[tor-relays] Emerald Onion's new relays

Conrad Rockenhaus conrad at rockenhaus.com
Thu Apr 4 04:57:52 UTC 2019 

> I'm also encouraging you to use separate IP addresses for exit traffic [1] because that helps eliminate the impact on relay-to-relay communication when ISPs are ordered to BGP blackhole some exit IP addresses (as we have seen recently in the news).

I've been assigning a second set of IP addresses to my servers in case
I want to run another instance of Tor. Would it be more prudent to use
that second set of IP addresses as an OutboundBindAddressExit instead
and use different ports as a better practice?

Thanks,

Conrad


On Tue, Apr 2, 2019 at 12:35 PM nusenu <nusenu-lists at riseup.net> wrote:
>
> > We are in the process of creating an RPKI ROA for our prefixes
>
> Thanks for taking the extra steps to create a RPKI ROA to reduce
> the impact of BGP routing attacks on your prefixes. Extra points for
> doing RPKI-based Route Origin Validation on your BGP routers.
>
> I hope to convince everyone with such a high concentration of tor network
> capacity to make use of tor's OfflineMasterKey mode to safeguard your relay
> identity keys even in the event of a system compromise.
> Which basically implies automation because no one wants to handle (renew) more than
> 3 keys manually.
>
>
> I'm also encouraging you to use separate IP addresses for exit traffic [1]
> because that helps eliminate the impact on relay-to-relay communication
> when ISPs are ordered to BGP blackhole some exit IP addresses
> (as we have seen recently in the news).
>
> > 40 new uncapped and unfiltered exit relays
>
> I would suggest to not run uncapped tor instances
> but to set a per-instance limit of around 80-90% what a single core
> is able to handle, to avoid poor performance for the user.
> With growing bandwidth the CPU will spend considerable amount of resources
> just handling packets (kernel).
>
> > This work is part of our efforts to saturate our new unmetered 10Gbps
> > transit link
>
> As teor usually says, saturated links is not what we should be aiming for
> if we like performance.
>
>
> Thanks for adding such a significant amount of exit capacity.
>
>
>
> [1] https://2019.www.torproject.org/docs/tor-manual.html.en#OutboundBindAddressExit
>
> --
> https://twitter.com/nusenu_
> https://mastodon.social/@nusenu
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



-- 
Conrad Rockenhaus
https://www.rockenhaus.com
Cell: (254) 292-3350
Fax: (254) 875-0459

More information about the tor-relays mailing list