Bandwidth Authorities

how things currently work

tor has 7k relays, and we want clients to have the best experience on the network, we need to know which relays are fast, and which relays are slow so we can tell clients which relays to use more and which less. We do that with 5 bwauthorities. Those connect to a website through the tor network and download a file and measures the speed and then collects them all together and then publishes them in the consensus each hour.

code situation

Original version was written by mike perry and had not been updated since 2013, Teor and Tom did some patches. Aaron Gibson received an OTF grant to re-write things, but never got to a point where it could be used. Donncha and David Stanton did work on that code as well, but its unclear the state. We think we should talk to them about their evaluation and see if they might be interested in running with it.

The old code is difficult to deal/debug with as an BWauth, it also was written with old libraries and linux specific. It needs to be replaced, but in the next 6 months it will more or less be just continuing with the existing code.

long term plan for BW auth/torflow

does tor have a hope to make the process more secure, can be gamed by a relay that can detect if its being measured (can get high weight, attract traffic, which can move towards de-anonymization). Is tor thinking of this? Harder to detect if you are being measured by an onion or the regular tor network. not checked: ssl and content of the files, or anything else.

download things over an onion service

two options: setup an onion service that redirects to a bw server. could detect the onion service, you dont get the ability to redirect the traffic. exit bandwidth is already highly contentious, more things you can shift off of exits is better.

CDN hosted bwauth files

Would we get more "natural" results if the CDN served the bwauth files? if a CDN was an option for bwauth server, then it should be in a set of more than one (eg. 1/3rd).

Probably best: split measurements between: CDN, onion site and a static ip

Measurements that would be good to do: Which BW auth is responsible for relay's actual figures, and counting up the number of relays per bwauth. This gives us an idea of how the BWauths distribute bandwidth

short term plan

Network team has agreed that bwauth code is under their purview and wont let it die. must maintain existing code at least for now until we have something better. Have things work better than secure at the moment.

longclaw: hongkong -> US moria: US->US matuska: .se->us faravahar: us->us sebastian: de->de

goal to setup a few more bw servers to have more redundancy there and to get more redunancy there as well as information about what different geographical locations bring to the situation

Further research needs to be done into ways to solve the bwauth hacking issues. We need people and time to solve some of these issues.

Last modified 2 years ago Last modified on Mar 28, 2017, 8:18:04 PM