[tor-relays] Relay Overloaded and Dropping Onionskins

Greetings! I hope this is the right list to be asking this, if it is not please forgive me. I am purposefully omitting some identifying information for privacy sake.

I run 2 non-exit relays both with an advertised bandwidth of around 8 MiB/s each. I have noticed that they have been overloaded a lot lately. These relays have been bottlenecked at the 3-4 MiB/s mark ever since I put them online. Upon further investigation, when I curled the MetricsPort according to https://support.torproject.org/relay-operators/relay-bridge-overloaded/, the following metrics stood out to me. Both relays run on the same machine with the same IP address. I hope the obfuscation makes sense. Side note: I am using Toralf’s ddos-inbound script, which has not dropped any connections at all for me when using the -b then -s switch. CPU utilization is high (80%) on one core but low on the rest (5-30%) In the syslog, I also get spammed with “Your computer is too slow to handle this many circuit creation requests! Please consider using the MaxAdvertisedBandwidth config option or choosing a more restricted exit policy. [28xxx similar message(s) suppressed in last 34200 seconds]”

Relay 1:
tor_relay_load_onionskins_total{type=“ntor_v3”,action=“processed”} 750xxxx
tor_relay_load_onionskins_total{type=“ntor_v3”,action=“dropped”} 17
tor_relay_load_global_rate_limit_reached_total{side=“read”} 6xxxx
tor_relay_load_global_rate_limit_reached_total{side=“write”} 17xxxx

Relay 2:
tor_relay_load_onionskins_total{type=“ntor_v3”,action=“processed”} 10xxxxxx
tor_relay_load_onionskins_total{type=“ntor_v3”,action=“dropped”} 28xxxx
tor_relay_load_global_rate_limit_reached_total{side=“read”} 20xxxxx
tor_relay_load_global_rate_limit_reached_total{side=“write”} 19xxxx

All other metrics are normal according to the article on overloaded relays. This runs in a Debian Proxmox VM using the host cpu, so no CPU virtualization. 4 cores, 8GB memory, and AES is supported. It’s 2x Xeon 2628v3s with NUMA enabled in the VM (2 sockets, 2 cores per socket). Enabling NUMA and de-virtualizing the CPU has helped increase my top bandwidth by around .7 to .9 mbytes/s, but still not great.

Thank you in advance.

In the mean while I try here for my 2 relays a different approach [1].
In the meanwhile I do prefer the iptables only solution over the scripted one.

[1] reports that relays not obeying DoSConnectionMaxConcurrentCount (#40636) · Issues · The Tor Project / Core / Tor · GitLab


On 7/20/22 23:34, bidulock_ringrose--- via tor-relays wrote:

Side note: I am using Toralf's ddos-inbound script, which has not dropped any connections at all for me when using the -b then -s switch.