[tor-relays] relay configuration not allowing optimal performance
Relayer
R3lay3r74 at proton.me
Sat Feb 25 13:44:50 UTC 2023
I'm running a tor relay on some older hardware that I didn't want to discard when I could still put it so good use.
Some details of the box are:
-- CPU: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
-- RAM: 4GB
-- ARCH: x86_64
-- HDD: 250GB
-- OS: Ubuntu 22.04.1
I originally configured a single Tor instance IPv4 to run as a relay only (not as an exit, nor hosting a hidden service). I am also using the iptables rules from https://github.com/Enkidu-6/tor-ddos to minimize DDOS overhead (please advise if there are alternatives or additions to this).
My original config seemed ok until I started seeing my CPU and RAM maxing out consistently so I throttled back with the following in my torrc:
RelayBandwidthRate 100 KB # Throttle traffic to 100KB/s (800Kbps)
RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
MaxAdvertisedBandwidth 1 MB
My RAM usage now is only about 50% or marginally less of my total available.
Here's how the metrics look lately:
https://metrics.torproject.org/rs.html#details/38939B45237BA84941C74836349C152473F84C56
As you can see, the throughput rated dropped in half (that's when the graph drops on 2023-02-09). However, the volume continued to decline.
Additionally, I'm unclear why my Middle Probability and Consensus Weight have both dropped to near 0%. Are those, in fact, where I want them?
I'm monitoring with nyx and see I get some traffic through with no apparent errors or warnings. I am NOT seeing the CPU spikes any longer but I don't think I'm giving the most with my hardware.
Questions:
1.) Is my tor service now misconfigured and not utilizing my hardware as best it could?
2.) Should my Consensus Weight and/or Middle Probability be higher?
3.) Should I consider running two tor instances?
Nyx log snippet:
07:59:32 [NOTICE] Heartbeat: DoS mitigation since startup: 7 circuits killed with too many cells, 591 circuits rejected, 2 marked addresses, 0 marked addresses for max queue, 0 same address concurrent
│ connections rejected, 0 connections rejected, 0 single hop clients refused, 19166 INTRODUCE2 rejected. [1 duplicate hidden]
│ 07:59:32 [NOTICE] Since startup we initiated 0 and received 0 v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3 connections; initiated 0 and received 57982 v4
│ connections; initiated 116266 and received 356623 v5 connections.
│ 07:59:32 [NOTICE] Circuit handshake stats since last time: 3/3 TAP, 44849/44849 NTor. [1 duplicate hidden]
│ 07:59:32 [NOTICE] While not bootstrapping, fetched this many bytes: 194128391 (server descriptor fetch); 7140 (server descriptor upload); 17539422 (consensus network-status fetch); 1794 (authority cert
│ fetch); 2111765 (microdescriptor fetch)
│ 07:59:32 [NOTICE] Heartbeat: Tor's uptime is 10 days 23:58 hours, with 179 circuits open. I've sent 34.83 GB and received 35.63 GB. I've received 444762 connections on IPv4 and 0 on IPv6. I've made
│ 254336 connections with IPv4 and 0 with IPv6. [1 duplicate hidden]
│ 01:59:32 [NOTICE] Since startup we initiated 0 and received 0 v1 connections; initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3 connections; initiated 0 and received 56651 v4
│ connections; initiated 114326 and received 347071 v5 connections.
│ 01:59:32 [NOTICE] While not bootstrapping, fetched this many bytes: 189431170 (server descriptor fetch); 7140 (server descriptor upload); 17131743 (consensus network-status fetch); 1794 (authority cert
│ fetch); 2068377 (microdescriptor fetch)
Thanks.
Relayer1974
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20230225/d05dfbbf/attachment-0001.htm>
More information about the tor-relays
mailing list