Tor Relay VM vs Bare Metal: Performance and Cost Analysis

Tor relays encrypt and decrypt traffic using AES-256-GCM for circuit encryption and Ed25519/X25519 for key agreement. Modern CPUs (Intel since 2010, AMD since 2011) include AES-NI hardware acceleration that makes AES encryption approximately 10x faster than software implementation. A relay serving 100 Mbps of traffic performs approximately: 100,000 packets per second cipher operations, continuous elliptic curve key agreement for new circuits (adding and dropping circuits continuously). CPU requirement: a modern 2-core CPU with AES-NI can handle approximately 1 Gbps of relay traffic. CPU becomes a bottleneck before network bandwidth for most relay deployments. VMs often have AES-NI passthrough enabled - verify with: grep aes /proc/cpuinfo on the VPS.

Network I/O is the primary bottleneck for most Tor relays. VM network performance: hypervisor adds a virtualization layer for network packets. Modern hypervisors (KVM with virtio-net, Hyper-V with SR-IOV) reduce this overhead significantly. For relays under 500 Mbps, VPS network performance is typically indistinguishable from bare metal. For 1 Gbps+ relay ambitions: bare metal provides more consistent network throughput without hypervisor scheduling jitter. VM I/O jitter (varying latency due to hypervisor scheduling other VMs) can affect circuit timing consistency on very high-bandwidth relays. Dedicated VPS (single-tenant physical hardware) provides bare-metal-like network performance at a lower price than full bare metal.

VPS cost-efficiency for Tor relays: most VPS plans include data transfer allowances. A relay set to BandwidthRate 100 Mbps uses approximately 30 TB/month. VPS providers offering 30+ TB transfer at low cost: select providers with no transfer overage charges and sufficient bandwidth included. Bare metal cost-efficiency: bare metal servers with 1 Gbps unmetered ports are available for $50-150/month. At full utilization (continuous 1 Gbps), this provides orders of magnitude more bandwidth than a typical VPS. For relay operators wanting maximum bandwidth contribution per dollar, bare metal with unmetered or high-cap transfers is most efficient. VPS is more cost-efficient for smaller relays (under 100 Mbps sustained) due to lower fixed costs.

Benchmark comparison for Tor relay workloads: AES-NI acceleration is available in most modern VPS hypervisors (verify before choosing). The overhead is typically: 5-15% CPU overhead compared to bare metal for the same throughput (hypervisor system call overhead, guest OS overhead). Network packet rate: VMs using virtio-net typically handle 1 million packets/second - sufficient for all but the highest-bandwidth relays. Memory bandwidth: VMs share physical memory bandwidth with other VMs on the same host (noisy neighbor problem). For relay-critical applications, verify memory bandwidth availability under load. In practice, VPS for Tor relays performs adequately at up to 500 Mbps sustained. Bare metal shows clearer advantages at 1 Gbps+ sustained.

Choose VPS when: target bandwidth is under 200 Mbps sustained, cost is a priority, you want flexibility to change providers, or upfront commitment is a concern (VPS can be scaled or cancelled quickly). Choose bare metal when: target bandwidth is 500 Mbps+ sustained, network performance consistency is important, you want maximum throughput per dollar at scale, or you are running a Guard or Exit relay where performance directly affects user experience. Middle ground: dedicated servers (single-tenant VPS on physical hardware allocated to you alone) provide VPS management convenience with near-bare-metal performance. These are available from providers offering dedicated VPS products.