Explicit public address for authority discovery DHT record and Identify protocol #3657
Conversation
| self.identify.on_swarm_event(FromSwarm::NewListenAddr(e)); | ||
| // Do not report listen addresses to `Identify`, because remote nodes should only | ||
| // know about our external addresses. |
There was a problem hiding this comment.
Not sure if this is a good idea. Probably needs a burn-in in a real network to see if it's safe to remove because AFAIU many of our nodes rely on external address discovery via Identify and the issues we've experienced are limited Rococo. If this is necessary to fix it, then it probably should be behind a CLI flag to enable this behavior explicitly.
There was a problem hiding this comment.
Yes, let's do a burn-in. This should not affect the external address discovery via Identify, as discovery is handled separately via observed_addr field of Identify message.
There was a problem hiding this comment.
Yeah I was mixing up listen and external addresses
There was a problem hiding this comment.
The confusion is no surprise, as there is only one field listen_addrs in Identify message, where both listen and external addresses are added.
|
Putting more thought into it, I think this is not enough to clean DHT from temporary spot instance addresses, as they will be discovered via Identify and published as external addresses anyway. Unless connections from temporary addresses are blocked/forwarded by a firewall. I think we need to explicitly filter all addresses except the explicitly set |
|
The same applies to authority discovery, as a spot instance temporary addresses will end up in the authority discovery DHT records as external addresses. |
Another option is to add one more flag EDIT: another option is I'm going to update the PR to cover both Identify and authority discovery once we decide on the flag usage. |
|
Out of caution, I'd go with an extra flag instead of modifying behavior of the current flags, simply because this is trying to address an issue we've encountered in Rococo, not on all networks, and because we don't know if there is someone relying on the current behavior of the flags. Your call though |
|
I do like the |
|
@lexnv could you have a look again, please? The logic with Identify was reworked + the action of the flag was extended on authority discovery DHT records. |
|
|
||
| debug!(target: LOG_TARGET, "Authority DHT record peer_id='{:?}' addresses='{:?}'", peer_id, addresses.clone().collect::<Vec<_>>()); | ||
| debug!( |
There was a problem hiding this comment.
dq:
I think moving the debug log here changes a bit the details we expose.
I was curious to know the addresses we publish in DHT prior to adding the /p2p/local_peer_id.
Having the log line here might hint us about /p2p/other_peer entries (because they will remain untouched).
Could you see any value in distinguishing between rogue_ip_address and rogue_ip_address/p2p/local_peer_id?
There was a problem hiding this comment.
I moved the log here to see what addresses exactly are published to DHT. In case we want pretty addresses without /p2p/... part, we would also need to drop the /p2p/... part if it was provided by the operator.
|
I'm not convinced by this pull request. You are trying to add some duct tape. This change will require manual intervention of node operators. Aka this will not fix anything. We have almost all the data that we need. Other nodes report us out addresses. We just need to take the data and put it together in a better way.
This is a correct fix. However, I'm not sure if you went down to libp2p checking when this is being generated. (I have done this and I think it is generated almost never because they have a address cache for 200 automatically). As I already said in the issue or somewhere else, we need to start track the "lifeness" of these addresses manually in our networking code and prune them if they are too old. Authority discovery should be changed to report the addresses in the following order:
|
For this, we'd need to introduce the address probing protocol, something like AutoNAT v2 proposed in libp2p. Otherwise we don't have any source of truth for what addresses are real and what are incorrectly reported by remote peers with faulty NAT / port forwarding configurations or incorrectly translated by libp2p (it assigns a local listen port to an observed external address and breaks things when the external address has a different port than the listen address).
Currently, upon fetching an authority-discovery DHT record, we just insert the addresses into TLDR; we can order addresses to make the address provided by the operator go first, but we'd need to maintain the order in both (1) authority-discovery records and (2) DHT routing table (via providing the needed order in Identify). @bkchr does this make sense? |
Generally we are not supporting authorities behind NATs. Authorities should be reachable directly. Otherwise we would need support for hole punching etc.
Generally I was talking about the sending site. AKA what we put into the DHT for our node.
But we call this code in Kademlia, from here. And before we already use this ephemeral list. So, we could give addresses in the ephemeral list a higher "weight" when they come from authority discovery. |
Unfortunately, this is exactly what we are doing at Parity — running rococo validators on spot instances with hole punching.
👍
Yes, makes sense, missed this. Should be already working as needed if we publish the authority-discovery DHT records with the right order of addresses. |
Then we need to change the infrastructure and not the code ;) |
Yes, but we could also optimize the function to not return duplicated addresses. |
|
Closing in favor of #3757. |
…ritytech#3757) Make sure explicitly set by the operator public addresses go first in the authority discovery DHT records. Also update `Discovery` behavior to eliminate duplicates in the returned addresses. This PR should improve situation with paritytech#3519. Obsoletes paritytech#3657.
As reported in #3519 (comment), DHT is flooded by rogue automatically discovered addresses (both in regular DHT records and authority discovery DHT records) when a node is run on a spot instance.
This PR adds flag
--public-addr-onlythat forces publishing of only explicitly set public addresses.If
--public-addr-onlyflag is passed:--public-addraddresses to the authority discovery DHT record instead af the discovered external addresses (applies to validators).--public_addraddresses are advertised via Identify protocol instead of all listen addresses and discovered external addresses, so that remote nodes do not add them to the node addresses in DHT (applies to all nodes).This PR also fixes a subtle bug where expired external addresses were never removed from the list in
PeerInfowhen handlingFromSwarm::ExpiredExternalAddr.