[tor-relays] Exit Relay throughput
William Kane
ttallink at googlemail.com
Sat Jun 20 13:10:22 UTC 2020
Tor already has code that avoids having multiple nodes from a single
/16 range or from the same AS (correct me on that one if I'm wrong,
not totally sure about it) in the same circuit, so as long as your
MyFamily setting is set correctly, I see no problem here.
Throughput is important as you will be able to serve more clients at
once, so AES hardware acceleration and a CPU with very good single
thread performance are important.
However, running a high-capacity node under an AS like OVH or Hetzner
has certain anonymity implications, since many Tor nodes already
already being run there, a single wire-tap on their peers / up-streams
is enough to capture the traffic of around 15-25% of all tor nodes
(got the numbers from the top of my head, for exact numbers check out
Tor Metrics @ https://metrics.torproject.org/networksize.html).
Ideally go for a hoster in an uncommon, underdeveloped (Tor-wise)
country that only hosts a handful, if any, of Tor Nodes and colocate
if you have the hardware, time and money - this helps spread out Tor
nodes across as many countries as possible, which makes it harder for
adversaries to control all of Tor's traffic at once.
You should also allocate a small IP range for yourself, and ask them
to modify the whois so it shows an e-mail address you control as the
abuse address.
Hope this was helpful.
William
2020-06-20 12:30 GMT, torix at protonmail.com <torix at protonmail.com>:
> Dear List,
>
> How important is the throughput on an exit relay? I realize that more is
> always better, making it harder to associate exit packets with input ones at
> the other end. My numbers: For the same price I can buy 2 exit relays that
> run about 3500 to 4000 connections or one that runs about 4300 to 4700
> connections. The actual daily throughput varies a good deal, but the cheaper
> ones show about 15-20% less throughput, at around 330 GiB/day when I look at
> vnstat.
>
> Can I assume 2 is almost always better than one? Or is there a threshold
> below which packets are too easily tracked? I have no common sense about
> this.
>
> TIA,
>
> --Torix
>
> Sent with [ProtonMail](https://protonmail.com) Secure Email.
More information about the tor-relays
mailing list