Hi,
as follow-up of the unresolved discussion in #29, I opened this issue to track the problem and state it (hopefully) more clearly.
Currently, this prevents us from using protocols like ABY when the parties are located in different AWS regions. I.e. we consider external protocols without a coordinator on AWS. I did only look at ABY's two-party protocols but the problem should also appear with more parties.
The AWS instances have both, private and public. The private ip addresses are allocated from a private address range, e.g. from the 172.16.0.0/12 block. These are the addresses that are bound to the VMs network interfaces, but they are only routed inside the same region. The public ip addresses are used to connect to the instances from the outside (or from other AWS regions).
So when both parties are in the same region, then the parties.conf file is filled using the private addresses:
|
else: |
|
self.create_parties_file(private_ip_address, port_number, file_name, new_format, len(regions)) |
For context of the previous code snipped, the else branch means that only a single region of a single cloud provider is used. This results (in my example) in the following parties.conf uploaded to the instances:
$ cat ABY/MATRIX/parties.conf
party_0_ip=172.31.18.160
party_1_ip=172.31.29.249
party_0_port=8000
party_1_port=8000
In the case with multiple regions, the public IP addresses are used instead:
|
if len(regions) > 1: |
|
shuffle(public_ip_address) |
|
self.create_parties_file(public_ip_address, port_number, file_name, new_format, len(regions)) |
Now a parties.conf like the following is uploaded:
$ cat ABY/MATRIX/parties.conf
party_0_ip=18.234.88.203
party_1_ip=3.120.147.224
party_0_port=8000
party_1_port=8000
As said above, we can use these to connect to an instance from the other AWS region. However, trying to listen on these addresses result in errors, since they are not bound to the instances' network interfaces.
To circumvent this issue, special files parties0.conf and parties1.conf are created for the parties 0 and 1, respectively, if they are located in different regions.
|
# create party file for each instance |
|
if number_of_regions > 1: |
|
self.create_parties_files_multi_regions(file_name) |
The function create_parties_files_multi_regions creates these files in the following way: For each party, its address is replaced with 0.0.0.0 in the file corresponding to its ID. Hence, this results in e.g.
$ cat parties0.conf
party_0_ip=0.0.0.0
party_1_ip=3.120.147.224
party_0_port=8000
party_1_port=8000
Note, that we can bind to 0.0.0.0 (accepting connections at any IP address).
The problem is, that for protocols like ABY these files (parties0.conf, parties1.conf) are never uploaded to the instances. Here is the case corresponding to external protocols without coordinator in the run_protocol function in Execution/fabfile.py:
|
else: |
|
# run external protocols with no coordinator |
|
put('InstancesConfigurations/parties.conf', run('pwd')) |
|
run('mkdir -p logs') |
|
run('. ./%s %s %s' % (executable_name, party_id, values_str)) |
|
with open('Execution/execution_log.log', 'a+') as log_file: |
|
log_file.write('%s\n' % values_str) |
In contrast to the above, here are the corresponding, working code snippets for the other setups:
- external protocol with coordinator
|
if len(regions) > 1: |
|
put('InstancesConfigurations/parties%s.conf' % party_id, run('pwd')) |
|
run('mv parties%s.conf parties.conf' % party_id) |
|
else: |
|
put('InstancesConfigurations/parties.conf', run('pwd')) |
|
if len(regions) > 1: |
|
put('InstancesConfigurations/parties%s.conf' % party_id, run('pwd')) |
|
run('mv parties%s.conf parties.conf' % party_id) |
|
else: |
|
put('InstancesConfigurations/parties.conf', run('pwd')) |
As noted before (here and in #29), the missing code existed before but was accidentally removed in the meantime.
So, I would like to ask you to readd these lines again; I have prepared an according pull request based on the current state of branch 1.2: #35.
Please ask me if anything remained unclear or misunderstood.
Best
Lennart
Edit: referenced PR
Hi,
as follow-up of the unresolved discussion in #29, I opened this issue to track the problem and state it (hopefully) more clearly.
Currently, this prevents us from using protocols like ABY when the parties are located in different AWS regions. I.e. we consider external protocols without a coordinator on AWS. I did only look at ABY's two-party protocols but the problem should also appear with more parties.
The AWS instances have both, private and public. The private ip addresses are allocated from a private address range, e.g. from the 172.16.0.0/12 block. These are the addresses that are bound to the VMs network interfaces, but they are only routed inside the same region. The public ip addresses are used to connect to the instances from the outside (or from other AWS regions).
So when both parties are in the same region, then the
parties.conffile is filled using the private addresses:MATRIX/Deployment/aws_deploy.py
Lines 250 to 251 in d4b1624
For context of the previous code snipped, the
elsebranch means that only a single region of a single cloud provider is used. This results (in my example) in the following parties.conf uploaded to the instances:In the case with multiple regions, the public IP addresses are used instead:
MATRIX/Deployment/aws_deploy.py
Lines 245 to 247 in d4b1624
Now a
parties.conflike the following is uploaded:As said above, we can use these to connect to an instance from the other AWS region. However, trying to listen on these addresses result in errors, since they are not bound to the instances' network interfaces.
To circumvent this issue, special files
parties0.confandparties1.confare created for the parties 0 and 1, respectively, if they are located in different regions.MATRIX/Deployment/deploy.py
Lines 112 to 114 in d4b1624
The function
create_parties_files_multi_regionscreates these files in the following way: For each party, its address is replaced with0.0.0.0in the file corresponding to its ID. Hence, this results in e.g.Note, that we can bind to 0.0.0.0 (accepting connections at any IP address).
The problem is, that for protocols like ABY these files (
parties0.conf,parties1.conf) are never uploaded to the instances. Here is the case corresponding to external protocols without coordinator in therun_protocolfunction in Execution/fabfile.py:MATRIX/Execution/fabfile.py
Lines 133 to 139 in d4b1624
In contrast to the above, here are the corresponding, working code snippets for the other setups:
MATRIX/Execution/fabfile.py
Lines 124 to 128 in d4b1624
MATRIX/Execution/fabfile.py
Lines 99 to 103 in d4b1624
As noted before (here and in #29), the missing code existed before but was accidentally removed in the meantime.
So, I would like to ask you to readd these lines again; I have prepared an according pull request based on the current state of branch 1.2: #35.
Please ask me if anything remained unclear or misunderstood.
Best
Lennart
Edit: referenced PR