Opened 8 years ago

Last modified 19 months ago

#2664 new enhancement

DoS and failure resistence improvements

Reported by: mikeperry Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: SponsorZ-large, tor-dirauth, tor-dos
Cc: ln5 Actual Points:
Parent ID: Points:
Reviewer: Sponsor: SponsorV-can

Description (last modified by mikeperry)

We just had a near-catastrophe today when an IPv6 relay descriptor took out all of the Tor directory authorities. It took us ~10hrs to correct this issue. The maximum we had before the network breaks for everyone is 28hrs. We need to consider implementing some procedures to both reduce the amount of turnaround time it takes to diagnose and fix cases like this, and also enhance the network's ability to function if we can't bring the authorities back online within 28hrs.

This ticket is the parent ticket for a series of child tickets that have been created to remind us to create actual proposals and procedures.

Child Tickets

TicketTypeStatusOwnerSummary
#572enhancementclosedfallback-consensus file impractical to use
#2665tasknewCreate a dirauth DoS response procedure
#2666taskclosedCreate a nagios config for dirauths
#2671taskassignednickmBetter communication for authority operators, core developers in emergency situations
#2681enhancementnewbrainstorm ways to let Tor clients use yesterday's consensus more safely
#2693enhancementnewDesign and implement improved algorithm for choosing consensus method
#4339taskclosedTurn on the last part of proposal 110
#4483defectclosedteorIf k of n authorities are down, k/n bootstrapping clients are delayed for minutes

Change History (14)

comment:1 Changed 8 years ago by arma

Component: Tor RelayTor Directory Authority

comment:2 Changed 8 years ago by mikeperry

Description: modified (diff)

comment:3 Changed 8 years ago by nickm

Milestone: Tor: unspecified

Throwing this into "Tor: Unspecified"; individual subtickets should get their own milestone, though.

comment:4 Changed 7 years ago by nickm

Type: enhancementproject

comment:5 Changed 7 years ago by nickm

Type: projectenhancement

comment:6 Changed 6 years ago by mikeperry

Keywords: SponsorZ-large added

comment:7 Changed 6 years ago by ln5

Cc: ln5 added

comment:8 Changed 6 years ago by nickm

Keywords: tor-auth added

comment:9 Changed 6 years ago by nickm

Component: Tor Directory AuthorityTor

comment:10 Changed 2 years ago by cass

Severity: Normal

This parent ticket is tagged SponsorZ, but it looks like progress on all open children stalled a while ago. Are there still parts that need funding?

comment:11 Changed 2 years ago by nickm

We've recently done lots of work here in the tor-dos keyword for SponsorU. We could make more progress here with more funding, of course.

comment:12 Changed 20 months ago by dgoulet

Keywords: tor-dirauth added; tor-auth removed

Turns out that tor-auth is for directory authority so make it clearer with tor-dirauth

comment:13 Changed 20 months ago by nickm

Keywords: tor-dos added

comment:14 Changed 19 months ago by nickm

Sponsor: SponsorV-can
Note: See TracTickets for help on using tickets.