Changes between Version 40 and Version 41 of doc/FireFoxTorPerf


Ignore:
Timestamp:
Apr 23, 2010, 4:47:54 AM (9 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/FireFoxTorPerf

    v40 v41  
    22
    33== Introduction ==
    4 
    54Tor is known for being secure but slow. If you want to improve browsing speed a bit, please follow the following simple instructions for tweaking the Firefox web browser's settings:
    65
    7 == Procedure ==
     6== Table of contents ==
     7 * Procedure 1
     8 * Procedure 2 - an update and addendum to Procedure 1
     9  * [https://torbutton.torproject.org/ Tor Button]
     10  * [http://https://addons.mozilla.org/en-US/firefox/addon/4420 Configuration Mania for Firefox]
     11  * [http://www.speedguide.net/downloads.php TCPOptimizer (win32)]
     12  * [http://www.speedguide.net/read_articles.php?id=1497 Event ID 4226 Patcher (win32)]
     13  * DNS Latency
     14 * The proof is in the pudding, results
     15 * Advanced Tuning for Windows
    816
     17== Procedure 1 ==
    918First, open Firefox's advanced settings menu by running ''about:config'' from the address bar. Upon entering this address, you will see a long list of internal settings. Modify the following ones and set them to the suggested values shown here for maximum performance:
    1019
    11 {{{ network.http.keep-alive.timeout:600 (300ms default is OK usually, but 600 is consistently better)
    12 network.http.max-persistent-connections-per-proxy:16 (Default is 8?)
     20{{{
     21network.http.keep-alive.timeout:600 (300ms default is OK usually, but 600 is better.)
     22network.http.max-persistent-connections-per-proxy:16 (Default is 4)
    1323network.http.pipelining:true (Default- false. Some old HTTP/1.0 servers can't handle it.)
    14 network.http.pipelining.firstrequest:true (Default- false.)
    1524network.http.pipelining.maxrequests:8 (No default)
    1625network.http.proxy.keep-alive:true (Default- true, but double check)
    17 network.http.proxy.pipelining:true (Default- false)
    18 network.http.proxy.keep-alive:true (Default- true, but double check) }}}
     26network.http.proxy.pipelining:true (Default- false) - see Proecedure 2 below.}}}
     27Afterwards, just restart the browser and experience the difference! For some automated additional performance hacks, check out [http://www.totalidea.com/freestuff4.htm FireTune]. Currently, Fire{{{}}}Tune is only for Win32, but you can do the same tweaks manually with the help of [http://www.tweakfactor.com/articles/tweaks/firefoxtweak/4.html this page].
    1928
    20 Afterwards, just restart the browser and experience the difference! For some automated additional performance hacks, check out [http://www.totalidea.com/freestuff4.htm FireTune]. Currently, Fire``Tune is only for Win32, but you can do the same tweaks manually with the help of [http://www.tweakfactor.com/articles/tweaks/firefoxtweak/4.html this page]. Also, this wiki site's documentation on [http://wiki.noreply.org/noreply/TheOnionRouter/SquidProxy Squid+Tor] is of some use for performance and anonymity reasons.
     29== Procedure 2 - an update and addendum to Procedure 1 ==
     30These results were arrived at empirically, using the win32 bundle, Tor & Privoxy & Vidalia bundle: 0.1.2.5-alpha
     31
     32=== Tor Button - enable / disable Tor access in FireFox ===
     33This provides an optional button or text in the bottom right of the browser window in Firefox. This allows you to switch Tor on and off.
     34
     35=== Configuration Mania - Modify performance related settings in FireFox ===
     36This plugin modifies the networking and cache settings for Firefox. When you load Configuration Mania, select the HTTP Network settings tab.
     37
     38    * Tor may perform better with HTTP1.0 over HTTP1.1. Its worth experimenting with this setting. It is claimed that some proxies and firewalls do not work well with HTTP1.1, but it may be ascertained empiracally, through experimentation, which is best.
     39    * Tor may or may not work well with HTTP1.1 pipelining. Ensure pipelining is disabled (default) for proxy connections. There is some confusion over this setting, which a cursory search will reveal. [http://www.google.co.uk/search?q=firefox+pipelinening&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a Search on Firefox Pipelining]
     40    * Tor may or may not not work well with Persistent HTTP connections. Ensure this option is disabled for proxy connections. Again some confusion abounds as a cursory search reveals [http://www.google.co.uk/search?q=firefox+keep-alive&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a Search on HTTP Keep-Alive]. In any case, there may be issues with decreased anonymity with persistent connections.
     41
     42NOTE: Do not use page prefetching. Disable this if it is enabled. Prefetching is a speculative feature, which assumes that you will read the pages referenced by the links in the current page you are viewing. This places undue load on the Tor network. Its unlikely you will read all the pages referenced by the current page, especially in the case of search engines results.
     43
     44=== TCPOptimizer -  2K/XP's throughput (win32) ===
     45Windows XP has a self-tuning IP stack, but it can still benefit from a little help. Using the TCP Optimiser tool from above you can tune the RWIN, SACK OPTS (rfc 2038), and tcp1323opts controlling window scaling. The tool has one button optimise. This setting is sufficient to benefit from immediate increases to Tor throughput. To increase throughput further you can try experimenting with lower values of the IP TTL (Time To Live). Values as low as 32 will work and result in improved performance. Also try experimenting with smaller TCPWindowSizes. This setting is automatically adjusted when you move the slider marked 'Connection Speed' of the TCPOptimizer  tool.
     46
     47You can view your connection parameters and their effects on your connections, both with Tor and without Tor, at [http://www.dslreports.com/tweaks DSLReports]
     48
     49=== Event ID 4226 Patcher - Remove the limit on TCP connection attempts XP SP2 (win32) ===
     50[http://www.speedguide.net/read_articles.php?id=1497 Remove the limit on TCP connection attempts] SpeedGuide.net has an interesting article detailing this restriction introduced in XP SP2. Microsoft have restricted the amount of half-open TCP/IP connections with the proviso that it would reduce the pace that worms spread. As noted by SpeedGuide, internet worms spread isotropically (multi-directionally) and so their infecton rate is exponential. As such, placing a constant (limit) on the rate of connection creation for every computer running XP SP2 will slow the rate of worms spreading (for that group of computers) but not by much. Consider the population of humans on the planet. Its over ~6 billion.
     51
     52Supposing all these people are running Windows XP SP2, with rate limited half-open connections. Rate limiting is set to 10 half-open connections per second. To infect the entire population of computers would take: We are assuming optimum forward infection here. In the first second we have infected 10 machines. The 2nd second to elapse will cause (10 x 10) + 10 = 110 computers to be infected. The 3rd second to elapse would cause:
     53
     54 . ( (10 x 10) x 10 ) + (10 * 10) + 10 =  1110 computers to be infected. So the number of computers infected for every second that elapses is : computers infected = ~ 10 ^ elapsedSeconds
     55In 12 seconds, we would have 10 ^ 12 = 1 billion computers infected. Full infection occurs before 13 seconds have elapsed !
     56
     57This is all skewed by network topologies and routing algorithms, but they would affect a non-limited network in an identical manner. So the affect is a theoretical maximum of 13 seconds of additional notice to act against the worm. To all intents and purposes, this is useless.
     58
     59Of much more interest is the effect on ANY network that relies on many open connections, such as Tor and a host of P2P applications. The effect here is a slow down of communications, with the limit acting as the catalyst.
     60
     61Use the Event ID 4226 Patcher to mitigate against this.
     62
     63=== DNS Latency - Reducing Latency ===
     64You can use [http://www.opendns.org OpenDNS] to reduce your DNS latency for all operating systems.
     65
     66== Procedure 3 - A Tor NFR (Non-Functional Requirement) ==
     67If you follow the previous authors work you should have well performing access. To go that bit further lets consider the ideal behaviour of our Tor client.
     68
     69You will need: [https://www.torproject.org/tor-manual.html.en The on-line reference to Tor properties, that can be placed in torrc.] Always back up this file before editing.
     70
     71Lets think of a Non-Functional Requirement we might like to place on our Tor client.
     72
     73 * we want it to establish circuits as quickly as possible. If it takes too long to do this ignore them, by timing out the building of circuits quickly.
     74 * now we have circuit build time-outs occuring more frequently, we need to encourage Tor to try to generate circuits more often.
     75 * Once we have established a circuit, we are assuming its a good one and we dont want it being timed out by firewalls or anything else. We need to make sure a ping occurs on the circuit to prevent this.
     76Given this NFR, lets come up with some properties that may help satisfy it.
     77
     78 * CircuitBuildTimeout NUM
     79  . Try for at most NUM seconds when building circuits. If the circuit isn't open in that time, give up on it. (Default: 1 minute.) Force circuits that are quick to establish and thus likely to push traffic more quickly. Values as low as 2 seconds have been tried with good results, although the author is not sure on the effect on anonymity. The effect is a smaller 'Topological Radius' of servers used for Tor. The Topological Radius being the radius obtained topologically, in this case the network connections available from your connection.
     80 * KeepalivePeriod NUM
     81  . To keep firewalls from expiring connections, send a padding keepalive cell every NUM seconds on open connections that are in use. If the connection has no open circuits, it will instead be closed after NUM seconds of idleness. (Default: 5 minutes)
     82 * NewCircuitPeriod NUM
     83  . Every NUM seconds consider whether to build a new circuit. (Default: 30 seconds) Lets make Tor ready to establish a new circuit more readily.
     84Settings that you may append to the end of the torrc configuration file are as follows:
     85{{{
     86# Try for at most NUM seconds when building circuits. If the circuit
     87# isn't open in that time, give up on it. (Default: 1 minute.)
     88CircuitBuildTimeout 2
     89
     90# Send a padding cell every N seconds to keep firewalls from closing
     91# our connections while Tor is not in use. (Default: 5 minutes)
     92KeepalivePeriod 60
     93
     94# Force Tor to consider whether to build a new circuit every NUM
     95# seconds. (Default: 30 seconds)
     96NewCircuitPeriod 15
     97}}}
     98== The proof is in the pudding, results ==
     99With the changes made from Procedure 2 and 3, and a 2Mb connection, you can realise a sustained throughput of >100k, peaking at ~256k or more, with a ping response time of between 250 and 900ms.
     100
     101These figures were arrived at by using [http://speedtest.net SpeedTest.net]
     102== Advanced Windows Tuning ==
     103This section has been included last for those who are technically capable
     104
     105The following parameters must also satisfy the formula below for optimal performance.
     106
     107''Windows:RWIN >= Privoxy:buffer > ( Tor:ConstrainedSockSize default = 262KB )''
     108
     109||Windows||in TCP Optimizer||
     110|| -- ||-- ||
     111||RWIN || TCPOptimizer max setting||
     112||Window Scaling|| On||
     113||TcpIP TTL || 128||
     114||LANBufferSize || 65535||
     115----
     116Reducing DNS caching time reduces the risk of an invalid DNS resolve, given Tor servers may be operating in a DHCP environment that updates the IP each time the network connects.
     117||Windows||registry:TCPIP service||
     118|| -- || -- ||
     119||DNS Cache || 4 hours (set in registry by hand)||
     120----
     121Privoxy is set to be a 'straight-through' proxy server, with the toggle switch. Its buffer is reduced to below that of RWIN. This is because RWIN represents the largest TCP receive window. Its value is chosen to be above Tor default socks size = 252KB
     122||Privoxy||config.txt||
     123|| -- || -- ||
     124||Privoxy:buffer || 265 (in KB < Windows:RWIN)||
     125||toggle || 0||
     126
     127
     128CategoryHowTos