Changes between Version 20 and Version 21 of doc/FireFoxTorPerf


Ignore:
Timestamp:
Apr 23, 2010, 4:47:54 AM (9 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/FireFoxTorPerf

    v20 v21  
    33== Introduction ==
    44Tor is known for being secure but slow. If you want to improve browsing speed a bit, please follow the following simple instructions for tweaking the Firefox web browser's settings:
     5
     6== Table of contents ==
     7 * Procedure 1
     8 * Procedure 2
     9 * The proof is in the pudding, results
     10 * Advanced Tuning for Windows
    511
    612== Procedure 1 ==
     
    1319network.http.pipelining.maxrequests:8 (No default)
    1420network.http.proxy.keep-alive:true (Default- true, but double check)
    15 network.http.proxy.pipelining:true (Default- false) }}}
     21network.http.proxy.pipelining:true (Default- false) - See NOTE1 below.}}}
    1622Afterwards, just restart the browser and experience the difference! For some automated additional performance hacks, check out [http://www.totalidea.com/freestuff4.htm FireTune]. Currently, Fire{{{}}}Tune is only for Win32, but you can do the same tweaks manually with the help of [http://www.tweakfactor.com/articles/tweaks/firefoxtweak/4.html this page].
    1723
    18 == Procedure 2 - an update and addendum to Procedure 1 ==
    19 These results were arrived at empirically, using the win32 bundle, Tor & Privoxy & Vidalia bundle: 0.1.2.5-alpha
     24NOTE1: Proxy pipelining may not be well supported by Privoxy. For this reason, you may want to install [http://www.pps.jussieu.fr/~jch/software/polipo/ Polipo] and use that instead of Privoxy to get the performance benefits of pipelining. If you use [https://torbutton.torproject.org/ Torbutton] (which you should, if you want [https://www.torproject.org/torbutton/design/#attacks any anonymity at all]), all of the Tor-relevant privacy scrubbing features of Privoxy are no longer necessary.
    2025
    21  * [https://torbutton.torproject.org/ Tor Button]
    22  * [http://https://addons.mozilla.org/en-US/firefox/addon/4420 Configuration Mania for Firefox]
    23  * [http://www.speedguide.net/downloads.php TCPOptimizer (win32)]
    24  * [http://www.speedguide.net/read_articles.php?id=1497 Event ID 4226 Patcher (win32)]
    25  * DNS Latency
    26 === Tor Button - enable / disable Tor access in FireFox ===
    27 This provides an optional button or text in the bottom right of the browser window in Firefox. This allows you to switch Tor on and off.
     26NOTE2: Do not use page prefetching. Disable this if it is enabled. Prefetching is a speculative feature, which assumes that you will read the pages referenced by the links in the current page you are viewing. This places undue load on the Tor network and clog your circuits with unnecessary traffic. Its unlikely you will read all the pages referenced by the current page, especially in the case of search engines results.
    2827
    29 === Configuration Mania - Modify performance related settings in FireFox ===
    30 This plugin modifies the networking and cache settings for Firefox. When you load Configuration Mania, select the HTTP Network settings tab.
     28== Procedure 2 - A Tor Non-Functional Requirement (NFR) ==
     29If you follow the previous authors work you should have well performing access. To go that bit further lets consider the ideal behaviour of our Tor client.
    3130
    32  * Tor does not work well at all with HTTP1.1 connections from firefox Ensure HTTP 1.1 for proxy connections is disabled for proxy connections.
    33  * Tor does not work well with pipelining. Ensure this option is not enabled for proxy connections.
    34  * Tor does not work well with Persistent HTTP connections. Ensure this option is disabled for proxy connections.
    35 NOTE: Do not use page prefetching. Disable this if it is enabled. Prefetching is a speculative feature, which assumes that you will need the pages referenced by the links in the current page you are viewing. This places undue load on the Tor network.
     31You will need: [https://www.torproject.org/tor-manual.html.en The on-line reference to Tor properties, that can be placed in torrc.] Always back up this file before editing.
     32
     33Lets think of a Non-Functional Requirement we might like to place on our Tor client.
     34
     35 * we want it to establish circuits as quickly as possible. If it takes too long to do this ignore them, by timing out the building of circuits quickly.
     36 * now we have circuit build time-outs occuring more frequently, we need to encourage Tor to try to generate circuits more often.
     37 * Once we have established a circuit, we are assuming its a good one and we dont want it being timed out by firewalls or anything else. We need to make sure a ping occurs on the circuit to prevent this.
     38Given this NFR, lets come up with some properties that may help satisfy it.
     39
     40 * CircuitBuildTimeout NUM
     41  . Try for at most NUM seconds when building circuits. If the circuit isn't open in that time, give up on it. (Default: 1 minute.) Force circuits that are quick to establish and thus likely to push traffic more quickly. Values as low as 2 seconds have been tried with good results, although this can cause severe damage to the Tor network if your network connection is simply not fast enough to establish any circuits in this time. The effect is a smaller 'Topological Radius' of servers used for Tor, ie the network connections available from your connection. Unfortunately, the smaller you make this number, the smaller the number of paths your client will use, and the less your anonymity.
     42 * NumEntryGuards NUM
     43  . If we are going to be decreasing the CircuitBuildTimeout, you want to increase the likelihood you have a guard node fast enough to build these fast circuits for you. NUM=5 to 8 are good choices here.
     44 * KeepalivePeriod NUM
     45  . To keep firewalls from expiring connections, send a padding keepalive cell every NUM seconds on open connections that are in use. If the connection has no open circuits, it will instead be closed after NUM seconds of idleness. (Default: 5 minutes)
     46 * NewCircuitPeriod NUM
     47  . Every NUM seconds consider whether to build a new circuit. (Default: 30 seconds) Lets make Tor ready to establish a new circuit more readily.
     48
     49Settings that you may append to the end of the torrc configuration file are as follows:
     50{{{
     51# Try for at most NUM seconds when building circuits. If the circuit
     52# isn't open in that time, give up on it. (Default: 1 minute.)
     53CircuitBuildTimeout 5
     54
     55# Increase the number of guards to increase the likelihood that
     56# you will have a few guards fast enoiugh to build these circuits.
     57NumEntryGuards 6
     58
     59# Send a padding cell every N seconds to keep firewalls from closing
     60# our connections while Tor is not in use. (Default: 5 minutes)
     61KeepalivePeriod 60
     62
     63# Force Tor to consider whether to build a new circuit every NUM
     64# seconds. (Default: 30 seconds)
     65NewCircuitPeriod 15
     66}}}
     67== The proof is in the pudding, results ==
     68With the changes made from Procedure 1 and 2, and a 2Mb connection, you can realise a sustained throughput of >100k, peaking at ~256k or more, with a ping response time of between 250 and 900ms.
     69
     70These figures were arrived at by using [http://speedtest.net SpeedTest.net]
     71
     72== Advanced Tuning for Windows ==
     73This section has been included last for those who are technically capable.
    3674
    3775=== TCPOptimizer -  2K/XP's throughput (win32) ===
    3876Windows XP has a self-tuning IP stack, but it can still benefit from a little help. Using the TCP Optimiser tool from above you can tune the RWIN, SACK OPTS (rfc 2038), and tcp1323opts controlling window scaling. The tool has one button optimise. This setting is sufficient to benefit from immediate increases to Tor throughput. To increase throughput further you can try experimenting with lower values of the IP TTL (Time To Live). Values as low as 32 will work and result in improved performance. Also try experimenting with smaller TCPWindowSizes. This setting is automatically adjusted when you move the slider marked 'Connection Speed' of the TCPOptimizer  tool.
    3977
    40 === Event ID 4226 Pathcer - Remove the limit on TCP connection attempts XP SP2 (win32) ===
     78You can view your connection parameters and their effects on your connections, both with Tor and without Tor, at [http://www.dslreports.com/tweaks DSLReports]
     79
     80=== Event ID 4226 Patcher - Remove the limit on TCP connection attempts XP SP2 (win32) ===
    4181[http://www.speedguide.net/read_articles.php?id=1497 Remove the limit on TCP connection attempts] SpeedGuide.net has an interesting article detailing this restriction introduced in XP SP2. Microsoft have restricted the amount of half-open TCP/IP connections with the proviso that it would reduce the pace that worms spread. As noted by SpeedGuide, internet worms spread isotropically (multi-directionally) and so their infecton rate is exponential. As such, placing a constant (limit) on the rate of connection creation for every computer running XP SP2 will slow the rate of worms spreading (for that group of computers) but not by much. Consider the population of humans on the planet. Its over ~6 billion.
    4282
     
    5292Use the Event ID 4226 Patcher to mitigate against this.
    5393
    54 === DNS Latency - reducing latency ===
    55 For faster DNS performance generally see...
    5694
    57  * [http://www.opendns.com/ OpenDNS]
    58 OpenDNS offers a high performance caching DNS service.
     95The following parameters must also satisfy the formula below for optimal performance.
    5996
    60 == Procedure 3 - A Tor SLA (Service Level Agreement) ==
    61 If you follow the previous authors work you should have well performing access. To go that bit further lets consider the ideal behaviour of our Tor client.
     97''Windows:RWIN >= Privoxy:buffer > ( Tor:ConstrainedSockSize default = 262KB )''
    6298
    63 You will need: [https://www.torproject.org/tor-manual.html.en The on-line reference to Tor properties, that can be placed in torrc.] Always back up this file before editing.
     99||Windows||in TCP Optimizer||
     100|| -- ||-- ||
     101||RWIN || TCPOptimizer max setting||
     102||Window Scaling|| On||
     103||TcpIP TTL || 128 (hops)||
     104||LANBufferSize || 65535 (bytes)||
     105----
     106Reducing DNS caching time reduces the risk of an invalid DNS resolve, given Tor servers may be operating in a DHCP environment that updates the IP each time the network connects.
     107||Windows||registry:TCPIP service||
     108|| -- || -- ||
     109||DNS Cache || 36000(seconds (10 hours)) set in registry by hand, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters||
     110----
     111Privoxy is set to be a 'straight-through' proxy server, with the toggle switch. Its buffer is reduced to below that of RWIN. This is because RWIN represents the largest TCP receive window. Its value is chosen to be above Tor default socks size = 252KB
     112||Privoxy||config.txt||
     113|| -- || -- ||
     114||Privoxy:buffer || 265 (KB)||
     115||toggle || 0||
    64116
    65 Lets think of a Service Level requirement we might like to place on our Tor client.
    66 
    67  * we want it to establish circuits as quickly as possible. If it takes too long ignore them, by timing out the building of circuits quickly.
    68  * now we have circuit build time-outs occuring more frequently as we don't wait too long for circuits to establish, we need to encourage Tor to try to generate circuits more often.
    69  * Once we have established a circuit, we are assuming its a good one and we dont want it being timed out by firewalls or anything else. We need to make sure a ping occurs on the circuit to prevent this.
    70 Given this SLA, lets come up with some properties that may help satisfy it.
    71 
    72  * CircuitBuildTimeout NUM
    73   . Try for at most NUM seconds when building circuits. If the circuit isn't open in that time, give up on it. (Default: 1 minute.) Force circuits that are quick to establish and thus likely to push traffic more quickly. Values as low as 2 seconds have been tried with good results, although the author is not sure on the effect on anonymity.
    74  * KeepalivePeriod NUM
    75   . To keep firewalls from expiring connections, send a padding keepalive cell every NUM seconds on open connections that are in use. If the connection has no open circuits, it will instead be closed after NUM seconds of idleness. (Default: 5 minutes)
    76  * NewCircuitPeriod NUM
    77   . Every NUM seconds consider whether to build a new circuit. (Default: 30 seconds) Lets make Tor ready to establish a new circuit more readily.
    78 The values to populate torrc with are as follows.
    79 
    80  * CircuitBuildTimeout 5 (or values as low as 2)
    81  * KeepalivePeriod 60
    82  * NewCircuitPeriod 15
    83 == Bringing it all together - a typical configuration file for Windows ==
    84 {{{
    85 # This file was generated by Tor; if you edit it, comments will not be
    86 # preserved The old torrc file was renamed to torrc.orig.1 or similar,
    87 # and Tor will ignore it
    88 # The advertised (external) address we should use.
    89 #Address DELIBERATELY LEFT BLANK - LET Tor CALCULATE ON STARTUP
    90 # Limit the maximum token buffer size (also known as burst) to the
    91 # given number of bytes.
    92 BandwidthBurst 8192KB
    93 # A token bucket limits the average incoming bandwidth on this node to
    94 # the specified number of bytes per second.
    95 BandwidthRate 4096KB
    96 # MaxAdvertisedBandwidth N bytes|KB|MB|GB|TB If set, we will not
    97 # advertise more than this amount of bandwidth for our BandwidthRate.
    98 # Server operators who want to reduce the number of clients who ask
    99 # to build circuits through them (since this is proportional to
    100 # advertised bandwidth rate) can thus reduce the CPU demands on their
    101 # server without impacting network performance.
    102 MaxAdvertisedBandwidth 50KB
    103 # Administrative contact information to advertise for this server.
    104 ContactInfo NAME at ISP dot com
    105 # Try for at most NUM seconds when building circuits. If the circuit
    106 # isn't open in that time, give up on it. (Default: 1 minute.)
    107 CircuitBuildTimeout 5
    108 # If set, Tor will accept connections from the same machine (localhost
    109 # only) on this port, and allow those connections to control the Tor
    110 # process using the Tor Control Protocol (described in control-spec.txt).
    111 ControlPort 9051
    112 # Serve directory information from this port, and act as a directory
    113 # cache.
    114 DirPort 9030
    115 # Send a padding cell every N seconds to keep firewalls from closing
    116 # our connections while Tor is not in use.
    117 KeepalivePeriod 60
    118 # Where to send logging messages.  Format is:
    119 # Log minSeverity[-maxSeverity] (stderr|stdout|syslog|file FILENAME).
    120 Log notice stdout
    121 # Force Tor to consider whether to build a new circuit every NUM
    122 # seconds.
    123 NewCircuitPeriod 15
    124 # Set the server nickname.
    125 Nickname YOURNICKNAME
    126 # Advertise this port to listen for connections from Tor clients and
    127 # servers.
    128 ORPort 9001
    129 # Let a socks connection wait NUM seconds unattached before we fail
    130 # it. (Default: 2 minutes.)
    131 SocksTimeout 30
    132 # If we have keept a clean (never used) circuit around for NUM
    133 # seconds, then close it. This way when the Tor client is entirely
    134 # idle, it can expire all of its circuits, and then expire its TLS
    135 # connections. Also, if we end up making a circuit that is not useful
    136 # for exiting any of the requests we're receiving, it won't forever
    137 # take up a slot in the circuit list. (Default: 1 hour.)
    138 CircuitIdleTimeout 600
    139 # If UseEntryGuards is set to 1, we will try to pick a total of NUM
    140 # routers as long-term entries for our circuits. (Defaults to 3.)
    141 #NumEntryGuards NUM
    142 NumEntryGuards 8
    143 }}}
    144 == The proof is in the pudding ==
    145 With the changes made from Procedure 2 and 3, and a 2Mb connection, you can realise a sustained throughput of >100k, peaking at ~256k, with a ping response time of between 250 and 900ms. Tor at version 0.1.2.x uses an Asynchronous DNS resolver, the DNS tips above are still indeterminate for Tor traffic.
    146 
    147 These figures were arrived at by using [http://speedtest.net | SpeedTest.net]
     117CategoryHowTos