date:20200416

Re: [tor-relays] Low observed bandwith

2020-04-16 Thread Mario Costa

Hi Roger,

Thank you for your answer, you and teor really helped me figure this out.

I set BW rate and burst to 10 MB/s and hope to get more traffic once the relay 
becomes guard for enough clients. Being on a dynamic IP I guess that every time 
the ISP changes my address and have to get a new guard flag, I’ll experience a 
drop in traffic.

-m 

> Il giorno 16 apr 2020, alle ore 16:22, Roger Dingledine  
> ha scritto:
> 
> [Hi Mario! I wrote this draft and then stopped half-through, and then
> teor wrote a good response too. So I'm going to send it as-is, rather
> than quietly delete it, in case it helps reinforce some of the points
> that teor made.]
> 
> On Sat, Apr 11, 2020 at 02:55:59PM +0200, Mario Costa wrote:
>> I???m running a guard relay from my home connection on a Raspberry Pi 4.
> 
> Thanks for running a relay!
> 
>> My internet connection is 1000/100 Mbps, and I thought I???d allocate half 
>> of the upload bandwidth for the relay. Then I set RelayBandwidthRate to 10 
>> MB/s, because I thought that Tor would upload 5 MB/s and download 5 MB/s.
> 
> Actually, a rate of 10mbytes/s means it will do up to 10mbytes/s upload
> and also up to 10mbytes/s download. That is, the rate setting applies to
> 'each way', not 'total for both'.
> 
>> However, the maximum observed bandwidth was always about 6 MB/s. I???d like 
>> to know what could cause this low observed bandwidth. I don???t think it???s 
>> the Raspberry Pi, because CPU usage is always low and it has a Gigabit 
>> connection to the router.
> 
> Answer #1: that 6mbytes/s is the most the relay has seen itself actually
> handle, in any ten-second period. That is, there was some ten second
> period over the past few days where the relay sent 60mbytes of actual
> traffic, and also some ten second period (doesn't have to be the same one)
> where it received 60mbytes of actual traffic.
> 
> So it isn't that the relay measured itself and found that it could only
> do 6mbytes/s. It's that the load from actual user traffic has reached that
> high, and so that's the number that it has seen itself do ("observed").
> 
> And that leads to the natural follow-up question of "Ok, but how come
> the user traffic only got that high? I could handle a lot more!"
> 
> And that's a harder question to answer, because it has to do with overall
> network load ("what all the Tor users together are trying to do right
> now"), and with load balancing across all the relays ("how much of that
> traffic gets sent toward your relay").
> 
> The simple answer is that random chance hasn't yet brought the combination
> of user flows to your relay at the right time to show it that it can
> do more.
> 
> But here, your 100mbit up limit looks like it could actually matter.
> The reason is that you can't push more than about 12 megabytes in a
> second, and that could impact whether you end up pushing more than 60
> megabytes in 10 seconds. I tried to construct a concrete scenario with
> numbers that add up, but I have so far failed to make a convincing one.
> So maybe 100mbit is sufficiently high that there aren't realistic
> scenarios where it will be a limitation. I'm not sure.
> 
> Hope this helps,
> --Roger
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Got my first abuse

2020-04-16 Thread Volker Mink

Not 100% accurate.

I was running an exit at my home connection for close to one year. I removed it because normal internet usage became absolutely anoying. Capchas and DOS-Protections nearly everywhere. No streaming-portal was running. And lots of complaints from my provider.

But no Cop action!

 

And now i am running 2 exits hosted in datacenters, one in germany, one in malaysia. No problems by now.

 

 

br,

volker

 
 

Gesendet: Donnerstag, 16. April 2020 um 13:32 Uhr
Von: "NOC" 
An: tor-relays@lists.torproject.org
Betreff: Re: [tor-relays] Got my first abuse

They raid your home even if the Tor node is run in a datacenter. Sadly
the police in germany is still stuck in the 90s and most of them don't
know and/or care what Tor is and how it works.

On 16.04.2020 12:45, Mario Costa wrote:
> Where you running an exit from home? It’s really discouraged because of what happened to you.
>
> -m
>
>> Il giorno 16 apr 2020, alle ore 04:50, Kolja Sagorski  ha scritto:
>>
>> I had a police house search for my exit...
>> I hate the stupid German police.
>>
>>> Am 15.04.2020 um 22:53 schrieb "li...@for-privacy.net" :
>>>
>>> Hi,
>>>
>>> my Family¹ has had an exit for 2 weeks and today the first abuse mail has arrived.
>>>
>>> First of all, thanks for the templates:
>>>
>>> https://www.torservers.net/wiki/abuse/templates
>>>
>>> https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates
>>>
>>>
>>> I linked these two from the Tor-project:
>>>
>>> - Common Boilerplate (Tor Intro)
>>>
>>> - SSH Bruteforce Attempts
>>>
>>> and wrote the following myself:
>>> --
>>> Another good option that we use ourselves is: fail2ban
>>> And report to blacklists, which can then be loaded into the router firewalls:
>>> https://www.abuseipdb.com/user/33280
>>>
>>> Hope this helps!
>>> --
>>>
>>> I actually wanted to add that the SSH login attempts can be limited. (3-6)
>>> Because the logs from the abuse mail showed 100 attempts pro IP. ;-)
>>>
>>> _Are such notes useful or do such instructions cause even more problems?_
>>>
>>>
>>>
>>> ¹https://metrics.torproject.org/rs.html#search/TorOrDie4privacyNET
>>>
>>> --
>>> ╰_╯ Ciao Marco!
>>>
>>> Debian GNU/Linux
>>>
>>> It's free software and it gives you freedom!
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Wrong IP geolocation

2020-04-16 Thread Mario Costa

One of my relays is reporting a wrong country and AS Name/Number on the Tor 
Metrics page. I suspect that the other relays displayed filtering by AS Name 
have the same problem since all of them belong to the same 255.255.0.0 subnet.

I know precisely where my relay’s data center is, and it’s not the reported 
country. How can I report the correct location? Browsing Tor’s source it looks 
to me that it downloads a database from 
https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.mmdb.gz 
 
but the link is not working, and it seems that they now require an account in 
order to access the data. I don’t know if the Metrics page is using the same 
database.

-m
 ___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Low observed bandwith

2020-04-16 Thread Mario Costa


> Il giorno 14 apr 2020, alle ore 14:48, teor  ha scritto:
> 
> Hi,
> 
>> On 12 Apr 2020, at 10:10, Mario Costa  wrote:
>> 
>> I’m running a guard relay from my home connection on a Raspberry Pi 4. My 
>> internet connection is 1000/100 Mbps, and I thought I’d allocate half of the 
>> upload bandwidth for the relay. Then I set RelayBandwidthRate to 10 MB/s, 
>> because I thought that Tor would upload 5 MB/s and download 5 MB/s.
> 
> You have an asymmetric connections and Tor is a relay network. So your 
> relay's speed will be limited by the slowest of your upload and download.
> 
> Tor also assumes your connection is full duplex. (That is, there are separate 
> limits of 10 MB/s up and 10 MB/s down.)
> 
> You should set rate to the highest sustained bandwidth you're happy for Tor 
> to use. Tor could use that much bandwidth for seconds or hours. That 
> bandwidth should be lower than your connection bandwidth. (The minimum of 
> your upload and download.)
> 
>> However, the maximum observed bandwidth was always about 6 MB/s. I’d like to 
>> know what could cause this low observed bandwidth. I don’t think it’s the 
>> Raspberry Pi, because CPU usage is always low and it has a Gigabit 
>> connection to the router.
> 
> Where are you seeing this observed bandwidth?
> 
> Tor reports its observed bandwidth over the busiest 10 second period each day.
> 
> 60% of the rate is actually a pretty high load, because Tor is a low-latency 
> network. (Once utilisation gets over around 10%, latency starts increasing.)
> 
> If your connection is a high latency connection, Tor may send bandwidth to 
> lower-latency connections.
> 
> You can read a similar thread here:
> https://lists.torproject.org/pipermail/tor-relays/2020-April/018348.html 
> 
>> The router itself easily reaches Gigabit speeds, so 10 MB/s should be a 
>> breeze. Could it be the number of connections? nyx indicates that the 
>> connections are always about 4000. If this is the case, how can I know if 
>> the connections bottleneck is the router or the Raspberry Pi?
> 
> 4000 seems pretty normal. There are only around 6000 relays.
> Check your tor, kernel, and router logs for TCP warnings?
> 
>> Additionally, I’d like to ask for a rule of thumb for setting the 
>> RelayBandwithBurst. I set it to 20 MB/s because I’m ok with the relay using 
>> the whole upload bandwidth (about 10 MB/s, or 100 Mbps) for short periods of 
>> time, but as I already explained I’m never seeing such speeds.
> 
> Setting your burst higher than your connection speed can cause latency or 
> packet drops. Tor will allocate less bandwidth to slow or unreliable relays.
> 
> You won't see the burst in Tor's observed bandwidth. The burst is over 1-2 
> seconds. The rate is averaged over a few seconds. Observed is over 10 seconds.
> 
> Tor will compensate for a burst by having a few slow seconds afterwards.
> 
> Set the burst to the highest speed you ever want the relay to use over 1-2 
> seconds. The burst should be equal to or lower than your connection speed. 
> (In your case, the lowest of your upload and download speed.)
> 
>> For reference my relay’s fingerprint is 
>> F942EE73F1B8E39125F617FA85E80E4C9E540A2E.
> 
> If you want Tor to use more bandwidth, try setting rate and burst to 10 Mbps.
> 
> That way, you won't be causing congestion or packet drops.
> 
> You may have to wait for a few weeks or months for your bandwidth to 
> stabilise.
> https://blog.torproject.org/lifecycle-new-relay 
> 
> 
> T
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


Thank you,  I mistakenly thought the the Bandwidth limits were up+down, this 
really clarified many things.




> Il giorno 14 apr 2020, alle ore 17:21, torjoy 
>  ha scritto:
> 
> Hi Mario,
> 
> I'm having same trouble with raspberry pi 3b... I use Wi-Fi connection with 
> high throughput. My local connection can copy files up to 15MB/s to this RPi. 
> It is a USB adapter (mediatek MT7601). I'm asking myself that speed on tor 
> network shouldn't be more than 2 MB/s. I've limited the maximum in 3,2 MB/s 
> and burst to 4,3 MB/s, my connection here in Brazil is just of 240 Mb/s // 24 
> Mb/s... At least 2,2 MB/s should be reached in the measurements i guess. In 
> the past i shouldn't pass from 600 KB/s thus because my CPU consumption with 
> TOR was near to 100%. But i've set more parallel threads in torrc and 
> recompilled my openssl to support it the linux crypto engine, that can handle 
> faster crypto operations. With this i've enabled hardware acceleration on 
> torrc and reached a little bit more than 1MB/s in the measurements.
> 
> Luiz
> 
> 
> Sent with ProtonMail Secure Email.
> 
> 
> 
> ___
> tor-relays mailing list
>

Re: [tor-relays] Got my first abuse

2020-04-16 Thread Artur Pedziwilk



> On 15 Apr 2020, at 23:30, Kolja Sagorski  wrote:
> 
> 
> I had a police house search for my exit...
> I hate the stupid German police.

Why they are stupid?
Because they did not know in advance the criminals are not there?



publickey - cb86eb08b7299219c1af5dbcaddd4ede@protonmail.ch.asc.pgp
Description: application/pgp-key


signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Low observed bandwith

2020-04-16 Thread Roger Dingledine

[Hi Mario! I wrote this draft and then stopped half-through, and then
teor wrote a good response too. So I'm going to send it as-is, rather
than quietly delete it, in case it helps reinforce some of the points
that teor made.]

On Sat, Apr 11, 2020 at 02:55:59PM +0200, Mario Costa wrote:
> I???m running a guard relay from my home connection on a Raspberry Pi 4.

Thanks for running a relay!

> My internet connection is 1000/100 Mbps, and I thought I???d allocate half of 
> the upload bandwidth for the relay. Then I set RelayBandwidthRate to 10 MB/s, 
> because I thought that Tor would upload 5 MB/s and download 5 MB/s.

Actually, a rate of 10mbytes/s means it will do up to 10mbytes/s upload
and also up to 10mbytes/s download. That is, the rate setting applies to
'each way', not 'total for both'.

> However, the maximum observed bandwidth was always about 6 MB/s. I???d like 
> to know what could cause this low observed bandwidth. I don???t think it???s 
> the Raspberry Pi, because CPU usage is always low and it has a Gigabit 
> connection to the router.

Answer #1: that 6mbytes/s is the most the relay has seen itself actually
handle, in any ten-second period. That is, there was some ten second
period over the past few days where the relay sent 60mbytes of actual
traffic, and also some ten second period (doesn't have to be the same one)
where it received 60mbytes of actual traffic.

So it isn't that the relay measured itself and found that it could only
do 6mbytes/s. It's that the load from actual user traffic has reached that
high, and so that's the number that it has seen itself do ("observed").

And that leads to the natural follow-up question of "Ok, but how come
the user traffic only got that high? I could handle a lot more!"

And that's a harder question to answer, because it has to do with overall
network load ("what all the Tor users together are trying to do right
now"), and with load balancing across all the relays ("how much of that
traffic gets sent toward your relay").

The simple answer is that random chance hasn't yet brought the combination
of user flows to your relay at the right time to show it that it can
do more.

But here, your 100mbit up limit looks like it could actually matter.
The reason is that you can't push more than about 12 megabytes in a
second, and that could impact whether you end up pushing more than 60
megabytes in 10 seconds. I tried to construct a concrete scenario with
numbers that add up, but I have so far failed to make a convincing one.
So maybe 100mbit is sufficiently high that there aren't realistic
scenarios where it will be a limitation. I'm not sure.

Hope this helps,
--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Got my first abuse

2020-04-16 Thread NOC

They raid your home even if the Tor node is run in a datacenter. Sadly 
the police in germany is still stuck in the 90s and most of them don't 
know and/or care what Tor is and how it works.


On 16.04.2020 12:45, Mario Costa wrote:

Where you running an exit from home? It’s really discouraged because of what 
happened to you.

-m


Il giorno 16 apr 2020, alle ore 04:50, Kolja Sagorski  
ha scritto:

I had a police house search for my exit...
I hate the stupid German police.


Am 15.04.2020 um 22:53 schrieb "li...@for-privacy.net" :

Hi,

my Family¹ has had an exit for 2 weeks and today the first abuse mail has 
arrived.

First of all, thanks for the templates:

https://www.torservers.net/wiki/abuse/templates

https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates


I linked these two from the Tor-project:

- Common Boilerplate (Tor Intro)

- SSH Bruteforce Attempts

and wrote the following myself:
--
Another good option that we use ourselves is: fail2ban
And report to blacklists, which can then be loaded into the router firewalls:
https://www.abuseipdb.com/user/33280

Hope this helps!
--

I actually wanted to add that the SSH login attempts can be limited. (3-6)
Because the logs from the abuse mail showed 100 attempts pro IP. ;-)

_Are such notes useful or do such instructions cause even more problems?_



¹https://metrics.torproject.org/rs.html#search/TorOrDie4privacyNET

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Got my first abuse

2020-04-16 Thread Mario Costa

Where you running an exit from home? It’s really discouraged because of what 
happened to you. 

-m

> Il giorno 16 apr 2020, alle ore 04:50, Kolja Sagorski 
>  ha scritto:
> 
> I had a police house search for my exit...
> I hate the stupid German police.
> 
>> Am 15.04.2020 um 22:53 schrieb "li...@for-privacy.net" 
>> :
>> 
>> Hi,
>> 
>> my Family¹ has had an exit for 2 weeks and today the first abuse mail has 
>> arrived.
>> 
>> First of all, thanks for the templates:
>> 
>> https://www.torservers.net/wiki/abuse/templates
>> 
>> https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates
>> 
>> 
>> I linked these two from the Tor-project:
>> 
>> - Common Boilerplate (Tor Intro)
>> 
>> - SSH Bruteforce Attempts
>> 
>> and wrote the following myself:
>> --
>> Another good option that we use ourselves is: fail2ban
>> And report to blacklists, which can then be loaded into the router firewalls:
>> https://www.abuseipdb.com/user/33280
>> 
>> Hope this helps!
>> --
>> 
>> I actually wanted to add that the SSH login attempts can be limited. (3-6)
>> Because the logs from the abuse mail showed 100 attempts pro IP. ;-)
>> 
>> _Are such notes useful or do such instructions cause even more problems?_
>> 
>> 
>> 
>> ¹https://metrics.torproject.org/rs.html#search/TorOrDie4privacyNET
>> 
>> -- 
>> ╰_╯ Ciao Marco!
>> 
>> Debian GNU/Linux
>> 
>> It's free software and it gives you freedom!
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Low observed bandwith

Re: [tor-relays] Got my first abuse

[tor-relays] Wrong IP geolocation

Re: [tor-relays] Low observed bandwith

Re: [tor-relays] Got my first abuse

Re: [tor-relays] Low observed bandwith

Re: [tor-relays] Got my first abuse

Re: [tor-relays] Got my first abuse

8 matches

Site Navigation

Mail list logo

Footer information