Changes between Version 97 and Version 98 of doc/FireFoxTorPerf


Ignore:
Timestamp:
Apr 23, 2010, 4:47:55 AM (9 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/FireFoxTorPerf

    v97 v98  
    22
    33== Introduction ==
     4
    45Tor is known for being secure but slow. If you want to improve browsing speed a bit, please follow the following simple instructions for tweaking the Firefox web browser's settings:
    56
    67== Procedure 1 ==
     8
    79First, open Firefox's advanced settings menu by running ''about:config'' from the address bar. Upon entering this address, you will see a long list of internal settings. Modify the following ones and set them to the suggested values shown here for maximum performance:
    810
    9 {{{
    10 network.http.keep-alive.timeout:600 (300ms default is OK usually, but 600 is better.)
     11{{{ network.http.keep-alive.timeout:600 (300ms default is OK usually, but 600 is better.)
    1112network.http.max-persistent-connections-per-proxy:16 (Default is 4)
    1213network.http.pipelining:true (Default- false. Some old HTTP/1.0 servers can't handle it.)
    1314network.http.pipelining.maxrequests:8 (No default)
    1415network.http.proxy.keep-alive:true (Default- true, but double check)
    15 network.http.proxy.pipelining:true (Default- false) - see Proecedure 2 below.}}}
    16 Afterwards, just restart the browser and experience the difference! For some automated additional performance hacks, check out [http://www.totalidea.com/freestuff4.htm FireTune]. Currently, Fire{{{}}}Tune is only for Win32, but you can do the same tweaks manually with the help of [http://www.tweakfactor.com/articles/tweaks/firefoxtweak/4.html this page].
     16network.http.proxy.pipelining:true (Default- false) }}}
     17
     18Afterwards, just restart the browser and experience the difference! For some automated additional performance hacks, check out [http://www.totalidea.com/freestuff4.htm FireTune]. Currently, Fire``Tune is only for Win32, but you can do the same tweaks manually with the help of [http://www.tweakfactor.com/articles/tweaks/firefoxtweak/4.html this page]. Additionally, there is the [http://fasterfox.mozdev.org/ FasterFox extension] that is easy to install, and is also '''platform independent'''!
    1719
    1820== Procedure 2 - an update and addendum to Procedure 1 ==
     21
    1922These results were arrived at empirically, using the win32 bundle, Tor & Privoxy & Vidalia bundle: 0.1.2.5-alpha
    2023
    21  * [https://torbutton.torproject.org/ Tor Button]
    22  * [http://https://addons.mozilla.org/en-US/firefox/addon/4420 Configuration Mania for Firefox]
     24You will need the following tools...
     25 * [http://freehaven.net/~squires/torbutton/ Tor Button]
     26 * [http://fasterfox.mozdev.org/ FasterFox]
     27 * [http://www.prnwatch.com/prio.html Prio (win32)]
    2328 * [http://www.speedguide.net/downloads.php TCPOptimizer (win32)]
    2429 * [http://www.speedguide.net/read_articles.php?id=1497 Event ID 4226 Patcher (win32)]
    25 === Tor Button - enable / disable Tor access in FireFox ===
     30
     31== Tor Button - enable / disable TOR access in FireFox ==
    2632This provides an optional button or text in the bottom right of the browser window in Firefox. This allows you to switch Tor on and off.
    2733
    28 === Configuration Mania - Modify performance related settings in FireFox ===
    29 This plugin modifies the networking and cache settings for Firefox. When you load Configuration Mania, select the HTTP Network settings tab.
     34== FasterFox - Modify performance related settings in FireFox ==
     35This plugin modifies the networking and cache settings for Firefox. The following settings need to be modified.
     36 * Initially you need to select 'Custom' in the FasterFox Options. This allows you to use your own detailed options, rather than the default schemes supplied.
     37 * Select the Cache tab.
     38  * Enter a Memory Cache Capacity of >= 8mb
     39  * Enter a Disk Cache Capacity of >= 8mb
     40 * Select the Connection tab
     41  * Enter Max Connection >= 128
     42  * Enter Max Connection Per Server >= 10
     43  * Enter Max Persistent Connection Per Server >= 8
     44  * Enter Max Persistent Connection Per Proxy >= 8
     45 * Select the Pipelining tab
     46  * Ensure all 3 tick options are enabled
     47  * Enter Max pipelining requests >= 10
    3048
    31     * TOR does not work well with HTTP1.1. Ensure HTTP 1.1 is disabled for proxy connections.
    32     * TOR does not work well with pipelining. Ensure this option is not enabled for proxy connections.
    33     * TOR does not work well with Persistent HTTP connections. Ensure this option is disabled for proxy connections.
     49== Prio - Increase Tor process Priority (win32) ==
     50You will also realise a substantial increase in performance by increasing the process priority for the Tor process. You can do this in Task Manager after you identify tor.exe. If you want to persist the process priority you will need a Task Manager addon. An effective tool for doing this is [http://www.prnwatch.com/prio.html Prio]. This tool can only be used in a non-commercial setting, unless you license it.
     51I dont recommend modifying the process above 'high'. If Tor crashes or freezes windows will become unresponsive. Setting it to 'Above Normal' is a good start.
    3452
    35 NOTE: Do not use page prefetching. Disable this if it is enabled. Prefetching is a speculative feature, which assumes that you will read the pages referenced by the links in the current page you are viewing. This places undue load on the TOR network. Its unlikely you will read all the pages referenced by the current page, especially in the case of search engines result
     53== TCP/IP - Optimise 2K/XP's throughput (win32) ==
     54Windows XP has a self-tuning IP stack, but it can still benefit from a little help. Using the TCP Optimiser tool from above you can tune the RWIN, SACK OPTS (rfc 2038), and tcp1323opts controlling window scaling. The tool has one button optimise. This setting is sufficient to benefit from immediate increases to Tor throughput. To increase throughput further you can try experimenting with lower values of the IP TTL (Time To Live). Values as low as 32 will work and result in improved performance. Also try experimenting with smaller TCPWindowSizes. This setting is automatically adjusted when you move the slider marked 'Conenction Speed'. Try the lowest setting for this. Its worked for me.
    3655
    37 === TCPOptimizer -  2K/XP's throughput (win32) ===
    38 Windows XP has a self-tuning IP stack, but it can still benefit from a little help. Using the TCP Optimiser tool from above you can tune the RWIN, SACK OPTS (rfc 2038), and tcp1323opts controlling window scaling. The tool has one button optimise. This setting is sufficient to benefit from immediate increases to Tor throughput. To increase throughput further you can try experimenting with lower values of the IP TTL (Time To Live). Values as low as 32 will work and result in improved performance. Also try experimenting with smaller TCPWindowSizes. This setting is automatically adjusted when you move the slider marked 'Connection Speed' of the TCPOptimizer  tool.
    39 
    40 === Event ID 4226 Patcher - Remove the limit on TCP connection attempts XP SP2 (win32) ===
     56== Remove the limit on TCP connection attempts XP SP2 (win32) ==
    4157[http://www.speedguide.net/read_articles.php?id=1497 Remove the limit on TCP connection attempts] SpeedGuide.net has an interesting article detailing this restriction introduced in XP SP2. Microsoft have restricted the amount of half-open TCP/IP connections with the proviso that it would reduce the pace that worms spread. As noted by SpeedGuide, internet worms spread isotropically (multi-directionally) and so their infecton rate is exponential. As such, placing a constant (limit) on the rate of connection creation for every computer running XP SP2 will slow the rate of worms spreading (for that group of computers) but not by much. Consider the population of humans on the planet. Its over ~6 billion.
    4258
    43 Supposing all these people are running Windows XP SP2, with rate limited half-open connections. Rate limiting is set to 10 half-open connections per second. To infect the entire population of computers would take: We are assuming optimum forward infection here. In the first second we have infected 10 machines. The 2nd second to elapse will cause (10 x 10) + 10 = 110 computers to be infected. The 3rd second to elapse would cause:
     59Supposing all these people are running Windows XP SP2, with rate limited half-open connections. To infect the entire population of computers would take:
     60We are assuming optimum forward infection here. In the first second we have infected 10 machines. The 2nd second to elapse will cause (10 x 10) + 10 = 110 computers to be infected. The 3rd second to elapse would cause:
     61 ( (10 * 10) * 10 ) + (10 * 10) =  1100 computers to be infected. So the number of computers infected for every second that elapses is :
     62 computers infected = ~ 10 ^ elapsedSeconds
    4463
    45  . ( (10 x 10) x 10 ) + (10 * 10) + 10 =  1110 computers to be infected. So the number of computers infected for every second that elapses is : computers infected = ~ 10 ^ elapsedSeconds
    4664In 12 seconds, we would have 10 ^ 12 = 1 billion computers infected. Full infection occurs before 13 seconds have elapsed !
    4765
    48 This is all skewed by network topologies and routing algorithms, but they would affect a non-limited network in an identical manner. So the affect is a theoretical maximum of 13 seconds of additional notice to act against the worm. To all intents and purposes, this is useless.
     66This is all skewed by network topologies and routing algorithms, but they would affect a non-limited network in an identical manner. So the affect is a theoretical minimum of 12 seconds of additional notice to act against the worm. To all intents and purposes, this is useless.
    4967
    5068Of much more interest is the effect on ANY network that relies on many open connections, such as Tor and a host of P2P applications. The effect here is a slow down of communications, with the limit acting as the catalyst.
     
    5270Use the Event ID 4226 Patcher to mitigate against this.
    5371
    54 == Procedure 3 - A Tor SLA (Service Level Agreement) ==
    55 If you follow the previous authors work you should have well performing access. To go that bit further lets consider the ideal behaviour of our Tor client.
     72== DNS - reducing latency ==
     73For faster DNS performance generally and with TOR(on win32 only i'm afraid) see...
     74 * [http://www.analogx.com/contents/download/network/fc.htm AnalogX - FastCache]
     75When TOR starts it will report if it is using localhost to resolve DNS addresses. When you install FastCache, it sets up a local, cached and persistent store of DNS addresses. DNS resolves cost TOR a lot in terms of latency. A large part of TOR's reduction in speed is caused by setting up the path to the Onion routers that are servicing the request. Reduce DNS latency and the time cost of setting up the TOR channels are reduced.
     76Also for all OS'es see...
     77 * [http://www.opendns.com/ OpenDNS]
    5678
    57 You will need: [https://www.torproject.org/tor-manual.html.en The on-line reference to Tor properties, that can be placed in torrc.] Always back up this file before editing.
     79== The proof is in the pudding ==
    5880
    59 Lets think of a Service Level requirement we might like to place on our Tor client.
    60 
    61  * we want it to establish circuits as quickly as possible. If it takes too long ignore them, by timing out the building of circuits quickly.
    62  * now we have circuit build time-outs occuring more frequently as we don't wait too long for circuits to establish, we need to encourage Tor to try to generate circuits more often.
    63  * Once we have established a circuit, we are assuming its a good one and we dont want it being timed out by firewalls or anything else. We need to make sure a ping occurs on the circuit to prevent this.
    64 Given this SLA, lets come up with some properties that may help satisfy it.
    65 
    66  * CircuitBuildTimeout NUM
    67   . Try for at most NUM seconds when building circuits. If the circuit isn't open in that time, give up on it. (Default: 1 minute.) Force circuits that are quick to establish and thus likely to push traffic more quickly. Values as low as 2 seconds have been tried with good results, although the author is not sure on the effect on anonymity.
    68  * KeepalivePeriod NUM
    69   . To keep firewalls from expiring connections, send a padding keepalive cell every NUM seconds on open connections that are in use. If the connection has no open circuits, it will instead be closed after NUM seconds of idleness. (Default: 5 minutes)
    70  * NewCircuitPeriod NUM
    71   . Every NUM seconds consider whether to build a new circuit. (Default: 30 seconds) Lets make Tor ready to establish a new circuit more readily.
    72 {{{
    73 # This file was generated by Tor; if you edit it, comments will not be
    74 # preserved The old torrc file was renamed to torrc.orig.1 or similar,
    75 # and Tor will ignore it
    76 # The advertised (external) address we should use.
    77 #Address DELIBERATELY LEFT BLANK - LET Tor CALCULATE ON STARTUP
    78 # MaxAdvertisedBandwidth N bytes|KB|MB|GB|TB If set, we will not
    79 # advertise more than this amount of bandwidth for our BandwidthRate.
    80 # Server operators who want to reduce the number of clients who ask
    81 # to build circuits through them (since this is proportional to
    82 # advertised bandwidth rate) can thus reduce the CPU demands on their
    83 # server without impacting network performance.
    84 MaxAdvertisedBandwidth 50KB
    85 # Administrative contact information to advertise for this server.
    86 ContactInfo NAME at ISP dot com
    87 # Try for at most NUM seconds when building circuits. If the circuit
    88 # isn't open in that time, give up on it. (Default: 1 minute.)
    89 CircuitBuildTimeout 5
    90 # If set, Tor will accept connections from the same machine (localhost
    91 # only) on this port, and allow those connections to control the Tor
    92 # process using the Tor Control Protocol (described in control-spec.txt).
    93 ControlPort 9051
    94 # Serve directory information from this port, and act as a directory
    95 # cache.
    96 DirPort 9030
    97 # Send a padding cell every N seconds to keep firewalls from closing
    98 # our connections while Tor is not in use.
    99 KeepalivePeriod 60
    100 # Where to send logging messages.  Format is:
    101 # Log minSeverity[-maxSeverity] (stderr|stdout|syslog|file FILENAME).
    102 Log notice stdout
    103 # Force Tor to consider whether to build a new circuit every NUM
    104 # seconds.
    105 NewCircuitPeriod 15
    106 # Set the server nickname.
    107 Nickname YOURNICKNAME
    108 # Advertise this port to listen for connections from Tor clients and
    109 # servers.
    110 ORPort 9001
    111 # Let a socks connection wait NUM seconds unattached before we fail
    112 # it. (Default: 2 minutes.)
    113 SocksTimeout 30
    114 # If we have keept a clean (never used) circuit around for NUM
    115 # seconds, then close it. This way when the Tor client is entirely
    116 # idle, it can expire all of its circuits, and then expire its TLS
    117 # connections. Also, if we end up making a circuit that is not useful
    118 # for exiting any of the requests we're receiving, it won't forever
    119 # take up a slot in the circuit list. (Default: 1 hour.)
    120 CircuitIdleTimeout 600
    121 # If UseEntryGuards is set to 1, we will try to pick a total of NUM
    122 # routers as long-term entries for our circuits. (Defaults to 3.)
    123 #NumEntryGuards NUM
    124 NumEntryGuards 8
    125 }}}
    126 == The proof is in the pudding ==
    127 With the changes made from Procedure 2 and 3, and a 2Mb connection, you can realise a sustained throughput of >100k, peaking at ~256k, with a ping response time of between 250 and 900ms. TOR at version 0.2.x.x uses an Asynchronous DNS resolver, the DNS tips above are still indeterminate for TOR traffic.
    128 These figures were arrived at by using [http://speedtest.net SpeedTest.net]
     81With the changes made from Procedure 2, you can realise a sustained throughput of >100k, peaking at ~200k or more. These figures are based on the highest TOR bandwidth settings (>1.5mbps), through a 2mb connection. You will also experience much lower DNS latency in general. TOR at version 0.1.2.x uses an Asynchronous DNS resolver, the DNS tips above positively affect TOR traffic.