My exit relay has seen steadily decreasing traffic from 8MBps to 6MBps over the span of three weeks. It averages a load of ~50% CPU usage and ~65% RAM usage. It's rated network capacity is 17Mbps on a 10GB link. Why would traffic decrease if I have plenty of spare resources? Are there ways I can configure my server to boost traffic?
https://metrics.torproject.org/rs.html#details/292FCACE773DC259B799914A23BE65A6A6178E8F
Hello Likogan (you did not specify a name, so I just took your domain name).
First, lets look at issue number one:
If your Tor Exit is using ~50% of the entire CPU (VM or dedicated server?) while only routing 6 Mbps, then you are likely not using hardware AES acceleration (aesni).
For example, my Tor Exit node only uses 15-25% of a single core while easily routing 10 to 12 Megabytes per second.
All on the following CPU:
Intel(R) Xeon(R) CPU E5-2650L v3 @ 1.80GHz
with a maximum boost clock of 2.50 GHz.
Try the following command:
lscpu | grep aes
If the command returns nothing, sadly your CPU does not support hardware AES acceleration, or if you run your OS in a VM, then the VM operator likely did not set "host" as CPU model.
If however the command does output a list of flags, with aes highlighted in red (depends on SSH client), then you can safely add the following line to your nodes configuration file:
HardwareAccel 1
General specs about your server, including the full output from lscpu would also be nice, if you are on a 10GbE link, then I assume it is a dedicated server, and a relatively new one (hardware wise) at that.
Now lets look at your traffic provider, or it's AS number:
https://metrics.torproject.org/rs.html#search/as:AS53667
We can see right away that this host is very congested with Tor nodes already (around 230 nodes in their datacenters right now), and thus the Tor authorities might route less traffic through it in general - decentralization is ALWAYS better!
I actually don't know if the Tor authorities act that way, maybe someone with more knowledge can chime in.
So yes, here is a too long, didn't read for you:
Check for aesni support as explained above, if it exists, please add the mentioned config entry, and just to make sure, the NumCPUs variable with the amount of your logical CPU cores.
Also, even if Tor's code base is mostly single-threaded, there are a few tasks that can be offloaded to different cores, such as onionskin decryption, zlib compression, etc.
If you have some spare CPU cores, please let Tor offload as much work as possible by, as said above, adding the
NumCPUs <LogicalCores>
variable to your nodes configuration.
This generally is not necessary as Tor will try to detect the amount of cores automatically, but in a locked down environment, such as mine, it wouldn't work :)
Hope this helps you or others, George
P.S: My e-mail web-client always auto-attaches my PGP public key, so if you (or others) want to talk to me privately, that option exists too, however it shouldn't be needed in this case.
All the best and thank you so much for hosting an exit relay!
My exit relay has seen steadily decreasing traffic from 8MBps to 6MBps over the span of three weeks. It averages a load of ~50% CPU usage and ~65% RAM usage. It's rated network capacity is 17Mbps on a 10GB link. Why would traffic decrease if I have plenty of spare resources? Are there ways I can configure my server to boost traffic?
https://metrics.torproject.org/rs.html#details/292FCACE773DC259B799914A23BE6...
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Mon, 18 Dec 2023 10:03:01 +0000 George Hartley via tor-relays tor-relays@lists.torproject.org wrote:
lscpu | grep aes
If the command returns nothing, sadly your CPU does not support hardware AES acceleration, or if you run your OS in a VM, then the VM operator likely did not set "host" as CPU model.
If however the command does output a list of flags, with aes highlighted in red (depends on SSH client), then you can safely add the following line to your nodes configuration file:
HardwareAccel 1
I don't think this is necessary to make it use AES. It would use that automatically. HardwareAccel is needed only to enable some external OpenSSL acceleration engines, such as the defunct "VIA Padlock".
On 12/17/23 21:16, likogan via tor-relays wrote:
My exit relay has seen steadily decreasing traffic from 8MBps to 6MBps over the span of three weeks. It averages a load of ~50% CPU usage and ~65% RAM usage. It's rated network capacity is 17Mbps on a 10GB link. Why would traffic decrease if I have plenty of spare resources? Are there ways I can configure my server to boost traffic?
https://metrics.torproject.org/rs.html#details/292FCACE773DC259B799914A23BE65A6A6178E8F
Hello!
In general it isn't possible to arbitrarily request more traffic; it's bad if an adversary can easily spin up many new relays and get as much traffic as they want directed their way, for example. It's normal for relays with low uptime to get less traffic. If you aren't seeing CPU usage hit 100% of a single core that is not necessarily a problem. Extra capacity is useful for providing lower-latency circuits. If you want more traffic, you might just need to be patient and let your relay run without interruption.
-beth
tor-relays@lists.torproject.org
-
George Hartley -
likogan -
Micah Elizabeth Scott -
Roman Mamedov