optimize performance of a relay running on a VM

newer
Bandwidth usage for an established...

older
Re: [tor-relays] One IPv4 address,...

s7r

1 Jul 2014 1 Jul '14

6:46 p.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have multiple relays running on the following systems: - - vmware vsphere virtualization technology - - 100 mbps port - - 1GB dedicated RAM - - 2.6 Ghz 1 core CPU dedicated - - OS: FreeBSD 10.0 Release amd64 or Debian Stable - - DO NOT KNOW IF I HAVE AES-NI SUPPORT OR HOW TO ACTIVATE IT (?) Currently atlas shows 3-4-5 MB/s advertised bandwidth for these relays. Arm shows between 600 and 1200 concurrent circuits (total of inbound, outbound and exit) and average traffic consumption is 5-6 TB per month (total both download and upload). I think this can be improved, but how? The servers have only purpose Tor, there is nothing else running on them and there is no bandwidth cap or throttling. Suggestions? Thanks in advance. - -- s7r PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJTswH9AAoJEIN/pSyBJlsRtTMH/jFV2FdfSksYNalSn9fmHcRk sKoWfNuRL/FQAQ1R0faN0F3lemOfDq80vosmd95h5EIZG7UmmN/xs9s8K9PQAzxf j3XHwCtYVkKkEA1djdAbFUB5s3WN6ieNm0qnnqZeBk16A9vJeRI2wkYFPRaDn6c5 n9u+p5QUjRmBKMkY/TOZ12TWSdeD683SoGdx4O5FeP90B+Q61SFgDtkvX6wtWKZr flWM/Bf0gpQL6Qowl9E49J5dJj+RgSYqPZ943x37nutBYzGmn0pbqXU1ulg0WFuz 3tu4bjwLITg1BB64jnF9hwn91pnd8ECay8OMqnZxbI1QycvPTPcNkwkasqARfTs= =MJBs -----END PGP SIGNATURE-----

Show replies by date

Random Tor Node Operator

1 Jul 1 Jul

7:07 p.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/01/2014 08:46 PM, s7r wrote:

...

I have multiple relays running on the following systems: - vmware vsphere virtualization technology - 100 mbps port - 1GB dedicated RAM - 2.6 Ghz 1 core CPU dedicated - OS: FreeBSD 10.0 Release amd64 or Debian Stable

...

- DO NOT KNOW IF I HAVE AES-NI SUPPORT OR HOW TO ACTIVATE IT (?)

$ cat /proc/cpuinfo | grep aes If it returns a string of instruction sets, your CPU has the AES-NI instruction set. If it returns nothing, it doesn't.

...

Currently atlas shows 3-4-5 MB/s advertised bandwidth for these relays. Arm shows between 600 and 1200 concurrent circuits (total of inbound, outbound and exit) and average traffic consumption is 5-6 TB per month (total both download and upload). I think this can be improved, but how?

What does the CPU usage of the tor process look like? How long have your relays been running? It takes a while until a relay reaches a steady state. [1] Can you tell us the fingerprints of your relays? At least in terms of your hardware, you should be able to roughly saturate your 100 Mbit/s line. [1] https://blog.torproject.org/blog/lifecycle-of-a-new-relay -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTswbMAAoJEJe61A/xrcOQkJcP/1sydKSVdgrcwCxtKruoxN/T omTpKh2pCdfsrmbdveNwPcBJumkdf43OczdE/+GlM3FRc+m/4yd/cXHRhZ1ADriU luRKjCmu8d7yCRDCzvHJGu+fQvtJzqVewxlq4Rkfate1ZCCy7/FAbKzPYnWkoxMs EMG1FgNYpQQCZpqM+bN/vxouRcL6FQWk1VAXq24TRb59q/QV1qhKxpOruuH1fNfP 917tB+yq9aCjdU7Amg8mPF+5BA5UxiFczDnSXkvo1k1B70N6nSgZ3+zb5NHAtk2b 0VQUNrG7vYyhDS7c712QujnOfQT3m+MX2Cv6B3xgaY21PZr+LlGJq7UTWuGuD2Q0 covrBBgtHAEI5B2f0kKq1uu+/TasDqZ+4Zst6vRpW41e7kYC5fWbBlKCRBlNmhWw PbUMSCuICteSyaElKbDxKHALcRmmlSN+2soDKfSK5Ieb4Szdun8/foYcg4xMCyS4 qqWDoAc2994McMuSE9rgONVDy3BOSk22SUyTzNk60GSp09Tug8L4Y2crgYDJDmUR 6ZB1QmI9efS6wTJRgz1GdrqjVINbbmASGr5KxuX63Bijl0dpPhpXEAlkziKoR/pA aek0tg9DRaekkyDc6kUh5jtkFxtGCqmdO16/WROxGaG0soGy9UU/eocS3FlN/zsx TxHecfuDGomsdbcICe8O =h+wl -----END PGP SIGNATURE-----

s7r

7:24 p.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 7/1/2014 10:07 PM, Random Tor Node Operator wrote:

...

It does not return anything. I have the proc folder, but there is no cpuinfo file in it. Here: root@tor:/ # cat /proc/cpuinfo | grep aes cat: /proc/cpuinfo: No such file or directory

...

here is one I am freebie hired to maintain: 6C36F9ACBA57AC9C10DBC39D330CFA337522E72B

...

Thank you for prompt reply and looking forward for your help. - -- s7r PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJTswsDAAoJEIN/pSyBJlsRws0IAItoJ1gQxlfKwmBIuUHgsAyJ FA2F1s/N4tU4zrC8oLQEayI8nKNRyRK8armLRRm1fDOR5ZomRov/ThnJA55boZv/ RF8p4aMNSAehOJAGgRbUwFmjL4NTuvZBEeC8TOHrDSKX6SB2R210RhyucBpRID3C l2D7nITPnqGVM3zeZ3d79LMWGo9MQ6CBYHosE4MmmVCwYPI3abRDXNLWEdii7AvR 1qt24HQeartxf1AIiJRph05/PlZRbh0RkdATz+lYeAhwz0ryRkncYbU8SRkK5jnf s5VwqDqOuUDp1k7Grn7f7SERwCzlNKWhg1kLfxKWevBL4Q8WX47Xvjaw827dPUg= =mYES -----END PGP SIGNATURE-----

Random Tor Node Operator

8:12 p.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

...

root@tor:/ # cat /proc/cpuinfo | grep aes cat: /proc/cpuinfo: No such file or directory

According to a stackoverflow page [2], you can look for hints indicating the existence of AES-NI support in "sysctl hw" and /var/run/dmesg.boot

...

PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND 675 _tor 2 20 0 130M 126M sbwait 567:31 7.96% tor Uses maximum 10-12% of the available CPU. Uses maximum 150 - 160 MB of RAM. (~15%)

okay, so CPU doesn't seem to be a bottleneck, as expected. You could try downloading a large (some 100 MBs) file from a fast server via wget to see whether you can saturate your downstream.

...

here is one I am freebie hired to maintain: 6C36F9ACBA57AC9C10DBC39D330CFA337522E72B

It is an Exit relay. I am not sure, maybe Tor is designed in a way that Exits are strongly preferred for Exit connections, so they get less traffic for HSDir/V2Dir requests or for being a Rendezvous Point or Introduction Point for Hidden Services. That is mostly speculation on my part though. I never had any Exit relays on my own. Probably the Tor Path Specification [3] has the answer to that question. Your relay seems to be the only one in that /16 subnet, so that wouldn't be a reason for less-than-normal traffic. [2] http://stackoverflow.com/questions/4083848/what-is-the-equivalent-of-proc-cp... [3] https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=path-spec.t... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTsxYkAAoJEJe61A/xrcOQ1WUQAKzb4xSA8Wz0u3T4sCn2Q41g URTA4Q9OGDxRvYpO2I9cXOuu4pj2g+jWsxOH1uX8g1O6uY7u6n5cYj0FYczbDSJm wn9ySxIo8wJAZCTStJmXQhgm9oceq7EDgiVsRQAXQilkv3i2JnfToNLMH80vMuKH x6Wj6lfzEWs2/8NG/WxNmJuv4O7w/mPJ1LeCqLsuL8O3ni03Ql0iPnohyhbQrJCo vAbKaj1ix65eSNahLqcH53MF3x+FkkG0ULTgWebjCg731kqVFOzsrRQQY4oZXo+k +fx+7kodjqQdQ7xSRpaTBe/15NE8Xk8hT9Ib9jVQ9Zyo19EcP6NIxnYC+zJD2G++ xQtcpur6N5XZCruuC+GoUsdYB/6lrLJHJ+SaqXachhEfqcXm1DaIH0wJb7Zre2Jf 4eS/H/Fp0+msKFHq3ElL7TcnxpMOMUkoAp4d7jbi8v/0u5DHuMRQDVTlIfpSX3fJ HMBQo9K1jf1iInCx7vpLFe7f+m5tH+PRTME8ZBTJ6PnAUbrrQW4khBF8P3J6gqm9 1DTH16BF+B2zNhQhyKI9c8T6CFIxXdnTwUAYFwHA8GQII6qP2M2ykK9ELpN1y/o8 dFTOMe017L4jM+73yhoNIddbGoCqBlIGu+1vv/OK/uk+s5Lmh3fveajOsECAcBpq HzlYGmmOy6UuWsClZL+X =fnHk -----END PGP SIGNATURE-----

grarpamp

2 Jul 2 Jul

3:14 a.m.

On Tue, Jul 1, 2014 at 3:24 PM, s7r <s7r@sky-ip.org> wrote:

...

That's because FreeBSD is not Linux, its proc is limited to procfs(5) with non process info/knobs in sysctl(8), nor is it really necessary to mount proc. Also, 'aes' is presented in CAPS. That single core might be old enough to not have it. Check: /var/run/dmesg.boot http://svnweb.freebsd.org/ports/head/misc/cpuid/ [also available via ftp package] openssl speed aes

4019

Age (days ago)

4020

Last active (days ago)

List overview

Download

4 comments

3 participants

participants (3)

grarpamp
Random Tor Node Operator
s7r