[tor-relays] Does Tor work with Intel QAT acceleration

Jonas Friedli jonasfriedli at danwin1210.de
Tue Jun 7 15:16:34 UTC 2022 

Hi,

to saturate most of this bandwidth, you perhaps like to run multiple tor 
instances. Because mostly single core tor is cpu bottleneck.
2x tor per single IPv4 allowed for now.

in current c tor we only got minimal TLS options:

# HardwareAccel HardwareAccel 0|1
#     If non-zero, try to use built-in (static) crypto hardware 
acceleration when
#     available. Can not be changed while tor is running. (Default: 0)
HardwareAccel   1
# AccelName AccelName __NAME__
#     When using OpenSSL hardware crypto acceleration attempt to load 
the dynamic
#     engine of this name. This must be used for any dynamic hardware 
engine.
#     Names can be verified with the openssl engine command. Can not be 
changed
#     while tor is running.

list em with: openssl engine -vv


# AccelDir AccelDir __DIR__
#     Specify this option if using dynamic hardware acceleration and the 
engine
#     implementation library resides somewhere other than the OpenSSL 
default.
#     Can not be changed while tor is running.


Good luck with setting up acceleration if even possible in current versions?


Andreas Bollhalder:
> Hi all
> 
> I have my first Tor relay up und running. It's currently installed on a 
> little desktop computer with an Intel i5 9500T CPU. My Internet 
> connection is 10Gb/s symetric. From this bandwidth, I would be able to 
> spend a good part for supporting the Tor network.
> 
> With that little machine, it seems that it would max out at somewhere at 
> ~30 MBytes/s. For my definitive Tor relay hardware, I'm currently 
> researching some options, which would be capable of handling Tor traffic 
> at the rate of 200 to 300MBytes. Even it would be used nowadays, but who 
> knows whats coming in the future and I hope this relay would last 5 
> years ore so.
> 
> It looks to me, that with a normal CPU, it's impossible to reach my 
> goal. But then I encountered, that Intel has the Quick Assist Technoloy 
> (QAT) integrated in some of their products (ie. Atom C3xx8). This QAT 
> can be used with OpenSSL as a hardware accelerator for encryption. There 
> also exist dedicated PCIe cards with QAT (ie. Netgate CPIC-8955).
> 
> Searching the Internet, I couldn't find any information if QAT would be 
> helpful with Tor. But Tor uses the OpenSSL library and this can use the 
> QAT acceleration. Is there anyone who has tried this und can share his 
> expirience?
> 
> Thanks in advance
> Andreas
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x4A148E3AB438EC68.asc
Type: application/pgp-keys
Size: 665 bytes
Desc: OpenPGP public key
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20220607/5120d68b/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20220607/5120d68b/attachment-0001.sig>

More information about the tor-relays mailing list