[tor-relays] Hardware sizing for physical exit node

Wed Jul 10 19:29:48 UTC 2024

Hi,

my personnal experience with many many instances on never redundant 
hardware (I know diversity in hardware, locations...):

This is Exit specific:

1) never more than 4GB ram per core and never less than 2 cores per IP, 
let me explain:

a) most people will tell you that instances run per core, so why 2 cores?

+ because of DDOS and similar attacks, then the instance is jumping to 
the other core and is much a higher cost to kill than on their own (1 core).

This has the effect of putting the attack investment way above average 
and is going to save your instance from falling back months earlier than 
its current reputation level.

b) An IP will receive complaints and be banned (even when not from 
solely your ISP), not a VPS contract.
+ you want to avoid compromising other instances and this is why many 
IPs-max4GB is important: this spreads your hardware potential accross 
diversified IP affected by individual probabilities of being banned 
somewhere.

2) CPU work from tore is basic, RAM is the amplitude: you want a maximum 
of modern to medium-old CPUs threads,
save on your cpu choice (but study their known vulnerabilities) for an 
even number of heads, prefer cpus with most threads.

TO CONCLUDE:

64GB ram for 10Gbps is normally overkill :

10Gbps (octets) 24/7 is 3300 TeraB-Y-T-E-S / month, this one hardware cap.
I have never witnessed a conventional (relay) 1Gpbs-2BG-1thread tor 
instance outperforming 10MB-Y-T-E-S, this is kind of a Tor-cap.

This is inviting to never overkill with a 10Gbps+ connection less than 
100 x 10MB-Y-T-E-S (and this even when stipulating max bandwidth to some 
infinite number in your torrc).

My answer: with 10Gbps unlimited bandwidth, have 100 threads (50 to 100 
cores) at the cheapest CPU and 2GB to 4 GB per thread (more than 64GB in 
total).
My answer for virtualized instances :  when you do make the unsecured 
choice of polling your ram on KVM (or alternative) then the above works 
with 64GB ram. This is a bad idea.

This is real world experience and I understand that theory is suggesting 
very different perfomances
namely : what?!!! 10MB for 2GB ram?!!!.

yep.

Carlos.

On 7/10/24 12:32 AM, Osservatorio Nessuno via tor-relays wrote:
> Hi everyone,
> we are planning to get some hardware to run a physical Tor exit node, 
> starting with a 1Gbps dedicated, unmetered uplink (10Gbps downlink). 
> We will also route a /24 on it, so we will have large availability of 
> addresses to run multiple instances. We have been running a few exit 
> nodes so far, but never on our own hardware.
>
> Which is the bandwith limit per core/Tore instance? Or what can we 
> expect to be the bottleneck?
>
> Due to some other requirements we need for some experiments (SFP 
> ports, coreboot support, etc) we can mainly choose between these 2 CPUs:
>     Intel i5-1235U
>     Intel i7-1255U
>
> The cost between the two models is significant enough in our case to 
> pick the i7 only if it's really useful.
>
> In both cases with 32GB of DDR5 RAM (we can max to 64 if needed, but 
> is it?).
>
> Should this allow us to saturate the uplink?
>
> To summarize, with this bandwith, this hardware and a /24 how many Tor 
> exit nodes should be ideal to run considering that each of them could 
> have their own address?
>
> Thanks!
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-- 
PGP updated every second week : please actualize our communication every time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240710/23ebace5/attachment.htm>