Re: Is this for real?
On 4/11/07, Thomas M. Jett [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Quick question then, *how* much bandwidth is required to run Tor as a server, or router? I've only recently upgraded to DSL light (can't afford full DSL, and I don't remember the advertised bandwidth, but using my ISP's bandwidth test it shows 118.6 kbps with a maximum download speed of 14.83 kbps). Now I'm sure full DSL has more than enough bandwidth, but as far as DSL light goes, I'm not sure. Wouldn't be that much of a concern except for the fact that I do quiet a bit of downloading and I don't know how much of an effect that will have on performance. I know you can limit the bandwidth in the torrc file, but if it's going to be cutting it very close it may not be that much of a help. JT wrote: | Hi, | | if every Tor user was a router these kind of concerns wouldn't even pop | up. Who cares if the NSA is running a few routers in a pool of 300 000. | More and more people are stopping to use Tor because surfing has become | unbearbly slow. Just doesn't scale. Every Tor user must also be a router | and it scales 1:1! | -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHKZRlzq1/FLekkARClBxAJ9+5ca2Pj98H63ouhv9+0wd72WkRQCfQyj8 CtsvY5TFQyQX75u2AZ+tPRM= =vKiu -END PGP SIGNATURE- The problem is that it does not scale 1:1. If you set aside the biggest problems: - Users with firewalls/NAT routers and lack of knowhow to set them up correctly. - Increased use increases incentives for the bad guys, _especially_ if a vulnerability is discovered. Everyone would be vulnerable. - Anonymous users can simply be port-sweeped (and/or banner-scanned) for. The reason it does not scale 1:1 is that (in EU at least), Internet-access to the users are provided mostly asymmetrically. My new connection has an awesome 20Mbit downstream, and the whole of 1Mbit upstream. Even with the fastest (consumer) subscription I'm not able to host a TOR server if I'm also going to use other services (VoIP, etc.). And I wouldn't approve of the whole forcing-people either, at least by my own moral standards, especially not in a freedom-project like this! -- Stian Øvrevåge
Re: Is this for real?
The whole point of You are limited by the slowest upload speed of your routers, plus the whole My un-tor'd download speed is great is a big concern. Here is a thought. Since most of the time I'm not downloading -- most of the time my connection is idle with tor traffic -- I don't mind giving more of my traffic to others. When I'm active, I want to make full use of my download bandwidth. That means I need to get downloads from multiple people. If I'm looking at 20K tor upload, and 1.5 MB download (about 150K), then I need to download from 7 different tor nodes. At once. Yes, there are fast routers, but if I ever get a slow one, or an overloaded one, then I am slowed for using Tor, and Tor looks unattractive. If an average user is active 10% of the time, and uses 7 connections when active, that's still a surplus of network resources (70% utilized). That means, that for Tor to get fast, 1. Rather than everything using one connection by default, we need to use many connections, load balanced. Round robin is probably a good first approximation to load balanced. Since we know the speed of the routers we are using, we can do a better approximation. 2. ??? (3. Profit :-). (Yea, getting keep-alive to work will help a lot with web browsing, but that means tossing privoxy and using something else. But keep-alive, by reducing the number of connections, will magnify the problem of a slow router over doing multiple connections.) *how* much bandwidth is required to run Tor as a server, or router? Tor wants a minimum of 20K, or about 220 kbps. DSL Light, that I've seen, has a 384kbps upload, although I've heard that it goes as low as 256 kbps up. Either one is sufficient to run Tor as a router.
Re: Importance of HTTP connection keep-alive (was: Is this for real?)
Michael_google gmail_Gersten [EMAIL PROTECTED] wrote: (Yea, getting keep-alive to work will help a lot with web browsing, Is this an assumption or did you just forget to show your benchmarks to back this claim up? but that means tossing privoxy and using something else. Actually you can use connection keep-alive without tossing Privoxy. Just put Polipo between Privoxy and Tor (be aware that using another proxy behind Privoxy will render some of Privoxy's actions useless, though). My impression is that keep-alive (in the setup described above, and without Privoxy in the chain) doesn't buy you enough to be noticeable. Of course adding Polipo to the proxy chain has other advantages, I didn't do any scientific benchmarks either, and I may be biased. I used Privoxy's CVS version to measure the effects of not having to use prevent-compression for filtering, though: [EMAIL PROTECTED] ~ $head -n 15000 /usr/jails/privoxy-jail/var/log/privoxy/privoxy.log | grep Decomp | privoxy-log-parser 16:50:26.413 0815c700 Re-Filter: Decompression successful. Old size: 1147, new size: 2763. (saved: 58.49%) 16:50:27.125 0815c800 Re-Filter: Decompression successful. Old size: 5007, new size: 20885. (saved: 76.03%) 16:50:27.704 0808e900 Re-Filter: Decompression successful. Old size: 623, new size: 2145. (saved: 70.96%) 16:51:48.746 0815c900 Re-Filter: Decompression successful. Old size: 6104, new size: 26928. (saved: 77.33%) 16:57:07.983 0815c900 Re-Filter: Decompression successful. Old size: 29972, new size: 148272. (saved: 79.79%) 16:57:08.745 0815c600 Re-Filter: Decompression successful. Old size: 24125, new size: 113632. (saved: 78.77%) 16:57:16.002 0815ca00 Re-Filter: Decompression successful. Old size: 30392, new size: 150126. (saved: 79.76%) 16:57:17.475 0815c100 Re-Filter: Decompression successful. Old size: 15979, new size: 78088. (saved: 79.54%) 16:57:42.869 08156000 Re-Filter: Decompression successful. Old size: 18927, new size: 86616. (saved: 78.15%) 16:57:50.084 0808e700 Re-Filter: Decompression successful. Old size: 23686, new size: 115163. (saved: 79.43%) 16:58:32.836 0815c400 Re-Filter: Decompression successful. Old size: 30261, new size: 141889. (saved: 78.67%) 17:15:53.644 0808e700 Re-Filter: Decompression successful. Old size: 5318, new size: 22906. (saved: 76.78%) 17:22:20.633 0815c100 Re-Filter: Decompression successful. Old size: 7351, new size: 36324. (saved: 79.76%) As receiving compressed content seldom saves less than 50%, I assume that for Privoxy 3.0.6 (chained with Tor) the missing zlib support is a much bigger slow-down factor than the missing support for connection keep-alive (if that's a slow-down factor at all). Fabian signature.asc Description: PGP signature