Opened 8 months ago

Last modified 8 months ago

#26805 new defect

Work out why Tor networks with all-zero bandwidths are unstable

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-bwauth
Cc: neel@… Actual Points:
Parent ID: #26803 Points:
Reviewer: Sponsor:

Description

When I run a chutney network with an empty bwfile, the network seems to fail more often.

We should either:

  • fix this bug on tor clients, or
  • make authorities never vote zero bandwidths:
    • make the minimum bandwidth 1, or
    • drop relays with zero bandwidths from the consensus.

This blocks adding a bwfile test to make test-network-all in #26803

Child Tickets

Change History (3)

comment:1 Changed 8 months ago by arma

I would be a fan of "figure out what the issue is", rather than applying the bandaid options without knowing whether they actually fix it.

comment:2 Changed 8 months ago by neel

Cc: neel@… added

Does "bandwidth" mean consensus weight? Is so, I believe all-zero bandwidth networks are unstable because it's hard for a client to distinguish the network between different relays as no fraction of a relay's bandwidth can be made. Keep in mind that I'm not an expert on Tor design and this could be completely inaccurate.

I think the solution is that if there's a bandwidth of 0, we automatically make it 1 either on the client or on the consensus. I haven't looked fully into a solution so this may be an imperfect one.

comment:3 in reply to:  2 Changed 8 months ago by teor

Replying to neel:

Does "bandwidth" mean consensus weight? Is so, I believe all-zero bandwidth networks are unstable because it's hard for a client to distinguish the network between different relays as no fraction of a relay's bandwidth can be made. Keep in mind that I'm not an expert on Tor design and this could be completely inaccurate.

Yes, clients have trouble when the total is zero, because they try dividing by zero (or similar).
And clients also have trouble when a relay they need is weighted at zero.

I think the solution is that if there's a bandwidth of 0, we automatically make it 1 either on the client or on the consensus. I haven't looked fully into a solution so this may be an imperfect one.

That's one solution.

arma suggested that we fix all the little specific bugs that cause these issues, which is a good idea. We should also add unit tests with zero bandwidths so they don't happen again.

I also suggest that we decide what a zero consensus weight means:

  • if it means "never use this relay", we could drop zero-bandwidth relays from the consensus
  • if it means "try not to use this relay", we could:
    • act as if zero-bandwidth relays have a very small bandwidth, like 1
    • avoid using the relay in our first pass, and only choose it if we can't find any other relays (like we do with the existing ExitNodes option when StrictNodes is 0)

I think that zero consensus weights generally happen when relays are slow or unmeasured, so "try not to use this relay" seems like a good response. (And a better response for test networks, too.)

Note: See TracTickets for help on using tickets.