[tor-relays] Circuit creation "storms" overwhelming Raspberry Pi?

Mon Mar 18 20:00:54 UTC 2013

Hi there, I just joined the mailing list and apologized if this has been
discussed before.  I did find discussion of a similar issue in January
2013's archive:

https://lists.torproject.org/pipermail/tor-relays/2013-January/001809.html

It's important to note that I believe I've seen (but didn't save logs) a
couple "circuit creation burst" events on my established relay (about
5Mbps, stable, guard, non-exit) which was mostly able to handle it
without crashing as it has plenty of RAM and the above-mentioned
messages - "Your computer is too slow to handle this many circuit
creation requests! Please consider using the MaxAdvertisedBandwidth
config option or choosing a m ore restricted exit policy." - appear only
with the relay is under load for other reasons AND a large number of
circuits are being suddenly created.

I wondered if this was some kind of DOS attempt but didn't think much of
it because my fast relay continued working fine.

However, I've just set up a Raspberry Pi, the 512MB model, as a relay on
a slower connection.  Here are the relevant settings on this relay:

RelayBandwidthRate 130 KB
RelayBandwidthBurst 340 KB

The Pi has a fairly slow CPU, so I'd occasionally get messages about log
deduplication being too slow or something, but didn't think much of it. 
I finally got the relay up and left it up for over 24 hours.  When I
woke up this morning it had crashed.  Here are the relevant log messages
- note the huge jump in number of circuits between 22:35 and 04:35
(maybe I got the Stable flag), then the storm of circuit open requests
starting at 05:49.  Eventually I believe the Pi ran out of memory and
killed the tor process.

What's very interesting here is that my fast VPS relay with a
RelayBandwidthRate over 5x faster is almost never handling much more
than 1000 circuits, so why all of a sudden the demand on the Pi that's
advertising a lower bandwidth rate?

Mar 17 22:35:00.000 [notice] Heartbeat: Tor's uptime is 1 day 0:00
hours, with 26 circuits open. I've sent 974.13 MB and received 969.92
MB.
Mar 18 04:35:00.000 [notice] Heartbeat: Tor's uptime is 1 day 6:00
hours, with 972 circuits open. I've sent 1.61 GB and received 1.59 GB.
Mar 18 05:49:44.000 [warn] Your computer is too slow to handle this many
circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted exit
policy.
Mar 18 05:49:44.000 [warn] Failed to hand off onionskin. Closing.
Mar 18 05:50:44.000 [warn] Your computer is too slow to handle this many
circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted exit
policy. [5817 similar message(s) suppressed in last 60 seconds]
Mar 18 05:52:30.000 [warn] Your system clock just jumped 101 seconds
forward; assuming established circuits no longer work.
Mar 18 05:53:51.000 [warn] Your computer is too slow to handle this many
circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted exit
policy. [1055 similar message(s) suppressed in last 60 seconds]
Mar 18 05:55:14.000 [warn] Your computer is too slow to handle this many
circuit creation requests! Please consider using the
MaxAdvertisedBandwidth config option or choosing a more restricted exit
policy. [329 similar message(s) suppressed in last 60 seconds]

I'd like to figure out just how much the Raspberry Pi is capable of,
because it could be a cheap way to build out the relay network by people
who want to donate bandwidth - but of course it needs to be stable, and
something about my setup is not.

Also:

Mar 16 20:55:33.000 [notice] No AES engine found; using AES_* functions.

I have no idea if the Broadcom BCM2835 SoC (ARM1176JZF-S CPU) in the Pi
has any AES capability, but it'd be great to find out.