Opened 6 years ago

Closed 6 years ago

#12598 closed task (duplicate)

Increase rotation period of guard nodes

Reported by: asn Owned by: asn
Priority: High Milestone: Tor: 0.2.7.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-guard 027-backport
Cc: isis Actual Points:
Parent ID: #11480 Points:
Reviewer: Sponsor:


We are supposed to increase the rotation period of guard nodes from 2-3 months to 9-10 months, as per proposal 236. This is the ticket about this task.

This also should be deployed hand in hand with #9321, otherwise young guards will experience a big drop of clients.

Child Tickets

Change History (10)

comment:1 Changed 6 years ago by asn

Parent ID: #11480

Also, even though we already have a GuardLifetime consensus parameter, maybe it would be smarter to introduce a new consensus parameter for this switch, so that only upgraded clients actually switch to the new rotation period.

comment:2 Changed 6 years ago by nickm

Keywords: 026-triaged-1 added

comment:3 Changed 6 years ago by nickm

Owner: set to asn
Priority: normalmajor
Status: newassigned

I think asn is on this. asn, please let me know if you aren't.

comment:4 Changed 6 years ago by asn

Indeed I'm on it. IMO, this blocks on #9321 which is moving.

comment:5 Changed 6 years ago by isis

Cc: isis added

comment:6 Changed 6 years ago by nickm

Keywords: unfrozen added

So, all we need to do here beyond #9321 is to add an alternative name for GuardLifetime once 9321 is merged.

comment:7 Changed 6 years ago by asn

OK, here is a rough deployment plan:

  1. We merge #9321 to little-t-tor. This allows dirauths to publish consensuses with guardfraction info, and it also allows clients to understand them and tweak their path selection appropriately.
  1. We deploy guardfraction script to all the authorities we can find. We give them some time to populate their consensus database, etc.
  1. We get authorities to run a version of Tor with the #9321 code. They enable the feature so that consensuses get produced with GuardFraction items. Old clients ignore those items, upgraded clients ignore them too because the UseGuardFraction is still turned off.
  1. Now we Tor developers can test the guardfraction code on the real network. We can manually turn on UseGuardFraction in our torrc, and check the logs to see if the new probabilities make sense. After this phase we should have a reasonable assurance that the code works.
  1. Now it's time to turn the feature on for all upgraded clients. We can do this with 3 months of guard lifetime, or we can first up the guard lifetime to 9 months. It's useful in both cases.

We should decide whether we should do this final step when the #9321 code is in stable or in alpha. I think that alpha is fine, but this means that not all clients will switch to the new path selection logic immediately. This is not optimal because proposal 238 also updates the total bandwidth weights (G, M, E, D) according to guardfraction information, which basically assumes that all clients upgrade at the same time. In our case, this is probably not going to be true, which means that the Middle weight and the Exit weight will get overestimated, since they are going to drain some of the Guard+Middle weight and the Guard+Exit weight. From my discussion with Nick Hopper during the past dev meeting, we decided that the network should be able to handle this, and the situation will improve as more clients update. We maybe should think more about this.

Finally, I'm not sure if we need an alternative name for GuardLifetime so that only upgraded clients switch to the new rotation period. I don't think this is necessary since it's OK also for old clients to switch to the new rotation period, as long as there are enough upgraded clients out there doing the guardfraction path selection so that they fill the guard traffic gap.

comment:8 Changed 6 years ago by nickm

Keywords: 026-backport added; 026-triaged-1 unfrozen removed

comment:9 Changed 6 years ago by nickm

Keywords: 027-backport added; 026-backport removed
Milestone: Tor: 0.2.6.x-finalTor: 0.2.7.x-final

comment:10 Changed 6 years ago by asn

Resolution: duplicate
Status: assignedclosed

Gonna close this as a duplicate of #8240.

Note: See TracTickets for help on using tickets.