[tor-relays] Is OVH a safe vps provider to run an exit relay on?

William Kane ttallink at googlemail.com
Thu Apr 1 07:53:23 UTC 2021 

Hi,

no, OVH is the second most commonly used hosting provider, another
relay hosted there would hurt the network more than it would help:

https://metrics.torproject.org/bubbles.html#as

We need to make the network as diverse as possible, in order to make
it as hard as possible for law enforcement and other bad actors to
de-anonymize tor circuits.

If you really want to help us out, here's what I advise you to do:

- Rent a dedicated machine, with a new-ish CPU (supporting VT-x and
AES-NI, and good single thread performance since tor is mostly
single-threaded).
- Get your own subnet, it doesn't have to be huge, but make sure you
are allowed to change the abuse-mailbox field to an e-mail you own, so
your host doesn't get flooded with automated and mostly useless abuse
reports and terminates your service in response.
- Make use of QEMU/KVM and create one virtualized instance for each
set of two relays (maximum amount of relays sharing the same public
address is 2).
- Make use of the CPU-pinning feature offered by libvirt, and the
isolcpus kernel argument to isolate all but two cores from the
kernel's scheduler, and pin two cores to each VM.
- Disable all CPU mitigations (mitigations=off on the kernel command
line) to increase performance, since you are only installing signed
packages anyway, there is no untrusted code running on the system,
which means there is no need for any mitigations to be active.
- Make sure you have an unmetered traffic plan and at the very least
1, but best case 2 1Gbit/s uplinks.

With a somewhat modern CPU supporting hardware AES acceleration, this
should get you 150 to 200 Mbps per tor instance, at least that's my
experience when I ran the setup described above around 4 years ago.

On a last note, whatever you decide to do, please don't settle for
some overused host just because it's easier or cheaper - you might as
well not host a relay at all, then.

Look for a host, get it's AS ID, then input it here:
https://metrics.torproject.org/rs.html#search/as:<AS_NUMBER>

Example:

https://metrics.torproject.org/rs.html#search/as:AS197019

If this was a bit too much, I apologize - I will gladly answer any
questions you have.

- William

On 30/03/2021, Keifer Bly <keifer.bly at gmail.com> wrote:
> Hi,
>
>
>
> I am wondering if OVH is a safe VPS provider to run an exit relay on? Thank
> you.
>
>
>
> --Keifer
>
>

More information about the tor-relays mailing list