[tor-relays] Grouping cloud relays running within same provider

Paul Syverson paul.syverson at nrl.navy.mil
Fri Apr 18 20:21:02 UTC 2014

On Fri, Apr 18, 2014 at 10:02:33PM +0200, Paul Staroch wrote:
> Am 2014-04-18 21:31, schrieb mr.curtis at urssmail.org:
> > Is there any way currently to do this, or are there already some
> > safeguards in place?
> In its default configuration, Tor ensures that each relay in a
> circuit belongs to another /16 subnet (cf. Tor Path Specification
> [1], section "2.2. Path selection and constraints"). However, in the
> case of Amazon EC2, this constraint does not suffice as Amazon uses
> IP addresses from several different /16 subnets.

Note that this important but was not a guarantee even before the use
of cloud relays. In my 2009 paper with Matt Edman "AS-Awareness in Tor
Path Selection" we described the generation of 1500 paths using the
Tor path selection algorithm
"Of those 15,000 paths, 163 (or ≈ 1.1%) contained an entry and exit
node that resided in the same AS despite having an IP address from
different /16 subnets. Out of those 163 paths, all but one also had a
distinct /8 network address."


More information about the tor-relays mailing list