Has anyone had any experience running *exit* nodes on Raspberry Pi-grade hardware, or slightly beefier? We are thinking of replacing the old, bulky, power-hungry machine currently running exit 78C7C299DB4C4BD119A22B87B57D5AF5F3741A79 with something on that level. It only has to hit 10Mbps.
thanks, zw
Zack Weinberg wrote:
Has anyone had any experience running *exit* nodes on Raspberry Pi-grade hardware, or slightly beefier? We are thinking of replacing the old, bulky, power-hungry machine currently running exit 78C7C299DB4C4BD119A22B87B57D5AF5F3741A79 with something on that level. It only has to hit 10Mbps.
There's only one way to find out, but I suspect an RPi would be too weak for the job. Exits use more CPU because they manage far more TCP/UDP connections than a non-exit relay. I've seen significant CPU usage (maybe even CPU saturation) on a cheap Intel Core Duo moving about 3-5 MB/s.
Best, Mike
On Thu, 18 Aug 2016 10:40:00 -0600 Michael McConville mmcco@mykolab.com wrote:
Zack Weinberg wrote:
Has anyone had any experience running *exit* nodes on Raspberry Pi-grade hardware, or slightly beefier? We are thinking of replacing the old, bulky, power-hungry machine currently running exit 78C7C299DB4C4BD119A22B87B57D5AF5F3741A79 with something on that level. It only has to hit 10Mbps.
There's only one way to find out, but I suspect an RPi would be too weak for the job. Exits use more CPU because they manage far more TCP/UDP connections than a non-exit relay. I've seen significant CPU usage (maybe even CPU saturation) on a cheap Intel Core Duo moving about 3-5 MB/s.
Raspberry Pi 3 should do fine, not to mention some of the more powerful boards -- there are now up to 8-core, up to 1.7 GHz ones. Even though the core number won't help you too much, you shouldn't underestimate what a modern 64-bit ARM can do. Especially if the task at hand is mere 10 Mbps.
Roman Mamedov wrote:
On Thu, 18 Aug 2016 10:40:00 -0600 Michael McConville mmcco@mykolab.com wrote:
Zack Weinberg wrote:
Has anyone had any experience running *exit* nodes on Raspberry Pi-grade hardware, or slightly beefier? We are thinking of replacing the old, bulky, power-hungry machine currently running exit 78C7C299DB4C4BD119A22B87B57D5AF5F3741A79 with something on that level. It only has to hit 10Mbps.
There's only one way to find out, but I suspect an RPi would be too weak for the job. Exits use more CPU because they manage far more TCP/UDP connections than a non-exit relay. I've seen significant CPU usage (maybe even CPU saturation) on a cheap Intel Core Duo moving about 3-5 MB/s.
Raspberry Pi 3 should do fine, not to mention some of the more powerful boards -- there are now up to 8-core, up to 1.7 GHz ones. Even though the core number won't help you too much, you shouldn't underestimate what a modern 64-bit ARM can do. Especially if the task at hand is mere 10 Mbps.
I'd be happy to be proven wrong. However, remember that while 10 Mbps doesn't sound like a lot, it can imply 7,000+ open connections. That can stress the kernel and the CPU cache.
Michael McConville wrote:
Roman Mamedov wrote:
On Thu, 18 Aug 2016 10:40:00 -0600 Michael McConville mmcco@mykolab.com wrote:
Zack Weinberg wrote:
Has anyone had any experience running *exit* nodes on Raspberry Pi-grade hardware, or slightly beefier? We are thinking of replacing the old, bulky, power-hungry machine currently running exit 78C7C299DB4C4BD119A22B87B57D5AF5F3741A79 with something on that level. It only has to hit 10Mbps.
There's only one way to find out, but I suspect an RPi would be too weak for the job. Exits use more CPU because they manage far more TCP/UDP connections than a non-exit relay. I've seen significant CPU usage (maybe even CPU saturation) on a cheap Intel Core Duo moving about 3-5 MB/s.
Raspberry Pi 3 should do fine, not to mention some of the more powerful boards -- there are now up to 8-core, up to 1.7 GHz ones. Even though the core number won't help you too much, you shouldn't underestimate what a modern 64-bit ARM can do. Especially if the task at hand is mere 10 Mbps.
I'd be happy to be proven wrong. However, remember that while 10 Mbps doesn't sound like a lot, it can imply 7,000+ open connections. That can stress the kernel and the CPU cache.
I forgot to mention all the crypto required, too. These boards don't have crypto accelerators, so that's a big cost.
On Thu, 18 Aug 2016 11:50:33 -0600 Michael McConville mmcco@mykolab.com wrote:
I forgot to mention all the crypto required, too. These boards don't have crypto accelerators, so that's a big cost.
What? ARMv8-A has hardware accelerated SHA(1/2), AES, and a carry-less multiply. As far as I am aware this still requires using OpenSSL 1.1.x (currently beta), and I don't remember off the top of my head if the code necessary to use newer OpenSSL was backported to pre 0.2.9.x.
Regards,
Yawning Angel wrote:
Michael McConville mmcco@mykolab.com wrote:
I forgot to mention all the crypto required, too. These boards don't have crypto accelerators, so that's a big cost.
What?
I forgot to mention all the crypto required, too. These boards don't have crypto accelerators, so that's a big cost.
ARMv8-A has hardware accelerated SHA(1/2), AES, and a carry-less multiply. As far as I am aware this still requires using OpenSSL 1.1.x (currently beta), and I don't remember off the top of my head if the code necessary to use newer OpenSSL was backported to pre 0.2.9.x.
Interesting, I didn't know that. However, because only very new boards support ARMv8 and because stable OpenSSL releases don't yet support its AES extension, it seems that crypto speed remains a problem for now.
Best, Mike
On 08/18/2016 01:50 PM, Michael McConville wrote:
Michael McConville wrote:
Roman Mamedov wrote:
On Thu, 18 Aug 2016 10:40:00 -0600 Michael McConville mmcco@mykolab.com wrote: Raspberry Pi 3 should do fine, not to mention some of the more powerful boards -- there are now up to 8-core, up to 1.7 GHz ones. Even though the core number won't help you too much, you shouldn't underestimate what a modern 64-bit ARM can do. Especially if the task at hand is mere 10 Mbps.
I'd be happy to be proven wrong. However, remember that while 10 Mbps doesn't sound like a lot, it can imply 7,000+ open connections. That can stress the kernel and the CPU cache.
I forgot to mention all the crypto required, too. These boards don't have crypto accelerators, so that's a big cost.
That is a good point. I don't have any performance numbers on me, but you should at least compare the specs of the Pi 3, the BeagleBone Black, and some of the ODroid series to see if any of them can do the job. I've seen all of those devices put into mission-critical roles, so they may have a possibility of standing up to the job. If not, a low-end old laptop will have AES acceleration. Something to consider.
Torsdag den 18. august 2016 12:35:11 skrev Zack Weinberg:
Has anyone had any experience running *exit* nodes on Raspberry Pi-grade hardware, or slightly beefier? We are thinking of replacing the old, bulky, power-hungry machine currently running exit 78C7C299DB4C4BD119A22B87B57D5AF5F3741A79 with something on that level. It only has to hit 10Mbps.
thanks, zw _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi, used to run a Banana PI with Debian as a TOR Relay. This is not recommendable since the system froze after a while. Although this could just be my system that is unstable.
but from my experience I can not recommend it.
Sometimes it can because of a bad/cheap power supply... Not the ARM-Pi or the OS :s
Hi, used to run a Banana PI with Debian as a TOR Relay. This is not recommendable since the system froze after a while. Although this could just be my system that is unstable.
but from my experience I can not recommend it.
tor-relays@lists.torproject.org
-
Jesse V -
Michael Andersen -
Michael McConville -
Petrusko -
Roman Mamedov -
Yawning Angel -
Zack Weinberg