[anti-censorship-team] Need to increase number of tor instances on snowflake-01 bridge, increased usage since yesterday

David Fifield david at bamsoftware.com
Fri Sep 30 16:15:51 UTC 2022


On Wed, Sep 28, 2022 at 09:40:37AM -0600, David Fifield wrote:
> No, not really. The problem is not the total number of 127.0.0.1
> four-tuples in use — there are ≈2^32 of those — it's when one end has a
> fixed port number. The bottleneck in this case is the link between
> snowflake-server and haproxy (see diagram):
> https://gitlab.torproject.org/tpo/anti-censorship/team/-/wikis/Survival-Guides/Snowflake-Bridge-Survival-Guide#components

My analysis here was incomplete. It is true that when counting distinct
four-tuples the total number of sockets does not really matter. But
there's another constraint to consider, which is the limited number of
ephemeral ports to use in source addresses in localhost connections. We
have actually been running into into this problem the past 2 days
("cannot assign requested address"):

https://bugs.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/40198

I'm planning to mitigate it by having localhost communication use
different IP addresses (e.g. 127.0.0.2) as source addresses when
possible.


More information about the anti-censorship-team mailing list