[tor-relays] Raspberry Pi Relay Node Performance and future Plans on Documentation and more

Mon Aug 12 08:34:09 UTC 2013

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I still have the really weird circuit creation storms going on.  I'm
trying to figure out how to *eliminate* the possibility with some kind
of iptables throttling, but limiting SYNs to 4 per second bursting to
10 didn't do anything at all.

I know about the MaxAdvertisedBandwidth trick but it seems like a hacky
workaround to me.  I'd rather just advertise the bandwidth I have and
either be able to handle it or, if possible, gracefully degrade during
a storm, if I can detect it, by throttling circuit creation requests
or TCP SYNs or whatever does the job.

I happened to pop in and take a peek at the Pi during a "storm,"
which I noticed because there were some messages in the logs pretty
recently with lots of "your computer is too slow to handle this many
circuit creation requests!" with astronomical (seeming) numbers:

Aug 12 00:43:45.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [369 similar message(s) suppressed in last 60 seconds]
Aug 12 00:44:26.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [2514 similar message(s) suppressed in last 60 seconds]
Aug 12 00:45:25.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [3196 similar message(s) suppressed in last 60 seconds]
Aug 12 00:48:03.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [350 similar message(s) suppressed in last 60 seconds]

The machine was receiving only 30KB/sec sustained Ethernet traffic and
replying with the same, but system load was 0.00 and Tor appeared to
be dead.  So, I restarted it.  Here are some logs.

After the restart, notice the instant it's bootstrapped 100%, it gets
slamed with circuit requests *again:*

Aug 12 01:01:20.000 [notice] We now have enough directory information
to build circuits.
Aug 12 01:01:20.000 [notice] Bootstrapped 80%: Connecting to the Tor
network.
Aug 12 01:01:21.000 [notice] Self-testing indicates your ORPort is
reachable from the outside. Excellent. Publishing server descriptor.
Aug 12 01:01:23.000 [notice] Heartbeat: Tor's uptime is 0:00 hours,
with 17 circuits open. I've sent 35 kB and received 28 kB.
Aug 12 01:01:23.000 [notice] Bootstrapped 85%: Finishing handshake
with first hop.
Aug 12 01:01:24.000 [notice] Bootstrapped 90%: Establishing a Tor circuit.
Aug 12 01:01:26.000 [notice] Tor has successfully opened a circuit.
Looks like client functionality is working.
Aug 12 01:01:26.000 [notice] Bootstrapped 100%: Done.
Aug 12 01:01:26.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy.
Aug 12 01:01:26.000 [warn] Failed to hand off onionskin. Closing.

Bandwidth before and after the restart...  Slammed immediately.
Actually, my max relay bandwith when bursting is around ~350KB/sec,
but how much of this is legit and how much is what appears to be
either thousands of creation requests or a logging bug about said
requests?  Either way, Tor *will* crash (and make my router sad) if
left to its own devices for a day or two on the Pi, as it stands now.

Device eth0 [192.168.1.2] (1/2):
=====================================================
Incoming:

                                          .  |...##|#
                                    . |.. ##|########
                           . |||#..##################
                      ||##|##########################
                   .#################################
                  ###################################
                 ####################################  Curr: 283 kByte/s
                .####################################  Avg: 99 kByte/s
                #####################################  Min: 7.79 kByte/s
   .           |#####################################  Max: 292 kByte/s
####|.|........######################################  Ttl: 3.00 GByte

Outgoing:

                                                   |.
                                          ||.||#|####
                              . | ..#|#|#|###########
                        ....###|#####################
                    ..|##############################  Curr: 203 kByte/s
                  .##################################  Avg: 71 kByte/s
                .|###################################  Min: 0.52 kByte/s
                #####################################  Max: 214 kByte/s
####|.|........|#####################################  Ttl: 3.22 GByte

And logs as I was adjusting the bandwidth paste (I let it continue)
... note the bit about the nameserver, that's my *router* (WRT54G
running Tomato) getting hammered hard enough by something - number of
connections? - to start having problems.  The last message has 7069
suppressed repeats.  WTF.

One additional clue, if Tor is dead and I restart it, the 30KB/sec
sustained traffic you see at the lower left of the graph above drops
off immediately.  That's when I *start* the Tor process.  WTF.

Aug 12 01:02:26.000 [notice] Self-testing indicates your DirPort is
reachable from the outside. Excellent.
Aug 12 01:04:09.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [12350 similar message(s) suppressed in last 60 seconds]
Aug 12 01:04:11.000 [warn] eventdns: All nameservers have failed
Aug 12 01:04:11.000 [notice] eventdns: Nameserver 192.168.1.1:53 is
back up
Aug 12 01:04:11.000 [warn] eventdns: All nameservers have failed
Aug 12 01:04:11.000 [notice] eventdns: Nameserver 192.168.1.1:53 is
back up
Aug 12 01:04:45.000 [warn] eventdns: All nameservers have failed
Aug 12 01:04:45.000 [notice] eventdns: Nameserver 192.168.1.1:53 is
back up
Aug 12 01:05:10.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [9647 similar message(s) suppressed in last 60 seconds]
Aug 12 01:06:11.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [6107 similar message(s) suppressed in last 60 seconds]
Aug 12 01:06:13.000 [notice] Tried for 121 seconds to get a connection
to [scrubbed]:993. Giving up. (waiting for circuit)
Aug 12 01:07:09.000 [warn] Your computer is too slow to handle this
many circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted
exit policy. [7069 similar message(s) suppressed in last 60 seconds]

What is going on here?!  And, how do I throttle it?  I've had to
shut it down for the time being once again.

- -Gordon

Gordon Morehouse:

... or for easy pasting, http://v.gd/An7s4B