Home Esplora Aiuto
Accedi
piros
/
tor
3
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Albero (Tree): df8a47464a
Rami (Branch) Tag
tor
/
doc
/
spec
/
proposals
/
160-bandwidth-offset.txt

160-bandwidth-offset.txt 3.3 KB
Cronologia Originale

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 
  1. Filename: 160-bandwidth-offset.txt
    2. 

  2. Title: Authorities vote for bandwidth offsets in consensus
    3. 

  3. Version: $Revision$
    4. 

  4. Last-Modified: $Date$
    5. 

  5. Author: Roger Dingledine
    6. 

  6. Created: 4-May-2009
    7. 

  7. Status: Open
    8. 

  8. Target: 0.2.2.x
    9. 

  9. 

  10. 1. Motivation
    11. 

  11. 

  12.   As part of proposal 141, we moved the bandwidth value for each relay
    13. 

  13.   into the consensus. Now clients can know how they should load balance
    14. 

  14.   even before they've fetched the corresponding relay descriptors.
    15. 

  15. 

  16.   Putting the bandwidth in the consensus also lets the directory
    17. 

  17.   authorities choose more accurate numbers to advertise, if we come up
    18. 

  18.   with a better algorithm for deciding weightings.
    19. 

  19. 

  20.   Our original plan was to teach directory authorities how to measure
    21. 

  21.   bandwidth themselves; then every authority would vote for the bandwidth
    22. 

  22.   it prefers, and we'd take the median of votes as usual.
    23. 

  23. 

  24.   The problem comes when we have 7 authorities, and only a few of them
    25. 

  25.   have smarter bandwidth allocation algorithms. So long as the majority
    26. 

  26.   of them are voting for the number in the relay descriptor, the minority
    27. 

  27.   that have better numbers will be ignored.
    28. 

  28. 

  29. 2. Options
    30. 

  30. 

  31.   One fix would be to demand that every authority also run the
    32. 

  32.   new bandwidth measurement algorithms: in that case, part of the
    33. 

  33.   responsibility of being an authority operator is that you need to run
    34. 

  34.   this code too. But in practice we can't really require all current
    35. 

  35.   authority operators to do that; and if we want to expand the set of
    36. 

  36.   authority operators even further, it will become even more impractical.
    37. 

  37.   Also, bandwidth testing adds load to the network, so we don't really
    38. 

  38.   want to require that the number of concurrent bandwidth tests match
    39. 

  39.   the number of authorities we have.
    40. 

  40. 

  41.   The better fix is to allow certain authorities to specify that they are
    42. 

  42.   voting on bandwidth "offsets": how much they think the weight should
    43. 

  43.   be changed for the relay in question. We should put the offset vote in
    44. 

  44.   the stanza for the relay in question, so a given authority can choose
    45. 

  45.   which relays to express preferences for and which not.
    46. 

  46. 

  47. 3. Security implications
    48. 

  48. 

  49.   If only some authorities choose to vote on an offset, then a majority of
    50. 

  50.   those voting authorities can arbitrarily change the bandwidth weighting
    51. 

  51.   for the relay. At the extreme, if there's only one offset-voting
    52. 

  52.   authority, then that authority can dictate which relays clients will
    53. 

  53.   find attractive.
    54. 

  54. 

  55.   This problem isn't entirely new: we already have the worry wrt
    56. 

  56.   the subset of authorities that vote for BadExit.
    57. 

  57. 

  58.   To make it not so bad, we should deploy at least three offset-voting
    59. 

  59.   authorities.
    60. 

  60. 

  61.   Also, authorities that know how to vote for offsets should vote for
    62. 

  62.   an offset of zero for new nodes, rather than choosing not to vote on
    63. 

  63.   any offset in those cases.
    64. 

  64. 

  65. 4. Design
    66. 

  66. 

  67.   First, we need a new consensus method to support this new calculation.
    68. 

  68. 

  69.   Now v3 votes can have a new weight on the "w" line:
    70. 

  70.     "Bandwidth_Offset=" INT.
    71. 

  71.   Once we're using the new consensus method, the new way to compute the
    72. 

  72.   Bandwidth weight is by taking the old vote (explained in proposal 141:
    73. 

  73.   median, then choose the lower number in the case of ties), and adding
    74. 

  74.   or subtracting the median offset (using the offset closer to 0 in the
    75. 

  75.   case of ties, and with a sum of 0 if the sum is negative).
    76. 

  76. 

  77.   Then the actual consensus looks just the same as it did before,
    78. 

  78.   so clients never have to know that this additional calculation is
    79. 

  79.   happening.
    80. 

  80.