Hi everyone, our organization is working to add more physical nodes, in our little Italy headquarter[1]. We have reached an agreement with one of the available fiber reseller there, where we will pay for L2 transport to a datacenter, where we will buy our uplink separately and announce and route our public IP addresses independently.
It is actually a very nice opportunity to remove a point of trust in the chain and get back control to a part of infrastructure that is usually delegated to commercial ISP. Similarly, as this list knows well, by announcing our IPs we will be the direct recipients of any abuse.
We have now two options: either look for someone willing to lease a /24 to Tor operators, which is not an easy task since the block reputation will be tainted and depreciate the block. We have found someone willing to, for $119/mo, but it is hard to tell how long that will last.
An alternative would be to buy it, for around ~7k$ (~28-31$ per IP, via a broker). We do not have the budget for this now, but an organization member has offered to lease the money and get paid back without interest at a similar rate that a lease would cost (around $1k year). In all phases, the block will be in the org ownership. We have someone who can LIR sponsor at RIPE so we would not have other recurring expenses.
Buying is more sustainable in the long-term: in around 6 years we will stop to have to pay the lease. At the same time, we will not have any chances to change those IP ever later, while in a lease, we could eventually move to other blocks.
Does anybody in the community have contacts for lease or sale? Is there any foreseeable issue in sticking to the same range for the next ~10 years?
Especially at the beginning, it will be unlikely that we will use even 1/4 of them, but given how the fiber infrastructure is built, we can eventually use the same announcements even for other physical locations.
Thank you
[1] - https://osservatorionessuno.org/blog/2024/07/we-have-a-headquarter-and-it-is...
Osservatorio Nessuno via tor-relays wrote:
our organization is working to add more physical nodes, in our little Italy headquarter[1]. We have reached an agreement with one of the available fiber reseller there, where we will pay for L2 transport to a datacenter, where we will buy our uplink separately and announce and route our public IP addresses independently.
Some uplink providers offer BGP+IPv6+IPv4 in a bundle. (he.net)
Since you can operate 32-40 nodes with 4-5 IPs, this would be an option to start with. With fast CPUs (clock speed), you can do around 10G of traffic. For a /24 then put yourself on the waiting list at RIPE.
It is actually a very nice opportunity to remove a point of trust in the chain and get back control to a part of infrastructure that is usually delegated to commercial ISP. Similarly, as this list knows well, by announcing our IPs we will be the direct recipients of any abuse.
That's good. You'll quickly notice that you can send well over 90% of the abuse directly to /dev/null.
We have now two options: either look for someone willing to lease a /24 to Tor operators, which is not an easy task since the block reputation will be tainted and depreciate the block. We have found someone willing to, for $119/mo, but it is hard to tell how long that will last.
I would ask about IP leasing for Tor exits here: https://lowendtalk.com/discussion/160162/aio-ip-related-ipv4-ipv6-asn-thread...
An alternative would be to buy it, for around ~7k$ (~28-31$ per IP, via a broker). We do not have the budget for this now, but an organization member has offered to lease the money and get paid back without interest at a similar rate that a lease would cost (around $1k year). In all phases, the block will be in the org ownership. We have someone who can LIR sponsor at RIPE so we would not have other recurring expenses.
I would rather try the RIPE waiting list. AFAIK 4-5K for a 24/ You will then get IPv6 for free. It also depends on the taxes that you may not have to pay as an NGO. https://www.ripe.net/manage-ips-and-asns/ipv4/ipv4-waiting-list/ https://www.ripe.net/manage-ips-and-asns/ipv4/how-waiting-list-works/
Write them a sad story, e.g.: You are making free wireless networks for refugee homes. This is more popular than Tor exits and could shorten the waiting time.
Years ago I looked for a /24 1350,- / year https://www.lir.services/ip-address-lease/ https://www.lir.services/blog/asn-setup/
[Off Topic:] With IPv6 only everything would be easier: https://snapserv.net/services/ripe/
NTH mentioned it at the last meetup. IPv6 only nodes must be possible in the future. The reports in recent days have made it clear that the Tor network needs to grow. - Some UNI's or companies can only provide IPv6 for Tor nodes. - Individuals can only pay for IPv6.
In the next 1-2 years, the Tor community should aim to have 70-80% of all nodes dual-stack. Less than 50% of guards and middle nodes have IPv6: https://nusenu.github.io/OrNetStats/#ipv6-relay-stats People using Tor in IPv6 only cellular networks can use *less* than half of the guards. Since the IPv6 setup is different for each provider, it might be helpful if we collect the configs on Gitlab or Github.
Hi,
On 24/09/2024 14:32, boldsuck via tor-relays wrote:
Some uplink providers offer BGP+IPv6+IPv4 in a bundle. (he.net)
sadly we do not have this option at the moment.
Since you can operate 32-40 nodes with 4-5 IPs, this would be an option to start with. With fast CPUs (clock speed), you can do around 10G of traffic. For a /24 then put yourself on the waiting list at RIPE.
AFAIK the waiting list now is pretty long, and we need those to start operations in a couple of months. Also to get on the waiting list we would need to be members and pay the membership signup and annual fees, while as sponsored by a LIR we would not need to.
That's good. You'll quickly notice that you can send well over 90% of the abuse directly to /dev/null.
We sadly know very well :)
We have now two options: either look for someone willing to lease a /24 to Tor operators, which is not an easy task since the block reputation will be tainted and depreciate the block. We have found someone willing to, for $119/mo, but it is hard to tell how long that will last.
I would ask about IP leasing for Tor exits here: https://lowendtalk.com/discussion/160162/aio-ip-related-ipv4-ipv6-asn-thread...
I got the 119$/month offer exactly from there. It was the only one...
I would rather try the RIPE waiting list. AFAIK 4-5K for a 24/ You will then get IPv6 for free. It also depends on the taxes that you may not have to pay as an NGO. https://www.ripe.net/manage-ips-and-asns/ipv4/ipv4-waiting-list/ https://www.ripe.net/manage-ips-and-asns/ipv4/how-waiting-list-works/
Write them a sad story, e.g.: You are making free wireless networks for refugee homes. This is more popular than Tor exits and could shorten the waiting time.
I do not think that is how we would want to present our organization
Years ago I looked for a /24 1350,- / year https://www.lir.services/ip-address-lease/ https://www.lir.services/blog/asn-setup/
Yeah but 99% of people will lease to you, start seeing the abuse, terminate the contract for violations and keep the money. There are many leasing websites, but none of them want to taint the blocks reputation.
[Off Topic:] With IPv6 only everything would be easier: https://snapserv.net/services/ripe/
NTH mentioned it at the last meetup. IPv6 only nodes must be possible in the future. The reports in recent days have made it clear that the Tor network needs to grow.
- Some UNI's or companies can only provide IPv6 for Tor nodes.
- Individuals can only pay for IPv6.
We can get Ipv6 for free from our sponsoring LIR, or directly asking RIPE. I think IPv6 nodes can be helpful, but they will surely still serve a minority of users. We would anyway do our best to makes the most use of the resources we have anyway, and for that we would still ned IPv4 in the foreseeable future.
In the next 1-2 years, the Tor community should aim to have 70-80% of all nodes dual-stack. Less than 50% of guards and middle nodes have IPv6: https://nusenu.github.io/OrNetStats/#ipv6-relay-stats People using Tor in IPv6 only cellular networks can use *less* than half of the guards. Since the IPv6 setup is different for each provider, it might be helpful if we collect the configs on Gitlab or Github.
I do agree with this, we will be dual stack.
Cheers
tor-relays@lists.torproject.org
-
boldsuck -
Osservatorio Nessuno