-
Notifications
You must be signed in to change notification settings - Fork 912
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MPP: limit the number of HTLCs based on destination connectivity #3936
MPP: limit the number of HTLCs based on destination connectivity #3936
Conversation
19f032c
to
459dc2d
Compare
Rebased |
2b759af
to
e4b1970
Compare
Currently wondering if I should instead put the new code in a new paymod instead of mixing it with the presplitter. And additionally make the presplitter less aggressive, say if it would generate more HTLCs than half the |
e4b1970
to
c8cd119
Compare
Turns out the routehints paymod takes over ownership of the invoice routes (and leaves a stale pointer in the invoice structure, how rude), but we need to know the number of invoice routes being maintained, because if the payee is unpublished that is the only indication we have of the incoming channels of the payee and therefore the limit on the destination connectivity. |
This seems extremely fragile. You're making some wild assumptions about the HTLC capacities of the nodes in the network. You say, "Assume 30, since that is what C-lightning itself uses, and we have probably the lowest such limit among implementations in common use," but 30 HTLCs is a rather high limit. My C-Lightning node has automatically force-closed a channel with only 4 outstanding HTLCs, and it cost me over $5 in chain fees, once all was said and done, so I surely don't want to allow 30 outstanding HTLCs on any channel; that'd be a recipe for going broke. I have set Shouldn't C-Lightning strive to minimize the number of concurrent HTLCs that any given multi-part payment generates? Each additional HTLC costs additional money (base fee) and carries a non-zero (and rather high) probability of triggering a channel force-closure and costing the user many dollars in chain fees. Your current strategy is just too expensive. |
30 here is the maximum we will split later. See |
c8cd119
to
56468f8
Compare
Moved into a new paymod, since @whitslack brings up that maybe we should not really split early, so maybe we might decide to remove presplitter later. Also, toned down the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is rather less convoluted than what I expected to be honest, the paymod structure seems to be working :-)
I was about to argue that it'd be better if we limit the overall number of HTLCs the presplit modifier is allowed to create (using either the fibonacci series in #3951 or the simpler power of 16 proposal that doesn't have code yet), but since this is a rather nicely self-contained limiter I think we should keep it.
Might come in handy to have another early abort signal.
I would argue that this is different from the presplit:
We already have a limit for the source connectivity, that is the only limit we have. We should limit to the lowest of all three limits: source, network, destination. The source or the destination could be unusually low-connectivity compared to the network, which is why the presplit limit (which represents the expected limit of the network) is different from the destination limit (which we derive from the number of channels we know to the destination). |
56468f8
to
d6b6470
Compare
d6b6470
to
528c2b7
Compare
Rebased (especially with |
528c2b7
to
db979fe
Compare
Rebased on top of ACK db979fe |
As revealed by the failure of tests in ElementsProject#3936, where we ended up trying to send a partial payment using legacy style, we are not handling style properly. 1. BOLT9 has features, so we can *know* that the destination supports MPP. We may not have seen a node_announcement. 2. We can't assume that nodes inside routehints support TLV. 3. We can't assume direct peers support TLV. The keysend code tried to fix this up, so I'm not sure that this caused the issue in ElementsProject#3968, though. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
As revealed by the failure of tests in ElementsProject#3936, where we ended up trying to send a partial payment using legacy style, we are not handling style properly. 1. BOLT9 has features, so we can *know* that the destination supports MPP. We may not have seen a node_announcement. 2. We can't assume that nodes inside routehints support TLV. 3. We can't assume direct peers support TLV. The keysend code tried to fix this up, so I'm not sure that this caused the issue in ElementsProject#3968, though. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Changelog-Fixed: `pay` will now make reliable multi-part payments to nodes it doesn't have a node_announcement for.
…hints paymod mutates it. The routehints paymod shares the storage of the array d->routehints and p->invoice->routes, but once it operates, it possibly leaves it as a stale pointer to memory it used to have. Since other paymods may be interested in the invoice details, including the routehints in the invoice, we should ensure the p->invoice->routes remains valid whenever we try mutating that array.
…g of the estimated max HTLCs.
… of HTLCs based on payee connectivity. Fixes: ElementsProject#3926 (probably) Changelog-Fixed: pay: Also limit the number of splits if the payee seems to have a low number of channels that can enter it, given the max-concurrent-htlcs limit.
Rebased onto #4035 |
db979fe
to
08a22b7
Compare
As revealed by the failure of tests in ElementsProject#3936, where we ended up trying to send a partial payment using legacy style, we are not handling style properly. 1. BOLT9 has features, so we can *know* that the destination supports MPP. We may not have seen a node_announcement. 2. We can't assume that nodes inside routehints support TLV. 3. We can't assume direct peers support TLV. The keysend code tried to fix this up, so I'm not sure that this caused the issue in ElementsProject#3968, though. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Changelog-Fixed: `pay` will now make reliable multi-part payments to nodes it doesn't have a node_announcement for.
ACK 08a22b7 |
As revealed by the failure of tests in #3936, where we ended up trying to send a partial payment using legacy style, we are not handling style properly. 1. BOLT9 has features, so we can *know* that the destination supports MPP. We may not have seen a node_announcement. 2. We can't assume that nodes inside routehints support TLV. 3. We can't assume direct peers support TLV. The keysend code tried to fix this up, so I'm not sure that this caused the issue in #3968, though. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Changelog-Fixed: `pay` will now make reliable multi-part payments to nodes it doesn't have a node_announcement for.
As revealed by the failure of tests in ElementsProject#3936, where we ended up trying to send a partial payment using legacy style, we are not handling style properly. 1. BOLT9 has features, so we can *know* that the destination supports MPP. We may not have seen a node_announcement. 2. We can't assume that nodes inside routehints support TLV. 3. We can't assume direct peers support TLV. The keysend code tried to fix this up, so I'm not sure that this caused the issue in ElementsProject#3968, though. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Changelog-Fixed: `pay` will now make reliable multi-part payments to nodes it doesn't have a node_announcement for.
Fixes: #3926
(probably)