Skip to content

fix(snownet): invalidate allocation on channel binding error#6277

Merged
jamilbk merged 3 commits intofix/connlib/use-same-port-cooldown-channelfrom
fix/connlib/always-invalidate-on-error
Aug 13, 2024
Merged

fix(snownet): invalidate allocation on channel binding error#6277
jamilbk merged 3 commits intofix/connlib/use-same-port-cooldown-channelfrom
fix/connlib/always-invalidate-on-error

Conversation

@thomaseizinger
Copy link
Member

@thomaseizinger thomaseizinger commented Aug 13, 2024
edited
Loading

When we receive an AllocationMismatch error response from the relay, it means that our local state is toast and needs to be invalidated.

  • If we attempted to allocate, the corrective action is to delete the active allocation.
  • If we attempted to refresh or bind a channel, the corrective action is to make a new allocation.

In the case of a channel binding, we also re-schedule the target peer to be rebound to ensure upper layers don't need to retry that. For example, if this happens during a connection setup, we still want to eventually succeed in binding the channel to ensure STUN messages as part of ICE can pass over it without having to first run into an ICE timeout and retry the entire connection.

In certain network configurations, we observed that the NAT between connlib and the relay may have fairly short session timers. Currently, allocations have a lifetime of 10 minutes and are refreshed every 5 minutes. If there is no other traffic from connlib during those 5 minutes, the NAT session might get cut and attempting to use the allocation to e.g. bind a channel doesn't work because the relay doesn't recognise the 3-tuple.

We deem these situations quite rare. Instead of keeping the NAT session alive with additional traffic, we instead implement this corrective action here which transparently creates a new allocation using our new 3-tuple.

Resolves: #6265.

@vercel
Copy link

vercel bot commented Aug 13, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
firezone ✅ Ready (Inspect) Visit Preview 💬 Add feedback Aug 13, 2024 7:27am

jamilbk
jamilbk approved these changes Aug 13, 2024
View reviewed changes
Copy link
Member

@jamilbk jamilbk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@thomaseizinger thomaseizinger changed the base branch from main to fix/connlib/use-same-port-cooldown-channel August 13, 2024 07:20
@thomaseizinger
Copy link
Member Author

thomaseizinger commented Aug 13, 2024

I am rebasing this on top of #6276 to add more changelog entries.

@thomaseizinger thomaseizinger force-pushed the fix/connlib/always-invalidate-on-error branch from c88837b to 18bd9c9 Compare August 13, 2024 07:23
@thomaseizinger thomaseizinger changed the title fix(snownet): invalidate allocation in channel binding error fix(snownet): invalidate allocation on channel binding error Aug 13, 2024
@jamilbk jamilbk merged commit 827fc28 into fix/connlib/use-same-port-cooldown-channel Aug 13, 2024
@jamilbk jamilbk deleted the fix/connlib/always-invalidate-on-error branch August 13, 2024 16:37
@thomaseizinger thomaseizinger mentioned this pull request Aug 15, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jamilbk jamilbk jamilbk approved these changes

+1 more reviewer

@conectado conectado conectado approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

channel bind failed: Allocation Mismatch

3 participants

@thomaseizinger @jamilbk @conectado

Comments