[tor-relays] Is OVH a safe vps provider to run an exit relay on?
William Kane
ttallink at googlemail.com
Fri Apr 2 18:18:30 UTC 2021
Hi,
As gus pointed out, Hetzner, OVH, Online S.A.S (now owned by and
called Scaleway), and DigitalOcean should be avoided at all costs, and
yes, even for bridges.
Please try to find a host that hosts as few (publicly listed) tor
relays as possible for your bridge or relay.
- William
On 02/04/2021, Keifer Bly <keifer.bly at gmail.com> wrote:
> Would running a bridge on ovh be ok? Thanks.
> --Keifer
>
>
> On Thu, Apr 1, 2021 at 1:29 AM William Kane <ttallink at googlemail.com>
> wrote:
>
>> Hi,
>>
>> no, OVH is the second most commonly used hosting provider, another
>> relay hosted there would hurt the network more than it would help:
>>
>> https://metrics.torproject.org/bubbles.html#as
>>
>> We need to make the network as diverse as possible, in order to make
>> it as hard as possible for law enforcement and other bad actors to
>> de-anonymize tor circuits.
>>
>> If you really want to help us out, here's what I advise you to do:
>>
>> - Rent a dedicated machine, with a new-ish CPU (supporting VT-x and
>> AES-NI, and good single thread performance since tor is mostly
>> single-threaded).
>> - Get your own subnet, it doesn't have to be huge, but make sure you
>> are allowed to change the abuse-mailbox field to an e-mail you own, so
>> your host doesn't get flooded with automated and mostly useless abuse
>> reports and terminates your service in response.
>> - Make use of QEMU/KVM and create one virtualized instance for each
>> set of two relays (maximum amount of relays sharing the same public
>> address is 2).
>> - Make use of the CPU-pinning feature offered by libvirt, and the
>> isolcpus kernel argument to isolate all but two cores from the
>> kernel's scheduler, and pin two cores to each VM.
>> - Disable all CPU mitigations (mitigations=off on the kernel command
>> line) to increase performance, since you are only installing signed
>> packages anyway, there is no untrusted code running on the system,
>> which means there is no need for any mitigations to be active.
>> - Make sure you have an unmetered traffic plan and at the very least
>> 1, but best case 2 1Gbit/s uplinks.
>>
>> With a somewhat modern CPU supporting hardware AES acceleration, this
>> should get you 150 to 200 Mbps per tor instance, at least that's my
>> experience when I ran the setup described above around 4 years ago.
>>
>> On a last note, whatever you decide to do, please don't settle for
>> some overused host just because it's easier or cheaper - you might as
>> well not host a relay at all, then.
>>
>> Look for a host, get it's AS ID, then input it here:
>> https://metrics.torproject.org/rs.html#search/as:<AS_NUMBER>
>>
>> Example:
>>
>> https://metrics.torproject.org/rs.html#search/as:AS197019
>>
>> If this was a bit too much, I apologize - I will gladly answer any
>> questions you have.
>>
>> - William
>>
>> On 30/03/2021, Keifer Bly <keifer.bly at gmail.com> wrote:
>> > Hi,
>> >
>> >
>> >
>> > I am wondering if OVH is a safe VPS provider to run an exit relay on?
>> Thank
>> > you.
>> >
>> >
>> >
>> > --Keifer
>> >
>> >
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
More information about the tor-relays
mailing list