running multiple tor instances

Roger Dingledine arma at mit.edu
Fri Apr 23 19:32:05 UTC 2010 

On Fri, Apr 23, 2010 at 08:27:06AM +0200, Olaf Selke wrote:
> are there any experiences running multiple tor instances on a Linux
> x86_64 system?

moria is a dual opteron 64-bit, and typically runs 2 to 5 Tor relays
(some of them authorities), depending on what experiments I'm up to.

Works fine. I have two changes to my /etc/sysctl.conf that help:

net.ipv4.netfilter.ip_conntrack_max = 262144

# Helps with the
# "local: page allocation failure. order:5, mode:0xd0" and
# "pagebuf_get: failed to lookup pages" lines and system
# traces in dmesg.
vm.min_free_kbytes = 65535

But you shouldn't need either of these in 'normal operation' -- only
when things go nuts and you start getting thousands of connections per
second. ;)

# cat /proc/sys/fs/file-nr
5440    0       584892

> Given the box is equipped with 2 gb memory for each
> router and a dual/quad core cpu I suppose it to work without problem. At
> least it did since yesterday with two tor processes on my dual core box.

Should work fine. Especially if you're running the latest patch from
the threads here -- fewer TLS conns means much less memory bloat.

> I consider to upgrade blutmagie with additional 4 gb memory and a quad
> core cpu. But is it desired that such a large portion of tor network
> traffic exits thru only one router?

Note that the Tor directory authorities will give out at most two Running
flags for a single IP address (unless one of the relays has the Authority
flag, in which case it's five). So in general running more than two
relays on a given IP address won't work.

But the broader question of "should we concentrate the Tor network so
much in one place" is a policy question with no easy answers. The answer
on one side is "no, we should limit it to x% for a small number like x=2,
because we want to make sure that the current Tor network provides safety
to its users." The answer on the other side is "There are far more users
who want to use Tor than can be handled in the current Tor network, so if
we increase capacity, we'll increase use, more people will know about Tor,
the network will get bigger, and then the big relays will be a smaller
fraction of the network."

I'm amenable to both sides of the debate. Lately I've been tending toward
the latter mindset, since if Tor sucks for everybody, then the people
who need it most won't use it, and then what's the point?

"Act like you live in the world you want to live in" and all that.

--Roger

More information about the tor-relays mailing list