Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

p2p/discover: improved node revalidation #29572

Merged
merged 41 commits into from
May 23, 2024
Merged

p2p/discover: improved node revalidation #29572

merged 41 commits into from
May 23, 2024

Conversation

fjl
Copy link
Contributor

@fjl fjl commented Apr 18, 2024
edited

Node discovery periodically revalidates the nodes in its table by sending PING, checking if they are still alive. I recently noticed some issues with the implementation of this process, which can cause strange results such as nodes dropping unexpectedly, certain nodes not getting revalidated often enough, and bad results being returned to incoming FINDNODE queries.

Let me first describe how the revalidation process worked previously:

  • We set a randomized timer < 10s. When that timer expires, a random bucket is chosen, and within that bucket the last node will be validated.
  • The idea of revalidating the last node was taken from the original Kademlia paper. Certain contacts, such as incoming PING, will move nodes to the first position of the bucket. Other events (i.e. adding nodes from NODES responses) will put them in the back of the bucket. This is supposed to play out such that we always pick a node that requires revalidation the most because any successful contact moves it back to the front. The bucket behaves like a queue, basically.
  • We first send a PING message to the chosen node. If it responds, we increase it's livenessChecks value by one. Since PONG also has the node's ENR sequence number, we request the node's new ENR when it has changed.
  • If the node does not respond to PING, we immediately remove it from the bucket. In place of the old node, we put a random one from the bucket's replacement cache (a list of recently-encountered nodes). However, this only happens if the node is still the last node after revalidation. This condition exists because another event may have updated the node's position, in which case it shouldn't be removed.
  • Finally, note there are some edge cases to consider. when we fetch an updated ENR from the node it can have an updated endpoint, which might not fit into the bucket/table IP limits anymore. In that case, we can't apply the update and just stick with the older ENR. We could also drop the node at that point, but it will be dropped later anyway if the node really isn't reachable on the old endpoint anymore.

Now on to issues with the above process:

  • Revalidation is too slow. We check one node every 5s, and the table's top 10 buckets of 16 nodes are expected to be full at all times. Assuming an even distribution across all table members, we check each node every 160 * 5s == 13.3 min. Note this time applies also to all nodes, even the ones freshly added to the table from a query. It's just too slow to maintain a healthy table.
  • And the distribution isn't even. The concept of moving nodes around within the bucket made less sense the longer I looked at it, because it just complicates things in the implementation. Also, since the process chooses a random bucket and only then picks the node, nodes in deeper buckets will be revalidated more often simply because those buckets are usually less full. The distribution of revalidation requests across table nodes should be even because they may all go offline with an equal chance.
  • Node replacement edge cases are mostly handled correctly by the current implementation, but it's really hard to follow the code, and I had a lot of trouble seeing through it. That part about not replacing the node if it's not last anymore is just useless. There is also at least one code path where nodes were deleted without choosing a replacement.

Here is my proposed design for the new revalidation process:

  • We maintain two 'revalidation lists' containing the table nodes. The lists could be named 'fast' and 'slow'.
  • The process chooses random nodes from each list on a randomized interval, the interval being faster for the 'fast' list, and performs revalidation for the chosen node.
  • Whenever a node is newly inserted into the table, it goes into the 'fast' list. Once validation passes, it transfers to the 'slow' list. If a request fails, or the node changes endpoint, it transfers back into 'fast'.
  • livenessChecks is incremented by one for successful checks. Unlike the old implementation, we will not drop the node on the first failing check. We instead quickly decay the livenessChecks by / 5 or so to give it another chance.
  • Order of nodes in bucket doesn't matter anymore.
  • I intend to write the implementation in a way that makes it easy to dynamically adjust the rate of revalidation requests if needed. This is important because the implementation also uses revalidation requests as an input to the endpoint predictor. We could increase activity if the predictor doesn't have enough statements, for example.

@fjl fjl requested a review from zsfelfoldi as a code owner April 18, 2024 07:59
@fjl fjl changed the title p2p/discover: new node revalidation logic p2p/discover: improved node revalidation Apr 18, 2024
fjl added 20 commits April 20, 2024 11:58
@fjl
p2p/discover: add debug API
8f4c72c
@fjl
cmd/devp2p: add discv4 RPC server
37149d0
@fjl
cmd/devp2p: add listen command
1a6a64b
@fjl
cmd/devp2p: fix import
f8c7448
@fjl
p2p/discover: new revalidation
df8e793
@fjl
p2p/discover: fix build
70b8918
@fjl
p2p/discover: update
0a4b314
@fjl
p2p/discover: fix some tests
fad3fe7
@fjl
p2p/discover: fix shutdown hang
f2ac692
@fjl
p2p/discover: fix test
00e71f5
@fjl
p2p/discover: fix spin condition
1d896e8
@fjl
p2p/discover: add live flag in debug node
dc3f78b
@fjl
p2p/discover: return nextTime from run()
c1afb3c
@fjl
p2p/discover: simplify rand timer
7667ebf
@fjl
p2p/discover: move back to fast list when endpoint changed or dead
b44673f
@fjl
p2p/discover: fix crash in move
822b059
@fjl
p2p/discover: improve list moving
c2ad0a7
@fjl
p2p/discover: faster
0b44fc4
@fjl
p2p/discover: remove logging checks in for dead nodes (it's always zero)
30eb2bf
@fjl
p2p/discover: faster decay
81e553f
fjl
fjl commented Apr 24, 2024
View reviewed changes
p2p/discover/table_reval.go Outdated

if !resp.didRespond {
// Revalidation failed.
n.livenessChecks /= 5
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe use / 3

fjl and others added 3 commits April 24, 2024 16:20
@fjl @holiman
Update p2p/discover/table_reval.go
0048a0f 
Co-authored-by: Martin HS <martin@swende.se>
@fjl
p2p/discover: fix addedAt time
041ce1b
@fjl
p2p/discover: rename add node methods
2c2c7f7 
This is to better reflect their purpose. The previous naming of 'seen' and 'verified'
was kind of arbitrary, especially since 'verified' was the stricter one.
holiman
holiman reviewed May 17, 2024
View reviewed changes
p2p/discover/node.go Outdated
Comment on lines 34 to 35
AddedTable time.Time `json:"addedToTable"`
AddedBucket time.Time `json:"addedToBucket"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The node has addedToTable field, and the json tag also contains a to, so it looks a bit odd that the field name itself is missing the to, as in AddedToTable/AddedToBucket

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah it's an inconsistency. I will fix.

lightclient
lightclient approved these changes May 22, 2024
View reviewed changes
Copy link
Member

@lightclient lightclient left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, should probably merge and see how it looks live.

p2p/discover/table_reval.go Show resolved Hide resolved
@fjl fjl merged commit 6a9158b into ethereum:master May 23, 2024
2 of 3 checks passed
@fjl fjl added this to the 1.14.4 milestone May 23, 2024
@lightclient lightclient mentioned this pull request May 24, 2024
Merged
fjl added a commit that referenced this pull request May 28, 2024
@fjl
p2p/discover: fix crash when revalidated node is removed (#29864)
af0a327 
In #29572, I assumed the revalidation list that the node is contained in could only ever
be changed by the outcome of a revalidation request. But turns out that's not true: if the
node gets removed due to FINDNODE failure, it will also be removed from the list it is in.
This causes a crash.

The invariant is: while node is in table, it is always in exactly one of the two lists. So
it seems best to store a pointer to the current list within the node itself.
fjl added a commit that referenced this pull request May 28, 2024
@lightclient @fjl
p2p/discover: fix update logic in handleAddNode (#29836)
cc22e0c 
It seems the semantic differences between addFoundNode and addInboundNode were lost in
#29572. My understanding is addFoundNode is for a node you have not contacted directly
(and are unsure if is available) whereas addInboundNode is for adding nodes that have
contacted the local node and we can verify they are active.

handleAddNode seems to be the consolidation of those two methods, yet it bumps the node in
the bucket (updating it's IP addr) even if the node was not an inbound. This PR fixes
this. It wasn't originally caught in tests like TestTable_addSeenNode because the
manipulation of the node object actually modified the node value used by the test.

New logic is added to reject non-inbound updates unless the sequence number of the
(signed) ENR increases. Inbound updates, which are published by the updated node itself,
are always accepted. If an inbound update changes the endpoint, the node will be
revalidated on an expedited schedule.

Co-authored-by: Felix Lange <fjl@twurst.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@holiman holiman holiman left review comments

@lightclient lightclient lightclient approved these changes

@zsfelfoldi zsfelfoldi Awaiting requested review from zsfelfoldi zsfelfoldi is a code owner

@rjl493456442 rjl493456442 Awaiting requested review from rjl493456442

@s1na s1na Awaiting requested review from s1na

@gballet gballet Awaiting requested review from gballet

@karalabe karalabe Awaiting requested review from karalabe

@MariusVanDerWijden MariusVanDerWijden Awaiting requested review from MariusVanDerWijden

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.14.4
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@fjl @holiman @lightclient