Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide a way to create outbound connections from ephemeral ports in P2P #5020

Closed
1 task
coot opened this issue Dec 5, 2024 · 0 comments · Fixed by #5021
Closed
1 task

Provide a way to create outbound connections from ephemeral ports in P2P #5020

coot opened this issue Dec 5, 2024 · 0 comments · Fixed by #5021
Assignees
@coot
Labels
connection-manager Issues / PRs related to connection-manager outbound-governor Issues / PRs related to outbound-governor

Comments

@coot
Copy link
Contributor

coot commented Dec 5, 2024
edited
Loading

SPOs would like to retain the possibility of a BP node to create unidirectional connections. This allows a hot standby BP behind a firewall; once the BP needs to be activated, the firewall rules can be changed so the relays can connect to the BP and distribute its blocks:

  • relays are configured to create duplex connections to the hot standup BP which are blocked by the firewall (e.g. its blocks are not reaching the relays)
  • the hot standup BP is configured to create unidirectional connections to the relay (from ephemeral ports), which go through the firewall (hot standup BP needs to get blocks)

Hot standbys & the proposed solution were discussed in the recent Network Working Group meeting.

Requires:
@coot coot added connection-manager Issues / PRs related to connection-manager outbound-governor Issues / PRs related to outbound-governor labels Dec 5, 2024
@coot coot self-assigned this Dec 5, 2024
@coot coot linked a pull request Dec 5, 2024 that will close this issue
InitiatorOnly mode for local root peers #5021
Merged
10 tasks
@coot coot moved this to In Progress in Ouroboros Network Dec 5, 2024
coot added a commit to IntersectMBO/cardano-node that referenced this issue Dec 10, 2024
@coot
Added diffusionMode to local root peers group configuration
b0ad145 
"diffusionMode" can be either `"InitiatorOnly"` or
`"InitiatorAndResponder"`.  If not given, the latter is the default
- for backward compatibility.  When "InitiatorOnly" is used, the
connections to these local roots will only negotiate `InitiatorOnly`
mode (it won't be possible to be reused by the other side) and will not
bind to the server address, e.g. it will be made from an ephemeral port.
See IntersectMBO/ouroboros-network#5020 why
this feature was requested by some SPOs.

An example configuration:
```json
{ "localRoots":
    [ { "accessPoints":
          [ { "address": "10.0.0.1"
            , "port": 3001
            }
          ]
      , "advertise": false
      , "diffusionMode": "InitiatorOnly"
      , "warmValency": 1
      , "hotValency": 1
      }
    , { "accessPoints":
          [ { "address": "10.0.0.2"
            , "port": 3001
            }
          ]
      , "advertise": true
      , "diffusionMode": "InititiatorAndResponder"
      , "warmValency": 1
      , "hotValency": 1
      }
    ]
, "publicRoots": []
, "useLedgerAfterSlot": -1
}
```
coot added a commit to IntersectMBO/cardano-node that referenced this issue Dec 11, 2024
@coot
Added diffusionMode to local root peers group configuration
3162996 
"diffusionMode" can be either `"InitiatorOnly"` or
`"InitiatorAndResponder"`.  If not given, the latter is the default
- for backward compatibility.  When "InitiatorOnly" is used, the
connections to these local roots will only negotiate `InitiatorOnly`
mode (it won't be possible to be reused by the other side) and will not
bind to the server address, e.g. it will be made from an ephemeral port.
See IntersectMBO/ouroboros-network#5020 why
this feature was requested by some SPOs.

An example configuration:
```json
{ "localRoots":
    [ { "accessPoints":
          [ { "address": "10.0.0.1"
            , "port": 3001
            }
          ]
      , "advertise": false
      , "diffusionMode": "InitiatorOnly"
      , "warmValency": 1
      , "hotValency": 1
      }
    , { "accessPoints":
          [ { "address": "10.0.0.2"
            , "port": 3001
            }
          ]
      , "advertise": true
      , "diffusionMode": "InititiatorAndResponder"
      , "warmValency": 1
      , "hotValency": 1
      }
    ]
, "publicRoots": []
, "useLedgerAfterSlot": -1
}
```
@github-project-automation github-project-automation bot moved this from In Progress to Done in Ouroboros Network Dec 11, 2024
coot added a commit to IntersectMBO/cardano-node that referenced this issue Dec 13, 2024
@coot
Added diffusionMode to local root peers group configuration
f7799e7 
"diffusionMode" can be either `"InitiatorOnly"` or
`"InitiatorAndResponder"`.  If not given, the latter is the default
- for backward compatibility.  When "InitiatorOnly" is used, the
connections to these local roots will only negotiate `InitiatorOnly`
mode (it won't be possible to be reused by the other side) and will not
bind to the server address, e.g. it will be made from an ephemeral port.
See IntersectMBO/ouroboros-network#5020 why
this feature was requested by some SPOs.

An example configuration:
```json
{ "localRoots":
    [ { "accessPoints":
          [ { "address": "10.0.0.1"
            , "port": 3001
            }
          ]
      , "advertise": false
      , "diffusionMode": "InitiatorOnly"
      , "warmValency": 1
      , "hotValency": 1
      }
    , { "accessPoints":
          [ { "address": "10.0.0.2"
            , "port": 3001
            }
          ]
      , "advertise": true
      , "diffusionMode": "InititiatorAndResponder"
      , "warmValency": 1
      , "hotValency": 1
      }
    ]
, "publicRoots": []
, "useLedgerAfterSlot": -1
}
```
coot added a commit to IntersectMBO/cardano-node that referenced this issue Dec 13, 2024
@coot
Added diffusionMode to local root peers group configuration
81b7807 
"diffusionMode" can be either `"InitiatorOnly"` or
`"InitiatorAndResponder"`.  If not given, the latter is the default
- for backward compatibility.  When "InitiatorOnly" is used, the
connections to these local roots will only negotiate `InitiatorOnly`
mode (it won't be possible to be reused by the other side) and will not
bind to the server address, e.g. it will be made from an ephemeral port.
See IntersectMBO/ouroboros-network#5020 why
this feature was requested by some SPOs.

An example configuration:
```json
{ "localRoots":
    [ { "accessPoints":
          [ { "address": "10.0.0.1"
            , "port": 3001
            }
          ]
      , "advertise": false
      , "diffusionMode": "InitiatorOnly"
      , "warmValency": 1
      , "hotValency": 1
      }
    , { "accessPoints":
          [ { "address": "10.0.0.2"
            , "port": 3001
            }
          ]
      , "advertise": true
      , "diffusionMode": "InititiatorAndResponder"
      , "warmValency": 1
      , "hotValency": 1
      }
    ]
, "publicRoots": []
, "useLedgerAfterSlot": -1
}
```
coot added a commit to IntersectMBO/cardano-node that referenced this issue Dec 19, 2024
@coot
Added diffusionMode to local root peers group configuration
af697b5 
"diffusionMode" can be either `"InitiatorOnly"` or
`"InitiatorAndResponder"`.  If not given, the latter is the default
- for backward compatibility.  When "InitiatorOnly" is used, the
connections to these local roots will only negotiate `InitiatorOnly`
mode (it won't be possible to be reused by the other side) and will not
bind to the server address, e.g. it will be made from an ephemeral port.
See IntersectMBO/ouroboros-network#5020 why
this feature was requested by some SPOs.

An example configuration:
```json
{ "localRoots":
    [ { "accessPoints":
          [ { "address": "10.0.0.1"
            , "port": 3001
            }
          ]
      , "advertise": false
      , "diffusionMode": "InitiatorOnly"
      , "warmValency": 1
      , "hotValency": 1
      }
    , { "accessPoints":
          [ { "address": "10.0.0.2"
            , "port": 3001
            }
          ]
      , "advertise": true
      , "diffusionMode": "InititiatorAndResponder"
      , "warmValency": 1
      , "hotValency": 1
      }
    ]
, "publicRoots": []
, "useLedgerAfterSlot": -1
}
```
neilmayhew pushed a commit to IntersectMBO/cardano-node that referenced this issue Dec 20, 2024
@coot @neilmayhew
Added diffusionMode to local root peers group configuration
420847e 
"diffusionMode" can be either `"InitiatorOnly"` or
`"InitiatorAndResponder"`.  If not given, the latter is the default
- for backward compatibility.  When "InitiatorOnly" is used, the
connections to these local roots will only negotiate `InitiatorOnly`
mode (it won't be possible to be reused by the other side) and will not
bind to the server address, e.g. it will be made from an ephemeral port.
See IntersectMBO/ouroboros-network#5020 why
this feature was requested by some SPOs.

An example configuration:
```json
{ "localRoots":
    [ { "accessPoints":
          [ { "address": "10.0.0.1"
            , "port": 3001
            }
          ]
      , "advertise": false
      , "diffusionMode": "InitiatorOnly"
      , "warmValency": 1
      , "hotValency": 1
      }
    , { "accessPoints":
          [ { "address": "10.0.0.2"
            , "port": 3001
            }
          ]
      , "advertise": true
      , "diffusionMode": "InititiatorAndResponder"
      , "warmValency": 1
      , "hotValency": 1
      }
    ]
, "publicRoots": []
, "useLedgerAfterSlot": -1
}
```
neilmayhew pushed a commit to IntersectMBO/cardano-node that referenced this issue Dec 20, 2024
@coot @neilmayhew
Added diffusionMode to local root peers group configuration
cedc23f 
"diffusionMode" can be either `"InitiatorOnly"` or
`"InitiatorAndResponder"`.  If not given, the latter is the default
- for backward compatibility.  When "InitiatorOnly" is used, the
connections to these local roots will only negotiate `InitiatorOnly`
mode (it won't be possible to be reused by the other side) and will not
bind to the server address, e.g. it will be made from an ephemeral port.
See IntersectMBO/ouroboros-network#5020 why
this feature was requested by some SPOs.

An example configuration:
```json
{ "localRoots":
    [ { "accessPoints":
          [ { "address": "10.0.0.1"
            , "port": 3001
            }
          ]
      , "advertise": false
      , "diffusionMode": "InitiatorOnly"
      , "warmValency": 1
      , "hotValency": 1
      }
    , { "accessPoints":
          [ { "address": "10.0.0.2"
            , "port": 3001
            }
          ]
      , "advertise": true
      , "diffusionMode": "InititiatorAndResponder"
      , "warmValency": 1
      , "hotValency": 1
      }
    ]
, "publicRoots": []
, "useLedgerAfterSlot": -1
}
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@coot coot

Labels
connection-manager Issues / PRs related to connection-manager outbound-governor Issues / PRs related to outbound-governor
Projects
Ouroboros Network
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

InitiatorOnly mode for local root peers IntersectMBO/ouroboros-network
1 participant
@coot