#28647 closed defect (fixed)

Update INSTALL.rst and DEPLOY.rst based on Torflow's documentation

Reported by: teor Owned by:
Priority: Medium Milestone: sbws: 1.0.x-final
Component: Core Tor/sbws Version: sbws: 1.0.2
Severity: Normal Keywords:
Cc: juga, teor Actual Points:
Parent ID: Points:
Reviewer: nickm Sponsor:

Description (last modified by teor)

Are these things required for sbws:

  • 500Mbit-1Gbit of upstream documented in INSTALL.rst
  • a fixed IP address
  • SSL is needed to avoid HTTP content caches at the various exit nodes
  • Self-signed certs are OK
  • The server will consume around 12-15Gbytes/day
  • A script to create the file

See Torflow's docs at:
https://gitweb.torproject.org/torflow.git/tree/NetworkScanners/BwAuthority/README.BwAuthorities#n157

This documentation needs to be updated in 1.0, before we give the instructions to more authority operators.

Child Tickets

Change History (11)

comment:1 Changed 12 months ago by teor

Description: modified (diff)
Summary: Update DEPLOY.rst based on Torflow's documentationUpdate INSTALL.rst and DEPLOY.rst based on Torflow's documentation

comment:2 in reply to:  description ; Changed 12 months ago by juga

Replying to teor:

Are these things required for sbws:

  • 500Mbit-1Gbit of upstream documented in INSTALL.rst

It currently says at least 20MB/s (160 Mbit/s). I think this should be changed to between 500Mbit/s or 1Gbit/s. The scanner used by longclaw is 1Gbit/s

  • a fixed IP address
  • SSL is needed to avoid HTTP content caches at the various exit nodes

When the configuration file it's parsed, accepts both http and https. Should this be changed to allow only https and give an error when it's http?

  • Self-signed certs are OK
  • The server will consume around 12-15Gbytes/day
  • A script to create the file

Should the script be included in sbws or just written in the documentation?.

comment:3 in reply to:  2 ; Changed 12 months ago by teor

Replying to juga:

Replying to teor:

Are these things required for sbws:

  • 500Mbit-1Gbit of upstream documented in INSTALL.rst

It currently says at least 20MB/s (160 Mbit/s).

Why did you pick this number?
100 Mbit/s is the most common available bandwidth.

I think this should be changed to between 500Mbit/s or 1Gbit/s. The scanner used by longclaw is 1Gbit/s

Why is 1 Gbit/s required?
Torflow and sbws scaling is relative, so high bandwidths give better accuracy, but they're not required.

Before we set a requirement, we should make sure it is actually available to bandwidth authority operators.

  • a fixed IP address

Is this needed?

  • SSL is needed to avoid HTTP content caches at the various exit nodes

When the configuration file it's parsed, accepts both http and https. Should this be changed to allow only https and give an error when it's http?

I think we should require HTTPS, because it stops caches and other forms of cheating.

  • Self-signed certs are OK
  • The server will consume around 12-15Gbytes/day
  • A script to create the file

Should the script be included in sbws or just written in the documentation?.

I think it's enough to include it in the documentation.
It's a very short script.

comment:4 in reply to:  3 ; Changed 12 months ago by juga

Replying to teor:

Replying to juga:

Replying to teor:

Are these things required for sbws:

  • 500Mbit-1Gbit of upstream documented in INSTALL.rst

It currently says at least 20MB/s (160 Mbit/s).

Why did you pick this number?

That's what the testing sbws server has and seemed to work well.

100 Mbit/s is the most common available bandwidth.

I think this should be changed to between 500Mbit/s or 1Gbit/s. The scanner used by longclaw is 1Gbit/s

Why is 1 Gbit/s required?
Torflow and sbws scaling is relative, so high bandwidths give better accuracy, but they're not required.

At some point we might relay more on the measurements than the relay's observed bandwidth?

Before we set a requirement, we should make sure it is actually available to bandwidth authority operators.

What do you think is the minimum required?
I'll ask then to the bwauth operators what's available to them.

  • a fixed IP address

Is this needed?

actually, i don't think so

  • SSL is needed to avoid HTTP content caches at the various exit nodes

When the configuration file it's parsed, accepts both http and https. Should this be changed to allow only https and give an error when it's http?

I think we should require HTTPS, because it stops caches and other forms of cheating.

ok

  • Self-signed certs are OK
  • The server will consume around 12-15Gbytes/day
  • A script to create the file

Should the script be included in sbws or just written in the documentation?.

I think it's enough to include it in the documentation.
It's a very short script.

ok

comment:5 in reply to:  4 ; Changed 12 months ago by teor

Replying to juga:

Replying to teor:

Replying to juga:

Replying to teor:

Are these things required for sbws:

  • 500Mbit-1Gbit of upstream documented in INSTALL.rst

It currently says at least 20MB/s (160 Mbit/s).

Why did you pick this number?

That's what the testing sbws server has and seemed to work well.

100 Mbit/s is the most common available bandwidth.

I think this should be changed to between 500Mbit/s or 1Gbit/s. The scanner used by longclaw is 1Gbit/s

Why is 1 Gbit/s required?
Torflow and sbws scaling is relative, so high bandwidths give better accuracy, but they're not required.

At some point we might relay more on the measurements than the relay's observed bandwidth?

We should document the current requirement for sbws.

If the requirement changes in the future, we can let people know before they upgrade.

Before we set a requirement, we should make sure it is actually available to bandwidth authority operators.

What do you think is the minimum required?
I'll ask then to the bwauth operators what's available to them.

100 Mbit/s.

  • a fixed IP address

Is this needed?

actually, i don't think so

What happens to sbws if the server's IP address changes?

comment:6 in reply to:  5 ; Changed 12 months ago by juga

Replying to teor:

  • a fixed IP address

Is this needed?

actually, i don't think so

What happens to sbws if the server's IP address changes?

Any open connection will become unusable, Tor will rotate keys, and start new connections. So i think sbws will just lost any current measurement but continue measuring.
Is that what you think?

comment:7 in reply to:  6 Changed 12 months ago by teor

Replying to juga:

Replying to teor:

  • a fixed IP address

Is this needed?

actually, i don't think so

What happens to sbws if the server's IP address changes?

Any open connection will become unusable, Tor will rotate keys, and start new connections. So i think sbws will just lost any current measurement but continue measuring.
Is that what you think?

That's what happens to the sbws scanner.

But what happens to sbws if the bandwidth HTTPS server's IP address changes?
If the IP address is in the scanner's config, then the server becomes unreachable by the scanner.
If the DNS name is in the scanner's config, then the scanner should be fine, as long as the DNS is updated, and the scanner checks DNS regularly.

So let's say:

  • a fixed IP address or DNS name

comment:8 Changed 11 months ago by juga

Status: newneeds_review
Version: sbws: 1.0.2

comment:9 Changed 11 months ago by dgoulet

Reviewer: nickm

comment:10 Changed 11 months ago by nickm

Status: needs_reviewmerge_ready

Looks fine to me. I can't vouch for the thresholds, but if they match up to what you discussed above, it should be fine to merge.

comment:11 Changed 11 months ago by juga

Resolution: fixed
Status: merge_readyclosed

Merged.

Note: See TracTickets for help on using tickets.