Hello new exit operator F3 Netze
Hello F3 Netze, I saw you recently added 8 new tor exit instances and wanted to thank you for contributing exit bandwidth to the tor network! Should there arise questions related to the operations of tor relays you can reach out to the public tor-relays mailing list [0]. Your AS information is not yet in Maxmind's databases so it does not show yet on Relay Search [1] pages but this will solve itself over time. I saw your have IPv6 addresses [2]. If your connectivity/routing allows also for IPv6 exiting and ORPorts, enabling IPv6 on your exits would be great and appreciated. Looking at your ORPorts and your perfect MyFamily configuration this looks like an ansible-relayor setup, in which case IPv6 will be automatically enabled on the next playbook run once the servers have IPv6 addresses (if you didn't opt-out). thanks for joining the network and happy packet forwarding! nusenu [0] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [1] https://metrics.torproject.org/rs.html#search/family:6BCB964AB74E23F8986BDA9... [2] https://bgp.he.net/AS205100#_prefixes6 -- https://mastodon.social/@nusenu twitter: @nusenu_
Hi Nusenu Am Samstag, den 24.03.2018, 10:18 +0000 schrieb nusenu:
I saw you recently added 8 new tor exit instances and wanted to thank you for contributing exit bandwidth to the tor network! At the moment this is a (small) Host with 10 GBE and multiple addresses. I hope the computing power is enough to handle a bunch of Tor traffic. We need to get a bit more experience with that.
Should there arise questions related to the operations of tor relays you can reach out to the public tor-relays mailing list [0]. Your AS information is not yet in Maxmind's databases so it does not show yet on Relay Search [1] pages but this will solve itself over time.
I saw your have IPv6 addresses [2]. If your connectivity/routing allows also for IPv6 exiting and ORPorts, enabling IPv6 on your exits would be great and appreciated. Currently we still building up the network. So, yes, it's planned and in the last hour we configured the addresses. But it will take some time until the prefix is announced completely.
Looking at your ORPorts and your perfect MyFamily configuration this looks like an ansible-relayor setup, in which case IPv6 will be automatically enabled on the next playbook run once the servers have IPv6 addresses (if you didn't opt-out). Yes, it's the ansible-relayor. Great work, and btw: Thank you!
But unfortunately, atlas recognized only the two instances on the main IP. So I manipulated the template a bit, so that the 'Address'-config is added to the torrc. I'm currently unsure if it's a bug or if I've a misunderstanding. Still learning.. ;)
thanks for joining the network and happy packet forwarding! Please don't hesitate to contact me if there is any problem with our Tor relay.
Regards Tim
nusenu
[0] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [1] https://metrics.torproject.org/rs.html#search/family:6BCB964AB74E 23F8986BDA905697D3A6BE08AF28 [2] https://bgp.he.net/AS205100#_prefixes6
Hi Tim,
I saw you recently added 8 new tor exit instances and wanted to thank you for contributing exit bandwidth to the tor network! At the moment this is a (small) Host with 10 GBE and multiple addresses. I hope the computing power is enough to handle a bunch of Tor traffic. We need to get a bit more experience with that.
May I ask what CPU you use and how much memory the system has?
I saw your have IPv6 addresses [2]. If your connectivity/routing allows also for IPv6 exiting and ORPorts, enabling IPv6 on your exits would be great and appreciated. Currently we still building up the network. So, yes, it's planned and in the last hour we configured the addresses. But it will take some time until the prefix is announced completely.
Note that if you enable IPv6 without having proper IPv6 connectivity your relays will drop out of consensus, so it is best to ensure proper IPv6 connectivity before enabling IPv6 on your relays.
Yes, it's the ansible-relayor. Great work, and btw: Thank you!
But unfortunately, atlas recognized only the two instances on the main IP.
You can _not_ have more than two tor instances per public IPv4 address. This is to avoid that someone adds many instances on a single IP (Sybil attack). Unless you modify it, ansible-relayor makes sure you do not configure more than 2 instances per IPv4.
So I manipulated the template a bit, so that the 'Address'-config is added to the torrc. I'm currently unsure if it's a bug or if I've a misunderstanding. Still learning.. ;)
Unless you have some unusual NAT you should never need to add the "Address" config (ansible-relayor supports it after someone with a rather unusual network setup requested it). If I'm misunderstanding you, or if there is a bug in ansible-relayor please let me know.
thanks for joining the network and happy packet forwarding! Please don't hesitate to contact me if there is any problem with our Tor relay.
It is always good to be able to reach relay operators, thanks. nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_
Hi Nusenu Am Samstag, den 24.03.2018, 13:51 +0000 schrieb nusenu:
Hi Tim,
I saw you recently added 8 new tor exit instances and wanted to thank you for contributing exit bandwidth to the tor network!
At the moment this is a (small) Host with 10 GBE and multiple addresses. I hope the computing power is enough to handle a bunch of Tor traffic. We need to get a bit more experience with that.
May I ask what CPU you use and how much memory the system has?
At time of writing, the VM has 4 cores of Xeon E3-1230 V2 @ 3.30GHz with 8 GB of main memory. The VM has 4 IPv4 addresses and a complete /48 IPv6 prefix. The system is not operated in a data center and the physical space is limited so it's not as powerful as we would like to. My plan is to observe the system a bit over the next weeks. If it's clear to low computing power, I would love to make a 'Plan B'.
I saw your have IPv6 addresses [2]. If your connectivity/routing allows also for IPv6 exiting and ORPorts, enabling IPv6 on your exits would be great and appreciated.
Currently we still building up the network. So, yes, it's planned and in the last hour we configured the addresses. But it will take some time until the prefix is announced completely.
Note that if you enable IPv6 without having proper IPv6 connectivity your relays will drop out of consensus, so it is best to ensure proper IPv6 connectivity before enabling IPv6 on your relays. Yes, thanks for the advice. I will wait until the reachability is good.
Yes, it's the ansible-relayor. Great work, and btw: Thank you!
But unfortunately, atlas recognized only the two instances on the main IP.
You can _not_ have more than two tor instances per public IPv4 address. The system has 4 public IPv4 addresses.
This is to avoid that someone adds many instances on a single IP (Sybil attack). Unless you modify it, ansible-relayor makes sure you do not configure more than 2 instances per IPv4. We have 8 instances for 4 public IP's. So 2 instances per IP.
So I manipulated the template a bit, so that the 'Address'-config is added to the torrc. I'm currently unsure if it's a bug or if I've a misunderstanding. Still learning.. ;)
Unless you have some unusual NAT you should never need to add the "Address" config (ansible-relayor supports it after someone with a rather unusual network setup requested it). There is no NAT.
I don't know, but it seemed to me, that Tor wasn't able to use the correct IPs: --- %< --- Mär 22 02:19:47 tor Tor-185.220.100.253_9000[586]: Your server (185.220.100.252:9000) has not managed to conf irm that its ORPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable. Ple ase check your firewalls, ports, address, /etc/hosts file, etc. --- >% --- This looked to me that the instance on 185.220.100.253:9000 "thought" it has the 185.220.100.252:9000. That's the reason for my idea to add the 'Address'-setting.
If I'm misunderstanding you, or if there is a bug in ansible-relayor please let me know. Don't know. Currently I'm not able to decide. ;)
Tim
thanks for joining the network and happy packet forwarding!
Please don't hesitate to contact me if there is any problem with our Tor relay.
It is always good to be able to reach relay operators, thanks. nusenu
At time of writing, the VM has 4 cores of Xeon E3-1230 V2 @ 3.30GHz
I estimate that you should be able to do ~90MByte/s per instance on that CPU
with 8 GB of main memory.
this might be a bit tight if you run 8 instances since I expect an instance to use a bit more than 1GB of memory, but your limited exit policy might help you here. Just keep an eye on memory usage and drop an instance if you are swapping excessively.
My plan is to observe the system a bit over the next weeks.
thumbs-up
Yes, it's the ansible-relayor. Great work, and btw: Thank you!
But unfortunately, atlas recognized only the two instances on the main IP.
You can _not_ have more than two tor instances per public IPv4 address. The system has 4 public IPv4 addresses.
oh I misunderstood your "only the _two_ instances on the main IP." sentence.
There is no NAT.
I don't know, but it seemed to me, that Tor wasn't able to use the correct IPs: --- %< --- Mär 22 02:19:47 tor Tor-185.220.100.253_9000[586]: Your server (185.220.100.252:9000) has not managed to conf irm that its ORPort is reachable. Relays do not publish descriptors until their ORPort and DirPort are reachable. Ple ase check your firewalls, ports, address, /etc/hosts file, etc. --- >% ---
This is interesting, the instance on 185.220.100.25*3*_9000 expects to be reachable via 185.220.100.25*2*:9000. This is not expected because relayor uses OutboundBindAddress to make sure every instance uses its own outbound IP (so that the auto detection should see/detect the correct IP). In the future feel free to report a bug if ansible-relayor does not work out of the box for you. I filed a bug for this here: https://github.com/nusenu/ansible-relayor/issues/153 Would you be able to send me your playbook and "ip address" output, so I can try to reproduce? (also off-list) (if you have more than a single default route/interface also the routing table) thanks, nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_
Hi Nusenu Am Samstag, den 24.03.2018, 15:18 +0000 schrieb nusenu:
At time of writing, the VM has 4 cores of Xeon E3-1230 V2 @ 3.30GHz
I estimate that you should be able to do ~90MByte/s per instance on that CPU That would be much more than I expect. We will see.. I'm so curious. ;)
with 8 GB of main memory.
this might be a bit tight if you run 8 instances since I expect an instance to use a bit more than 1GB of memory, but your limited exit policy might help you here. Just keep an eye on memory usage and drop an instance if you are swapping excessively. I will keep an eye on it.
[..]
I filed a bug for this here: https://github.com/nusenu/ansible-relayor/issues/153
Thanks. I'm in the learning phase and wasn't sure about it. ;)
Would you be able to send me your playbook and "ip address" output, so I can try to reproduce? (also off-list) (if you have more than a single default route/interface also the routing table) I added the outputs to the issue.
Thanks Tim
thanks, nusenu
Hi, nusenu:
At time of writing, the VM has 4 cores of Xeon E3-1230 V2 @ 3.30GHz
I estimate that you should be able to do ~90MByte/s per instance on that CPU
May I ask how did you come up with this estimated bandwidth per instance? Thanks! ~Vasilis
At time of writing, the VM has 4 cores of Xeon E3-1230 V2 @ 3.30GHz
I estimate that you should be able to do ~90MByte/s per instance on that CPU
May I ask how did you come up with this estimated bandwidth per instance?
by asking someone with a similar CPU -- https://mastodon.social/@nusenu twitter: @nusenu_
participants (3)
-
nusenu -
Tim Niemeyer -
Vasilis