[tor-dev] Raising AuthDirMaxServersPerAddr to 4?

teor teor at riseup.net
Sun Jun 2 03:30:18 UTC 2019

Hi all,

> On 2 Jun 2019, at 05:22, Roger Dingledine <arma at torproject.org> wrote:
> I've been talking to a longtime exit relay operator, who is in the
> odd position of having a good 1gbit network connection, but only one
> IP address.
> He used to push an average of 500mbit on his exit relay, but then the
> HSDir DoS flatlined his relay for a while (!), and now, perhaps due to
> the bwauth variability, his exit relay only recovered to maybe 200mbit.
> He is running a second exit relay on that IP address, but also perhaps
> due to the bwauth variability, it hasn't attracted much attention either.

I'd like to confirm the problem before we make major network changes.
(And I'd like to know how widespread it is.)

Which bandwidth authorities are limiting the consensus weight of these
relays? Where are they located?

Are the relays' observed bandwidths limiting their consensus weight?

Here's how the operator can find out:

If the relays are being measured by longclaw's sbws instance, we should
also look at their detailed measurement diagnostics.

longclaw's bandwidth file is available at:

> The real answer is to fix the bandwidth measurement infrastructure.

Do we have funding to continue to improve the bandwidth measurement
infrastructure? Or to maintain it?

If we don't have any grants in the pipeline, now would be a good time to
start some.

> But
> while we're patiently waiting for progress there, I've been thinking
> to raise moria1's AuthDirMaxServersPerAddr to 4, i.e. to allow 4 relays
> per IP address onto the network.
> I don't think it would significantly increase our risk due to Sybil
> attacks, whereas there is a clear benefit in terms of some more 100's
> of mbits of good exit relay capacity.
> I will propose this change to the dir-auth list in a bit, but here is
> your chance to point out surprising impacts that I haven't thought of.

Splitting bandwidth between multiple relays has privacy implications,
because traffic is easier to track between instances.

It also increases the size of the consensus.

So we should choose a value for AuthDirMaxServersPerAddr that is
a compromise between these competing goals.

Why is 4 better than 3 or 5?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20190602/744272dd/attachment.html>

More information about the tor-dev mailing list