Opened 3 years ago

Last modified 5 months ago

#18605 new enhancement

Consider including fallback directory mirrors with multiple IP addresses

Reported by: teor Owned by:
Priority: Medium Milestone:
Component: Core Tor/Fallback Scripts Version:
Severity: Normal Keywords: tor-client fallback-directory
Cc: Actual Points:
Parent ID: Points: 3
Reviewer: Sponsor:

Description (last modified by arma)

arma describes the advantages of hard-coding bootstrap IP addresses that aren't in the consensus:

https://lists.torproject.org/pipermail/tor-dev/2016-March/010588.html

I think we could do this with fallback directory mirrors, to increase the chances of Tor bootstrapping successfully in these environments.

With two authority attempts in 0.2.7, it's roughly 47% (2/9 + 2/8).

We already have the same or greater probability of bootstrap success with fallbacks and authorities and an increased number of attempts. But it would be nice to use this trick for about 10% of fallbacks.

This will require changes to the fallback selection script and the whitelist format.

Child Tickets

Change History (14)

comment:1 Changed 3 years ago by nickm

Points: 3

comment:2 Changed 3 years ago by teor

Milestone: Tor: 0.2.9.x-finalTor: 0.2.???

I'm not sure there's a need for this feature at this time

comment:3 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:4 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:5 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:6 Changed 2 years ago by arma

Description: modified (diff)
Summary: Consider including fallback directry mirrors with multiple IP addressesConsider including fallback directory mirrors with multiple IP addresses

comment:7 Changed 2 years ago by nickm

Here's a silly question: Can we just include the fallback twice, with two different addresses?

comment:8 in reply to:  7 ; Changed 2 years ago by teor

Replying to nickm:

Here's a silly question: Can we just include the fallback twice, with two different addresses?

Yes, it's the fallback selection process that needs changes, not tor itself:

Replying to teor:

...
This will require changes to the fallback selection script and the whitelist format.

And it's safe (for reliability) to list the same fallback twice, as long as it's only some fallbacks that get this treatment. Ideally, we'd want users to get at least 1 fallback or authority on an alternate IP address before it fails bootstrap or the user gives up (nominally 30 seconds).

Authority: 2*2/8 = 50%
Fallback: 4*N/150 = 50%

With N = 19, or 1/8 of fallbacks on alternate IP addresses, most clients would get at least one on an alternate address every bootstrap.

The challenge will be contacting each operator, and finding some operators with multiple IP addresses. We might even contact all *potential* operators, and then select two different lists, so we don't miss eligible relays with multiple IP addresses.

comment:9 Changed 2 years ago by teor

Component: Core Tor/TorCore Tor/Fallback Scripts

So that puts this in 'Fallback Scripts', not 'Tor'.

Last edited 2 years ago by teor (previous) (diff)

comment:10 in reply to:  8 Changed 2 years ago by arma

Replying to teor:

The challenge will be contacting each operator, and finding some operators with multiple IP addresses. We might even contact all *potential* operators, and then select two different lists, so we don't miss eligible relays with multiple IP addresses.

If you are excited to do it, go for it. If you're not excited though, I think there's no reason to put too much energy into this idea.

Remember the original phrasing in the tor-dev post: "It's certainly not a robust trick, but it has few downsides". Once you need to ask a bunch of people to set things up, and track whether they did, and bug them afterwards, it might not count as "few downsides" anymore. :)

comment:11 Changed 2 years ago by nickm

Keywords: tor-client fallback-directory added

comment:12 Changed 18 months ago by teor

Owner: teor deleted
Status: newassigned

Disowning tickets I don't intend to work on in the next 6 months.

comment:13 Changed 18 months ago by teor

Status: assignednew

Mark all tickets that are assigned to nobody as "new".

comment:14 Changed 5 months ago by teor

Milestone: Tor: unspecified

After #27914, fallback-scripts is its own repository. Fallback changes are no longer tied to Tor releases.

Note: See TracTickets for help on using tickets.