[Tor-BSD] Performance loss migrating Linux -> FreeBSD

George Rosamond george at ceetonetechnology.com
Sat Apr 9 13:41:25 EDT 2016 

On 04/09/16 05:53, nusenu wrote:
>> to add some diversity (and learn some new stuff) I migrated my VIA Nano
>> U2250 1.6Ghz (no hw accel. for encryption) powered dedicated exit node
>> from Linux to FreeBSD.
> 
> Thanks for migrating.

Well, whichever OS you're most comfortable with is the likely best
choice IMHO.

> 
>> pf.conf:
> 
> Do you see any difference when running without pf?

Yes.  I would start by turning off pf.

> 
>> sysctl.conf:
>>
>> net.inet.ip.random_id=1
>> net.inet.ip.portrange.reservedhigh=0
>> net.inet.tcp.blackhole=2
>> net.inet.udp.blackhole=1
> 
> there is also:
> 
> kern.ipc.somaxconn
> kern.ipc.nmbclusters
> 
> but if your logs are not suggesting any problems in that regard defaults
> can be fine as well.

I would stick with the default sysctl knobs... outside of
net.inet.ip.random=1, at least initially.  And as nusenu says, watch the
logs for any related notices/warnings.

> 
>> Would migrating from openssl to libressl maybe improve things? Are there
>> any other things I might have missed or is there nothing to do about? A
>> 18 % loss of network max speed (which correlates to the loss of the
>> average speed) seems to be a lot for me.
> 
> 
> Do you see this message in your logs when starting tor:
> 
> [notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or
> later, but with a version of OpenSSL that apparently lacks accelerated
> support for the NIST P-224 and P-256 groups. Building openssl with such
> support (using the enable-ec_nistp_64_gcc_128 option when configuring
> it) would make ECDH much faster.
> 
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200223
> 
> Do you use openssl from base or ports?

I see the security/openssl ports version is 1.0.2.

But I would actually take a step back and note two things that I always
preface the performance discussion with:

1.  look at the lifetime of a relay blog post, since relays don't ramp
up to their potential for a while... up to something like two months.

2.  it's hard to judge performance based on Tor bandwidth usage, since
it's an anonymity network that is based on randomization.

Are you using the same keys as the previous Linux install?

I don't know if there's performance advantages with libressl v openssl
on FreeBSD as this point. LibreSSL is a lot lighter, but I'm not sure if
that means anything on FreeBSD yet, but it's certainly worth
consideration.  It's one of the many things that should be tested.. with
ssl shell commands.

It's worth mentioning which version of Tor and FreeBSD you're running.
I would start by looking at your dmesg and log files for messages and tor.

g



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20160409/0122280a/attachment.bin>

More information about the Tor-BSD mailing list