[tor-relays] We're trying out guard-n-primary-guards-to-use=2
Georg Koppen
gk at torproject.org
Mon Jul 11 10:21:24 UTC 2022
Logforme:
> On 2022-07-06 21:19, Roger Dingledine wrote:
>> But it was replaced with a new overload (boo), from way too many Tor
>> clients running at a few cloud providers. The main result for relay
>> operators is greatly increased file descriptor use, with a few IP
>> addresses or /24's generating the majority of the new connections.
>>
>> If your relay is bumping up against its file descriptor limits,
>> or otherwise suffering (e.g. more memory usage than desired), one
>> reasonable option for you might be to set some iptables-level connection
>> limiting. More details in this ticket:
>> https://gitlab.torproject.org/tpo/core/tor/-/issues/40636#note_2818529
>>
>
> I'm running the small non-exit 8F6A78B1EA917F2BF221E87D14361C050A70CCC3.
>
> Since mid-may the relay has been under heavy load. I had to limit my
> bandwidth using "RelayBandwidthRate" in torrc to about 90% of my real BW
> to be able to use internet for myself. This solved my laggy internet.
>
> Since the 2nd of July the number of (non torrelay) tor connections to my
> relay skyrocketed from about 3500 to 20000.
> A week ago I implemented connection limits per Toralf's post:
> iptables -A INPUT -p tcp --destination-port 443 -m connlimit
> --connlimit-mask 32 --connlimit-above 30 -j DROP
> This reduced the number of connections to about 10000.
>
> I just now noticed that the relay is flagged as overloaded. What to do?
> Decrease the connection limit from 32 to .. what?
> Decrease my RelayBandwidthRate even more? Seems like giving in to the
> DoSer.
Seems the overload on your relay is gone again? We've seen a large spike
in overloaded relays on the weekend but so far our indicators show this
has been a temporary issue and not sustained overload.
Georg
[snip]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20220711/967c30e8/attachment.sig>
More information about the tor-relays
mailing list