[tor-dev] Tor and BGP integration
Linus Nordberg
linus at nordberg.se
Thu Jun 9 18:07:17 UTC 2011
Jacob Appelbaum <jacob at appelbaum.net> wrote
Thu, 9 Jun 2011 14:59:55 +0000:
| Hello from Iceland,
Hello from a strikestrucken Keflavíkurflugvöllur,
| We came up with two main ideas for making this happen.
Thanks for the writeup.
| Another method would be to write a controller that watches for BGP network
| updates and Tor would add relevant exit policy lines for any configured AS.
| This would allow any Tor relay to dynamically learn about network changes if
| it has access to a BGP feed patched into a controller. This could be
| implemented by adding some configuration options to Tor that let Tor know
| which AS numbers matter to which router. It may also allow for the router to
| auto learn it's own likely family network but it lacks any kind of
| bi-directional confirmation, still it seems useful information to have...
This is what I'd prefer.
| It would be fantastic if someone offered a hidden service NORDUNet BGPMon
| feed. This would help enable the first method of generating network aware
Yes.
| exit policies; this would also help with the development of AS awareness in
| Tor itself. In the future, I imagine that it makes a lot of sense for
| circuit building to be BGP aware as mere netblocks will not be very useful
| in an ipv6 world, they're already mostly irrelevant.
The BGPmon we were discussing is the one at colostate.edu[0], not the
other one.
| Anyway, food for thought. Linus and I will probably hack on some of these
| ideas in the near future.
I'm already running something[1] that is collecting a feed and storing
it in an SQL database. I should tech it i) how to emit torrc Export
lines and ii) the Tor control protocol ("exit-policy/default").
[0] http://bgpmon.netsec.colostate.edu
[1] http://git.nordu.net/?p=bgp-logger.git
More information about the tor-dev
mailing list