Consider including fallback directory mirrors with multiple IP addresses

arma describes the advantages of hard-coding bootstrap IP addresses that aren't in the consensus:

https://lists.torproject.org/pipermail/tor-dev/2016-March/010588.html

I think we could do this with fallback directory mirrors, to increase the chances of Tor bootstrapping successfully in these environments.

With two authority attempts in 0.2.7, it's roughly 47% (2/9 + 2/8).

We already have the same or greater probability of bootstrap success with fallbacks and authorities and an increased number of attempts. But it would be nice to use this trick for about 10% of fallbacks.

This will require changes to the fallback selection script and the whitelist format.

added component::core tor/fallback scripts fallback-directory points::3 priority::medium severity::normal status::new tor-client type::enhancement labels

Trac:
Points: N/A to 3

I'm not sure there's a need for this feature at this time

Trac:
Milestone: Tor: 0.2.9.x-final to Tor: 0.2.???

Milestone renamed

Trac:
Milestone: Tor: 0.2.??? to Tor: 0.3.???

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

Trac:
Milestone: Tor: 0.3.??? to Tor: unspecified
Keywords: N/A deleted, tor-03-unspecified-201612 added

Remove an old triaging keyword.

Trac:
Keywords: tor-03-unspecified-201612 deleted, N/A added

Trac:
Summary: Consider including fallback directry mirrors with multiple IP addresses to Consider including fallback directory mirrors with multiple IP addresses
Description: arma describes the advantages of hard-cording bootstrap IP addresses that aren't in the consensus:

https://lists.torproject.org/pipermail/tor-dev/2016-March/010588.html

I think we could do this with fallback directory mirrors, to increase the chances of Tor bootstrapping successfully in these environments.

With two authority attempts in 0.2.7, it's roughly 47% (2/9 + 2/8).

We already have the same or greater probability of bootstrap success with fallbacks and authorities and an increased number of attempts. But it would be nice to use this trick for about 10% of fallbacks.

This will require changes to the fallback selection script and the whitelist format.

to

arma describes the advantages of hard-coding bootstrap IP addresses that aren't in the consensus:

https://lists.torproject.org/pipermail/tor-dev/2016-March/010588.html

I think we could do this with fallback directory mirrors, to increase the chances of Tor bootstrapping successfully in these environments.

With two authority attempts in 0.2.7, it's roughly 47% (2/9 + 2/8).

We already have the same or greater probability of bootstrap success with fallbacks and authorities and an increased number of attempts. But it would be nice to use this trick for about 10% of fallbacks.

This will require changes to the fallback selection script and the whitelist format.

Here's a silly question: Can we just include the fallback twice, with two different addresses?

Replying to nickm:

Here's a silly question: Can we just include the fallback twice, with two different addresses?

Yes, it's the fallback selection process that needs changes, not tor itself:

Replying to teor:

... This will require changes to the fallback selection script and the whitelist format.

And it's safe (for reliability) to list the same fallback twice, as long as it's only some fallbacks that get this treatment. Ideally, we'd want users to get at least 1 fallback or authority on an alternate IP address before it fails bootstrap or the user gives up (nominally 30 seconds).

Authority: 22/8 = 50% Fallback: 4N/150 = 50%

With N = 19, or 1/8 of fallbacks on alternate IP addresses, most clients would get at least one on an alternate address every bootstrap.

The challenge will be contacting each operator, and finding some operators with multiple IP addresses. We might even contact all potential operators, and then select two different lists, so we don't miss eligible relays with multiple IP addresses.

So that puts this in 'Fallback Scripts', not 'Tor'.

Trac:
Component: Core Tor/Tor to Core Tor/Fallback Scripts

Replying to teor:

The challenge will be contacting each operator, and finding some operators with multiple IP addresses. We might even contact all potential operators, and then select two different lists, so we don't miss eligible relays with multiple IP addresses.

If you are excited to do it, go for it. If you're not excited though, I think there's no reason to put too much energy into this idea.

Remember the original phrasing in the tor-dev post: "It's certainly not a robust trick, but it has few downsides". Once you need to ask a bunch of people to set things up, and track whether they did, and bug them afterwards, it might not count as "few downsides" anymore. :)

Trac:
Keywords: N/A deleted, tor-client fallback-directory added

Disowning tickets I don't intend to work on in the next 6 months.

Trac:
Owner: teor to N/A
Status: new to assigned

Mark all tickets that are assigned to nobody as "new".

Trac:
Status: assigned to new

After #27914 (moved), fallback-scripts is its own repository. Fallback changes are no longer tied to Tor releases.

Trac:
Milestone: Tor: unspecified to N/A

changed time estimate to 24h

moved to tpo/core/fallback-scripts#18605