Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make NAT traversal more user-friendly #567

Closed
JoshOrndorff opened this issue Jun 3, 2019 · 12 comments
Closed

Make NAT traversal more user-friendly #567

JoshOrndorff opened this issue Jun 3, 2019 · 12 comments
Labels
I5-enhancement An additional feature request.

Comments

@JoshOrndorff
Copy link
Contributor

During office hours today, we (re) realized that getting nodes to connect from behind routers is a bit of a pain for a user who is just looking to join a network.

One option is to use upnp. I had a good experience with that at rchain (their upnp code)

@folsen mentioned there are other solutions too.

I don't have strong feelings about which solution we use, or that it has to happen fast, but it would be one fewer hurdle for beginner and intermediate users.

@tomaka
Copy link
Contributor

tomaka commented Jun 4, 2019

What do you mean by "is a bit of a pain"? It should just work, unless your bootstrap nodes are behind routers.

@bkchr
Copy link
Member

bkchr commented Jun 4, 2019

I think that was his problem, he probably wanted to create a network with his office hour participants. And all of them are probably behind some NAT.

@JoshOrndorff
Copy link
Contributor Author

he probably wanted to create a network with his office hour participants. And all of them are probably behind some NAT.

Yes, that is exactly what I meant.

@Demi-Marie
Copy link
Contributor

uPnP is great, but it is not always enabled, especially in corporate environments. Being able to use UDP hole punching, and falling back to using a public (Parity-provided?) STUN or TURN server, would be a much better option.

@tomaka
Copy link
Contributor

tomaka commented Jun 5, 2019

To give some context:

  • We have looked into UPnP and PCP a long time ago, but we had some API issues that have now been solved. However nobody has taken the task to write an implementation again.
  • Libp2p has its equivalents to STUN and TURN, called identify and relay. This makes it possible to use other libp2p nodes as STUN and TURN servers, instead of a centralized server. Rust-libp2p only supports the former. Adding the latter is a work-in-progress.
  • Connections are made over TCP at the moment, so we can't use UDP hole punching. There's a work in progress spec for TCP hole punching in libp2p, so that similarly to STUN/TURN we can use libp2p nodes themselves instead of centralized servers: relay/DCUtR: Add Direct Connection Upgrade through Relay protocol libp2p/specs#173

@Demi-Marie
Copy link
Contributor

To give some context:

  • We have looked into UPnP and PCP a long time ago, but we had some API issues that have now been solved. However nobody has taken the task to write an implementation again.
  • Libp2p has its equivalents to STUN and TURN, called identify and relay. This makes it possible to use other libp2p nodes as STUN and TURN servers, instead of a centralized server. Rust-libp2p only supports the former. Adding the latter is a work-in-progress.
  • Connections are made over TCP at the moment, so we can't use UDP hole punching. There's a work in progress spec for TCP hole punching in libp2p, so that similarly to STUN/TURN we can use libp2p nodes themselves instead of centralized servers: libp2p/specs#173

How difficult would it be to switch to QUIC? That runs over UDP and just seems to be overall better.

@tomaka
Copy link
Contributor

tomaka commented Jun 5, 2019

How difficult would it be to switch to QUIC?

Attempts have been made.

The difficulty is that at the moment QUIC kind of assumes TLSv3, but we don't want to depend on certificate authorities.
The libp2p specs contain an alternative to TLSv3 using self-signed certificates that are signed with the network key, but implementing that is not a trivial task.

@Demi-Marie
Copy link
Contributor

How difficult would it be to switch to QUIC?

Attempts have been made.

The difficulty is that at the moment QUIC kind of assumes TLSv3, but we don't want to depend on certificate authorities.

Can we transmit something else in place of the certificates? My understanding is that TLS does not imply X.509, so we should be able to transmit anything we want in place of the certs.

@tomaka
Copy link
Contributor

tomaka commented Jun 5, 2019

QUIC doesn't imply TLS either.
It's not a design issue, just an engineering issue. The current Rust QUIC and TLS libraries haven't been written to be used for anything else than regular QUIC and TLS.

@altonen altonen transferred this issue from paritytech/substrate Aug 24, 2023
@the-right-joyce the-right-joyce added I5-enhancement An additional feature request. and removed J0-enhancement labels Aug 25, 2023
claravanstaden pushed a commit to Snowfork/polkadot-sdk that referenced this issue Dec 8, 2023
* Removed non-required balance variable

* Added reject message

* removed require condition
@bkchr bkchr closed this as completed Apr 2, 2024
@github-project-automation github-project-automation bot moved this from Backlog 🗒 to Blocked ⛔️ in Networking Apr 2, 2024
@JoshOrndorff
Copy link
Contributor Author

FWIW, It's 5 years later, and I still can't easily start a blockchain network at a meetup or an online workshop because of this issue. I always need a bootnode on some centralized aws-like thing for the users to connect too.

It isn't that hard to set up now that I have experience, but it really undermines the whole "decentralized" point.

@bkchr
Copy link
Member

bkchr commented Apr 3, 2024

Yes :) I mean it is a nice to have and I get where you are coming from. If we follow this route, we could speak about discovering nodes via bluetooth, mesh networks and whatever. However, Substrate is currently not build with this in mind.

For local area networks we have MDNS that works quite okayish.

bkchr pushed a commit that referenced this issue Apr 10, 2024
* benchmarks for pallet_message_lane::receive_messages_proof

* use CallOrigin::TargetAccount (worst case of CallOrigin)

* fmt

* closures

* Update modules/message-lane/src/benchmarking.rs

Co-authored-by: Hernando Castano <HCastano@users.noreply.github.com>

* Update modules/message-lane/src/benchmarking.rs

Co-authored-by: Hernando Castano <HCastano@users.noreply.github.com>

* fix compilation

Co-authored-by: Hernando Castano <HCastano@users.noreply.github.com>
@aohan237
Copy link

aohan237 commented Jun 6, 2024

Yes :) I mean it is a nice to have and I get where you are coming from. If we follow this route, we could speak about discovering nodes via bluetooth, mesh networks and whatever. However, Substrate is currently not build with this in mind.

For local area networks we have MDNS that works quite okayish.

i think every node is equal to find and connect is the "decentralized" core, otherwise the whole web3 is built on a lie

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
I5-enhancement An additional feature request.
Projects
Status: Blocked ⛔️
Development

No branches or pull requests

7 participants