I'm running a tor relay on some older hardware that I didn't want to discard 
when I could still put it so good use.

Some details of the box are:
-- CPU: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
-- RAM: 4GB
-- ARCH: x86_64
-- HDD: 250GB
-- OS: Ubuntu 22.04.1

I originally configured a single Tor instance IPv4 to run as a relay only (not 
as an exit, nor hosting a hidden service). I am also using the iptables rules 
from https://github.com/Enkidu-6/tor-ddos to minimize DDOS overhead (please 
advise if there are alternatives or additions to this).

My original config seemed ok until I started seeing my CPU and RAM maxing out 
consistently so I throttled back with the following in my torrc:

RelayBandwidthRate 100 KB # Throttle traffic to 100KB/s (800Kbps)
RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
MaxAdvertisedBandwidth 1 MB

My RAM usage now is only about 50% or marginally less of my total available.

Here's how the metrics look lately:

As you can see, the throughput rated dropped in half (that's when the graph 
drops on 2023-02-09). However, the volume continued to decline.

Additionally, I'm unclear why my Middle Probability and Consensus Weight have 
both dropped to near 0%. Are those, in fact, where I want them?

I'm monitoring with nyx and see I get some traffic through with no apparent 
errors or warnings. I am NOT seeing the CPU spikes any longer but I don't think 
I'm giving the most with my hardware.

1.) Is my tor service now misconfigured and not utilizing my hardware as best 
it could?
2.) Should my Consensus Weight and/or Middle Probability be higher?
3.) Should I consider running two tor instances?

Nyx log snippet:
07:59:32 [NOTICE] Heartbeat: DoS mitigation since startup: 7 circuits killed 
with too many cells, 591 circuits rejected, 2 marked addresses, 0 marked 
addresses for max queue, 0 same address concurrent
│ connections rejected, 0 connections rejected, 0 single hop clients refused, 
19166 INTRODUCE2 rejected. [1 duplicate hidden]
│ 07:59:32 [NOTICE] Since startup we initiated 0 and received 0 v1 connections; 
initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3 
connections; initiated 0 and received 57982 v4
│ connections; initiated 116266 and received 356623 v5 connections.
│ 07:59:32 [NOTICE] Circuit handshake stats since last time: 3/3 TAP, 
44849/44849 NTor. [1 duplicate hidden]
│ 07:59:32 [NOTICE] While not bootstrapping, fetched this many bytes: 194128391 
(server descriptor fetch); 7140 (server descriptor upload); 17539422 (consensus 
network-status fetch); 1794 (authority cert
│ fetch); 2111765 (microdescriptor fetch)
│ 07:59:32 [NOTICE] Heartbeat: Tor's uptime is 10 days 23:58 hours, with 179 
circuits open. I've sent 34.83 GB and received 35.63 GB. I've received 444762 
connections on IPv4 and 0 on IPv6. I've made
│ 254336 connections with IPv4 and 0 with IPv6. [1 duplicate hidden]
│ 01:59:32 [NOTICE] Since startup we initiated 0 and received 0 v1 connections; 
initiated 0 and received 0 v2 connections; initiated 0 and received 0 v3 
connections; initiated 0 and received 56651 v4
│ connections; initiated 114326 and received 347071 v5 connections.
│ 01:59:32 [NOTICE] While not bootstrapping, fetched this many bytes: 189431170 
(server descriptor fetch); 7140 (server descriptor upload); 17131743 (consensus 
network-status fetch); 1794 (authority cert
│ fetch); 2068377 (microdescriptor fetch)


tor-relays mailing list

Reply via email to