Experiment with bypassing extor-static-cookie on snowflake-01
The 12 extor-static-cookie processes collectively use about 300% of a CPU core (25% each). We can open up some CPU headroom by cutting them out of the pipeline—but then we need another way doing static ExtORPort authentication.
https://lists.torproject.org/pipermail/anti-censorship-team/2022-September/000253.html
For CPU pressure, I don't see any quick fixes. In an emergency, we could hack the tor binary to use a static ExtORPort authentication cookie, and remove the extor-static-cookie shim from the pipeline.
There's also the idea that the extra localhost communication required by extor-static-cookie is a cause of the current performance bottleneck.
https://lists.torproject.org/pipermail/anti-censorship-team/2022-September/000263.html
First, let's patch tor to get rid of the extor processes, as suggested by David earlier when discussing RAM pressure. This should bring down context switches.
Cf. Two features that would help load-balanced bridges.
As a preliminary test to see if removing extor-static-cookie actually has an effect, this issue is to try bypassing extor-static-cookie and having haproxy connect directly to the "regular" ORPort of the tor processes. The downside of this is that we will not be counting transport- and country-specific metrics while the experiment is in place. But it should take only a few hours maximum to see if it has an effect.
/cc @linus