Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Failure to meet activation threshold for observed address without DHT client #2941

Open
2color opened this issue Aug 29, 2024 · 2 comments
Open

Comments

@2color
Copy link
Contributor

2color commented Aug 29, 2024

Preface

This is not a bug per se, but an issue that arises in specific circumstances.

TL;DR:

  • To start hole punching you need to determine your public IP, which generally requires other peers if you're behind NAT
  • We determine our own observed address by running the identify protocol against peers
  • We "activate" an observed address once 4 peers return tell us they've observed an address. This reduces the trust assumptions on any particular peer and provides some level of security
    // ActivationThresh sets how many times an address must be seen as "activated"
    // and therefore advertised to other peers as an address that the local peer
    // can be contacted on. The "seen" events expire by default after 40 minutes
    // (OwnObservedAddressTTL * ActivationThreshold). The are cleaned up during
    // the GC rounds set by GCInterval.
    var ActivationThresh = 4
  • The activation of an observed address is transport and IP specific. That means that with QUIC and TCP enabled with both IPv4 and IPv6 addrs, you will need 16 connections for the 4 addresses to be activated. By corollary, as the number of transports and IPs increases, more connections are necessary to activate a given addr. (Can you confirm this @sukunrt)
  • When you are behind NAT, don't start a DHT client, and create a new host with the default configuration, there's a good chance that you won't be able to hole punch into other peers behind NAT, because you don't have any activated public addresses.
  • Even if you connect to the 4 libp2p bootstrap nodes (without starting a DHT client), depending on the transports over it connects, none of your public addrs will activate.

Background

ipfs-check, is a retrievability diagnostics tool. You provide it with a CID and a multiaddr and it checks —amongst other things— whether the peer is dialable and whether it has the block of the CID. This is especially useful to determine whether a peer behind NAT is actually "hole-punchable", which you can only know by trying to connect to.

The tool creates a short-lived libp2p test host for each check, which connects to one or two peers (two if it needs circuit relay reservation if the other peer is behind NAT), however hole punching will never kick off and it will hang on the following line:

2024-08-29T13:40:04.468+0200	DEBUG	p2p-holepunch	holepunch/svc.go:98	waiting until we have at least one public addresspeer12D....`

I was able to work around this by adding a DHT client to the test host, however, it's not clear whether this is ideal. There are some situations (like resource constrained environments) where you don't want the overhead of increased connections and bandwidth associated with a DHT clients.

Ideas

  • Return a more specific error from NewStream indicating that it couldn't hole punch because of no observed public addrs.
@MarcoPolo
Copy link
Collaborator

By corollary, as the number of transports and IPs increases, more connections are necessary to activate a given addr.

To be clear "transports" in this case only refers to TCP vs UDP. We only compare the "thin waist" parts of the address which are the ipv{4,6} + port + {TCP,UDP}.

We "activate" an observed address once 4 peers return tell us they've observed an address. This reduces the trust assumptions on any particular peer and provides some level of security

I think that was the original intent, but I don't think this actually gives us that much security. It's pretty easy to get 4 different IP addresses. It does probably cut down on the noise we would see from our observed addresses by filtering only to those that have gotten more than 4 observations.

@sukunrt
Copy link
Member

sukunrt commented Dec 1, 2024

We should let holepunching pass a confidence / activation threshold here. That'll allow us to use high confidence addresses when sharing our addresses via identify, and holepunching can start using addresses asap.

part of #2229

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants