Filename: 185-dir-without-dirport.txt Title: Directory caches without DirPort Author: Nick Mathewson Created: 20-Sep-2011 Status: Open
Overview:
Exposing a directory port is no longer necessary for running as a directory cache. This proposal suggests that we eliminate that requirement, and describes how.
Motivation:
Now that we tunnel directory connections by default, it is no longer necessary to have a DirPort to be a directory cache. In fact, bridges act as directory caches but do not actually have a DirPort exposed. It would be nice and tidy to expand that property to the rest of the network.
Configuration:
Add a new torrc option, "DirCache". Its values can be "0", "1", and "auto". If it is 0, we never act as a directory cache, even if DirPort is set. If it is 1, then we act as a directory cache according to same rules as those used for nodes that set a DirPort. If it is "auto", then Tor decides whether to act as a directory cache.
Advertising cache status:
Nodes which are running as a directory cache but which do not have a DirPort set should set the entry "dir-cache 1" in their router descriptors.
Consensus:
Authorities should assign a "DirCache" flag to all nodes running as a directory cache that do not set a DirPort.
This does not require a new version of the consensus algorithm.
Hi Nick,
and here are a few comments to your proposal 185:
On 9/20/11 9:34 PM, Nick Mathewson wrote:
Configuration:
Add a new torrc option, "DirCache". Its values can be "0", "1", and "auto". If it is 0, we never act as a directory cache, even if DirPort is set.
Do these relays set "dir-cache 0" in their router descriptors? Or do they just not include "dir-cache 1"? But if they set a non-zero DirPort, how will the directory authorities and clients know that the node doesn't want to act as a directory cache?
If it is 1, then we act as a directory cache according to same rules as those used for nodes that set a DirPort. If it is "auto", then Tor decides whether to act as a directory cache.
What are the rules when setting a DirPort? Successful self-test and minimum advertised bandwidth? How's "1" different from "auto" if Tor decides whether to act as a directory cache in both cases?
Consensus:
Authorities should assign a "DirCache" flag to all nodes running as a directory cache that do not set a DirPort.
Would it make sense to have them assign the "DirCache" flag for nodes with a non-zero DirPort, too?
Best, Karsten
On Thu, Sep 22, 2011 at 10:49:04AM +0200, Karsten Loesing wrote:
On 9/20/11 9:34 PM, Nick Mathewson wrote:
Configuration:
Add a new torrc option, "DirCache". Its values can be "0", "1", and "auto". If it is 0, we never act as a directory cache, even if DirPort is set.
Do these relays set "dir-cache 0" in their router descriptors? Or do they just not include "dir-cache 1"? But if they set a non-zero DirPort, how will the directory authorities and clients know that the node doesn't want to act as a directory cache?
It seems like there are really two behaviors we want to control here. Question 1: "do you fetch and cache directory info and answer questions if somebody asks you questions?" Question 2: "should you be identified in the consensus as a relay that wants to answer questions?"
If the answer to #2 is yes, the answer to #1 must be yes also.
Every exit relay fetches and caches directory info already (see the last check in directory_caches_dir_info()). So do bridges. I'd say our life would get a lot easier if we just declare that anybody with an ORPort set should say yes to #1. To be clear, the change in behavior there is that non-exit non-dirport relays would now start fetching dir info from authorities on the mirror schedule.
And at that point it's just a question of deciding how to answer #2.
See decide_to_advertise_dirport() in router.c for the complex set of topics we consider now for answering #2.
One simple answer would be that if you're in the consensus and have a new enough version, the answer to #2 is simply yes. Everybody is a suitable choice for answering dir info. Hibernating relays aren't in the consensus. Clients already weight their selection by capacity to shift load to faster relays. Relays with set but unreachable dirports should list "0" for their dirport, but still answer questions.
Variation A would be that clients entirely avoid relays under a certain capacity (say, 50KB) when making their selection. If we want to get super fancy, we could have authorities vote on a consensus param that describes the capacity under which clients should choose not to ask a relay about dir info.
Variation B would be to make a new relay status flag NoDirCache that authorities set if you put a line in your descriptor asking for clients to avoid you, for example if you have accounting set. But I think that's probably more trouble than it's worth.
--Roger
-
Karsten Loesing -
Nick Mathewson -
Roger Dingledine