Hi all,
I am considering setting up a tor relay. However my configuration is not powerful and I failed to find precise informations about the hardware system requirements. I believe it would be useful to have such informations in the FAQ, along with graphs of the needed RAM & CPU as a function of the allocated bandwidth.
Anyway, I would use a Sheevaplug (Marvell 1.2 GHz CPU, 512 MB DDR2 @ 400 MHz) running Debian Squeeze. It already serves as a small webserver (~200 visits/month, <10 MB bandwidth/month), and 150 MB of RAM are allocated to flashybrid (which helps preserving the SD card life by keeping /var/log/* and such data in RAM and write it down only once in a while).
First questions : would it be eligible as a tor relay ? As a tor exit ? Or should I rather go for a bridge ? I guess my bandwidth will be limited by the hardware, how much would you suggest ?
On the same network is my personal computer which is much more powerful but down most of the day, so I guess it would be unworthy to make use of it ?
I have also thought about using the PC of my parents as a bridge (smaller bandwidth), but again it is online only a few hours a day, would it be worth it ?
Thanks.
Regards,
G.
Hi,
how much Bandwidth would you use for tor? Anyway, RAM could be the limitting factor here.
aurel
On 1 February 2012 17:45, Goulven Guillard lecotegougdelaforce@free.fr wrote:
Hi all,
I am considering setting up a tor relay. However my configuration is not powerful and I failed to find precise informations about the hardware system requirements. I believe it would be useful to have such informations in the FAQ, along with graphs of the needed RAM & CPU as a function of the allocated bandwidth.
Anyway, I would use a Sheevaplug (Marvell 1.2 GHz CPU, 512 MB DDR2 @ 400 MHz) running Debian Squeeze. It already serves as a small webserver (~200 visits/month, <10 MB bandwidth/month), and 150 MB of RAM are allocated to flashybrid (which helps preserving the SD card life by keeping /var/log/* and such data in RAM and write it down only once in a while).
First questions : would it be eligible as a tor relay ? As a tor exit ? Or should I rather go for a bridge ? I guess my bandwidth will be limited by the hardware, how much would you suggest ?
On the same network is my personal computer which is much more powerful but down most of the day, so I guess it would be unworthy to make use of it ?
I have also thought about using the PC of my parents as a bridge (smaller bandwidth), but again it is online only a few hours a day, would it be worth it ?
Thanks.
Regards,
G.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Le 01/02/2012 19:15, Aurel W. a écrit :
how much Bandwidth would you use for tor? Anyway, RAM could be the limitting factor here.
My ISP currently provides me with ~ 800 kbps in upload. I could probably give half or more to tor but I believe indeed RAM & CPU will be the limiting factor (that's why I didn't mention it in my first email). I have ~ 15 Mbps in download but I guess it is better to keep it symmetric (I have not yet checked this point in the doc though).
G.
On Wed, Feb 1, 2012 at 3:24 PM, Goulven Guillard lecotegougdelaforce@free.fr wrote:
My ISP currently provides me with ~ 800 kbps in upload. I could probably give half or more to tor but I believe indeed RAM & CPU will be the limiting factor (that's why I didn't mention it in my first email). I have ~ 15 Mbps in download but I guess it is better to keep it symmetric (I have not yet checked this point in the doc though).
Just try a middle node. Do not run vidalia of course, just plain chrooted Tor. Maybe with higher niceness since the webserver is your priority. https://trac.torproject.org/projects/tor/wiki/doc/TorInChroot
I'm not familiar with the Sheevaplug, but I have some experience with low-end hardware.
I run a middle node on a Pentium-M 1.8GHz ("Dothan", circa 2004) with 1GB of DDR1 RAM on a CentOS 5.x/i686 box. I have Tor v0.2.2.x configured for Bandwidth=150KB, BurstBandwidth=300KB. That 150KB is one-third of my 450KB upload capability.
With this set-up I see the Tor process consuming 2% of CPU, about 60MB of RAM (RSS) used, and I see 100 - 200 connections active at any given time.
That 150KB is the peak traffic that is used (I've never see evidence that BurstBandwidth is used at all). If fact, it is currently averaging about 90KB. See here:
http://torstatus.blutmagie.de/router_detail.php?FP=4d393c7d93c16b97a3f41df94...
The crypto stuff is the CPU bottleneck in Tor, so really Tor's CPU use is gated by OpenSSL's performance. My CPU, old as it is, has SSE2 instructions and that helps a lot. I build Tor against a contemporary version of OpenSSL, which doubles the encrypt/decrypt performance relative to the v0.9.8+patches that is standard in CentOS v5.7.
FYI.
On Wednesday, February 1, 2012 11:45am, "Goulven Guillard" lecotegougdelaforce@free.Fr said:
Hi all,
I am considering setting up a tor relay. However my configuration is not powerful and I failed to find precise informations about the hardware system requirements. I believe it would be useful to have such informations in the FAQ, along with graphs of the needed RAM & CPU as a function of the allocated bandwidth.
Anyway, I would use a Sheevaplug (Marvell 1.2 GHz CPU, 512 MB DDR2 @ 400 MHz) running Debian Squeeze. It already serves as a small webserver (~200 visits/month, <10 MB bandwidth/month), and 150 MB of RAM are allocated to flashybrid (which helps preserving the SD card life by keeping /var/log/* and such data in RAM and write it down only once in a while).
First questions : would it be eligible as a tor relay ? As a tor exit ? Or should I rather go for a bridge ? I guess my bandwidth will be limited by the hardware, how much would you suggest ?
On the same network is my personal computer which is much more powerful but down most of the day, so I guess it would be unworthy to make use of it ?
I have also thought about using the PC of my parents as a bridge (smaller bandwidth), but again it is online only a few hours a day, would it be worth it ?
Thanks.
Regards,
G.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
With this set-up I see the Tor process consuming 2% of CPU, about 60MB of RAM (RSS) used 100 - 200 connections active at any given time.
Seconded. It's not much. And irrespective of hardware, seconded also on using current OS, build libs and Tor. Some OS require setting kernel sysctl to enable extra cpu's or cpu features. BIOS too. But that intel-HT is not worth anything.
My ISP currently provides me with ~ 800 kbps in upload ... 15 Mbps in download but I guess it is better to keep it symmetric
It's bytes in/out of the closed circle that is your box/interfaces. Other than encapsulation differences, non-symmetric is not physically possible.
You can set up OS rate limiting to let Tor freely use whatever when you are not using the pipe. But I don't know how to properly let Tor know you are doing that??? (other than telling Tor it's own rate limit should be the entire possible size of your pipe, as would be the case when Tor is allowed by OS to free run during your non usage. Tor would get squeezed otherwise, but that's probably not too bad.)
I have also thought about using the PC of my parents as a bridge
Not a good idea to subject anyone but yourself to the potential issues of being an exit :) So a non-exit or bridge is better.
Thanks for all the replies. I'll give it a try as a middle node for a start (as soon as my ISP fixes my intempestive deconnection issue…).
Is an exit node is more CPU(/RAM ?) consuming than a middle one ? Assuming it is the case, as it seems that Tor does need more exit nodes, what would be best (in a Tor perspective) for a given CPU/RAM consumption : an exit node with lower bandwidth or a middle node with more bandwidth ?
Concerning OpenSSL's performance the Sheevaplug's Marvell Kirkwood CPU seems to have a hardware crypto engine which can be used thanks to cryptodev-linux, apparently this may help.
Now, what about the uptime issue ? Is it worth (again in a Tor network perspective) installing a bridge on a computer which is up only a few hours a day ?
Le 02/02/2012 01:17, grarpamp a écrit :
I have also thought about using the PC of my parents as a bridge
Not a good idea to subject anyone but yourself to the potential issues of being an exit :) So a non-exit or bridge is better.
Indeed, for their computer it will be a bridge or nothing, depending on the answer to the question above.
G.
On Thursday, February 2, 2012 9:41am, "Goulven Guillard" lecotegougdelaforce@free.Fr said:
Thanks for all the replies. I'll give it a try as a middle node for a start (as soon as my ISP fixes my intempestive deconnection issue…).
Is an exit node is more CPU(/RAM ?) consuming than a middle one ?
Yes. At minimum the exit node must do DNS look-ups for the destinations. Part of the anonymity is that you as an exit node determine which IP address is associated with "www.yahoo.com", not the originating node. That doesn't take much CPU (apart from the crypto of DNSSEC) but it does take some CPU time, and a little bandwidth too. Also, the packet payload must be decrypted for transmission to the destination address.
Assuming it is the case, as it seems that Tor does need more exit nodes, what would be best (in a Tor perspective) for a given CPU/RAM consumption : an exit node with lower bandwidth or a middle node with more bandwidth ?
Tor does need exit nodes. The graphs on Tor statistics page show that only a quarter of Tor nodes are running as exits. That said, if this is on a residential internet connection you might not want to be an exit node. A few web sites blacklist the IP addresses of Tor exit nodes because they don't want anonymous traffic for whatever reason. Likely you won't encounter such a site in your personal surfing, but you should be aware that publicly announcing yourself as a Tor exit node may constrain you.
Concerning OpenSSL's performance the Sheevaplug's Marvell Kirkwood CPU seems to have a hardware crypto engine which can be used thanks to cryptodev-linux, apparently this may help.
I read a lot of complains from people who say their crypto engine isn't being recognized/used by OpenSSL. (Of course, unhappy people are more prone to posting than happy ones.) You might want to run OpenSSL's speed test to verify that you really are getting the benefit of your hardware crypto support.
Le 02/02/2012 16:21, Steve Snyder a écrit :
Tor does need exit nodes. The graphs on Tor statistics page show that only a quarter of Tor nodes are running as exits. That said, if this is on a residential internet connection you might not want to be an exit node. A few web sites blacklist the IP addresses of Tor exit nodes because they don't want anonymous traffic for whatever reason. Likely you won't encounter such a site in your personal surfing, but you should be aware that publicly announcing yourself as a Tor exit node may constrain you.
Right, I'll think about it twice. BTW, is there already a list of websites blacklisting Tor ?
I read a lot of complains from people who say their crypto engine isn't being recognized/used by OpenSSL. (Of course, unhappy people are more prone to posting than happy ones.) You might want to run OpenSSL's speed test to verify that you really are getting the benefit of your hardware crypto support.
I assume you mean "by default". I found out about cryptodev-linux here : http://www.altechnative.net/?p=174
On Thursday, February 02, 2012 10:21:14 Steve Snyder wrote:
Tor does need exit nodes. The graphs on Tor statistics page show that only a quarter of Tor nodes are running as exits. That said, if this is on a residential internet connection you might not want to be an exit node. A few web sites blacklist the IP addresses of Tor exit nodes because they don't want anonymous traffic for whatever reason. Likely you won't encounter such a site in your personal surfing, but you should be aware that publicly announcing yourself as a Tor exit node may constrain you.
Freenode (not the website, but the IRC server) doesn't allow connections from Tor exit nodes, and Wikipedia doesn't allow editing through Tor.
cmeclax
Hi,
it was not recommended to run an exit on an connection that's used for private traffic. It could be your IP that gets caught downloading copyrighted material. (Might not apply in your case)
Should you still consider it, please read: https://blog.torproject.org/running-exit-node
Now, what about the uptime issue ? Is it worth (again in a Tor network perspective) installing a bridge on a computer which is up only a few hours a day ?
Yes. I got told by an Tor official that such a bridge is useful. The longer the better, but a few hours is OK.
Regards, bastik_tor
tor-relays@lists.torproject.org
-
Aurel W. -
cmeclax-sazri -
Goulven Guillard -
grarpamp -
Javier Bassi -
Sebastian G. <bastik.tor> -
Steve Snyder