Maximizing contribution with own ASN + IPv6 — exit vs guard, IPv6 exit, AS diversity
Hi all, I run my own ASN and announce my own IPv6 prefix via BGP (with valid RPKI ROAs), plus IPv4. I’d like to contribute to the network in the way that adds the most value, and I’d appreciate guidance from experienced operators. My situation: - ASN: own, prefix announced via BGP (IPv6 /48, IPv4 /28) - Bandwidth available: ~100 Mbit/s, monthly traffic budget: unmetered - Willing to handle abuse complaints: yes - rDNS and abuse contact fully under my control My questions: - Given that AS diversity is scarce, is an exit relay the highest-value use here, or does a high-bandwidth guard already help significantly from an underrepresented AS? - IPv6 exit support seems uncommon — is enabling IPv6Exit on my exit a meaningful gap to fill, and any caveats? - Any recommendations on exit policy and per-IP layout within my prefix to balance reachability and abuse handling? - If I run multiple relays, is the new cryptographic family scheme (FamilyId / tor --keygen-family) the right approach over legacy MyFamily? Happy to share more details. Thanks for any pointers.
Am 20.06.26 um 04:17 schrieb lists.torproject.org.broker091--- via tor-relays:
- Given that AS diversity is scarce, is an exit relay the highest-value use here, or does a high-bandwidth guard already help significantly from an underrepresented AS?
Of course, as an exit relay can (but most likely will not) be used for non-exit, but a non-exit will never allow exit traffic.
- IPv6 exit support seems uncommon — is enabling IPv6Exit on my exit a meaningful gap to fill, and any caveats?
Yes, please do it. -- Gruß Marco Junk-Mail bitte an trashcan@stinkedores.dorfdsl.de
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello.
Given that AS diversity is scarce, is an exit relay the highest-value use here, or does a high-bandwidth guard already help significantly from an underrepresented AS?
An exit on an underrepresented AS with underrepresented upstreams is the most valuable contribution, but a high-bandwidth non-exit is still very useful. If you're looking for diversity, make sure to check bgp.tools to see what upstreams are in use. A unique AS that's single-homed Cogent isn't as valuable as a unique AS that has underrepresented upstreams.
IPv6 exit support seems uncommon — is enabling IPv6Exit on my exit a meaningful gap to fill, and any caveats?
Yes! Supporting IPv6 is very useful! I think Tor is planning on one day deprecating relays that are not dual stack, although I don't know how soon that is. There are no caveats, as long as the IPv6 is working.
Any recommendations on exit policy and per-IP layout within my prefix to balance reachability and abuse handling?
Be 100% sure your provider is on board. Even if you own the IP range and you're the abuse contact, many providers won't want to announce a prefix that puts them or their contract at a colo facility at risk. As for exit policy, you can start with ReducedExitPolicy if you haven't run an exit before. Verify with your provider, since sometimes they might want you to disable 22, 465, and 587 which are enabled by default even on ReducedExitPolicy.
If I run multiple relays, is the new cryptographic family scheme (FamilyId / tor --keygen-family) the right approach over legacy MyFamily?
For now, you have to use both. In the near future, the legacy scheme will be deprecated and removed, but until then you still have to use it. Regards, forest -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQQtr8ZXhq/o01Qf/pow+TRLM+X4xgUCaj2p1AAKCRAw+TRLM+X4 xpTwAQDBcsYk2eKC9g3zgLJj40mseQpRtjD6mBxvHeBFdXeuLwD9GoKuW7IVYhUU YvOSq4bbNFdXRD9bIcbmY93XulrCGQs= =P5gK -----END PGP SIGNATURE-----
participants (3)
-
forest-relay-contact@cryptolab.net -
lists.torproject.org.broker091@passmail.net -
Marco Moock