[tor-relays] [WARN] Your computer is too slow to handle this many circuit creation requests

Vasilis andz at torproject.org
Thu Feb 22 21:01:00 UTC 2018


Roger Dingledine:
> On Wed, Feb 21, 2018 at 01:13:00PM +0000, Vasilis wrote:
>> I see a number of warning log messages on a dedicated server:
>> [WARN] Your computer is too slow to handle this many circuit creation requests!
> 
> You get that warning message when there are too many create cells coming
> in, and your relay ends up sending back preemptively destroy cells for
> some of them. That is, it tries to estimate internally how long it will
> take to handle the current queue of create cells, and if the queue gets
> so big that the one that just arrived will take several seconds before
> it can be processed, Tor just sends back a destroy cell instead, and
> gives you this warn.
> 
> The flood of circuits created by the ddos storm will be causing this
> sort of warning sometimes. For example, my FreeBogatov relay gets 30-70
> million create requests per 6 hours, and when that number goes over
> about 100 million, there are times where it can't keep up.
> 
> (Careful though because the heartbeat message about number of circuits
> does not count circuits that come from client connections. That is, the
> circuits in the heartbeat count are only circuits that come via other
> relays. So non-Guards are giving you a reasonably accurate count, and
> Guards are leaving out an unknown number of circuits from their count,
> and that unknown number could be quite large.)
> 
> Ultimately, the fix needs to be that more and more relays upgrade to a
> version of Tor tht includes the DDoS mitigation. One of the main goals
> of the mitigation is not to help *your* relay in particular, since hey
> maybe your relay is huge and it can keep up, but rather to slow down the
> mass of circuits heading towards *other* relays after yours.
> 
> That is, you need *other* relays to deploy the mitigation in order to
> help you.
> https://en.wikipedia.org/wiki/Herd_immunity

Makes sense great explanation, thank you!
Wasn't planning to stop running/administering any of the relays.

>> Setting the NumCPUs option to the actual number of CPUs (2) didn't help.
> 
> Are you sure you only have 2 cores? These days each cpu has many cores,
> so a system with 2 cpus could easily have 8 cores.

It's an old processor with 2 CPU and 1 core per CPU.

>> Is this hardware really too old/slow to run a relay on one ethernet Gigabit link?
> 
> Well, there are times where it isn't able to keep up. But if you turn
> off the relay or turn down its capacity, then it will just increase the
> load on the other relays. So I think we shouldn't worry too much about
> these warnings during this period of overload.
> 
> Oh, I guess I should ask: are you using 0.3.3.2-alpha or a version with
> the ddos mitigation? If not, that's a clear next step.

I 'll upgrade to the alpha version and closely monitor its activity.


Thanks,
~Vasilis

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180222/10039662/attachment.sig>


More information about the tor-relays mailing list