Re: [tor-relays] Bridge operator iat_mode setting
Thanks for all your answers guys! Now i know that i'm doeing good running bridges in different iat modes. Actually I'm running 4 bridges, and two have iat_mode set to 0 and two others set to 1 and 2 respectively. I also have a question about bridges speed. It seems that when I do use of my bridge (that is in same network of my PC) the connection is too slow (~1Mbps using relays in a circuit that clearly (by seeing it in tor metrics) has high bandwidth). I do use it as a guard relay. But, when i disable the settings, using the same circuit or an very similar one I can see that the speed bumps to more than 4 Mbps. Is there any optimizations that I can do in my bridge relay? I have 20 Mbps uplink and 200 Mbps downlink here. Set my speed setting to 10 Mbps maxium in torrc. I can also see that bridge is not overloaded (no high cpu usage and low number of connections around 180 for now). Best regards, Luiz Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ Em segunda-feira, 1 de março de 2021 às 10:38, William Kane escreveu: > If you run more than three bridges, run an even distribution of > bridges with iat_mode set to 0, 1 and 2, if you run only three > bridges, one with each setting, if two, then 0 and 2, if only one, run > it with 2 due to the lack of bridges supporting it, et cetera. > > That's how I would handle it.. > > - William > > 2021-02-24 23:44 GMT, Eddie stun...@attglobal.net: > > > > On 2/24/2021 12:34 PM, William Kane wrote: > > > > > Thank you for running obfs4 bridges with iat_mode != 0, only very few > > > obfs4 bridges support the additional traffic obfuscation in both > > > directions. > > > Kudos to you my friend. > > > > > > - William > > > Should I take this as a recommendation to update my bridges to support > > > iat_mode=2. > > > > > > > Cheers. > > > > > 2021-02-23 1:18 GMT, torjoy south_america_brid...@protonmail.com: > > > > > > > Hi All, > > > > I work with time and frequency references and run some tor bridges. What > > > > is > > > > the objective of "iat_mode" setting? Is an good timming reference > > > > important > > > > for this setting? For now, i'm adminstrating 3 briges, one with > > > > iat_mode=0, > > > > iat_mode=1 and iat_mode=2. > > > > Could you explain or forward me to some reading about it? > > > > Best regards, > > > > Luiz > > > > Sent with ProtonMail Secure Email. > > > > > > tor-relays mailing list > > > tor-relays@lists.torproject.org > > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > > > > This e-mail was checked for spam by the freeware edition of CleanMail. > > > The freeware edition is restricted to personal and non-commercial use. > > > You can remove this notice by purchasing a commercial license: > > > http://antispam.byteplant.com/products/cleanmail/index.html > > > > tor-relays mailing list > > tor-relays@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bridge operator iat_mode setting
Hi William, You can do it by setting: ServerTransportOptions obfs4 iat-mode=2 at your bridge's side. Best regards, Luiz Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ Em quinta-feira, 25 de fevereiro de 2021 às 05:16, Toralf Förster escreveu: > On 2/24/21 9:34 PM, William Kane wrote: > > > Thank you for running obfs4 bridges with iat_mode != 0, only very few > > obfs4 bridges support the additional traffic obfuscation in both > > directions. > > At my client I have iat_mode=2 set but I do wonder how to set that as > default at a bridge? > > - > > Toralf > > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Bridge operator iat_mode setting
Hi All, I work with time and frequency references and run some tor bridges. What is the objective of "iat_mode" setting? Is an good timming reference important for this setting? For now, i'm adminstrating 3 briges, one with iat_mode=0, iat_mode=1 and iat_mode=2. Could you explain or forward me to some reading about it? Best regards, Luiz Sent with [ProtonMail](https://protonmail.com) Secure Email.___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Authorithy clock skew in consensus health page
Thanks for the answers! Here in my home middle relay I like to keep timing accurate, just because i work with timming applications and this is also an hobby for me. So, the screenshot below is from my chrony's daemon that syncs time throught an ssh tunnel for an remote NTP server i also manage... Concerning you told about the clock skew being of 1 or 2 seconds in some cases and in others some minutes... I just think i'm doing just fine with this accuracy. I will read the documents, i just thought that tor can take advange of very accurate timming (of few milisseconds or even microsseconds accuracy). Regards, Luiz Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ Em terça-feira, 15 de dezembro de 2020 às 06:22, Roger Dingledine escreveu: > On Tue, Dec 15, 2020 at 04:43:53AM +0000, torjoy wrote: > > > Its just a curiosity question... What is the reference source used in > > comparsions of authorities clock skew in consensus health? > > There are two "consensus health" tools, DepicTor and DocTor: > https://gitweb.torproject.org/depictor.git/tree/ > https://gitweb.torproject.org/doctor.git/tree/ > > And I think if this is the page you're talking about: > https://consensus-health.torproject.org/#authorityclocks > it is generated by DepicTor. > > > Are they synced throught NTP daemons (like chrony or opentpd for example)? > > The directory authorities each use whatever tools they want to use > for keeping their time accurate. I imagine that yes, many of them use > some sort of ntpd. > > > TOR can take advange of very accurate timing in the authorities and relays? > > I know that just few seconds (or miliseconds?) are fine of clock offset. > > And if the relay's clock has some fluctuation of hundreds of miliseconds? > > For example going from -100mS of offset to +300mS offset and them to -200 > > mS offset... > > Correct, clock problems on the order of a second or two are fine. > > In fact, I don't think that DepicTor's measurement will be more accurate > than that anyway, because I think the number comes from looking at the > Date stamp in the http header of the response, and comparing it to what > time the local DepicTor script thinks it is. So there will be issues > like network latency that affect it in tiny ways. > > > I mean, too much clock noise can be a problem for TOR? > > Correct. For directory authorities, they need to synchronize within > a minute or so, because of the timing required for voting about the > consensus documents: > https://spec.torproject.org/dir-spec > > Relays can handle some more skew than that, but if they get too skewed > then they will start fetching and serving the wrong directory information. > > Hope that helps, > --Roger > > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Authorithy clock skew in consensus health page
Hi all, Its just a curiosity question... What is the reference source used in comparsions of authorities clock skew in consensus health? Are they synced throught NTP daemons (like chrony or opentpd for example)? TOR can take advange of very accurate timing in the authorities and relays? I know that just few seconds (or miliseconds?) are fine of clock offset. And if the relay's clock has some fluctuation of hundreds of miliseconds? For example going from -100mS of offset to +300mS offset and them to -200 mS offset... I mean, too much clock noise can be a problem for TOR? Best regards, Luiz Sent with [ProtonMail](https://protonmail.com) Secure Email.___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Low observed bandwith
Hi Mario, I'm having same trouble with raspberry pi 3b... I use Wi-Fi connection with high throughput. My local connection can copy files up to 15MB/s to this RPi. It is a USB adapter (mediatek MT7601). I'm asking myself that speed on tor network shouldn't be more than 2 MB/s. I've limited the maximum in 3,2 MB/s and burst to 4,3 MB/s, my connection here in Brazil is just of 240 Mb/s // 24 Mb/s... At least 2,2 MB/s should be reached in the measurements i guess. In the past i shouldn't pass from 600 KB/s thus because my CPU consumption with TOR was near to 100%. But i've set more parallel threads in torrc and recompilled my openssl to support it the linux crypto engine, that can handle faster crypto operations. With this i've enabled hardware acceleration on torrc and reached a little bit more than 1MB/s in the measurements. Luiz Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ Em Sábado, 11 de Abril de 2020 às 09:55, Mario Costa escreveu: > Hi list, > > I’m running a guard relay from my home connection on a Raspberry Pi 4. My > internet connection is 1000/100 Mbps, and I thought I’d allocate half of the > upload bandwidth for the relay. Then I set RelayBandwidthRate to 10 MB/s, > because I thought that Tor would upload 5 MB/s and download 5 MB/s. > > However, the maximum observed bandwidth was always about 6 MB/s. I’d like to > know what could cause this low observed bandwidth. I don’t think it’s the > Raspberry Pi, because CPU usage is always low and it has a Gigabit connection > to the router. > > The router itself easily reaches Gigabit speeds, so 10 MB/s should be a > breeze. Could it be the number of connections? nyx indicates that the > connections are always about 4000. If this is the case, how can I know if the > connections bottleneck is the router or the Raspberry Pi? > > Additionally, I’d like to ask for a rule of thumb for setting the > RelayBandwithBurst. I set it to 20 MB/s because I’m ok with the relay using > the whole upload bandwidth (about 10 MB/s, or 100 Mbps) for short periods of > time, but as I already explained I’m never seeing such speeds. > > For reference my relay’s fingerprint is > F942EE73F1B8E39125F617FA85E80E4C9E540A2E. > > -m > > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Question about authority clock skew
Thank you for the clarifications, Roger! So the "how right you are" is not too important for all the TOR network? Luiz Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ Em Segunda-feira, 13 de Abril de 2020 às 20:34, Roger Dingledine escreveu: > On Mon, Apr 13, 2020 at 01:41:41PM +, torjoy wrote: > > > I was browsing the "Consensus health" page and something let me curious... > > What is the importance of the clock skew in the authorities with the > > resolution of microseconds? > > Sebastian's answer is exactly right. > > I've just opened > https://bugs.torproject.org/33896 > because you're right, there's no way the level of precision that > consensus-health reports is at all accurate. > > > So considering the microssencond accuracy > > Using the definitions that "precision" is how many digits you're > providing, and "accuracy" is how right you are, I'd say that we're giving > you microsecond precision but not microsecond accuracy. :) > > Thanks, > --Roger > > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Question about authority clock skew
Hi Sebastian, Good to know! This is just a curiosity that I have. Did you know if some cryptographic operations uses high resolution like this (microssecond for example) to match or no somethings like certificates on our case (TOR)? Also, another thing that i'm always asking myself is if here in south america isn't interesting that we have some authority. What is the "actual load" and problems? I see here most of relays haven't the "real" bandwidth that they can really deliver... Is this a measurement problem caused by distance of the authorities? I have here on Brazil three bridges and one relay that i'm operating today. Thank you for the answer!! Luiz Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ Em Segunda-feira, 13 de Abril de 2020 às 19:30, Sebastian Hahn escreveu: > Hi Luiz, > > > On 13. Apr 2020, at 15:41, torjoy south_america_brid...@protonmail.com > > wrote: > > I was browsing the "Consensus health" page and something let me curious... > > What is the importance of the clock skew in the authorities with the > > resolution of microseconds? > > > Brasília).png> > > Picture: 2020/04/13 - 13:37 UTC > > Also, how the authorities compare their clocks? Using ntp daemon for > > example? I'm asking this here because I work in a time and frequency > > reference lab and have two NTP (stratum 1, connected directly to UTC(LRTE) > > timescale. And a stratum 2 that is discilplinned with the stratum 1 > > timeserver). So considering the microssencond accuracy did the keepers of > > these authorities care about the time source? Or any time source is ok? > > I operate the directory authority gabelmoo. We do not synchronize our clocks > amongst ourselves and accuracy of +/- a few seconds is really not important. > Every operator does their best to keep the time roughly correct individually, > for example gabelmoo uses a site-local NTP server that gets physical time > from the German government's time broadcasting service. > > The page you're referring to just shows the skew with a lot more digits than > can actually be accurately measured. The reason to keep clock skew in check > is that if the time differs by more than a few seconds, the voting process > can get impacted which in the past has led to consensuses not being created > even though enough directory authorities would theoretically be ready for it. > Also some directory authorities had some historical trouble with keeping an > accurate time due to virtual machine trouble - this was worrisome for relay > operators, because they would get (wrong) warnings about a wrong time in > their logfile. > > Hope that helps > Sebastian > > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Question about authority clock skew
Hello everyone, how are you? I was browsing the "Consensus health" page and something let me curious... What is the importance of the clock skew in the authorities with the resolution of microseconds? Picture: 2020/04/13 - 13:37 UTC Also, how the authorities compare their clocks? Using ntp daemon for example? I'm asking this here because I work in a time and frequency reference lab and have two NTP (stratum 1, connected directly to UTC(LRTE) timescale. And a stratum 2 that is discilplinned with the stratum 1 timeserver). So considering the microssencond accuracy did the keepers of these authorities care about the time source? Or any time source is ok? Best regards and keep safe! Luiz___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay authority
The making of a bridge authority desire is from the observation that here in South America we haven't any authority and I think this can help tor to improve the network metrics on South America side. Also maybe in another countries too. Of course, all the current authorities are good but maybe we can improve it inserting more bridges online. I'm operating 3 bridges and one middle-relay for now and all have good metrics but the bandwidth measured is lower than i've set, maybe putting some authority here we can improve the metrics of all relays here in South America. Best regards. Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ Em Sexta-feira, Julho 12, 2019 9:57 AM, nusenu escreveu: > torjoy: > > > Hi, this is my first post here. > > I'm running 3 bridges in brazil (maybe one of them becomes a > > middle-relay), so I want to know what we need here to have some > > bridge authority for example here in south america. Is too much > > different from a normal relay? I've already see the "authorithative > > flags" for torrc but dont made any changes. I think something more > > should be done and is not so easy. > > maybe you want to elaborate on why (motivation) you want to run your own > bridge > authority instead of using tor's default. > > That will help people to give you a meaningful answer. > > > - > > https://twitter.com/nusenu_ > https://mastodon.social/@nusenu > > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Relay authority
Hi, this is my first post here. I'm running 3 bridges in brazil (maybe one of them becomes a middle-relay), so I want to know what we need here to have some bridge authority for example here in south america. Is too much different from a normal relay? I've already see the "authorithative flags" for torrc but dont made any changes. I think something more should be done and is not so easy. Best regards.___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays