I don't quite understand the last calculation.
"if all 65535 connections on an IP were open" => I'm guessing you mean ports "the biggest Tor Guard has 0.91% Guard probability" => percentage of all entries into the network handled by this guard
=> 0.91% of all user connections but how many user connections are there at a time?
and then don't understand how probability and ports availability can be combined?
Please elaborate. Thanks
On Mon, 18 Dec 2017 at 23:11 teor teor2345@gmail.com wrote:
On 19 Dec 2017, at 08:38, Toralf Förster toralf.foerster@gmx.de wrote:
On 12/17/2017 10:24 PM, teor wrote:
Using 256 per IP is probably reasonable.
Is this a rather arbitrary limit or does this limit fit the use of NATed
addresses entirely ?
That's an arbitrary safe upper bound.
The number of active connections that can be NATed per IP address is limited by the number of ports: 65535. (Technically, it's 65535 per remote IP address and port, but most NATs don't have that much RAM or bandwidth.)
Also, genuine users behind a NAT would likely have multiple Tor and non-Tor connections open. And spare ports are needed for NAT to manage port churn and the TCP delay wait state on connection close.
To be more precise:
- if all 65535 connections on an IP were open to the Tor network, and
- the biggest Tor Guard has 0.91% Guard probability[0], then
- it would expect to see 597 connections.
Feel free to do the sums for your own guard's probability.
(We are aware of the issue, and we are working on a more permanent fix.)
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays