[tor-relays] About relay size

Scott Bennett bennett at sdf.org
Tue Oct 3 06:57:48 UTC 2017 

grarpamp <grarpamp at gmail.com> wrote:

> >> Or instead of router mode, try bridge mode feeding into any old pc running
>
> Noting that even some crappy hardware will still fall over when put in its
> so called "bridge" mode, which should just be some packet buffering
> between the wires and their encodings, but it's obviously still looking
> at the traffic above layer2. So you may still need to swap out hardware.
>
     Absolutely.  Another reason to avoid electronics store routers for tor
(or many other things) is the information in recently exposed documents that
the CIA started invading those devices and, where possible, "upgrading" their
firmware as standard practice at least a decade ago.

> >      because there is secondary storage (HDD and/or SSD), paging
> > is available if the routing functions' memory needs grow larger than the
>
> Sure, but there's no free substitute for RAM, and you probably don't want
> packets burning a hole in your SSD. Add more RAM if not maxed out.

     My point was intended to be only that having a regular computer handle
the routing means it doesn't have to die if available RAM be exhausted, i.e.,
not an argument for speed, but rather for survival under unusual loads.
Now that I'm more awake than when I wrote that, though, I realize I don't
recall whether routing and NAT tables and mbufs are page-fixed or pageable
anyway. :-(  It's still better to have a router that you own and the CIA
[probably] doesn't.

> disable swap, boot USB, set read-only, use small ramdisks for write paths.
> If used RAM for a used PC isn't in budget or isn't enough, then maybe
> spindle, but it won't be as fast. And eventually CPU or interrupts or i/o
> get swamped. Then you put a newer PC that can hold proper amounts
> of RAM, CPU, etc.

     Very true.  The device need also not be dedicated to just those functions.
Many people would prefer to stick a heavily used relay on their border gateway
machine to keep its traffic load off their LANs anyway.
     Also, if FreeBSD is used, kernel memory for routing tables, NAT tables
if used, and mbufs should be allocated from 4 MB superpages, allowing the
routing to run very fast.  And with an electronics store router, you don't
have the kernel configuration information available to look at, whereas you
do have that and all the rest as well if you install the OS yourself.  Let's
also not omit the ability to apply security fixes as they become available,
where the store-bought boxes would be running obsolete and unsafe OS in their
firmware, probably by the time the store sold them.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:   bennett at sdf.org   *xor*   bennett at freeshell.org  *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************

More information about the tor-relays mailing list