Earning and Maintaining the Tor Guard Flag: Configuration Guide

The Guard flag is assigned by Tor's directory authorities based on: bandwidth requirement (measured bandwidth at least the median of all relays, currently approximately 2 Mbit/s), stability requirement (weighted fractional uptime must exceed a threshold, typically 98% or more), long-term consensus presence (relay must appear in many recent consensuses without gaps). New relays must operate for approximately 8 days before being considered for the Guard flag (the guard-time-delay). Relays that meet requirements consistently earn the Guard flag automatically. Operators do not request or configure the Guard flag - it is assigned by directory authorities. The Guard flag is separate from the HSDir flag (also uptime-based) and the Exit flag (based on exit policy).

Two stability metrics determine Guard flag eligibility: MTBF (Mean Time Between Failures): how often does the relay go offline? Calculated as a weighted average where recent restarts count more than old ones. A relay with 0 restarts in 30 days has perfect MTBF. Weighted Fractional Uptime (WFU): what fraction of recent consensus windows did the relay appear in? Each 1-hour consensus window counts - a relay that is online for 23 of 24 hours has 95.8% WFU for that day. For the Guard flag, WFU must consistently be above the threshold (approximately 98%). Improve stability: use a reliable VPS provider, set up systemd auto-restart (Restart=on-failure), configure unattended-upgrades for OS updates (to avoid security patch downtime exceeding the restart), and monitor the relay with external uptime checks.

The bandwidth requirement for Guard flag is dynamic: set at the median measured bandwidth of all relays in the current consensus. As the Tor network grows, the median bandwidth increases. In 2026, the median is approximately 2-5 Mbit/s sustained. To ensure your relay meets the bandwidth requirement with margin: set RelayBandwidthRate and RelayBandwidthBurst at least 20% above the current median. Monitor your relay's measured bandwidth (vs your configured rate) on Tor Metrics. Measured bandwidth is what the bandwidth authority (bwauth) observes, not your configured rate. If measured bandwidth is significantly below configured rate, investigate: network interface saturation, CPU overload (AES-NI not active), or VPS provider throttling. Measured bandwidth must be above the median for the Guard flag.

Guard relays are used by clients for months at a time - Tor clients rotate guards infrequently to minimize the probability of being assigned a malicious guard. This long-term use creates value: clients who have selected your relay as their guard benefit from its security properties for the duration of that guard period. Implications for operators: Guard relays have higher sustained traffic than non-Guard relays because they are used consistently by assigned clients. Expect higher and more consistent bandwidth usage after earning the Guard flag. Plan VPS bandwidth allocation with Guard-level traffic in mind. Guard relays also have additional attack value to adversaries - they can see which clients use them as guards. This is a documented threat (guard discovery) but the Tor network's vanguard system (which adds a pre-guard layer for hidden services) mitigates some of this exposure.

The Guard flag can be lost if: measured bandwidth drops below the median (relay is overloaded or network connection degrades), WFU drops below threshold (relay has significant downtime), or the relay goes offline entirely for a significant period. Recovering the Guard flag after loss: address the underlying cause (upgrade bandwidth, fix stability issues), then wait for the relay to re-establish consensus presence with good stability metrics. Recovery typically takes 2-4 weeks of consistent stable operation. To minimize Guard flag loss: configure monitoring that alerts within 5 minutes of Tor process failure, use a VPS provider with strong uptime SLAs (99.9% or better), and schedule maintenance windows to minimize total downtime duration.