Increase Authorities' AuthDirMaxServersPerAddr to 4 or 8 to use more processors
Due to the increase in logical processors per machine, a recent conversation on the tor-dev mailing list suggested increasing the Tor Authorities' AuthDirMaxServersPerAddr,0 (Mortiz Bartl) either to unlimited1 (isis) or 4 or 8 2 (mikeperry, teor).
I suggest we initially increase the consensus parameter to 8, quadrupling CPU-bound throughput, and then, if successful, change the default in code in a major release.
Details:
The increase in logical and physical processors per machine has outstripped tor's ability to parallelise its workload, artificially limiting the network throughput.4 (AFO-Admin)
- Scarcity of IPv4 addresses, particularly in some regions
- Multiple relays sharing IPv4 addresses due to VPSs and/or NAT - see #13234 (moved)
Long-term:
Long-term work that will resolve this issue:
- Parallelise more of tor's compute workload 5
- Optimise Cryptography, either through algorithm choice or code refactoring
- Implement/Test/Deploy/Activate IPv6 ORPorts
Potential Concerns:
This could make Sybil attacks slightly easier, but we already mitigate against Syblils on the same IP using the /24 filter. isis wasn't concerned about extra Sybils from this change.1
This change may slightly increase the size of the consensus. However, there are multiple upcoming plans to reduce consensus size, including:
- Consensus Diffs
- Reducing Consensus Size by Excluding the Slowest Relays