[tor-relays] Hardware sizing for physical exit node

Wed Jul 10 13:27:16 UTC 2024

On Mittwoch, 10. Juli 2024 00:32:04 CEST Osservatorio Nessuno via tor-relays 
wrote:

> we are planning to get some hardware to run a physical Tor exit node,
> starting with a 1Gbps dedicated, unmetered uplink (10Gbps downlink). We
> will also route a /24 on it, so we will have large availability of
> addresses to run multiple instances. We have been running a few exit
> nodes so far, but never on our own hardware.

Your bottleneck is the 1G uplink.
For comparison, I have 2x Xeon E5-2680v2 10C/20T and 256Gb RAM
2x 10G nic (LACP bond) and I can not achieve 10G throughput with it.
As a rule of thumb, I would always count one instance per thread or core.
I have 40T and 40 tor exit instances.

F3Netze has specified the hardware in Contact info:
https://metrics.torproject.org/rs.html#search/185.220.100.

> Which is the bandwith limit per core/Tore instance? Or what can we
> expect to be the bottleneck?

That depends on the CPU clock speed. Fast Ryzen or Epyc's can do 50-70 MiB/s 
per core/instance.

> Due to some other requirements we need for some experiments (SFP ports,
> coreboot support, etc) we can mainly choose between these 2 CPUs:
> 	Intel i5-1235U
> 	Intel i7-1255U
> 
> The cost between the two models is significant enough in our case to
> pick the i7 only if it's really useful.
> 
> In both cases with 32GB of DDR5 RAM (we can max to 64 if needed, but is
> it?).
> 
> Should this allow us to saturate the uplink?

Guards need more resources than exits since the introduction of congestion-
control and because of DDoS I would use 64GB RAM for a guard.
With your IP space and 1G uplink, I would take the i5 with 32Gb, save the 
money and maybe add a second server later. Or if you build the hardware 
yourself, look for a used Epyc or Ryzen server. 16 or 32 core with high _base_ 
clock. Used server hardware from the data center is like new.

> To summarize, with this bandwith, this hardware and a /24 how many Tor
> exit nodes should be ideal to run considering that each of them could
> have their own address?

https://metrics.torproject.org/rs.html#search/185.220.101.
We are 5 relay orgs sharing a /24. Currently 5x 2x10G(or 25G)
With now 8 relays per IP, over 2000 instances can run in a /24 subnet. It 
would be nice if you share the subnet with 1-2 other relay operators.

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 3872 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240710/2d218833/attachment.sig>