Tor load averages, openssl performance and misc related questions -amd64-freebsd

Andrew Lewman andrew at torproject.org
Wed Nov 25 00:51:58 UTC 2009 

On 11/24/2009 11:40 AM, Mike L wrote:
> I just recently started running an exit node (newbie) on a vps and have a
> few questions that I didn't seem to find googling.

Great.  Thanks for running an exit node.

> I am running tor-devel-0.2.2.5.alpha with
> openssh-portable-overwrite-base-5.2.p1_2,1 and privoxy 3.0.12 (plus fail2ban
> python25) on freebsd 7.2 amd64 on a quad core 2.4 ghz c2d VPS

For what it's worth, 0.2.2.6-alpha was released over the weekend.

> An example is  1 user, load averages: 1.32, 0.81, 0.79
> The nic on the machine is re0 and I have enabled device polling in the
> kernel.
> The machine is pushing anywhere from 1-2.~ MB/s

1-2 MB/s (8-16 Mbps) is decent traffic for a tor node.  You probably
have tens of thousands of active tcp sessions at any one time.  It's
fairly typical for Tor at this level to consume 1 core.  You might try
setting NumCPUs to 2 or 4 to see if much changes.  Although, I realize 4
cores isn't 4 cpus.
> I read one of the operators (blutmagie?) compiled openssl with icc and they
> saw some performance gain but it seems icc will not install on the amd64
> platform. I was curious to try that though. If there is some compiling
> options on the amd64 platform I can try I would be willing.

I wonder how well the Intel compiler optimizes for AMD64 instruction set
vs. gcc compiled the same way.  I believe what creates most of the load
is from openssl's crypto routines, which are already in assembly.

> I would like to be able to connect to the machine directly myself, to hop
> onto the tor network,
> and this seems the place to do so. What vulnerabilities does one open up
> though by allowing anyone to connect to that? 

If your proxy is found by others, you'll have a lot of new friends using
it. ;)  An alternative is to run a tor client on your local machine,
setting up your relay IP:port as a bridge.  Then your first hop is into
your own Tor relay.

> Is it normal for Tor nodes to get hammered with this in their web logs?
> client sent invalid method while reading client request line,
> "^SBitTorrentprotocol^@^@^@^@^@^P^@^EEÀEíT+A°^U^R"

Not normal at all in my experience.  Hopefully your tor relay is
configured on different ports from your webserver.

-- 
Andrew Lewman
The Tor Project
pgp 0x31B0974B

Website: https://torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject

More information about the tor-relays mailing list