Hi, I have a doubt about the plotting of networks on shadow-tor via NetworkX. After creating a network and performing the graphical representation using the NetworkX tool, the result presents all the clients on the right, all the servers on the left and the various relays in between; it also appears that, in the last Client-Server step, all the components pass through a node called "relayexitguard" (as shown in the figure). Can anyone tell me what this component is and why all paths must necessarily pass by the node? Thanks for the attention

Can you please be more specific about which graph file you are attempting to plot? What is the name of the graph file?

Shadow generally prefers complete graphs, so that means every node has a direct link directly to every other node. So I'm not sure how you came up with the structure that you described.

Hi! I will try to explain all the steps to get to the previous graph.

First of all I used the shadow-tor tutorial to create a network with 1 authority, 20 relays, 4 web clients, 4 bulk clients, 4 perf 50k clients, 4 perf 1M clients, 4 perf 5M clients and 10 servers.

Later I modified the shadow config to also generate the torctl files in the shadow data; through a script I obtained the client-server connections (looking for the keyword SUCCEEDED as you can see in the attached image), so also relays in the path and, finally, I entered all data in the NetworkX tool.

In every graph made, there is always a node, called relayexitguard, crossed by every path before accessing a server and I was curious to understand what it was and why it was omnipresent in the graphs of my networks.

I hope you will be able to help me solve this problem. Thank you!

So you're generating this graph from observed Tor network traffic, not the network topology file? Then that makes sense for such a small network. Since you didn't generate any hidden services/hidden service clients, all traffic has to go through an exit relay before reaching a server. Since your network is very small, there proportionally aren't many to choose from -- from your image, it looks like there are only two exit relays. Only one of the exit relays is a guard relay (hence the name), and since guard relays generally have higher bandwidth, it makes sense that connections are biased towards that relay when selecting from the two exits.

If you want your traffic to go through more exit relays, you have to switch some of them (in the Shadow config file) to exit relays (make sure the torrc file that the relay is configured to use has an ExitPolicy defined, meaning it will allow exit traffic).

If you want your traffic to be better balanced among existing exit relays, you can adjust the bandwidth of the exit relays to be equal (i.e., the bandwidthup and bandwidthdown attributes in the shadow.config.xml file), and then adjust the bandwidth weights in the shadow.data.template/hosts/torflowauthority/v3bw file.