I'm not sure if reporting is off or something isn't configured right or whatever it could be, but when running nyx, it is telling me that the measured rate is 229.0 B/s which to me, sounds ridiculously slow. Where is it getting the measured rate from? Is it a calculation on how much data is passing in a given time or some sort of speed test from another relay or where? While I've used Tor off and on for several years, I never ran a relay until now and I'm still not certain on several aspects, though I keep digging to make sure I can supply the best exit relays I can. (I currently host 2 exit relays and hope to bring up 3 more in the near future if I can find hardware to run them on. Though I may make one a bridge.)
I have some spare internet connections that are provided to us that are 25/5 connections. I configured torrc with a 500KB/s limit with 600KB/s bursting as this should work nicely to use ~4Mbps of the 5Mbps that the connection supports and allows me some bandwidth to be able to connect to the machines for monitoring and troubleshooting as well as more than enough bandwidth for downloading updates and such.
The line in nyx that I'm referring to is: Bandwidth (limit: 500 KB/s, burst: 600 KB/s, measured: 229.0 B/s): Where is it getting that 229.0 B/s rate and is there anything I can do to get it closer to the 500KB/s I am trying to share.
Granted, I am using a Linksys e1200 and Belkin something-or-other that I can't remember off the top of my head running DD-WRT as routers in front of the servers. (I've pondered removing the router and just connecting the server directly to the internet and relying on pf for my firewalling, but I can't do that at the one location as I also have a couple other things connected to it. Both routers are higher end consumer routers with 32MB of RAM and has 32768 for maximum ports. (Currently just under 3000 active IP connections as I'm typing this e-mail.) I might just try this on my one exit to see if this is the bottleneck I'm hitting or if there's something else affecting it.
When I had first put this in place, I was using an older Netgear ProVPN router of some sort, but I swapped it out due to it flagging NTP traffic as unknown even though my server was initiating the NTP requests. But I was maintaining 200KB/s+ connections fairly consistently. It now ranges all over the place and I'm not sure if that's an issue on my end or just part of the lifecycle of a relay.
I just recently rebooted the machine this happened to pop up in the nyx log window as I was looking at this: 12:33:09 [NOTICE] Heartbeat: Tor's uptime is 4 days 23:59 hours, with 1928 circuits open. I've sent 37.89 GB and received 37.00 GB. To me, that seems a too low, but I've not sat down to do the math and maybe that's a good statistic for 5 days at 4Mbps.
I'd appreciate any tips and pointers you can send my way. And if the consumer routers are the issue, I can move my one exit relay to one of the other connections I have and not use it at the location (or just run one that's slower) where I do use this backup internet connection. (It's handy to have a network that's not part of our internal network for testing.)
Thanks for sticking with me through this whole e-mail and I apologize for rambling and jumping around a bit. I'm sure I left out some stuff and didn't clarify something else or something wasn't clear, so if you need more information, just ask.
Thank you, John
Penn Cambria School District
This e-mail and any files transmitted with it are confidential and intended only for the person or entity to which it is addressed. If you have received this email in error, please notify the sender immediately via email and delete this email along with any attachments from your system. Any unauthorized or improper disclosure, copying, distribution, or use of the contents of this e-mail and attached documents is strictly prohibited. The views and opinions of this email or attachments are reflections of the author and are not necessarily the views and opinions of Penn Cambria School District. We do not accept responsibility or liability for any loss or damage from the receipt of this email, its use, or for any errors or omissions.
www.pcam.orghttp://www.pcam.org
Hi John, thanks for pointing this out! Just took a quick peek at the source and the 'measured: x' comes from your relay's consensus entry. On reflection though that's stupid of me since that's the bandwidth authority weight which is a unit-less heuristic (baka!).
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2234
I should probably simply drop that from the interface. Filed a ticket to remind me to do so...
https://trac.torproject.org/projects/tor/ticket/24832
Sorry about the confusion! Nyx should be showing an average metric as well which is based on the samplings it sees. *That* should be more helpful.
Cheers! -Damian
On Mon, Jan 8, 2018 at 10:56 AM, John D. McDonnell mcdonnjd@pcam.org wrote:
I'm not sure if reporting is off or something isn't configured right or whatever it could be, but when running nyx, it is telling me that the measured rate is 229.0 B/s which to me, sounds ridiculously slow. Where is it getting the measured rate from? Is it a calculation on how much data is passing in a given time or some sort of speed test from another relay or where? While I've used Tor off and on for several years, I never ran a relay until now and I'm still not certain on several aspects, though I keep digging to make sure I can supply the best exit relays I can. (I currently host 2 exit relays and hope to bring up 3 more in the near future if I can find hardware to run them on. Though I may make one a bridge.)
I have some spare internet connections that are provided to us that are 25/5 connections. I configured torrc with a 500KB/s limit with 600KB/s bursting as this should work nicely to use ~4Mbps of the 5Mbps that the connection supports and allows me some bandwidth to be able to connect to the machines for monitoring and troubleshooting as well as more than enough bandwidth for downloading updates and such.
The line in nyx that I'm referring to is: Bandwidth (limit: 500 KB/s, burst: 600 KB/s, measured: 229.0 B/s): Where is it getting that 229.0 B/s rate and is there anything I can do to get it closer to the 500KB/s I am trying to share.
Granted, I am using a Linksys e1200 and Belkin something-or-other that I can't remember off the top of my head running DD-WRT as routers in front of the servers. (I've pondered removing the router and just connecting the server directly to the internet and relying on pf for my firewalling, but I can't do that at the one location as I also have a couple other things connected to it. Both routers are higher end consumer routers with 32MB of RAM and has 32768 for maximum ports. (Currently just under 3000 active IP connections as I'm typing this e-mail.) I might just try this on my one exit to see if this is the bottleneck I'm hitting or if there's something else affecting it.
When I had first put this in place, I was using an older Netgear ProVPN router of some sort, but I swapped it out due to it flagging NTP traffic as unknown even though my server was initiating the NTP requests. But I was maintaining 200KB/s+ connections fairly consistently. It now ranges all over the place and I'm not sure if that's an issue on my end or just part of the lifecycle of a relay.
I just recently rebooted the machine this happened to pop up in the nyx log window as I was looking at this: 12:33:09 [NOTICE] Heartbeat: Tor's uptime is 4 days 23:59 hours, with 1928 circuits open. I've sent 37.89 GB and received 37.00 GB. To me, that seems a too low, but I've not sat down to do the math and maybe that's a good statistic for 5 days at 4Mbps.
I'd appreciate any tips and pointers you can send my way. And if the consumer routers are the issue, I can move my one exit relay to one of the other connections I have and not use it at the location (or just run one that's slower) where I do use this backup internet connection. (It's handy to have a network that's not part of our internal network for testing.)
Thanks for sticking with me through this whole e-mail and I apologize for rambling and jumping around a bit. I'm sure I left out some stuff and didn't clarify something else or something wasn't clear, so if you need more information, just ask.
Thank you, John
Penn Cambria School District
This e-mail and any files transmitted with it are confidential and intended only for the person or entity to which it is addressed. If you have received this email in error, please notify the sender immediately via email and delete this email along with any attachments from your system. Any unauthorized or improper disclosure, copying, distribution, or use of the contents of this e-mail and attached documents is strictly prohibited. The views and opinions of this email or attachments are reflections of the author and are not necessarily the views and opinions of Penn Cambria School District. We do not accept responsibility or liability for any loss or damage from the receipt of this email, its use, or for any errors or omissions.
www.pcam.orghttp://www.pcam.org
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Sorry for top posting, but I don't have my mail client configured for a more proper inline or bottom posting. (I did that when I first got here but was forced to change it to appease my boss.)
The average metric you are referring to is the one that is updated with the bar graph correct? That one does show more promising numbers, but still generally still tends to fall far short of my 500KB/s allocation. (Seems to usually be from 70B/s to 250KB/s with bursts higher.) But if this is the actual rates I'm getting, then I am going to have to assume I've either got something configured wrong or my routers aren't allowing my servers to get up to full speed. (Both are probably equally likely. lol)
Thank you for clearing that up though, I've been quite perplexed by it reporting only B/s instead of KB/s for the average.
-- John
-----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of Damian Johnson Sent: Monday, January 8, 2018 3:10 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Nyx reported speed
Sorry about the confusion! Nyx should be showing an average metric as well which is based on the samplings it sees. *That* should be more helpful.
Cheers! -Damian
Penn Cambria School District
This e-mail and any files transmitted with it are confidential and intended only for the person or entity to which it is addressed. If you have received this email in error, please notify the sender immediately via email and delete this email along with any attachments from your system. Any unauthorized or improper disclosure, copying, distribution, or use of the contents of this e-mail and attached documents is strictly prohibited. The views and opinions of this email or attachments are reflections of the author and are not necessarily the views and opinions of Penn Cambria School District. We do not accept responsibility or liability for any loss or damage from the receipt of this email, its use, or for any errors or omissions.
www.pcam.orghttp://www.pcam.org
Thanks John, glad to hear the average is more in line. Sorry if you're already aware of this but here's a nice read that might help...
https://blog.torproject.org/lifecycle-new-relay
It can take a long while for the bandwidth authorities to warm up to relays. If you're seeing slack in a new-ish relay that's likely it.
On Mon, Jan 8, 2018 at 12:27 PM, John D. McDonnell mcdonnjd@pcam.org wrote:
Sorry for top posting, but I don't have my mail client configured for a more proper inline or bottom posting. (I did that when I first got here but was forced to change it to appease my boss.)
The average metric you are referring to is the one that is updated with the bar graph correct? That one does show more promising numbers, but still generally still tends to fall far short of my 500KB/s allocation. (Seems to usually be from 70B/s to 250KB/s with bursts higher.) But if this is the actual rates I'm getting, then I am going to have to assume I've either got something configured wrong or my routers aren't allowing my servers to get up to full speed. (Both are probably equally likely. lol)
Thank you for clearing that up though, I've been quite perplexed by it reporting only B/s instead of KB/s for the average.
-- John
-----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of Damian Johnson Sent: Monday, January 8, 2018 3:10 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Nyx reported speed
Sorry about the confusion! Nyx should be showing an average metric as well which is based on the samplings it sees. *That* should be more helpful.
Cheers! -Damian
Penn Cambria School District
This e-mail and any files transmitted with it are confidential and intended only for the person or entity to which it is addressed. If you have received this email in error, please notify the sender immediately via email and delete this email along with any attachments from your system. Any unauthorized or improper disclosure, copying, distribution, or use of the contents of this e-mail and attached documents is strictly prohibited. The views and opinions of this email or attachments are reflections of the author and are not necessarily the views and opinions of Penn Cambria School District. We do not accept responsibility or liability for any loss or damage from the receipt of this email, its use, or for any errors or omissions.
www.pcam.orghttp://www.pcam.org
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Yeah, I've read the lifecycle of a new relay but since I'm running exits, I thought it might try to use more of my bandwidth by default. So I'm not sure if it's just the warmup period or if it's something I've misconfigured. I'm also not sure if it's just a limitation of the hardware I'm running on as well. I've repurposed a pair of Barracuda Spam Firewall 400's for the short depth 1u form factor, but I don't know if that's also a bottleneck on my speed as well.
CPU: AMD Sempron(tm) Processor 3400+ (1799.99-MHz K8-class CPU) Origin="AuthenticAMD" Id=0x40ff2 Family=0xf Model=0x4f Stepping=2 Features=0x78bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2> Features2=0x2001<SSE3,CX16> AMD Features=0xea500800<SYSCALL,NX,MMX+,FFXSR,RDTSCP,LM,3DNow!+,3DNow!> AMD Features2=0x19<LAHF,ExtAPIC,CR8> real memory = 4294967296 (4096 MB)
Only a 10/100 onboard NIC, but as I've only got a 25/5 internet connection that I'm sharing, that won't be a bottleneck.
I have an older model of the 400 that uses PATA on a RAID card that I previously used as a SQUID cache at home, but after sitting in storage for a couple years and moving from my old house to my new, it seems to no longer want to boot no matter what I toss at it, else I'd have 3 relays running by now.
(On a side note, if anyone has some spare hardware in a 1u short depth form that they'd like to donate, I'd be in the market! I've got 5 spare 25/5 internet connections that we don't use and I've only got relays on 2 of them. lol)
But for now I guess I'll just go back to waiting to see if it's just the lifecycle limitations.
Thank you for clearing up what the monitor was showing me though. I feel a lot better knowing that I'm not averaging such a low speed.
-- John McDonnell
-----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of Damian Johnson Sent: Monday, January 8, 2018 3:45 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Nyx reported speed
Thanks John, glad to hear the average is more in line. Sorry if you're already aware of this but here's a nice read that might help...
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblog.torpro...
It can take a long while for the bandwidth authorities to warm up to relays. If you're seeing slack in a new-ish relay that's likely it.
Penn Cambria School District
This e-mail and any files transmitted with it are confidential and intended only for the person or entity to which it is addressed. If you have received this email in error, please notify the sender immediately via email and delete this email along with any attachments from your system. Any unauthorized or improper disclosure, copying, distribution, or use of the contents of this e-mail and attached documents is strictly prohibited. The views and opinions of this email or attachments are reflections of the author and are not necessarily the views and opinions of Penn Cambria School District. We do not accept responsibility or liability for any loss or damage from the receipt of this email, its use, or for any errors or omissions.
www.pcam.orghttp://www.pcam.org
On 9 Jan 2018, at 05:56, John D. McDonnell mcdonnjd@pcam.org wrote:
I'd appreciate any tips and pointers you can send my way. And if the consumer routers are the issue, I can move my one exit relay to one of the other connections I have and not use it at the location (or just run one that's slower) where I do use this backup internet connection. (It's handy to have a network that's not part of our internal network for testing.)
In our experience, most consumer routers don't support the 6000 simultaneous connections that Tor uses. I'd encourage you to try a different router, or an alternate connection, and see how that goes.
T
I wondered if that might be the case. These are spare internet connections that we have for free, so we don't really want to put any resources into them as we don't actually use them. The one in my office we do have hooked up to a postal machine and cellular gateway and use for testing purposes, but the ones in our other buildings we don't use. I actually just upgraded the one in my office (curtesy of Goodwill for $4) from a v8 WRT54G (one of the crippled almost no RAM or ROM space) to the Belkin with 32MB of RAM which matches the Linksys e1200's RAM. I have both of them set for something like 32000 connections and I observed the one yesterday was sitting around 3000 connections with CPU and RAM resources still available. (I believe I read on DD-WRT's site somewhere that with 16MB of RAM it can support 32000 connections, though I've no first-hand experience with this, other than what I'm running now.)
If I get the chance to head to the other building where I have the other relay connected, I'll try connecting it directly to the internet and see how that affects the usage. (pf is set to not allow any connections besides ORport, DirPort, SSH, 80, and 443, so it should be fairly secure. Though I've not tested my rules to redirect 80 and 443 to DirPort and ORPort as my router was doing that for me.) On that note, if I plug directly in, I will also get an IPv6 address. Do I need to do anything besides set "IPv6Exit 1" to use it as an IPv6 exit? (Do I need to set the IPv6 OR port. It is not a static IP address and I don't know how often it will be forced to change.)
-- John McDonnell
-----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of teor Sent: Monday, January 8, 2018 5:14 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Nyx reported speed
On 9 Jan 2018, at 05:56, John D. McDonnell mcdonnjd@pcam.org wrote:
I'd appreciate any tips and pointers you can send my way. And if the consumer routers are the issue, I can move my one exit relay to one of the other connections I have and not use it at the location (or just run one that's slower) where I do use this backup internet connection. (It's handy to have a network that's not part of our internal network for testing.)
In our experience, most consumer routers don't support the 6000 simultaneous connections that Tor uses. I'd encourage you to try a different router, or an alternate connection, and see how that goes.
T _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.torpr...
Penn Cambria School District
This e-mail and any files transmitted with it are confidential and intended only for the person or entity to which it is addressed. If you have received this email in error, please notify the sender immediately via email and delete this email along with any attachments from your system. Any unauthorized or improper disclosure, copying, distribution, or use of the contents of this e-mail and attached documents is strictly prohibited. The views and opinions of this email or attachments are reflections of the author and are not necessarily the views and opinions of Penn Cambria School District. We do not accept responsibility or liability for any loss or damage from the receipt of this email, its use, or for any errors or omissions.
www.pcam.orghttp://www.pcam.org
I actually just logged into the one in my office to check on it. CPU is around 25%, RAM is ~30% free, 5111 connections. According to nyx, download is a pretty steady 500KB/s, to be expected with it limited at 500 with bursting to 600; and upload is fairly consistent around 350KB/s, a bit lower than expected, but perhaps due to this connection having some minor usage besides Tor might be the reason. (I think I'll try moving the cellular gateway to our main connection to see if that improves the upload on Tor.)
Perhaps the e1200 just can't handle the load like this Belkin can. It's sitting with CPU around 17%, RAM ~20% free, and ~2000 connections. But nyx is reporting very inconsistent speeds from 2KB/s to 600KB/s (though mostly topping out in the 20-40KB/s range) while I've been watching it this morning. The Tor server is a clone of the one in my office (Who knew these Barracuda's were actually useful for something?! lol) with the same hardware, software, and config, with the obvious exceptions of the IP addresses and names so I know the speed issue is probably not the server. And this is the one that is not sharing at all but only used for Tor.
(The routers are also configured the same, other than the hardware (different chipset and slightly slower CPU on the Linksys) and network differences. And the one in my office has the WiFi enabled while the other does not.)
-- John McDonnell
-----Original Message----- From: John D. McDonnell Sent: Tuesday, January 9, 2018 8:19 AM To: 'tor-relays@lists.torproject.org' tor-relays@lists.torproject.org Subject: RE: [tor-relays] Nyx reported speed
I wondered if that might be the case. These are spare internet connections that we have for free, so we don't really want to put any resources into them as we don't actually use them. The one in my office we do have hooked up to a postal machine and cellular gateway and use for testing purposes, but the ones in our other buildings we don't use. I actually just upgraded the one in my office (curtesy of Goodwill for $4) from a v8 WRT54G (one of the crippled almost no RAM or ROM space) to the Belkin with 32MB of RAM which matches the Linksys e1200's RAM. I have both of them set for something like 32000 connections and I observed the one yesterday was sitting around 3000 connections with CPU and RAM resources still available. (I believe I read on DD-WRT's site somewhere that with 16MB of RAM it can support 32000 connections, though I've no first-hand experience with this, other than what I'm running now.)
If I get the chance to head to the other building where I have the other relay connected, I'll try connecting it directly to the internet and see how that affects the usage. (pf is set to not allow any connections besides ORport, DirPort, SSH, 80, and 443, so it should be fairly secure. Though I've not tested my rules to redirect 80 and 443 to DirPort and ORPort as my router was doing that for me.) On that note, if I plug directly in, I will also get an IPv6 address. Do I need to do anything besides set "IPv6Exit 1" to use it as an IPv6 exit? (Do I need to set the IPv6 OR port. It is not a static IP address and I don't know how often it will be forced to change.)
-- John McDonnell
-----Original Message----- From: tor-relays [mailto:tor-relays-bounces@lists.torproject.org] On Behalf Of teor Sent: Monday, January 8, 2018 5:14 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Nyx reported speed
On 9 Jan 2018, at 05:56, John D. McDonnell mcdonnjd@pcam.org wrote:
I'd appreciate any tips and pointers you can send my way. And if the consumer routers are the issue, I can move my one exit relay to one of the other connections I have and not use it at the location (or just run one that's slower) where I do use this backup internet connection. (It's handy to have a network that's not part of our internal network for testing.)
In our experience, most consumer routers don't support the 6000 simultaneous connections that Tor uses. I'd encourage you to try a different router, or an alternate connection, and see how that goes.
T _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.torpr...
Penn Cambria School District
This e-mail and any files transmitted with it are confidential and intended only for the person or entity to which it is addressed. If you have received this email in error, please notify the sender immediately via email and delete this email along with any attachments from your system. Any unauthorized or improper disclosure, copying, distribution, or use of the contents of this e-mail and attached documents is strictly prohibited. The views and opinions of this email or attachments are reflections of the author and are not necessarily the views and opinions of Penn Cambria School District. We do not accept responsibility or liability for any loss or damage from the receipt of this email, its use, or for any errors or omissions.
www.pcam.orghttp://www.pcam.org
On 10 Jan 2018, at 00:19, John D. McDonnell mcdonnjd@pcam.org wrote:
If I get the chance to head to the other building where I have the other relay connected, I'll try connecting it directly to the internet and see how that affects the usage. (pf is set to not allow any connections besides ORport, DirPort, SSH, 80, and 443, so it should be fairly secure. Though I've not tested my rules to redirect 80 and 443 to DirPort and ORPort as my router was doing that for me.) On that note, if I plug directly in, I will also get an IPv6 address. Do I need to do anything besides set "IPv6Exit 1" to use it as an IPv6 exit?
No, setting "IPv6Exit 1" is enough.
(Do I need to set the IPv6 OR port. It is not a static IP address and I don't know how often it will be forced to change.)
Your IPv6 address is not static? That's unfortunate. And unusual.
Tor doesn't automatically detect IPv6 addresses yet. And if your IPv6 address changes, the directory authorities will mark it as down. So please *don't* set the IPv6 ORPort.
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n ------------------------------------------------------------------------
tor-relays@lists.torproject.org
-
Damian Johnson -
John D. McDonnell -
teor