[tor-talk] [Advanced configuration troubleshooting] Exit node slowed way down

Name Withheld survivd at gmail.com
Thu Aug 23 00:16:54 UTC 2012


Hi guys,

I've been running a kind-of 1gbps (voxility style 1gbps) exit server on 
Debian for a couple months, and while it started out very fast, it's 
gotten much slower over time.  The server itself hasn't slowed down -- 
if I do speed tests, it still pulls 25MB/s (bytes not bits) with no 
problem (on top of the tor load), but it never seems to push more than 
10-12MB/s through the tor network, even if I run 6 tor processes with 
each separated onto a private cpu core.  Even if I stop the other tor 
processes and revert to a single-tor-instance server, it doesn't reach 
the old 20 MB/s anymore.

For a visual, you can see how it just sort of gave up on life around the 
beginning of August here (although some of that is accounted by extra 
tor instances cannibalizing stats):

https://atlas.torproject.org/#details/88984E7F8DDB702644660E10A5C7019FA80B8AFF

Moritz et al previously previously helped me with configuring the 
server, when I ran into the 2-instances-per-IP limit, so I'm hoping 
maybe you  guys can help lightning strike twice and move me through this 
wall I've hit.  Has anybody had this kind of problem when they added 
additional IPs & instances to their server?  I think I must have messed 
up a setting somewhere...

Also, please dummy-check my configs (just the main instance):

*torrc:*

Nickname 00Teh0Signul00
ContactInfo Administrator <yopackets BT lavabit dot com>

ORPort 10001
DirPort 10030
SocksPort 10050

RunAsDaemon 1
DisableDebuggerAttachment 0

BandwidthBurst 125 MB
BandwidthRate 80 MB

RelayBandwidthRate 80 MB
RelayBandwidthBurst 125 MB

MyFamily $F7360D25BF58BD1CD4E10199619B585A59CB5912, 
$374FF6496AB55D44208E6718110736FB88B339F6, 
$B3AFCD13E7683757083FAACD6B579B7D35DBD220, 
$8937E37AE18C4FEA062915D9CE3C4E3A55499966, 
$26F728EF33D03C054B9417FAE92C809DCDEF5ED4

ExitPolicy accept *:10000
ExitPolicy reject 0.0.0.0/8:*
ExitPolicy reject 169.254.0.0/16:*
ExitPolicy reject 10.0.0.0/8:*
ExitPolicy reject 172.16.0.0/12:*

ExitPolicy accept *:20
ExitPolicy accept *:21
ExitPolicy accept *:22
ExitPolicy accept *:23
ExitPolicy accept *:53
ExitPolicy accept *:69
ExitPolicy accept *:80
ExitPolicy accept *:443
ExitPolicy accept *:465
ExitPolicy accept *:563
ExitPolicy accept *:587
ExitPolicy accept *:992-995
ExitPolicy accept *:1863
ExitPolicy accept *:5190
ExitPolicy accept *:5500
ExitPolicy accept *:5800
ExitPolicy accept *:5900
ExitPolicy accept *:6660-6669
ExitPolicy accept *:6891-6901
ExitPolicy accept *:10001
ExitPolicy accept *:9001
ExitPolicy accept *:9090

ExitPolicy reject *:*


*sysctl* (straight c&p [minus the nf_conntrack entries] from Moritz' 
excellent guide.  nf_conntrack is not currently used on my server):

net.core.rmem_max = 33554432
net.core.wmem_max = 33554432
net.ipv4.tcp_rmem = 4096 87380 33554432
net.ipv4.tcp_wmem = 4096 65536 33554432
net.core.rmem_default = 524287
net.core.wmem_default = 524287
net.core.optmem_max = 524287
net.core.netdev_max_backlog = 300000
net.ipv4.tcp_mem = 33554432 33554432 33554432
net.ipv4.tcp_max_orphans = 30000
net.ipv4.tcp_max_syn_backlog = 300000
net.ipv4.tcp_fin_timeout = 4
vm.min_free_kbytes = 65536

net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.ip_local_port_range = 1025 65530
net.core.somaxconn = 30720
net.ipv4.tcp_max_tw_buckets = 2000000
net.ipv4.tcp_timestamps = 0


*ifconfig -a:*

eth0      Link encap:Ethernet  HWaddr e8:39:35:4d:d6:53
           inet addr:93.114.43.156  Bcast:93.114.43.191 Mask:255.255.255.192
           inet6 addr: fe80::ea39:35ff:fe4d:d653/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:5605736 errors:0 dropped:0 overruns:0 frame:0
           TX packets:5380620 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:20000
           RX bytes:4696777991 (4.3 GiB)  TX bytes:4190572765 (3.9 GiB)
           Interrupt:20 Memory:fe400000-fe420000

eth0:1    Link encap:Ethernet  HWaddr e8:39:35:4d:d6:53
           inet addr:93.114.40.194  Bcast:93.114.40.255 Mask:255.255.255.192
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           Interrupt:20 Memory:fe400000-fe420000

eth0:2    Link encap:Ethernet  HWaddr e8:39:35:4d:d6:53
           inet addr:93.114.43.233  Bcast:93.114.43.255 Mask:255.255.255.192
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           Interrupt:20 Memory:fe400000-fe420000

lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           inet6 addr: ::1/128 Scope:Host
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:2294 errors:0 dropped:0 overruns:0 frame:0
           TX packets:2294 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:4315831 (4.1 MiB)  TX bytes:4315831 (4.1 MiB)


*resolv.conf:*

nameserver 184.169.143.224
nameserver 79.172.201.120
nameserver 84.22.106.2
nameserver 8.8.8.8
nameserver 4.2.2.2
nameserver 209.244.0.3
nameserver 8.26.56.26
nameserver 198.153.192.1


Thanks again!


P.S. I've tried hundreds of things at this point (creating a "clean" 
torrc, conntrack, no conntrack, modifying MTUs, changing kernel setting 
per guides... unchanging them...), and none of them seem to make a 
significant difference.  I would be grateful for new ideas -- hoping I 
made an obvious mistake...



More information about the tor-talk mailing list