How to Run High Capacity Tor Relays

[coderman]

On Wed, Sep 1, 2010 at 3:55 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
> On 09/01/2010 02:28 PM, John Case wrote:
>> ...
>>> Also, afaik, zero people in the wild are actively running Tor with any
>>> crypto accelerator. May be a very painful process... I'm not really
>>> interested in documenting it unless its proven to scale by actual use.
>>...
>> I really do think some subset of that discussion should be included in
>> your "lore", at the very least the parts pertaining to the built-in
>> crypto acceleration included in recent sparc CPUs, which appear to be
>> the only non-painful way to make this work.
>>
>> My impression was that a significant boost could be had by accelerating
>> openssl using this on-chip features...
>
> If you're using a fast CPU, it's almost not worth the trouble to bother
> with hardware acceleration.

i'm coming into 2 to 4 sun sca 6k devices[0]. these support RSA, DSA,
DH offload in OpenSSL via the pkcs11 engine (in addition to the HSM).
alternatively, native support via pkcs11 libraries could be utilized.

i am very curious to see these paired with the AES-NI in a fast Tor
node on gigabit.

is there anyone with such a setup and the bandwidth to burn interested
in this experiment?  note that this may require a 64bit install of
RHEL 5 or Centos 5. i've not tried other kernels and i don't have
access to the source code to recompile the kernel modules. (does
anyone know where said source can be obtained without a sun support
contract? :)


0. http://www.oracle.com/us/products/servers-storage/networking/031146.htm