[tor-dev] Tor and BGP integration

Linus Nordberg linus at nordberg.se
Thu Jun 9 18:07:17 UTC 2011

Jacob Appelbaum <jacob at appelbaum.net> wrote
Thu, 9 Jun 2011 14:59:55 +0000:

| Hello from Iceland,

Hello from a strikestrucken Keflavíkurflugvöllur,

| We came up with two main ideas for making this happen.

Thanks for the writeup.

| Another method would be to write a controller that watches for BGP network
| updates and Tor would add relevant exit policy lines for any configured AS.
| This would allow any Tor relay to dynamically learn about network changes if
| it has access to a BGP feed patched into a controller. This could be
| implemented by adding some configuration options to Tor that let Tor know
| which AS numbers matter to which router. It may also allow for the router to
| auto learn it's own likely family network but it lacks any kind of
| bi-directional confirmation, still it seems useful information to have...

This is what I'd prefer.

| It would be fantastic if someone offered a hidden service NORDUNet BGPMon
| feed. This would help enable the first method of generating network aware


| exit policies; this would also help with the development of AS awareness in
| Tor itself. In the future, I imagine that it makes a lot of sense for
| circuit building to be BGP aware as mere netblocks will not be very useful
| in an ipv6 world, they're already mostly irrelevant.

The BGPmon we were discussing is the one at colostate.edu[0], not the
other one.

| Anyway, food for thought. Linus and I will probably hack on some of these
| ideas in the near future.

I'm already running something[1] that is collecting a feed and storing
it in an SQL database.  I should tech it i) how to emit torrc Export
lines and ii) the Tor control protocol ("exit-policy/default").

[0] http://bgpmon.netsec.colostate.edu
[1] http://git.nordu.net/?p=bgp-logger.git

More information about the tor-dev mailing list