Opened 9 months ago

Closed 9 months ago

#24814 closed defect (not a bug)

Tor relay killing UPC Connect Box

Reported by: pato Owned by:
Priority: Medium Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor Version: Tor: 0.3.1.9
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I'm running a Tor relay since some years on my Raspberry 3 (earlier on the raspi 2), but recently my internet connection started to have packet loss.
After checking with my ISP, who didn't find anything wrong, I discovered that it's probably because of too many open connections.
Running 'arm' on my relay, I see that I have:
Connections (2561 inbound, 2115 outbound, 5 circuit)
or:
netstat -an | wc -l
4897
Besides that my raspi is a tad slow, my internet connection is quite slow because of the 20% packet loss.
I've started now to work with the MaxAdvertisedBandwidth option (now set to 550 KB, but would like to offer 10 Mbit/s) and reduced that by nearly 50%, but so far without any positive result (might take a while to propagate?).
Anyway, my ISP UPC.ch only allows their own Connect Box (CB) to be connected. I'm running it in modem mode, so my router is actually doing the whole NAT, but that one has enough performance (tested it by directly connecting a client to the CB and still had packet loss.
I'm sure this is bad for the whole TOR network :(
I assume it might be because of the new blockades in the Arabic areas, as I have the problem since around 3 weeks in varying amounts.

Child Tickets

Change History (11)

comment:1 Changed 9 months ago by pato

Component: - Select a componentCore Tor/Tor

comment:2 Changed 9 months ago by Dbryrtfbcbhgf

Because of your high packer loss and low bandwidth, You're probably better off using a vps service. here is the service I use.
https://www.bhost.net/

$11 a month
100Mbps
Network Port

$22 a month
1Gbps
Network Port

I am not sure if they will allow you to run an exit relay.

Full Disclosure.
The only connection I have to bhost is that I rent 1 vps server from them.

Last edited 9 months ago by Dbryrtfbcbhgf (previous) (diff)

comment:3 Changed 9 months ago by arma

A) Thanks for running a relay!

B) Did you tell us a fingerprint for your relay, so we can look into it more? A link to the relay's page on atlas would work fine too.

C) Hm. 20% packet loss might mean that your Tor relay is trying to use more bandwidth than your network can handle. Do you know how much bandwidth you actually have? (Upload is probably the limiting factor.) You should set RelayBandwidthRate to that amount, and RelayBandwidthBurst to not much more than it.

D) As for why you're seeing this increased load in recent weeks, see the discussions on the tor-relays list, e.g. https://lists.torproject.org/pipermail/tor-relays/2017-December/014002.html

comment:4 Changed 9 months ago by pato

Fingerprint: 1AED1571D5FA7385AC3C25FB3E86F49E706ABD99
Now after ~24 hours of uptime:
arm -> Connections (6805 inbound, 2315 outbound):
netstat -an | wc -l
8470

My internet connection is 400/40 Mbit/s, so with the limit set to 880 KB/s it's easily enough bandwidth. I'm fairly sure my cable modem is overloaded because of the high amount of connections.

comment:5 Changed 9 months ago by pato

Little update. I've stopped now the DirPort functionality by setting it to 0. Let's see if that will help.

comment:6 Changed 9 months ago by teor

If you want to reduce the number of connections to your relay, reduce the file descriptors allocated to it by your operating system.
This is distribution-specific, on Linux systems with systemd, you can add a drop-in file with:

LimitNOFILE=5000

Or, maybe you would be better running a bridge?

comment:7 Changed 9 months ago by pato

I run it solely for other people, so I think it's better to use a relay instead of bridge?
As far as I understand the LimitNOFILE, it's system wide and could cause various other issues. I fear I rather have to shutdown my relay.

comment:8 in reply to:  7 Changed 9 months ago by teor

Replying to pato:

I run it solely for other people, so I think it's better to use a relay instead of bridge?

Bridges send their details to the bridge authority, and these details are given out to censored users.
So you would be helping other people.

As far as I understand the LimitNOFILE, it's system wide and could cause various other issues. I fear I rather have to shutdown my relay.

If you use a systemd drop-in for the tor service, it only applies to the tor process.

comment:9 in reply to:  5 Changed 9 months ago by arma

Replying to pato:

I've stopped now the DirPort functionality by setting it to 0. Let's see if that will help.

For recent Tors, that won't actually turn off offering dir info (via begindir on your ORPort). You'll want to set "DirCache 0" in your torrc if you want to opt out of directory server stuff.

comment:10 Changed 9 months ago by pato

I've disabled my relay now for the time being. I will probably later re-enable it, once the usage has normalized a little.

comment:11 Changed 9 months ago by teor

Resolution: not a bug
Status: newclosed
Note: See TracTickets for help on using tickets.