Re: [tor-relays] Advice for high throughput Tor node
This discussion is better suited for tor-relays@torproject.org. Also, for reference, here is the previous tor-relays thread on the technical aspects of this topic: http://archives.seul.org/or/relays/Aug-2010/msg00034.html And also the social side: https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment We really need to work on condensing that tor-relays thread into a single document like the blog post. We've still got a lot of mystery and voodoo to unravel in terms of utilizing all spare Tor capcity, though. Thus spake Mitar (mmitar@gmail.com):
Hi!
We are planning a high throughput Tor node, we are hoping for 1 Gbit/s node. But as I read there are some issues attaining that. So I would like some suggestions what should we use for hardware and configuration to attain it. So CPU, ethernet card, etc. As I understood it is necessary to run multiple Tor instances, but that then ethernet card's IRQ affinity is still problematic? Would it be better to have multiple ethernet cards? How much CPU is needed for 1 Gbit/s throughput? RAM?
And it is probably also necessary to have multiple IPs to be able to have more than 65k connections?
The problem is that we will probably not be able to experiment much, what we will buy we will have. So I am hoping to get it right.
We are targeting a fully open exit node policy so some advice on how to arrange things with ISP would also be good. We have good experience with one local ISP, but not on this scale. So probably it would be good to request a SWIP and abuse handle to our e-mail? Anything else? Is there any software developed which would handle automatic abuse e-mails with automatic replies?
I am sorry if all this is already somewhere written. ;-)
(And all this is still just in a planning stage, we will have to see if the budget will support it.)
Mitar _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- Mike Perry Mad Computer Scientist fscked.org evil labs
Thus spake Mitar (mmitar@gmail.com):
The problem is that we will probably not be able to experiment much, what we will buy we will have. So I am hoping to get it right.
We are targeting a fully open exit node policy so some advice on how to arrange things with ISP would also be good. We have good experience with one local ISP, but not on this scale. So probably it would be good to request a SWIP and abuse handle to our e-mail? Anything else?
I recommend against the default exit policy in the US, especially if you do not want to have to do a lot of experimentation. The community is drafting this policy as an alternative: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/ReducedExitPoli... Your load characteristics will differ with this policy from default exits (extrainfo statistics tell us you will see around half as much traffic per tor process instance), so if you don't want to experiment, you should decide your exit policy early. Again, in the US, it is pretty much a must to use the reduced policy. Even if content industry takes you to court, and you win (Tor-savvy US lawyers say you probably will), big content can and will change the law afterwords: http://news.cnet.com/8301-13578_3-20014468-38.html
Is there any software developed which would handle automatic abuse e-mails with automatic replies?
No. This would be great to have, though. For starter templates, see: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorAbuseTemplat... -- Mike Perry Mad Computer Scientist fscked.org evil labs
Hi! On Tue, Mar 1, 2011 at 2:30 AM, Mike Perry <mikeperry@fscked.org> wrote:
Thus spake Mitar (mmitar@gmail.com): I recommend against the default exit policy in the US, especially if you do not want to have to do a lot of experimentation.
We are not in US but in Slovenia, EU. ;-) We have test run a 50 Mbit/s exit node with fully open exit policy for some months and survived only with two seizure warrants (which we successfully defended). Mitar
Hi, On 01.03.2011 02:30, Mike Perry wrote:
Is there any software developed which would handle automatic abuse e-mails with automatic replies? No. This would be great to have, though. For starter templates, see: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorAbuseTemplat...
Many issue trackers and helpdesks support email tickets. I am not sure though if automated responses really help. We reply differently depending on the reported abuse, and tone of the complaint. -- Moritz Bartl https://www.torservers.net/
Hi! On Tue, Mar 1, 2011 at 12:58 PM, Moritz Bartl <moritz@torservers.net> wrote:
We reply differently depending on the reported abuse, and tone of the complaint.
But we probably do not need to. They send automatic e-mails, we can send automatic e-mails. And invite them for a reply for more specific information, if they want, to another e-mail address. ;-) Mitar
Thus spake Mitar (mmitar@gmail.com):
Hi!
On Tue, Mar 1, 2011 at 12:58 PM, Moritz Bartl <moritz@torservers.net> wrote:
We reply differently depending on the reported abuse, and tone of the complaint.
But we probably do not need to. They send automatic e-mails, we can send automatic e-mails. And invite them for a reply for more specific information, if they want, to another e-mail address. ;-)
It depends on the nature of your complaints. With the default exit policy, the overwhelming majority of your complaints will be automated DMCA spam. But without it, and with proper SWIP, reverse DNS, etc, the remaining complaints will be either trolls, people who do not understand the Internet, or confused users who probably could use a tip or two about improving their computer security. The latter two usually deserve some kind of personalized help, unless they decide to transform into trolls :). -- Mike Perry Mad Computer Scientist fscked.org evil labs
Hi! On Wed, Mar 2, 2011 at 12:50 AM, Mike Perry <mikeperry@fscked.org> wrote:
It depends on the nature of your complaints.
This would be a good project for our students: categorize e-mails by complaint theme using Bayesian classifier. ;-) Mitar
participants (3)
-
Mike Perry -
Mitar -
Moritz Bartl