eyedeekay
My VPS provider is doing maintenance on it's servers next week, i2pgit.org/git.idk.i2p may be temporarily affected between 2022-02-08 05:00 UTC and 2022-02-08 08:00 UTC
eyedeekay
1. Hi
eyedeekay
2. Outproxy Requirements(ongoing
eyedeekay
3. 1.7.0/0.9.53 status / release schedule
eyedeekay
Anybody here?
eche|on
yes, but in emergency repair @work
eyedeekay
OK I'm going to post on zzz.i2p to reschedule, same time next week
eche|on
ok
dr|z3d
we could have a general discussion about a general purpose outproxy tunnel in the absence of a meeting, eyedeekay?
eyedeekay
Sure but I'm open to that almost anytime
eyedeekay
What's on your mind?
dr|z3d
I read your post on zzz, that's a good starting point.
dr|z3d
stats, good, blocklists, good.
dr|z3d
option to nominate dns servers a possible. option to nominate multiple backends to load balance.
dr|z3d
so instead of providing one upstream proxy ip address, you could provide multiple ips.
dr|z3d
the tunnel would check basic connectivity of each nominated ip address, and take an ip offline if it's not responding and continue periodic checks.
eyedeekay
Would this be in i2p.plugins.socksoutproxy then since we're talking about IP addresses?
eyedeekay
For something like StormyCloud that would be destinations, would it not?
dr|z3d
no, no, I'm talking about on the server side of things, with a custom outproxy tunnel.
dr|z3d
for outproxy operators, not outproxy users.
eyedeekay
Oh OK, sorry I wasn't quite in-context there
dr|z3d
on the client side, http client tunnel already supports multiple dests.
eyedeekay
Yeah that's why I was confused
dr|z3d
so I'm suggesting something similar but ip-based on the server side.
eyedeekay
On the server side, is there any reason not to do it with haproxy or nginx or something instead?
dr|z3d
ease of configuration.
eyedeekay
I do like that...
dr|z3d
less complexity, simplified stack, you know.
dr|z3d
same basic concept for dns. sure, you could use something outside of i2p, but again, being able to nominate a bunch of servers inside the tunnel definition would be handy.
dr|z3d
i2p already has DoH support, so extending that to work with an outproxy server tunnel shouldn't be too much of a stretch.
dr|z3d
also, think about this scenario.. multihomed outproxy. each outproxy server tunnel can use any of the other multihomed ips, and each server tunnel checks connectivity to the nominated ips.. much more robust multihoming. the tunnel itself could make decisions based on traffic, too, and distribute traffic based on dest to which ip is seeing the least use at the time.
dr|z3d
limits based on max multihome dests can easily be circumvented this way, obviously.
eyedeekay
I suppose that at the end of the day there's nothing that can stop a server from mixing up your requests across many IP's, but wouldn't that break outproxies that are sticky-per-hostname?
eyedeekay
As in you are no longer exiting from the same IP every time you reach a hostname anymore?
dr|z3d
yeah, that's the part about distributing traffic based on dest.. you'd want a single dest to be locked to a single ip for a specified period, probably.
dr|z3d
and obviously that period could be configurable in the outproxy server tunnel.
eyedeekay
Good point, possibly making the server tunnel aware of that would require integrating more closely with I2PTunnel
dr|z3d
indeed
dr|z3d
more intelligent rate-limiting would also be useful.
eyedeekay
Makes sense
dr|z3d
bandwidth limiter, also possible. set the max bps per client, to avoid one client overusing.
dr|z3d
I mean, you want to offer a fast outproxy, but not so fast that one client slows down the connection for everyone else :)
dr|z3d
on purokishi, on a 0 hop tunnel, 65Mb/s is the current spike record to fast.com, random aside.
dr|z3d
eyedeekay: another consideration re a custom outproxy tunnel is making it as easy as possible for an operator to run a service. although the stormycloud guy is currently proposing using i2pd to host his service, he'll be missing rate-limiting and tunnel filtering.. the more features provided by i2ptunnel, the more compelling hosting on i2p will be.