Thank you for the thoughtful replies. To clear up a few points:
- This is a dedicated bare-metal server -- not a VPS, VM or container. I have physical access to the server, router and ONT.
- I would call it a dedicated gigabit link. This is probably up for debate. The provider's overall capacity is very likely not [number of customers] x [1 Gb/s] but I've never witnessed signs of throttling or over-subscription. If I plug a laptop directly into the router, I get a 800 - 900 Mb/s bidirectional speed test every time (via
dslreports.com/speedtest).
If I fire up the Tor Browser Bundle and use the 'EntryNodes' config line to force traffic through my own relays, performance is fine. It's not great mind you, but it's no worse than going through randomly selected guards. In fact, depending on the other middle and exit relays, I'd say my relays work quite well as entries.
I've learned from this thread that the Guard flag flapping is a direct result of the low measured bandwidth. I still have no idea why the measured bandwidth is so (terribly, comically) low. The fact that it's so wrong is somewhat telling. Actual performance on the network is like 1000 times better than what the measured bandwidth says! Something feels very broken here.
Is it possible for an operator of one of the BWauth nodes to look into this? What happens if you set my relays as 'EntryNodes' and run real-world tests?
I will try the other optimizations mentioned here as well, at a slow pace, so I can understand any changes that may occur.