First of all, thank you very much for your response!
This is normal, HSDir flag is always gone after reboot or restart. Other flags remain after reboot or restart.
I know, it wouldn't even bother me if I lost the Guard flag. The Tor network can decide whatever it want's to use my relay for.
Many VMs with 1G are still throttled. You share the server bandwidth with all other VM customers.
This one is not. The hoster sells this machine as a "Root Server", it's actually connected to a 2,5Gbit link. The 1Gbit speed is guaranteed, and before I set up the relay I made multiple speed tests - I definitely get 1Gbit.
The problem is that I'm now relaying traffic at ~25MB/s, and whenever there are spikes of over 30MB/s the CPU load on both cores (!) is very high. I'm still moving ~5TB per day, that's a lot, I know. But there would be even more possible with the internet connection of my server.
~5TB per day ≈ 150 TB/month You usually don't even get that on a dedicated bare metal root server that costs $ 30-100 a month. One of my hosters limited bandwith to 300Mbit after 10TB of traffic.
I paid close attention to any limit rules, and there is one. But I'm unable to break this rule: They limit my bandwith to 200Mbit when I used more than 120TB of traffic within one month and at the same time (!) used more than 1Gbit bandwith on average (!) for more than 60 minutes. I set MaxAdvertisedBandwith to 1000Mbit, so I will never get throttled by the hoster.
Uh, welcome to the club. ;-) Because of DDoS, I have had 40 cores at around 90% for weeks. Until 3 weeks ago the ixgbe driver was killed every 2-3 days. I hope I have solved the problem now.
Yeah, and this wasn't even a DDoS. If don't change my config then it's pretty easy to shoot my server off the internet with a low scale DDoS. And we both know they do this, especially with high capacity Guard nodes... I secured the server as good as I could before it went online, but there is no real DDoS protection in place, and it seems I need it.
The old stuff from their github? I would delete them again. You are in a VM and the torservers.net sysctl.conf settings are over 10 years old!
The old stuff from this mailing list. But you're right, that stuff was from 2010, I will revert back to normal.
I have iptables persistent on my guard servers. Sample rules: https://github.com/boldsuck/tor-relay-bootstrap/tree/master/etc/iptables
Thank you, I'll give that a try!
If set, we will not advertise more than this amount of bandwidth for our BandwidthRate. Server operators who want to reduce the number of clients who ask to build circuits through them (since this is proportional to advertised bandwidth rate) can thus reduce the CPU demands on their server without impacting network performance
This will be my next step if the iptables rules have no effect. At the moment I advertise 125 MiB, this is obviously very optimistic... I have by far the fastest relay at this hoster in terms of bandwith, but that's nothing to be proud of if the relay crashes or is overloaded all the time.
Thanks again for your suggestions!
All the best! Elias