MPP: limit the number of HTLCs based on destination connectivity #3936
Conversation
ZmnSCPxj
force-pushed
the
mpp-destination-htlcs
branch
from
19f032c
to
459dc2d
Compare
|
Rebased |
ZmnSCPxj
force-pushed
the
mpp-destination-htlcs
branch
2 times, most recently
from
2b759af
to
e4b1970
Compare
|
Currently wondering if I should instead put the new code in a new paymod instead of mixing it with the presplitter. And additionally make the presplitter less aggressive, say if it would generate more HTLCs than half the |
ZmnSCPxj
force-pushed
the
mpp-destination-htlcs
branch
from
e4b1970
to
c8cd119
Compare
|
Turns out the routehints paymod takes over ownership of the invoice routes (and leaves a stale pointer in the invoice structure, how rude), but we need to know the number of invoice routes being maintained, because if the payee is unpublished that is the only indication we have of the incoming channels of the payee and therefore the limit on the destination connectivity. |
|
This seems extremely fragile. You're making some wild assumptions about the HTLC capacities of the nodes in the network. You say, "Assume 30, since that is what C-lightning itself uses, and we have probably the lowest such limit among implementations in common use," but 30 HTLCs is a rather high limit. My C-Lightning node has automatically force-closed a channel with only 4 outstanding HTLCs, and it cost me over $5 in chain fees, once all was said and done, so I surely don't want to allow 30 outstanding HTLCs on any channel; that'd be a recipe for going broke. I have set Shouldn't C-Lightning strive to minimize the number of concurrent HTLCs that any given multi-part payment generates? Each additional HTLC costs additional money (base fee) and carries a non-zero (and rather high) probability of triggering a channel force-closure and costing the user many dollars in chain fees. Your current strategy is just too expensive. |
|
30 here is the maximum we will split later. See |
ZmnSCPxj
force-pushed
the
mpp-destination-htlcs
branch
from
c8cd119
to
56468f8
Compare
|
Moved into a new paymod, since @whitslack brings up that maybe we should not really split early, so maybe we might decide to remove presplitter later. Also, toned down the |
There was a problem hiding this comment.
This is rather less convoluted than what I expected to be honest, the paymod structure seems to be working :-)
I was about to argue that it'd be better if we limit the overall number of HTLCs the presplit modifier is allowed to create (using either the fibonacci series in #3951 or the simpler power of 16 proposal that doesn't have code yet), but since this is a rather nicely self-contained limiter I think we should keep it.
Might come in handy to have another early abort signal.
I would argue that this is different from the presplit:
We already have a limit for the source connectivity, that is the only limit we have. We should limit to the lowest of all three limits: source, network, destination. The source or the destination could be unusually low-connectivity compared to the network, which is why the presplit limit (which represents the expected limit of the network) is different from the destination limit (which we derive from the number of channels we know to the destination). |
ZmnSCPxj
force-pushed
the
mpp-destination-htlcs
branch
from
56468f8
to
d6b6470
Compare
ZmnSCPxj
force-pushed
the
mpp-destination-htlcs
branch
from
d6b6470
to
528c2b7
Compare
|
Rebased (especially with |
cdecker
force-pushed
the
mpp-destination-htlcs
branch
from
528c2b7
to
db979fe
Compare
|
Rebased on top of ACK db979fe |
As revealed by the failure of tests in ElementsProject#3936, where we ended up trying to send a partial payment using legacy style, we are not handling style properly. 1. BOLT9 has features, so we can *know* that the destination supports MPP. We may not have seen a node_announcement. 2. We can't assume that nodes inside routehints support TLV. 3. We can't assume direct peers support TLV. The keysend code tried to fix this up, so I'm not sure that this caused the issue in ElementsProject#3968, though. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
As revealed by the failure of tests in ElementsProject#3936, where we ended up trying to send a partial payment using legacy style, we are not handling style properly. 1. BOLT9 has features, so we can *know* that the destination supports MPP. We may not have seen a node_announcement. 2. We can't assume that nodes inside routehints support TLV. 3. We can't assume direct peers support TLV. The keysend code tried to fix this up, so I'm not sure that this caused the issue in ElementsProject#3968, though. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Changelog-Fixed: `pay` will now make reliable multi-part payments to nodes it doesn't have a node_announcement for.
…hints paymod mutates it. The routehints paymod shares the storage of the array d->routehints and p->invoice->routes, but once it operates, it possibly leaves it as a stale pointer to memory it used to have. Since other paymods may be interested in the invoice details, including the routehints in the invoice, we should ensure the p->invoice->routes remains valid whenever we try mutating that array.
…g of the estimated max HTLCs.
… of HTLCs based on payee connectivity. Fixes: ElementsProject#3926 (probably) Changelog-Fixed: pay: Also limit the number of splits if the payee seems to have a low number of channels that can enter it, given the max-concurrent-htlcs limit.
|
Rebased onto #4035 |
rustyrussell
force-pushed
the
mpp-destination-htlcs
branch
from
db979fe
to
08a22b7
Compare
As revealed by the failure of tests in ElementsProject#3936, where we ended up trying to send a partial payment using legacy style, we are not handling style properly. 1. BOLT9 has features, so we can *know* that the destination supports MPP. We may not have seen a node_announcement. 2. We can't assume that nodes inside routehints support TLV. 3. We can't assume direct peers support TLV. The keysend code tried to fix this up, so I'm not sure that this caused the issue in ElementsProject#3968, though. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Changelog-Fixed: `pay` will now make reliable multi-part payments to nodes it doesn't have a node_announcement for.
|
ACK 08a22b7 |
As revealed by the failure of tests in #3936, where we ended up trying to send a partial payment using legacy style, we are not handling style properly. 1. BOLT9 has features, so we can *know* that the destination supports MPP. We may not have seen a node_announcement. 2. We can't assume that nodes inside routehints support TLV. 3. We can't assume direct peers support TLV. The keysend code tried to fix this up, so I'm not sure that this caused the issue in #3968, though. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Changelog-Fixed: `pay` will now make reliable multi-part payments to nodes it doesn't have a node_announcement for.
As revealed by the failure of tests in ElementsProject#3936, where we ended up trying to send a partial payment using legacy style, we are not handling style properly. 1. BOLT9 has features, so we can *know* that the destination supports MPP. We may not have seen a node_announcement. 2. We can't assume that nodes inside routehints support TLV. 3. We can't assume direct peers support TLV. The keysend code tried to fix this up, so I'm not sure that this caused the issue in ElementsProject#3968, though. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Changelog-Fixed: `pay` will now make reliable multi-part payments to nodes it doesn't have a node_announcement for.
Fixes: #3926
(probably)