HWY-239: Pause if too much stake is offline #842

afck · 2021-02-01T16:18:28Z

This prevents the remaining validators from creating more and more units (increasing the protocol state size, and thus memory usage) while too many validators are offline to finalize anything. E.g. if there's a 34% fault tolerance threshold, we need more than 67% = 50% + 34% / 2 online for liveness, so if 33% or more are offline, the other validators will pause.

During a pause, instead of units, they gossip new Ping messages, so that others can keep track of who's still online. Once enough validators are back online again, they resume.

https://casperlabs.atlassian.net/browse/HWY-239

This adds a ping mechanism that allows validators to signal that they are online even if they are not creating new units. If we see fewer validators online than the required quorum for finality at the configured fault tolerance threshold, we pause and don't create new units. This avoids inflating the protocol state unnecessarily during periods where too many validators have an outage.

node/src/components/consensus/highway_core/active_validator.rs

node/src/components/consensus/highway_core/highway.rs

goral09 · 2021-02-02T09:13:32Z

node/src/components/consensus/highway_core/highway/vertex.rs

    }

    /// Returns a `Timestamp` provided the vertex is a `Vertex::Unit`
    pub(crate) fn timestamp(&self) -> Option<Timestamp> {
        match self {
            Vertex::Unit(signed_wire_unit) => Some(signed_wire_unit.wire_unit().timestamp),
-            Vertex::Evidence(_) => None,
-            Vertex::Endorsements(_) => None,
+            Vertex::Ping(ping) => Some(ping.timestamp()),


The comment could be updated. Now it only mentions Vertex::Unit.

I don't think the comment has been updated.

Yes it has. GitHub just shows the snippet of the version you commented on.

node/src/components/consensus/highway_core/highway/vertex.rs

node/src/components/consensus/highway_core/state.rs

node/src/components/consensus/highway_core/highway_testing.rs

node/src/components/consensus/tests/consensus_des_testing.rs

goral09

Looks good, I can't see any blockers but I will give it another pass after the comments are addressed.

goral09

Nice.

afck · 2021-02-02T11:20:51Z

bors r+

bors · 2021-02-02T11:49:35Z

Build succeeded:

continuous-integration/drone/push

902: HWY-252: Pause consensus if execution lags behind finalization. r=afck a=afck In a test with 75 validators and 1000 transactions per block we observed that block execution was much slower than consensus. That didn't stop consensus from finalizing all the era-0 blocks, though, which ended up in the block executor queue. Then there was a gap that would have lasted several hours, where consensus waited for the switch block to be executed, so it could start era 1. This PR makes consensus wait if the block executor falls behind by more than 3 blocks (configurable): Whenever the height of the latest executed block is more than 3 below the height of the latest finalized block, consensus will switch to "paused" mode, using the mechanism introduced in #842. https://casperlabs.atlassian.net/browse/HWY-252 Co-authored-by: Andreas Fackler <andreas@casperlabs.io>

afck added 2 commits February 1, 2021 17:06

Add a test for pings and pausing.

d69e961

afck requested review from xcthulhu, fizyk20 and goral09 February 1, 2021 16:18

afck assigned goral09 Feb 1, 2021