Shoalsteed
commented
1 year ago Notes from Forum: How to pick tunnel quantity for a high-traffic server / http://zzz.i2p/topics/1584-how-to-pick-tunnel-quantity-for-a-high-traffic-server
We don't have a lot of experience in the network with high traffic sites. Postman probably runs the biggest one, maybe 10,000 announces an hour? I don't know anybody that needs more than 6 tunnels in or out.
No site needs backup tunnels No site needs more than 6 tunnels, but lots of sites need more than 2
Additional guidance:
-
Wait several days to a week before hosting a high-traffic server on a new router
-
Limit total configured non-exploratory tunnels (in, out, client, server, standard, backup) to 100 on a single router. Displayed client tunnel count will be higher than configured, due to building new tunnels before the old ones expire. That's ok.
-
Limit configured+backup tunnels in a single direction for a single client/server to 16. For example, if you configure 16 outbound, don't add any backup. And as it says above, backup isn't very helpful at all anyway.
Additional guidance for shared (participating) bandwidth setting:
If your local traffic is both high-bandwidth and bursty, you may have participating tunnels affect your client traffic, which is a major anonymity issue, if present, and it's a major design goal to prevent that. The best remedy is reducing the share percentage. Graphing both participating and local traffic may help your diagnosis.
IF you're running a server, AND it's either high-bandwidth/bursty, or you have a high-risk threat model, your share percentage setting should be closer to 50% than the default 80%.
eyedeekay
During user testing and interviews, our volunteers expressed the need for accessing clearnet properties safely. ways of doing this that included VPN were not desirable due too being able to access VPN's or properly choose a VPN. As testing revealed, the outproxy function is stable technically, however the workflow requires secure UX configurations since we cannot assume that all people browse the same way and could not visually find trust elements to provide confirmation that they were using the outproxy.
"Can I access what I want to access on this other network? I would feel this is more safe " "Having internet sites that are trusted for information on this network in a way that I can trust as a user is important" " I feel that the less steps I need consider in my trust as a person who may be in a situation of anxiety is better"
This is the beginning of the conversation of providing clear guides for people with administrative roles to provide access to clearnet sites on the I2P network. It also includes consideration for end user trust and verification, and will provide more context for implementing workflow improvements for I2P browsing functions. We will also explore I2P's interoperability with other networks.