Onion Balance kvm

Hi looking to setup onion balance for my v3 hidden service. I have 3 servers each one has whonix installed, do I need to install onion balance on one of the gateways?

Do I install my forum software on one of the severs my OB gateway points too? Do I have to install anything on the second server or does it remain a static server only?

and have it point to the two other servers?

Unspecific to KVM.

All documentation we have on the https://www.whonix.org/wiki/Onion_Services for now is:

OnionBalance [archive] can help to prevent de-anonymization of an onion service by protecting it from becoming unavailable through denial of service attacks (DDOS). OnionBalance is mentioned in the security readme [archive] by vanguards author and Tor developer Mike Perry where he discusses attacks against onion services and defenses. OnionBalance [archive] is now available for onion v3 services [18], see: Cooking with Onions: Reclaiming the Onionbalance [archive].

Vanguards protect against guard discovery and related traffic analysis attacks and is installed by default in Whonix ™. [19] See Vanguards for further information.

High Traffic Onion Service Scalability Performance

Although mostly focused on non-anonymous onion services, the tor-dev mailing list discussion onionbalance useful on same server / for high-spec non-location hidden servers? [archive] contains interesting information on scalability and performance of high traffic onion services. The tor-dev mailing list [archive] (sign-up [archive]) is considered a useful resource for technical information since they are receptive to genuine inquiries.

Not even using onionbalance for whonix.org yet.

Mostly undocumented.

Should that change, the wiki page https://www.whonix.org/wiki/Onion_Services will be updated.


I would guess so.

Forum / server software ought to run inside Whonix-Workstation.

It’s difficult enough to load balance anything. More difficult for dynamic content such as forums. It’s highly web application specific - unrelated to Whonix. How do you even load balance discourse or phpBB on clearnet… Without knowing this even in theory, I wouldn’t attempt to introduce another layer of complexity, namely Tor onion services.

I guess a realistic path forward might be 1 centralized web server for the webapps(s) (forum) and then onionbalance only to work around the onion connection layer bottleneck.

Please see the docs below for more accurate info. I think you are running 3 instances of your website all sharing the single onion but onion balance balances the load between all three equally.

Likely on three different machines or else there isn’t a point to this setup. The idea is to make resources available for your onion to use by backing it up with many machines.


