[tor-relays] Opt-In Trial: Fallback Directory Mirrors

Tim Wilson-Brown - teor teor2345 at gmail.com
Mon Jan 18 07:17:03 UTC 2016 

> On 18 Jan 2016, at 11:07, Roman Mamedov <rm at romanrm.net> wrote:
> 
> On Mon, 18 Jan 2016 10:16:40 +1100
> Tim Wilson-Brown - teor <teor2345 at gmail.com> wrote:
> 
>> I think if a client is just using it for bootstrap, any extra latency shouldn't be an issue.
>> But IPv6 clients may also pick it as a guard, so that should be taken into account.
>> 
>> Should we be running relays over IPv6 tunnels?
> 
> Hurricane Electric has tunnel servers all over the world, so it's easy to pick
> one which will only add negligible latency: https://tunnelbroker.net/status.php
> 
> Performance is not a concern either, these are not overloaded and should
> be quite fast.
> 
> On the other hand HE.net may or may not want to have a word with you if you
> run a relay through them with hundreds of megabits of IPv6 traffic; but that's
> not something we can expect in the nearest  future. [and such powerful relays
> are most likely in proper DCs with easily obtainable native IPv6 anyways]

We're still working to get Tor clients bootstrapping over IPv6, so there isn't going to be much IPv6 relay traffic at the moment.

> There's a possible privacy issue that all the HE.net tunnel traffic can
> technically be captured by HE.net;
> 
> however all of these provide IPv6 addresses under the same AS (6939) and the
> same prefix of 2001:470::/32, so perhaps the same-AS avoidance code will
> ensure that a HE.net IPv6 is only used once in a circuit? Does it correctly
> handle cases when a router's IPv4 and IPv6 addresses are from different ASes?

Tor doesn't use ASs for same-network avoidance, it only uses network masks.

In the current Tor codebase, onion_populate_cpath()/addrs_in_same_network_family() avoids adding relays in the same IPv4 /16 to the same circuit. IPv6 addresses are not considered, because this check uses the relay's primary ORPort IPv4 address.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160118/80d36564/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160118/80d36564/attachment.sig>

More information about the tor-relays mailing list