Sep 10 2013

tor node upgrade

I have switched my tor node to the experimental branch and it is now running version The huge load on the network seen since the botnet starting using it on about 19 August last has forced the tor project team to recommend that all relay operators move to the 0.2.4 branch (and this release of in particular) in response. Dingledine explains in his email that this release:

adds an emergency step to help us tolerate the massive influx of users: 0.2.4 clients using the new (faster and safer) “NTor” circuit-level handshakes now effectively jump the queue compared to the 0.2.3 clients using “TAP” handshakes.

It had previously been noted that the botnet causing the load on the network is using an older (v 0.2.3) client so this shift of relays to a later version should (hopefully) de-prioritise the botnet traffic in favour of clients using the latest code.

My own experience so far is promising. My node is a guard (trusted entry) node so it should typically be hit by clients trying to build new tor circuits. Before the upgrade I was seeing a maxed out CPU, and a load average of around 1.2 for in excess of 9000 established TCP connections. My log was full of comments such as “[warn] Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [4218 similar message(s) suppressed in last 60 seconds]”. Since the upgrade (a couple of hours ago) I am now back up to around 8000 TCP connections but my CPU has some headroom – top shows tor taking around 65-70%, my load average is back down to an acceptable 0.4 to 0.5 and my log is showing no complaints about circuit creation failures.

(Update added 11 September @ 20.25)

I spoke too soon. Just 24 hours since the upgrade, my node is now maxed out once again with some 9000 TCP connections – but at least the log is clear of those irritating messages. The last heartbeat message though was “Heartbeat: Tor’s uptime is 1 day 0:00 hours, with 13436 circuits open. I’ve sent 130.01 GB and received 136.39 GB.”

