Logistically, how do you or how would you recommend to share a /24 across more than 1 organization?
Lots of ideas / questions ...
Are they required to be in the same data center and/or same rack and/or nearby data centers with a dedicated/private connection?
Different servers next to each other?
Router locally doing BGP for something like a /26 to specific servers or statically mapping /26 to specific server ports?
Doesn't seem possible via BGP to share a /24 across internet connections due to the limit on needing to be a /24 for default-free zone...
Sent with Proton Mail secure email.
> On Mittwoch, 10. Juli 2024 00:32:04 CEST Osservatorio Nessuno via tor-relays
> wrote:
>
> > we are planning to get some hardware to run a physical Tor exit node,
> > starting with a 1Gbps dedicated, unmetered uplink (10Gbps downlink). We
> > will also route a /24 on it, so we will have large availability of
> > addresses to run multiple instances. We have been running a few exit
> > nodes so far, but never on our own hardware.
>
>
> Your bottleneck is the 1G uplink.
> For comparison, I have 2x Xeon E5-2680v2 10C/20T and 256Gb RAM
> 2x 10G nic (LACP bond) and I can not achieve 10G throughput with it.
> As a rule of thumb, I would always count one instance per thread or core.
> I have 40T and 40 tor exit instances.
>
> F3Netze has specified the hardware in Contact info:
>
> > Which is the bandwith limit per core/Tore instance? Or what can we
> > expect to be the bottleneck?
>
>
> That depends on the CPU clock speed. Fast Ryzen or Epyc's can do 50-70 MiB/s
> per core/instance.
>
> > Due to some other requirements we need for some experiments (SFP ports,
> > coreboot support, etc) we can mainly choose between these 2 CPUs:
> > Intel i5-1235U
> > Intel i7-1255U
> >
> > The cost between the two models is significant enough in our case to
> > pick the i7 only if it's really useful.
> >
> > In both cases with 32GB of DDR5 RAM (we can max to 64 if needed, but is
> > it?).
> >
> > Should this allow us to saturate the uplink?
>
>
> Guards need more resources than exits since the introduction of congestion-
> control and because of DDoS I would use 64GB RAM for a guard.
> With your IP space and 1G uplink, I would take the i5 with 32Gb, save the
> money and maybe add a second server later. Or if you build the hardware
> yourself, look for a used Epyc or Ryzen server. 16 or 32 core with high base
> clock. Used server hardware from the data center is like new.
>
> > To summarize, with this bandwith, this hardware and a /24 how many Tor
> > exit nodes should be ideal to run considering that each of them could
> > have their own address?
>
>
> We are 5 relay orgs sharing a /24. Currently 5x 2x10G(or 25G)
> With now 8 relays per IP, over 2000 instances can run in a /24 subnet. It
> would be nice if you share the subnet with 1-2 other relay operators.
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you freedom!_______________________________________________
> tor-relays mailing list
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays