home - > de-anonymization risk? > To: tor-relays(a)lists.torproject.org > Message-ID: c1978073-7a34-4be4-ba69-feaada8028ac(a)risley.net > > Content-Type: text/plain; charset=UTF-8; format=flowed > > On 3/26/25 11:56, bjewrn2a--- via tor-relays wrote: > > > That would incentivize users to also become > > relays - why isn't it recommended more often? > > > All Tor relays -- even non-exit relays -- are in a public list. Many > sites and services block access to all traffic coming from a Tor relay > IP address. Either they don't understand how Tor works or (more likely, > in my experience) they're just hostile to Tor. > > If you host a relay on your home IP, you'll likely find that you are > blocked from streaming services and other web sites (Cloudflare, for > one, facilitates this and by some reports they control about 30% of web > traffic). > > ------------------------------ > > Message: 2 > Date: Thu, 27 Mar 2025 19:59:48 +0100 > From: mpan tor-1qnuaylp(a)mpan.pl > > Subject: [tor-relays] Re: Self hosting bridge at home - > de-anonymization risk? > To: tor-relays(a)lists.torproject.org > Message-ID: 3c48cbbf-1693-4f05-ab6d-9e8032989848(a)mpan.pl > > Content-Type: text/plain; charset=UTF-8; format=flowed > > > > > but what if you used tor normally, not through your own bridge, but through > > > > "regular" randomly chosen 3-hop circuits and at the same time run a tor relay > > > > (entry/middle) > > > > > This wouldn't require weakening the tor circuit model > > > anymore. Yes, this is correct. The more Tor traffic goes through the machine > > > that identifies you, the more confused an adversary is. It also makes > > > naïve correlation attacks impossible,⁽¹⁾ and increases cost of more > > > advanced ones. > > > > That is great news mpan, thank you. That would incentivize users to also become > > relays - why isn't it recommended more often? This is the first time I ever hear > > about it and it sounds like a powerful idea. Normally I only see tor relay > > operators claim that they run tor relays purely altruistically: > > https://www.reddit.com/r/TOR/comments/6znjkg/why_would_anyone_setup_a_tor_r… > > To know why Tor Project itself doesn’t speak on this matter, you’d > need to wait for a reply from somebody from the project. > > I may speculate, that the two topics are orthogonal: running a relay > and using Tor. They don’t interfere with each other. In your original > question they didn’t either. The problem was not running a relay and > using Tor, but using Tor with the number of hops effectively reduced. > > It would also be a poor advice, if directed towards a person wishing > to only connect to Tor. Running a relay from home isn’t without > downsides. Both for the operator (bandwidth use, facing hostility) and > the network itself (completely inexperienced person is an easier attack > target). > > > Are you aware of any articles from torproject or research papers confirming that > > hosting tor relay at your own IP does in fact help your own traffic blend in? > > I've looked through all tor proposals (https://spec.torproject.org/proposals) > > and many research papers (https://www.freehaven.net) and couldn't find any > > mentions of this? Specifically for Tor? No. For exactly the same reason I can’t point > > you to any research that confirms, that downloading 500 kB/s and 200 > kB/s over Tor requires 700 kB/s. It’s a trivial consequence of basic > knowledge for the given field. In this case probabilistics, flavored > with practicality of correlation attacks and with signal processing > basics (none of this in Tor specifically). > > > ------------------------------ > > Message: 3 > Date: Thu, 27 Mar 2025 22:08:31 +0000 > From: bjewrn2a(a)anonaddy.com > Subject: [tor-relays] Self hosting bridge at home - de-anonymization > risk? > To: tor-relays(a)lists.torproject.org > Message-ID: d0d4ecac8b6e815e6a1768fb7cf32523(a)anonaddy.com > > Content-Type: multipart/alternative; boundary=fOfmQjRb > > > My personal opinion is that hosting a bridge or middle at your home doesn't risk de-anonymizing > > > Thank you, I am counting on that too. However, I haven't seen it recommended anywhere else before. Are you aware of any articles or studies backing this up? If that's a preferred setup I would have expected it to be more popular? > > > I would host a tor exit at home if I could get extra IPv4 addresses > > > Interesting, I haven't thought about that.

1 0

Re: Self hosting bridge at home - de-anonymization risk?
by DiffieHellman 27 Mar '25

27 Mar '25

My personal opinion is that hosting a bridge or middle at your home doesn't risk de-anonymizing you unless you go misconfigure your client to use your bridge or specifically only your middle. Maybe there is a chance of deanoymisation if you happen to use your own middle inadvertently, but it seems changing the default configuration to exclude your own relay is more of a deanoymisation risk. Running a middle instead of a bridge will make extra work for any ISP or NSA snoop to determine which tor traffic is yours, as most of the tor traffic won't be yours and even some tor traffic from middles goes to guard relays, which will require filtering out to determine which is your tor traffic to guards. I would host a tor exit at home if I could get extra IPv4 addresses at a reasonable price, but I can't. -- Kind Regards, DiffieHellman

2 1

Got contacted by another relay operator
by tempemailoNiceRelays 27 Mar '25

27 Mar '25

We were contacted by another relay operator (Zakwan Kalb zk(a)onionmail.org) He told us that Torproject intentionally added two new flags to our relays (BadExit, MiddleOnly) and our relays cannot be used as exit or guard. We checked our relays on https://metrics.torproject.org/rs.html as he asked and found that these flags really exist and our relays only used as middle. Has anyone faced the same problem?

2 3

Re: Guidance on optimal Tor relay server configurations - Maximum 360 Tor relays allowed?
by Tor at 1AEO 24 Mar '25

24 Mar '25

New constraint - any guidance? Math seem right? All relay operators / families are limited to a maximum of ~360 Tor relays: https://gitlab.torproject.org/tpo/core/tor/-/issues/40837 I'll likely create an account to reply on the gitlab ticket too since looks like different audience than those replying here. Unfortunately, if the Tor network isn't efficient in using the bandwidth across ~4 x 10 Gbps servers then this limit will be reached, hindering known good operators, while not stopping malicious operators who don't follow the rules. Least efficient, ~512 CPU threads / relays for 4 x 10 Gbps (128 threads/relays per 1 x 10 Gbps server). Most efficient, ~320 CPU threads / relays for 4 x 10 Gbps (80 threads/relays per 1 x 10 Gbps server). Today, optimize Tor relay for the ~360 constraints: 1) Maximize bandwidth per CPU thread/core/relay with higher CPU base clock 2) Other hardware: Ensure sufficient RAM per Tor relays (4GB to 1 CPu thread) and good NIC. 3) Maximize network peering / routing strategies for Tor? Anything else? For #3, how best to optimize network routing / peering strategies for Tor relays? This email thread was optimizing around CPU threads and RAM but having plenty of CPU threads and RAM that might be insufficient with a poor network routing/peering strategy for Tor? Is there a reasonable way or some reliable way to quickly (less than a few months of running the relays) get in the correct range of how well the Tor network uses a specific server's available bandwidth? Ex: Route hops / ping times to directory / bandwidth authorities, confirming well known upstream providers (Cogent, etc.), and/or something else? Best strategy is month-to-month renting servers and running relays rather than signing 5 year contracts to end up somewhere with poor peering/routing for Tor? On Tuesday, February 25th, 2025 at 9:57 PM, Tor at 1AEO via tor-relays <tor-relays(a)lists.torproject.org> wrote: > Okay - makes sense on up to 2 Tor relays per physical core with the goal of not wasting CPU cycles, given the fluctuations of Tor and the expensive hardware. > > No, don't have all the network capacity covered and agree everything is costly. > > For 10 Gbps unmetered, not many options under $600/mo comfortable with Tor relays so I'm alternating between colocation and dedicated bare metal servers, depending on location, hardware availability, price, support to bring my own IPv4 and announce my ASN, some semblance of ASN and geographic diversity for Tor, etc. > > For 40 Gbps unmetered, not seeing much under $2k/mo. > > Open to suggestions / guidance on network capacity, colocation, and bare metal servers. Don't know what I don't know so maybe I should be asking other questions? > > When doing colocation, any suggestions on how best to set everything up? Router or only layer 3 switch or put compute node directly on internet connection? Worth using a transparent firewall/bridging, DMZ or NAT? > > On Friday, February 21st, 2025 at 2:40 AM, mail--- via tor-relays <tor-relays(a)lists.torproject.org> wrote: > >> Hi, >> >>> Summary from your email - did I miss anything? >> >> Yes, with the general disclaimer (not to sound like a lawyer) that your mileage may vary. For example we run everything bare metal on FreeBSD and run a mix of guard/middle/exit relays. Running the same workload virtualized or on another operating system may impact the performance/overhead (either positively or negatively). Also your RAM budget of 4 GB per relay may be a bit on the safe side, I don't think it would hurt to lower this. >> >>> What are the primary factors that justify running up to two Tor relays per physical core (leveraging SMT) versus a one-to-one mapping? >> >> Tor relays sadly don't scale well. They fluctuate on a daily basis (the Tor network as a whole does) and even their general utilization is kind of unpredictable. So I think there are two approaches to this: >> >> 1) Run 1 relay per physical core, accepting that your CPU will idle a large amount of the time (50%+ in our case). >> >> 2) Run multiple Tor relays per physical core until you saturate 90-95% of your CPU cycles, accepting additional system overhead/congestion. >> >> There is no right or wrong here. In our case we went with running multiple relays per core because we want to utilize the (very expensive) hardware we run on as much as possible. Every CPU cycle not spent on privacy enhancing services is a wasted CPU cycle from our point of view ;). >> >>> Is one-to-one mapping of Tor relay to core/thread the most compute- and system-efficient approach? >> >> Yes, this should lower the amount of congestion (interrupts and stuff). In this sense it can also be beneficial to lock your NIC/irq threads to specific cores. >> >>> Are the clock speeds you listed base or turbo numbers (3.4, 2.25 and 2.0 Ghz)? >> >> Base indeed. No CPU is able to consistently maintain their turbo speed on this many cores. When all cores are utilized, the base speed pretty much is the max speed in practice. >> >>> From your real world scenario #2 and advice for the "fastest/best hardware", would this type of server work well for a $20k budget? >> >> Looks like a capable server. That CPU looks powerful enough but keep in mind that it has a rather low clockspeed, so you will be running many medium speed relays. Nothing wrong with that since CPUs with this many cores simply don't/can't have high base clocks. Also I think 512 GB of RAM would be enough unless you run a *lot* of relays on it (which may be a viable strategy to utilize your CPU fully). >> >> Just a note: in my experience the Epyc platform (especially when self-build) provides a bit more bang for your buck. For example a AMD Epyc 9969 with 192 cores/384 threads(a)2.25 Ghz baseclock will probably outperform the Intel 6980P considerably (for Tor workloads at least), while being much cheaper (listing price at least). But of course this greatly depends on where you buy the server or parts so your mileage may vary. When I look around here locally a complete self-build system with the 192 core Epyc, 512 GB RAM and a 100 Gb/s NIC would cost ~12k excluding VAT before any tax benefits. But your proposed server will work perfectly fine as well so if you prefer a brand, go for it :). >> >>> Assuming one relay per core/thread, would this setup be capable of saturating 40 Gbps, given that 10 Gbps typically saturated with ~31.5 physical cores + ~31.5 SMT threads at 2 Ghz and thus 256 relays vs ~63 relays translates roughly to 4×10 Gbps = 40 Gbps? >> >> Assuming you get the Tor relays to saturate their cores, yes. That CPU should be able to push 40 Gb/s of Tor traffic. Our ~2019 64 core/128 thread Epyc pushes 10 Gb/s of Tor traffic on a bit less than half it's capacity. And your CPU is newer (better IPC hopefully if Intel finally stepped up their game since 2019), has much more cache and runs on DDR5 while having a bit lower base clock. So it should perform at least similar but probably better than ours. >> >> Do you have the network capacity covered already? If you plan to do 40 Gb/s, then you also need enough peers/upstream capacity. The required networking equipment and connections themselves for this can also be costly. >> >> Cheers, >> >> tornth >> >> Feb 20, 2025, 08:42 by tor(a)1aeo.com: >> >>> Excellent information, especially the real world scenarios! Exactly what I was looking for! >>> >>> Summary from your email - did I miss anything? >>> >>> To saturate 10 Gbps connection: >>> 1) IPv4 Allocation: Use between 5 and 20. Much lower than 256 in a /24! >>> 2) Tor Relay Count: Run roughly ~40 to ~150, depending on CPU clock speed, i.e. faster clock, fewer relays needed. >>> 3) CPU Utilization: 1 Tor relay per physical core preferred but okay to scale to 1 Tor relay per threads/SMT as well, up to 2x Tor relays per core/thread >>> 4) RAM requirements: Maintain a 4:1 RAM-to-core/relay ratio (4GB per core/relay), including extra 32GB per server to cover DoS, OS, networking, etc. overheads >>> >>> In general, some ideals but not required: >>> CPU clock speed: Higher CPU clock speed, better relay performance >>> RAM: Fewer relays, lower RAM requirements >>> RAM: Add ~32GB to overall RAM capacity sizing for OS, DNS, networking, DoS, etc. >>> IPv4: One IPv4 per relay with common traffic ports >>> >>> Scaling: Start with 1 Tor relay per physical core, then add 1 Tor relay per thread/SMT and stop at 2 Tor relays per each core / thread. >>> >>> What are the primary factors that justify running up to two Tor relays per physical core (leveraging SMT) versus a one-to-one mapping? >>> Ex: 37-74 for ~18.5 physical + SMT and 63-126 for ~31.5 physical + SMT. >>> >>> Is one-to-one mapping of Tor relay to core/thread the most compute- and system-efficient approach? >>> >>> Are the clock speeds you listed base or turbo numbers (3.4, 2.25 and 2.0 Ghz)? I'm assuming base. Not sure if anybody has data on how these impact Tor relays? >>> >>> From your real world scenario #2 and advice for the "fastest/best hardware", would this type of server work well for a $20k budget? >>> A single-socket Xeon 6980P (128 physical cores, 256 threads, base clock 2.0 GHz, turbo up to 3.9 GHz) with 1024GB DDR5 (maintaining a 4:1 ratio) and an AIOM Mellanox NIC be optimal? Assuming one relay per core/thread, would this setup be capable of saturating 40 Gbps, given that 10 Gbps typically saturated with ~31.5 physical cores + ~31.5 SMT threads at 2 Ghz and thus 256 relays vs ~63 relays translates roughly to 4×10 Gbps = 40 Gbps? >>> >>> For those curious, according to ChatGPT o3-mini-high deep research: >>> 1) 20% cap on bandwidth contributions for exit relays is roughly 50+ Gbit/s for the largest operators. >>> 2) 10% of Tor's consensus weight in terms of bandwidth for 2025 is roughly 90-95 Gbps of sustained bandwidth. In 2022, it would have been ~68 Gbps. >>> I don't plan to have this issue any time soon, but good to be aware! >>> >>> Screenshots of the lengthy responses below and attached. >>> >>> [image.png] >>> >>> [image.png] >>> [image.png] >>> [image.png] >>> >>> Sent with[Proton Mail](https://proton.me/mail/home)secure email. >>> >>> On Tuesday, February 18th, 2025 at 2:23 PM, mail(a)nothingtohide.nl <mail(a)nothingtohide.nl> wrote: >>> >>>> Hi, >>>> >>>> Many people already replied, but here are my (late) two cents. >>>> >>>>> 1) If a full IPv4 /24 Class C was available to host Tor relays, what are some optimal ways to allocate bandwidth, CPU cores and RAM to maximize utilization of the IPv4 /24 for Tor? >>>> >>>> "Optimal" depends on your preferences and goals. Some examples: >>>> >>>> - IP address efficiency: run 8 relays per IPv4 address. >>>> - Use the best ports: 256 relays (443) or 512 relays (443+80). >>>> - Lowest kernel/system congestion: 1 locked relay per core/SMT thread combination, ideally on high clocked CPUs. >>>> - Easiest to manage: as few relays as possible. >>>> - Memory efficiency: only run middle relays on very high clocked CPUs (4-5 Ghz). >>>> - Cost efficiency: run many relays on 1-2 generations old Epyc CPUs with a high core count (64 or more). >>>> >>>> There are always constraints. The hardware/CPU/memory and bandwidth/routing capability available to you are probably not infinite. Also the Tor Project maximizes bandwidth contributions to 20% and 10% for exit relay and overall consensus weight respectively. >>>> >>>> With 256 IP addresses on modern hardware, it will be very hard to not run in to one of these limitations long before you can make it 'optimal'. Hardware wise, one modern/current gen high performance server only running exit relays will easily push enough Tor traffic to do more than half of the total exit bandwidth of the Tor network. >>>> >>>> My advice would be: >>>> 1) Get the fastest/best hardware with current-ish generation CPU IPC capabilities you can get within your budget. To lower complexity with keeping congestion in control, one socket is easier to deal with than a dual socket system. >>>> >>>> (tip for NIC: if your switch/router has 10 Gb/s or 25 Gb/s ports, get some of the older Mellanox cards. They are very stable (more so than their Intel counterparts in my experience) and extremely affordable nowadays because of all the organizations that throw away their digital sovereignty and privacy of their employees/users to move to the cloud). >>>> >>>> 3) Start with 1 Tor relay per physical core (ignoring SMT). When the Tor relays have ramped up (this takes 2-3 months for guard relays) and there still is considerable headroom on the CPU (Tor runs extremely poorly at scale sadly, so this would be my expectation) then move to 1 Tor relay per thread (SMT included). >>>> >>>> (tip: already run/'train' some Tor relays with a very limited bandwidth (2 MB/s or something) parallel to your primary ones and pin them all to 1-2 cores to let them ramp up in parallel to your primary ones. This makes it *much* less cumbersome to scale up your Tor contribution when you need/want/can do that in the future). >>>> >>>> 4) Assume at least 1 GB of RAM per relay on modern CPUs + 32 GB additionally for OS, DNS, networking and to have some headroom for DoS attacks. This may sound high, especially considering the advice in the Tor documentation. But on modern CPUs (especially with a high clockspeed) guard relays can use a lot more than 512 MB of RAM, especially when they are getting attacked. Middle and exit relays require less RAM. >>>> >>>> Don't skimp out on system memory capacity. DDR4 RDIMMs with decent clockspeeds are so cheap nowadays. For reference: we ran our smaller Tor servers (16C(a)3.4Ghz) with 64 GB of RAM and had to upgrade it to 128 GB because during attacks RAM usage exceeded the amount available and killed processes. >>>> >>>> 5) If you have the IP space available, use one IPv4 address per relay and use all the good ports such as 443. If IP addresses are more scarce, it's also not bad to run 4 or 8 relays per IP address. Especially for middle and exit relays the port doesn't matter (much). Guard relays should ideally always run on a generally used (and generally unblocked) port. >>>> >>>>> 2) If a full 10 Gbps connection was available for Tor relays, how many CPU cores, RAM and IPv4 addresses would be required to saturate the 10 Gbps connection? >>>> >>>> That greatly depends on the CPU and your configuration. I can offer 3 references based on real world examples. They all run a mix of guard/middle/exit relays. >>>> >>>> 1) Typical low core count (16+SMT) with higher clockspeed (3.4 Ghz) saturates a 10 Gb/s connection with ~18.5 physical cores + SMT. >>>> 2) Typical higher core count (64+SMT) with lower clockspeed (2.25 Ghz) saturates a 10 Gb/s connection with ~31.5 physical cores + SMT. >>>> 3) Typical energy efficient/low performance CPU with low core count (16) with very low clockspeed (2.0 Ghz) used often in networking appliances saturates a 10 Gb/s connection with ~75 physical cores (note: no SMT). >>>> >>>> The amount of IP addresses required also depends on multiple factors. But I'd say that you would need between the amount and double the amount of relays of the mentioned core+SMT count in order to saturate 10 Gb/s. This would be 37-74, 63-126 and 75-150 relays respectively. So between 5 and 19 IPv4 addresses would be required at minimum, depending on CPU performance level. >>>> >>>> RAM wise the more relays you run, the more RAM overhead you will have. So in general it's better to run less relays at a higher speed each than run many at a low clock speed. But since Tor scales so badly you need more Relays anyway so optimizing this isn't easy in practice. >>>> >>>>> 3) Same for a 20 Gbps connection, how many CPU cores, RAM and IPv4 addresses are required to saturate? >>>> >>>> Double the amount compared to 10 Gb/s. >>>> >>>> Good luck with your Tor adventure. And let us know your findings with achieving 10 Gb/s when you get there :-). >>>> >>>> Cheers, >>>> >>>> tornth >>>> >>>> Feb 3, 2025, 18:14 by tor-relays(a)lists.torproject.org: >>>> >>>>> Hi All, >>>>> >>>>> Looking for guidance around running high performance Tor relays on Ubuntu. >>>>> >>>>> Few questions: >>>>> 1) If a full IPv4 /24 Class C was available to host Tor relays, what are some optimal ways to allocate bandwidth, CPU cores and RAM to maximize utilization of the IPv4 /24 for Tor? >>>>> >>>>> 2) If a full 10 Gbps connection was available for Tor relays, how many CPU cores, RAM and IPv4 addresses would be required to saturate the 10 Gbps connection? >>>>> >>>>> 3) Same for a 20 Gbps connection, how many CPU cores, RAM and IPv4 addresses are required to saturate? >>>>> >>>>> Thanks! >>>>> >>>>> Sent with[Proton Mail](https://proton.me/mail/home)secure email.

4 12

family-ids
by boldsuck 23 Mar '25

23 Mar '25

Yay, family key's are live: Implemented-In: Tor 0.4.9.1-alpha, Arti 1.4.1 https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/proposals/321-ha… https://community.torproject.org/relay/setup/post-install/family-ids/ Copy the MyFamilyKey.secret_family_key file into the KeyDir of _every_ _one_ of your relay. Oooh, damn it. No ansible. Happy copy pasting happy-families ;-) -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!

6 8

Guidance on optimal Tor relay server configurations
by usetor.wtf 23 Mar '25

23 Mar '25

Hi All, Looking for guidance around running high performance Tor relays on Ubuntu. Few questions: 1) If a full IPv4 /24 Class C was available to host Tor relays, what are some optimal ways to allocate bandwidth, CPU cores and RAM to maximize utilization of the IPv4 /24 for Tor? 2) If a full 10 Gbps connection was available for Tor relays, how many CPU cores, RAM and IPv4 addresses would be required to saturate the 10 Gbps connection? 3) Same for a 20 Gbps connection, how many CPU cores, RAM and IPv4 addresses are required to saturate? Thanks! Sent with [Proton Mail](https://proton.me/mail/home) secure email.

8 20