Yet another underpowered relay?
I recently upgraded from an adsl line to a 100mbit fiber connection. Naturally I want to use most of this new bandwidth for my non-exit tor relay. However, I run into messages like these: Jul 22 17:40:26.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [665 similar message(s) suppressed in last 60 seconds] Jul 22 17:40:26.000 [warn] Failed to hand off onionskin. Closing. [1509 similar message(s) suppressed in last 21600 seconds] Relay fingerprint: BE71 DC9D A443 5855 FAE1 E369 7080 1A60 0D51 3684 Relevant torrc settings: BandwidthRate 10 MB BandwidthBurst 10 MB NumCPUs 2 I did some research and came up with the following things to try: Set "MaxAdvertisedBandwidth x MB" Set "MaxOnionsPending 250" Get a faster computer / Get a computer with AES-NI I tried setting "MaxAdvertisedBandwidth 9 MB" for a few days which didn't seem to do much difference. This is only a 1MB reduction from the 10MB i use as a hard limit. Too little? Must I wait longer for the change to get spread around? Setting "MaxOnionsPending 250" seem to have reduced the number of log messages, but not eliminated them. The computer is somewhat dated but not ancient: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 4 cores with HT, 6GB mem. I feel it should be able to handle a 80 mbit bandwidth but have no hard data to support this. Looking at htop tor uses 2 cores. One core is constantly at around 90% (when all the 80 mbit bandwidth is used). The second core is hardly used. Since the relay can handle 80mbit (and higher) without messages I assume the problems only occur when the number of circuits get very high. Questions: What value should I set for MaxAdvertisedBandwidth? What other torrc settings could improve the situation? Am I wrong in thinking my cpu should be able to handle 80 mbit? Would upgrading to 0.2.4.15-rc-1 help? Weird sidenote: If I start iftop the first core drops to around 40-50%. Stop iftop and it jumps back to 90%. No change in traffic. What could that mean?
On Mon, 22 Jul 2013 19:08:44 +0200 Logforme <m7527@abc.se> wrote:
I recently upgraded from an adsl line to a 100mbit fiber connection. Naturally I want to use most of this new bandwidth for my non-exit tor relay. However, I run into messages like these: Jul 22 17:40:26.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [665 similar message(s) suppressed in last 60 seconds] Jul 22 17:40:26.000 [warn] Failed to hand off onionskin. Closing. [1509 similar message(s) suppressed in last 21600 seconds]
Relay fingerprint: BE71 DC9D A443 5855 FAE1 E369 7080 1A60 0D51 3684
Relevant torrc settings: BandwidthRate 10 MB BandwidthBurst 10 MB NumCPUs 2
I did some research and came up with the following things to try: Set "MaxAdvertisedBandwidth x MB" Set "MaxOnionsPending 250" Get a faster computer / Get a computer with AES-NI
See some advice here: http://archives.seul.org/or/relays/Aug-2010/msg00034.html Also are you running with a lot of iptables/ip6tables rules active (or any at all)? If you do, consider rewriting them so that at least 'conntrack' is not used (check that you can do "rmmod ipt_conntrack" cleanly, or it's not loaded in the first place). -- With respect, Roman
Make sure you have the most recent OpenSSL library, with the ec_nistp_64_gcc_128 optimizations enabled. (Tor will print a big nasty warning on startup if the library is new enough but the optimizations aren't available.) You may get better utilization out of your CPU by running multiple tor daemons (try 4 to start) each with MaxCPUs=1 and bandwidth cap set to 1/N of the total available. They each have to be configured to use a distinct ORPort and state directory, and should all be tagged as the same family. zw On Mon, Jul 22, 2013 at 1:08 PM, Logforme <m7527@abc.se> wrote:
I recently upgraded from an adsl line to a 100mbit fiber connection. Naturally I want to use most of this new bandwidth for my non-exit tor relay. However, I run into messages like these: Jul 22 17:40:26.000 [warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [665 similar message(s) suppressed in last 60 seconds] Jul 22 17:40:26.000 [warn] Failed to hand off onionskin. Closing. [1509 similar message(s) suppressed in last 21600 seconds]
Relay fingerprint: BE71 DC9D A443 5855 FAE1 E369 7080 1A60 0D51 3684
Relevant torrc settings: BandwidthRate 10 MB BandwidthBurst 10 MB NumCPUs 2
I did some research and came up with the following things to try: Set "MaxAdvertisedBandwidth x MB" Set "MaxOnionsPending 250" Get a faster computer / Get a computer with AES-NI
I tried setting "MaxAdvertisedBandwidth 9 MB" for a few days which didn't seem to do much difference. This is only a 1MB reduction from the 10MB i use as a hard limit. Too little? Must I wait longer for the change to get spread around? Setting "MaxOnionsPending 250" seem to have reduced the number of log messages, but not eliminated them. The computer is somewhat dated but not ancient: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 4 cores with HT, 6GB mem. I feel it should be able to handle a 80 mbit bandwidth but have no hard data to support this.
Looking at htop tor uses 2 cores. One core is constantly at around 90% (when all the 80 mbit bandwidth is used). The second core is hardly used. Since the relay can handle 80mbit (and higher) without messages I assume the problems only occur when the number of circuits get very high.
Questions: What value should I set for MaxAdvertisedBandwidth? What other torrc settings could improve the situation? Am I wrong in thinking my cpu should be able to handle 80 mbit? Would upgrading to 0.2.4.15-rc-1 help?
Weird sidenote: If I start iftop the first core drops to around 40-50%. Stop iftop and it jumps back to 90%. No change in traffic. What could that mean? _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Mon, Jul 22, 2013 at 07:08:44PM +0200, Logforme wrote:
The computer is somewhat dated but not ancient: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 4 cores with HT, 6GB mem. I feel it should be able to handle a 80 mbit bandwidth but have no hard data to support this.
That CPU is powerful enough to handle 80 Mbps assuming there's no hardware performance problems; a similar Xeon handles around 140 Mbps per core. -andy
Thanks for all the input guys.
See some advice here: http://archives.seul.org/or/relays/Aug-2010/msg00034.html Found that before and I have followed it to the letter when I set up the relay
Also are you running with a lot of iptables/ip6tables rules active (or any at all)? If you do, consider rewriting them so that at least 'conntrack' is not used (check that you can do "rmmod ipt_conntrack" cleanly, or it's not loaded in the first place). No iptables rules active, and conntrack is not loaded.
Make sure you have the most recent OpenSSL library, with the ec_nistp_64_gcc_128 optimizations enabled. (Tor will print a big nasty warning on startup if the library is new enough but the optimizations aren't available.) I have the latest OpenSSL library installed (version 1.0.1e-2) and no complaints from tor when it starts up.
You may get better utilization out of your CPU by running multiple tor daemons (try 4 to start) each with MaxCPUs=1 and bandwidth cap set to 1/N of the total available. They each have to be configured to use a distinct ORPort and state directory, and should all be tagged as the same family. I have been thinking about this but I'm reluctant to "partition" my bandwidth. I'm afraid it will end up like harddrive partitions: lots of wasted space. i.e. one daemon hitting the bandwidth cap while the other is under utilized.
That CPU is powerful enough to handle 80 Mbps assuming there's no hardware performance problems; a similar Xeon handles around 140 Mbps per core. Since the CPU is supposed to be able to handle 80mbit bandwidth I would much prefer to find out what the current problem is and continue to run with one daemon.
More info about the system: OS: debian 7.1. Only other thing running on the box is 2 GPU apps from Einstein@Home which use about 1/3 CPU core each. NIC: RTL-8169 on the motherboard. The messages only appear about 1 to 5 times a day even though the bandwidth usage is mostly at the 80mbit cap. My guess is that some users create enormous amounts of circuits and my CPU fails to handle them. Any other tips for what I could look at?
participants (4)
-
Andy Isaacson -
Logforme -
Roman Mamedov -
Zack Weinberg