FIP draft: Extend sector fault cutoff period from 2 weeks to 6 weeks #190
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||||
|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,80 @@ | ||||||||
| --- | ||||||||
| fip: "0025" | ||||||||
| title: Extend the fault period of cc sector from 2 weeks to 6 weeks | ||||||||
| author: IPFSUnion(@IPFSUnion) | ||||||||
| discussions-to: https://github.com/filecoin-project/FIPs/issues/189 | ||||||||
| status: Draft | ||||||||
| type: Technical (Core) | ||||||||
| created: 2021-10-01 | ||||||||
| --- | ||||||||
|
|
||||||||
| <!--You can leave these HTML comments in your merged FIP and delete the visible duplicate text guides, they will not appear and may be helpful to refer to if you edit it again. This is the suggested template for new FIPs. Note that a FIP number will be assigned by an editor. When opening a pull request to submit your FIP, please use an abbreviated title in the filename, `fip-draft_title_abbrev.md`. The title should be 44 characters or less.--> | ||||||||
|
|
||||||||
|
|
||||||||
| ## Simple Summary | ||||||||
| <!--"If you can't explain it simply, you don't understand it well enough." Provide a simplified and layman-accessible explanation of the FIP.--> | ||||||||
|
|
||||||||
| Due to force majeure factors such as major natural disasters, storage providers may not be able to restore services in a short period. According to the current implementation of the protocal, the sector will be forcibly terminated after two consecutive weeks of faults. Two weeks is not enough to complete the EiB-level data migration and recovery, so we hereby propose this FIP. | ||||||||
|
|
||||||||
| ## Abstract | ||||||||
| <!--A short (~200 word) description of the technical issue being addressed.--> | ||||||||
|
|
||||||||
| Filecoin needs to extend the fault period so that large storage providers have enough time to complete the data migration. Six weeks is generally enough for overseas migration, including overall planning, customs application, sea or air transport, etc. | ||||||||
|
|
||||||||
| ## Change Motivation | ||||||||
| <!--The motivation is critical for FIPs that want to change the Filecoin protocol. It should clearly explain why the existing protocol specification is inadequate to address the problem that the FIP solves. FIP submissions without sufficient motivation may be rejected outright.--> | ||||||||
|
|
||||||||
| Any country in the world is likely to face force majeure factors such as major natural disasters or social abnormal events, causing storage providers to be unable to provide services normally for a long period of time. To this end, we must plan ahead. | ||||||||
| In the current implementation of the protocol, the sector will be forcibly terminated if there are two consecutive weeks of faults. However, two weeks is not enough for a large storage provider to complete the data migration and restart the service. If appropriate measures are not taken, it will not only cause huge economic losses to the storage provider, but also cause large fluctuations in the storage power of the entire Filecoin network. | ||||||||
| Therefore, it is necessary to make some adjustments to the sector fault period. Regarding the deal sector, the current data of all transactions is about 32 PiB. It is not a big problem to complete the real data migration within two weeks, but it is far from enough for the EiB level of cc sector to complete the migration within two weeks, so we propose to extend the cc sector fault period from 2 weeks to 6 weeks. | ||||||||
|
There was a problem hiding this comment.
Suggested change
such a change needs to apply to both cc and deal sectors equally from a cryptoeconomic perspective. But agree that SPs can and should prioritize migrating deal sectors faster There was a problem hiding this comment. all cc have been removed in the commit below.(1aff8d5) |
||||||||
|
|
||||||||
| ## Specification | ||||||||
| <!--The technical specification should describe the syntax and semantics of any new feature. The specification should be detailed enough to allow competing, interoperable implementations for any of the current Filecoin implementations. --> | ||||||||
|
|
||||||||
| Extend fault period of cc sector from 2 weeks to 6 weeks. | ||||||||
|
|
||||||||
| ## Design Rationale | ||||||||
| <!--The rationale fleshes out the specification by describing what motivated the design and why particular design decisions were made. It should describe alternate designs that were considered and related work, e.g. how the feature is supported in other languages. The rationale may also provide evidence of consensus within the community, and should discuss important objections or concerns raised during discussion.--> | ||||||||
|
|
||||||||
| Extend the cc sector fault period to buy time for storage providers to migrate data | ||||||||
|
|
||||||||
| ## Backwards Compatibility | ||||||||
| <!--All FIPs that introduce backwards incompatibilities must include a section describing these incompatibilities and their severity. The FIP must explain how the author proposes to deal with these incompatibilities. FIP submissions without a sufficient backwards compatibility treatise may be rejected outright.--> | ||||||||
|
|
||||||||
| The proposal extends the fault period of the cc sector, so such changes must be completed through version upgrades. | ||||||||
|
|
||||||||
|
|
||||||||
| ## Test Cases | ||||||||
| <!--Test cases for an implementation are mandatory for FIPs that are affecting consensus changes. Other FIPs can choose to include links to test cases if applicable.--> | ||||||||
|
|
||||||||
| The following test cases should be covered: | ||||||||
|
|
||||||||
| - Calculate whether the penalty amount for different fault durations is consistent with expectations | ||||||||
| - Test whether there is a conflict with the sector expiration | ||||||||
|
|
||||||||
|
|
||||||||
| ## Security Considerations | ||||||||
| <!--All FIPs must contain a section that discusses the security implications/considerations relevant to the proposed change. Include information that might be important for security discussions, surfaces risks and can be used throughout the life cycle of the proposal. E.g. include security-relevant design decisions, concerns, important discussions, implementation-specific guidance and pitfalls, an outline of threats and risks and how they are being addressed. FIP submissions missing the "Security Considerations" section will be rejected. A FIP cannot proceed to status "Final" without a Security Considerations discussion deemed sufficient by the reviewers.--> | ||||||||
|
|
||||||||
| Strong incentives remain for Storage Providers to keep proving all their sectors reliably, which should prevent any increased variability / unreliability in network storage power. | ||||||||
|
|
||||||||
| ## Incentive Considerations | ||||||||
| <!--All FIPs must contain a section that discusses the incentive implications/considerations relative to the proposed change. Include information that might be important for incentive discussion. A discussion on how the proposed change will incentivize reliable and useful storage is required. FIP submissions missing the "Incentive Considerations" section will be rejected. An FIP cannot proceed to status "Final" without a Incentive Considerations discussion deemed sufficient by the reviewers.--> | ||||||||
|
|
||||||||
| The maintained FaultFee structure provides strong incentives for storage providers to maintain great quality of service and keep any downtime to a bare minimum. | ||||||||
|
|
||||||||
|
|
||||||||
| ## Product Considerations | ||||||||
| <!--All FIPs must contain a section that discusses the product implications/considerations relative to the proposed change. Include information that might be important for product discussion. A discussion on how the proposed change will enable better storage-related goods and services to be developed on Filecoin. FIP submissions missing the "Product Considerations" section will be rejected. An FIP cannot proceed to status "Final" without a Product Considerations discussion deemed sufficient by the reviewers.--> | ||||||||
|
|
||||||||
| Increasing the sector forced termination window increases the potential time between when a storage provider could stop storing/proving data to the network, and when storage clients would have their payment refunded. This could be annoying/frustrating from a sector repair perspective, since there is a longer window before it is clear whether a storage provider is coming back online, which the client isn't compensated for. | ||||||||
|
There was a problem hiding this comment. What does There was a problem hiding this comment. i am pretty confident it means:
but i am not sure either. as a client you have a choice to make to keep your data stored in a "safe" manner. if a storage provider faults the sector the deal is in you can:
expanding 14 days to 42 will change the calculation when re-storing (in the sense of: store it again) a deal makes financial sense - if a sector recovers from a fault the client will have to resume payment and with 42 days, i plain assume this, the financial risks of "over storing" is bigger for the client then with 14 days. [edit] this has terrible consequences for platforms/facilitators that guarantee a certain service level of storage replication. |
||||||||
|
|
||||||||
|
|
||||||||
|
|
||||||||
| ## Implementation | ||||||||
| <!--The implementations must be completed before any core FIP is given status "Final", but it need not be completed before the FIP is accepted. While there is merit to the approach of reaching consensus on the specification and rationale before writing code, the principle of "rough consensus and running code" is still useful when it comes to resolving many discussions of API details.--> | ||||||||
|
|
||||||||
| TODO in all related Filecoin implementations. | ||||||||
|
There was a problem hiding this comment. One note - to avoid complicated implementation in spec actor that needs state migration(will require heavy testing), we are proposing to only raise There was a problem hiding this comment. @ZenGround0 do you have a draft PR for this change? |
||||||||
|
|
||||||||
| ## Copyright | ||||||||
| Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/). | ||||||||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is FIP0026.
It's not a problem, but for the future, do not worry about adding a FIP number. A FIP editor will do this for you.