Opened 7 years ago

Last modified 15 months ago

#6777 new defect

add config option to not rate limit authority dir conns

Reported by: arma Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-dirauth, rate-limit, easy, tor-dos
Cc: ln5 Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

During today's consensus fiasco, several authorities were hitting their configured bandwidth rates. In moria1's case, we were using the default 5MB/10MB, and we were basically sustaining 5MB/s of directory output for 6+ hours. Most things weren't finishing getting written -- including votes.

weasel suggested a feature where we allow dir conns to/from authorities to go above our bandwidth limits.

I was thinking we would implement it just by making connection_is_rate_limited() say "no" for them.

but weasel suggested that we count the bytes, and reduce them from our totals, but not limit the conns. That sounds worthwhile but more complex.

On the theory that we want this hack in rather than waiting forever for the elegant solution, I convinced weasel that he should be ok with the simpler approach.

Heck, maybe rather than making it a config option, we should just make it standard behavior for authorities.

Child Tickets

Change History (12)

comment:1 Changed 7 years ago by ln5

Cc: ln5 added

comment:2 Changed 7 years ago by nickm

Keywords: tor-auth added

comment:3 Changed 7 years ago by nickm

Component: Tor Directory AuthorityTor

comment:4 Changed 6 years ago by nickm

Do we still believe this is a good idea? A good idea for 0.2.4?

comment:5 Changed 6 years ago by nickm

Milestone: Tor: 0.2.4.x-finalTor: 0.2.5.x-final

athena and I concur: this is for 0.2.5.

comment:6 Changed 5 years ago by nickm

Milestone: Tor: 0.2.5.x-finalTor: 0.2.???

comment:7 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:8 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:9 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:10 Changed 2 years ago by dgoulet

Keywords: tor-dirauth added; tor-auth removed

Turns out that tor-auth is for directory authority so make it clearer with tor-dirauth

comment:11 Changed 2 years ago by nickm

Keywords: dos rate-limit easy added
Severity: Normal

The best fix for this is now probably under the heading of #18346 (separating authority roles), but that doesn't mean this work would useless in the short-term. Resilience fixes always look low-priority until something starts to explode.

That said, we need to be careful about the proposed fix, to make sure that we only rate-limit the traffic we meant to rate-limit.

comment:12 Changed 15 months ago by dgoulet

Keywords: tor-dos added; dos removed

Rename keyword "dos" to "tor-dos"

Note: See TracTickets for help on using tickets.