Hi. I'm jon.404, a Unix/Linux/Database/Openstack/Kubernetes Administrator, AWS/GCP/Azure Engineer, mathematics enthusiast, and amateur philosopher. This is where I rant about that which upsets me, laugh about that which amuses me, and jabber about that which holds my interest most: *nix.
tor as an...availability service?
Posted 07-24-2013 at 06:26 PM by rocket357
Last night my wife complained to me that facebook was taking forever to load. I figured it was just a hiccup somewhere between facebook and our home network, so I waited a bit to see.
An hour or so later, she was getting impatient, so I fired up a tcpdump session on the firewall and watched her desktop exchange a pretty funny set of packets (well, you had to be there, I suppose), loaded with PUSH, URG, and FIN packets back and forth between her desktop and facebook. I laughed and she didn't think it was funny.
I hopped on one of my cloud servers and brought up firefox (yeah, yeah, I'm running X on a cloud server just for moments like this =\ ). Logged in as her account, and an incredibly snappy pageload later I was scratching my head. It isn't a problem with facebook.
Traceroutes to facebook from both machines revealed what appeared to be a bad hop in Dallas with my ISP attempting to hand off traffic to another Service Provider. I am not amused. My wife, even less so.
I told her what I'd found, and that unless she considered me quitting my job to hire on at our ISP, work my way up the ranks as a network tech, and then fix the problem (and possibly having to repeat, since the issue may be on the other side of the handoff!), I was pretty helpless to solve this one. She agreed that this idea would not scale well, and really, she likes San Antonio so "no-can-do" to that idea. We go to bed to let the $ISP techies fix the problem for us.
This morning she woke me up irritated. "It's still broken."
Yup, I knew exactly what she was talking about, even as I groggily navigated the haze of sleep into wakefulness. Something must be done to fix this.
I'm a bit at a loss at this point. I mean, sure, I agree that the SLA my family imposes on our home network is a bit ummm, unrealistic from time to time, but this one...this is 100% completely outside of my contr...oh, oh wait. Maybe I can...
Jumped on the firewall, fired up tor, edited pf.conf to redirect traffic from her desktop to facebook (umm, whois `dig +short www.facebook.com` and whois `dig +short facebook.com`, grabbing the net-blocks for both) via the tor process on the machine.
"Ok, try again."
"It's slow...but at least it loads up now. What did you do to fix it?"
"I routed your facebook traffic through an exit point in Tokyo."
"Japan?"
"Yep."
"..."
"Actually, it'll change each connection. Just make sure you don't use the 'check in' feature on facebook, and you're all set."
An hour or so later, she was getting impatient, so I fired up a tcpdump session on the firewall and watched her desktop exchange a pretty funny set of packets (well, you had to be there, I suppose), loaded with PUSH, URG, and FIN packets back and forth between her desktop and facebook. I laughed and she didn't think it was funny.
I hopped on one of my cloud servers and brought up firefox (yeah, yeah, I'm running X on a cloud server just for moments like this =\ ). Logged in as her account, and an incredibly snappy pageload later I was scratching my head. It isn't a problem with facebook.
Traceroutes to facebook from both machines revealed what appeared to be a bad hop in Dallas with my ISP attempting to hand off traffic to another Service Provider. I am not amused. My wife, even less so.
I told her what I'd found, and that unless she considered me quitting my job to hire on at our ISP, work my way up the ranks as a network tech, and then fix the problem (and possibly having to repeat, since the issue may be on the other side of the handoff!), I was pretty helpless to solve this one. She agreed that this idea would not scale well, and really, she likes San Antonio so "no-can-do" to that idea. We go to bed to let the $ISP techies fix the problem for us.
This morning she woke me up irritated. "It's still broken."
Yup, I knew exactly what she was talking about, even as I groggily navigated the haze of sleep into wakefulness. Something must be done to fix this.
I'm a bit at a loss at this point. I mean, sure, I agree that the SLA my family imposes on our home network is a bit ummm, unrealistic from time to time, but this one...this is 100% completely outside of my contr...oh, oh wait. Maybe I can...
Jumped on the firewall, fired up tor, edited pf.conf to redirect traffic from her desktop to facebook (umm, whois `dig +short www.facebook.com` and whois `dig +short facebook.com`, grabbing the net-blocks for both) via the tor process on the machine.
"Ok, try again."
"It's slow...but at least it loads up now. What did you do to fix it?"
"I routed your facebook traffic through an exit point in Tokyo."
"Japan?"
"Yep."
"..."
"Actually, it'll change each connection. Just make sure you don't use the 'check in' feature on facebook, and you're all set."
Total Comments 1
Comments
-
Ironically, I considered setting up a tunnel between my home network and a cloud server, but this isn't something I've finished yet (a lower-priority project that isn't complete, sadly), so tor was chosen as the preferred solution until I get the ipsec tunnel configured on the cloud server at Rackspace.
Posted 07-24-2013 at 06:37 PM by rocket357