IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2022/02/01
eyedeekay My VPS provider is doing maintenance on it's servers next week, i2pgit.org/git.idk.i2p may be temporarily affected between 2022-02-08 05:00 UTC and 2022-02-08 08:00 UTC
eyedeekay 2. Outproxy Requirements(ongoing
eyedeekay 3. 1.7.0/0.9.53 status / release schedule
eyedeekay Anybody here?
eche|on yes, but in emergency repair @work
eyedeekay OK I'm going to post on zzz.i2p to reschedule, same time next week
dr|z3d we could have a general discussion about a general purpose outproxy tunnel in the absence of a meeting, eyedeekay?
eyedeekay Sure but I'm open to that almost anytime
eyedeekay What's on your mind?
dr|z3d I read your post on zzz, that's a good starting point.
dr|z3d stats, good, blocklists, good.
dr|z3d option to nominate dns servers a possible. option to nominate multiple backends to load balance.
dr|z3d so instead of providing one upstream proxy ip address, you could provide multiple ips.
dr|z3d the tunnel would check basic connectivity of each nominated ip address, and take an ip offline if it's not responding and continue periodic checks.
eyedeekay Would this be in i2p.plugins.socksoutproxy then since we're talking about IP addresses?
eyedeekay For something like StormyCloud that would be destinations, would it not?
dr|z3d no, no, I'm talking about on the server side of things, with a custom outproxy tunnel.
dr|z3d for outproxy operators, not outproxy users.
eyedeekay Oh OK, sorry I wasn't quite in-context there
dr|z3d on the client side, http client tunnel already supports multiple dests.
eyedeekay Yeah that's why I was confused
dr|z3d so I'm suggesting something similar but ip-based on the server side.
eyedeekay On the server side, is there any reason not to do it with haproxy or nginx or something instead?
dr|z3d ease of configuration.
eyedeekay I do like that...
dr|z3d less complexity, simplified stack, you know.
dr|z3d same basic concept for dns. sure, you could use something outside of i2p, but again, being able to nominate a bunch of servers inside the tunnel definition would be handy.
dr|z3d i2p already has DoH support, so extending that to work with an outproxy server tunnel shouldn't be too much of a stretch.
dr|z3d also, think about this scenario.. multihomed outproxy. each outproxy server tunnel can use any of the other multihomed ips, and each server tunnel checks connectivity to the nominated ips.. much more robust multihoming. the tunnel itself could make decisions based on traffic, too, and distribute traffic based on dest to which ip is seeing the least use at the time.
dr|z3d limits based on max multihome dests can easily be circumvented this way, obviously.
eyedeekay I suppose that at the end of the day there's nothing that can stop a server from mixing up your requests across many IP's, but wouldn't that break outproxies that are sticky-per-hostname?
eyedeekay As in you are no longer exiting from the same IP every time you reach a hostname anymore?
dr|z3d yeah, that's the part about distributing traffic based on dest.. you'd want a single dest to be locked to a single ip for a specified period, probably.
dr|z3d and obviously that period could be configurable in the outproxy server tunnel.
eyedeekay Good point, possibly making the server tunnel aware of that would require integrating more closely with I2PTunnel
dr|z3d indeed
dr|z3d more intelligent rate-limiting would also be useful.
eyedeekay Makes sense
dr|z3d bandwidth limiter, also possible. set the max bps per client, to avoid one client overusing.
dr|z3d I mean, you want to offer a fast outproxy, but not so fast that one client slows down the connection for everyone else :)
dr|z3d on purokishi, on a 0 hop tunnel, 65Mb/s is the current spike record to fast.com, random aside.
dr|z3d eyedeekay: another consideration re a custom outproxy tunnel is making it as easy as possible for an operator to run a service. although the stormycloud guy is currently proposing using i2pd to host his service, he'll be missing rate-limiting and tunnel filtering.. the more features provided by i2ptunnel, the more compelling hosting on i2p will be.