I'm running a tor relay on some older hardware that I didn't want to discard
when I could still put it so good use.
Some details of the box are:
-- CPU: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
-- RAM: 4GB
-- ARCH: x86_64
-- HDD: 250GB
-- OS: Ubuntu 22.04.1
I originally configured a single Tor instance IPv4 to run as a relay only (not
as an exit, nor hosting a hidden service). I am also using the iptables rules
from https://github.com/Enkidu-6/tor-ddos to minimize DDOS overhead (please
advise if there are alternatives or additions to this).
My original config seemed ok until I started seeing my CPU and RAM maxing out
consistently so I throttled back with the following in my torrc:
RelayBandwidthRate 100 KB # Throttle traffic to 100KB/s (800Kbps)
RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
MaxAdvertisedBandwidth 1 MB
My RAM usage now is only about 50% or marginally less of my total available.
Here's how the metrics look lately:
https://metrics.torproject.org/rs.html#details/38939B45237BA84941C74836349C152473F84C56
As you can see, the throughput rated dropped in half (that's when the graph
drops on 2023-02-09). However, the volume continued to decline.
Additionally, I'm unclear why my Middle Probability and Consensus Weight have
both dropped to near 0%. Are those, in fact, where I want them?
I'm monitoring with nyx and see I get some traffic through with no apparent
errors or warnings. I am NOT seeing the CPU spikes any longer but I don't think
I'm giving the most with my hardware.
Questions:
1.) Is my tor service now misconfigured and not utilizing my hardware as best
it could?
2.) Should my Consensus Weight and/or Middle Probability be higher?
3.) Should I consider running two tor instances?
Nyx log snippet:
07:59:32 [NOTICE] Heartbeat: DoS mitigation since startup: 7 circuits killed
with too many cells, 591 circuits rejected, 2 marked addresses, 0 marked
addresses for max queue, 0 same address concurrent
│ connections rejected, 0 connections rejected, 0 single hop clients refused,
19166 INTRODUCE2 rejected. [1 duplicate hidden]
│ 07:59:32 [NOTICE] Since startup we initiated 0 and received 0 v1 connections;
initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3
connections; initiated 0 and received 57982 v4
│ connections; initiated 116266 and received 356623 v5 connections.
│ 07:59:32 [NOTICE] Circuit handshake stats since last time: 3/3 TAP,
44849/44849 NTor. [1 duplicate hidden]
│ 07:59:32 [NOTICE] While not bootstrapping, fetched this many bytes: 194128391
(server descriptor fetch); 7140 (server descriptor upload); 17539422 (consensus
network-status fetch); 1794 (authority cert
│ fetch); 2111765 (microdescriptor fetch)
│ 07:59:32 [NOTICE] Heartbeat: Tor's uptime is 10 days 23:58 hours, with 179
circuits open. I've sent 34.83 GB and received 35.63 GB. I've received 444762
connections on IPv4 and 0 on IPv6. I've made
│ 254336 connections with IPv4 and 0 with IPv6. [1 duplicate hidden]
│ 01:59:32 [NOTICE] Since startup we initiated 0 and received 0 v1 connections;
initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3
connections; initiated 0 and received 56651 v4
│ connections; initiated 114326 and received 347071 v5 connections.
│ 01:59:32 [NOTICE] While not bootstrapping, fetched this many bytes: 189431170
(server descriptor fetch); 7140 (server descriptor upload); 17131743 (consensus
network-status fetch); 1794 (authority cert
│ fetch); 2068377 (microdescriptor fetch)
Thanks.
Relayer1974
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays