[tor-dev] Tor and BGP integration

grarpamp grarpamp at gmail.com
Thu Jun 9 20:40:33 UTC 2011

Some thoughts from a quasi network operator...

Perhaps a tracking reason not to do this...

Normally exit traffic is free to travel the globe across jurisdictions
on its way to its final destination (ie: webserver). Doing this
forces that traffic to sink at the exit jurisdiction... removing
that part of its independence.

As to why it could be of help...

Restricting exit policy to only the networks announced via BGP by
the operator (primarily destinations within their own AS's) could
save some bandwidth (transit) costs. Mostly because you wouldn't
be shuffling bits into your AS and straight back out across the
border (cost point) again to a third party. You'd be saying to Tor
that traffic destined within your AS is essentially free once it
gets to your border.

As to making it happen...

- For network operators who also run their own nodes

They already have easy ways of generating their CIDR blocks.
Databases, 'sh ip bgp', etc. They can easily pipe that into a script
to generate an exit policy. It would take all of about 15 minutes
to set it all up. Beyond some project publicity that says, 'Hey,
you could maybe save some costs by doing this...' any competent
operator would not need any tools or services to do this.

- For nodes run by third parties

Sure, if the node operator wants to be friendly to their ISP,
particularly as a means of qualifying the existance of their node.

You definitely don't to task the user with BGP stuff. So a web
service that spits out an exit list based on the nodes IP would
suffice. If you're worried about network slush, email them once a
quarter with the new list, etc.

For Tor itself doing some programmatic things... There are plenty
of BGP looking glasses out there. But for the purposes of some
script banging away at them (times the number of nodes doing so),
yes, it is definitely considered proper to set up a dedicated feed.
I don't think the project would have any problem running its own
Quagga, OpenBGPD, etc instance. And then if it asked around, finding
a couple of friendly ISP's to peer with (and to even host the query
interface) for this purpose.

The controller method obviously makes more sense than messing with
config files and restarts. Option: ExitToMyASTracking

> In the future, I imagine that it makes a lot of sense for circuit
> building to be BGP aware.

Yes. I think I posted something about this a while back. Discrimination
based on AS is one of many ways to help ensure the independence of
nodes in the path.

Consider putting these different types of data/metrics into some
form of DHT or database that runs internal to, alongside, or on top
of Tor...

More information about the tor-dev mailing list