[tor-relays] Load balancing (with IPVS) multiple Tor daemons

teor teor2345 at gmail.com
Fri Jul 7 23:54:20 UTC 2017 

> On 8 Jul 2017, at 08:36, nusenu <nusenu-lists at riseup.net> wrote:
> 
> 
> 
> Clodo:
>> The objective it's making a single Tor Relay and using on the machine
>> many daemons on a multicore server.
>> I hope someone can give me a feedback if this kind of configuration can
>> be problematic for Tor network before test in a real environment.
> 
> there can only be a single tor instance at a given IP:ORPort because tor
> clients expect a specific tor relay at that location (public key as
> defined in consensus)

These things will break:
* if multiple tor daemons update the same onion keys at the same time,
  the key files may get corrupted or the cross-certification may not
  refer to the keys being used. This would break all Tor instances for
  any circuits after a week or a month (depending on the tor version).
* your relays will place additional load on the directory authorities
  by uploading multiple identical descriptors
* if these descriptors ever get out of sync, they will replace each
  other, causing unpredictable behaviour

Because clients expect to access the same process with the same identity:
* your relay will not be usable as an HSDir
* your relay will not be usable as an Introduction Point
* your relay will not be usable as a Rendezvous Point

> you can simple run 2 tor instances per public IP using different ORPorts

Tor uses multithreaded crypto already: depending on the speed of your
processor, you can get up to 400 Mbps per instance (250 Mbps is
typical).

You can also get a second IPv4 address, and run 2 Tor daemons on that
IP address as well.

T

--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170708/34d8e8ae/attachment.sig>

More information about the tor-relays mailing list