[tor-dev] Prop259 simulator and results

George Kadianakis desnacked at riseup.net
Thu Feb 18 11:10:01 UTC 2016

Reinaldo Junior <rjunior at thoughtworks.com> writes:

> imentinOn Wed, Feb 17, 2016 at 8:29 AM, George Kadianakis <
> desnacked at riseup.net> wrote:
>> Hello there,
>> I'm not sure what kind of statistics we get out of the current guard
>> simulator.
> The simulation creates a network with 1000 relays (all guards) with 96% of
> reliability, and using simulated time:
> - every 20 seconds: creates a new circuit each 20 seconds
> - every 2 minutes: updates node connectivity based on its reliability
> - every 20 minutes: removes and add new relays to the network
> By default, we recreate the client (OP) every 2 minutes (which makes it
> bootstrap, and so on). We can configure to simulate a long lived client,
> and in this case it fetches a new consensus every hour.
> We're also able to run this simulation in multiple network scenarios:
> fascist firewall, flaky network, evil network, sniper network, down
> network, and a scenario that switches between these networks). See --help
> and [1] for explanation of the terms.
> Each simulation runs for 30 hours (in simulated time), for a total of 5400
> circuits. The time is discrete with increments of 20 seconds. Everything in
> the simulation happens with no cost to simulated time. We are experimenting
> to add some time cost to connections (2 seconds for successful, and 4 to
> failures) just to have some feeling of how it would impact on the
> algorithms.
> We currently have the following metrics:
> - success rate
> - avg bandwidth capacity
> - exposure to guards (how many different guards we connected to) over time
> (after hour 1, 15, and 30).
> - number of guards we tried until the first successful circuit
> - time until the first successful circuit is built
> A successful circuit is one which we succeeded to find a guard using the
> algorithm AND we succeeded to connect to it.
> In general, we are interested in security and performance. For security we
>> are
>> trying to minimize our exposure to network. For performance, we want to
>> minimize our downtime when our current guard becomes unreachable or after
>> our
>> network comes back up.
>> Here are some concrete statistics that we could gather in the simulator:
>> Security statistics:
>>          - Number of unique guards we connected to during the course of
>> the simulation.
> We have this as "exposure after 30 hours".

Ah great!

>>          - Time spent connected to lower priority guards while a primary
>> guard was online.
>>          - Time spent connected to lower priority guards while a higher
>> priority guard was online and the network was up.
> We don't have these. And also I'm not sure about how we should detect
> network conditions: we can try to guess from the algorithm or look at which
> network scenario we are using at the moment.
>> Performance statistics:
>>          - Time spent cycling through guards.
>>          - Time spent cycling through guards while network is up.
> Since time is stopped while we're choosing guards we have to come with a
> different metric for this. And it also requires detecting the network time.

Hm, what do you mean by "detecting the network time"?

I think the approach you mentioned above where you add some time cost to
connections (2 seconds for successful and 4 for failures), should work for
quantifying the time here, right?

FWIW, I have no idea if 2 and 4 seconds are good numbers. They could be. To
make sure, you could try launching Tor and actually measure how much time it
spends on dead guards and how much time it spends on alive guards.

More information about the tor-dev mailing list