HIP: LongFi Semantics #3
Conversation
JayKickliter
force-pushed
the
jsk/longfi
branch
9 times, most recently
from
b978e10
to
89e1c70
Compare
|
@JayKickliter why is PHY/Link non-reliable? |
@refugeesus our current thinking is that any retry logic should live in HighFi due to the fact that hotspots can not be trusted to spend airtime on not-paid-for packets. |
|
I can confirm this scrawl is my fault. |
|
If the air time required by hotspots is negligible when exchanging data with devices ( t/x t: time x: number of device transmissions) is the reasoning still relevant? General economics would equate this fractional spend as a capital requirement factored into the price of using the network at some later stage. |
JayKickliter
force-pushed
the
jsk/longfi
branch
from
89e1c70
to
e50a1c8
Compare
|
Pulled a piece about link layer protocol from a working proposal paper. Spoke with @JayKickliter briefly about this at lunch but would like general input as well on this link layer mechanism so I can improve. What do you think @Vagabond? https://github.com/helium/HIP/blob/rfk/lofi/link-layer-prop.pdf |
JayKickliter
force-pushed
the
jsk/longfi
branch
from
e50a1c8
to
3bc700b
Compare
JayKickliter
force-pushed
the
jsk/longfi
branch
from
3bc700b
to
cfc4b07
Compare
To make this protocol easier to define, let's change our style from a specication to a whitepaper. We can decide later of this document should be HIP, and can also convert it into a more formal specification if desired.
JayKickliter
force-pushed
the
jsk/longfi
branch
from
a09bf84
to
06ad189
Compare
JayKickliter
force-pushed
the
jsk/longfi
branch
from
06ad189
to
ef17f8d
Compare
JayKickliter
force-pushed
the
jsk/longfi
branch
from
6fdd03f
to
e030bbc
Compare
JayKickliter
force-pushed
the
jsk/longfi
branch
from
5a15150
to
b449137
Compare
JayKickliter
force-pushed
the
jsk/longfi
branch
from
2e2b687
to
b82bc04
Compare
|
|
||
| > **TODO:** | ||
| > - How many variants are needed? | ||
| > - Can this tag serve both versioning and variant disambiguation? |
There was a problem hiding this comment.
I think versioning should be separate from DGK. That simplifies variant encoding and version parsing.
| --- | ||
| **DID** | ||
|
|
||
| Device identifier. DIDs are assigned to devices by organizations. Every hardware device in an organization _should_ have a unique DID, but sharing DIDs is not forbidden. |
There was a problem hiding this comment.
So an OUI combined with a DID constitute a unique device address on the network?
| Datagram kind. A tag value indicating this datagram's variant type. | ||
|
|
||
| > **TODO:** | ||
| > - How many variants are needed? |
There was a problem hiding this comment.
At the lowest level, a sensor can be thought of as a collection of registers that you can read from and write to. So I would start with Read and Write variants. Request and Response variants can be used to describe uplink and downlink communications. A short list of variants that satisfies these basic protocol requirements would include ReadRequest, WriteRequest, ReadResponse and WriteResponse DGK types. A WriteResponse is always preceded by a WriteRequest but a ReadResponse can be unsolicited for things like uplink sensor status values. Alternatively, you could define a fifth type like Status for unsolicited ReadResponse[s] if you do not want to overload the meaning of ReadResponse.
There was a problem hiding this comment.
I'm not sure that is the kind of Type that should be here as it seems more relevant to Payload contents than Datagram function.
There was a problem hiding this comment.
I'm not sure that is the kind of Type that should be here as it seems more relevant to Payload contents than Datagram function.
Fair enough. At the very least I think the protocol needs some way to distinguish between uplink and downlink datagrams so the network knows how to route them. That may not need to be a type encoded in the datagram. Could simply be whether the packet originated from the internet or a radio receiver.
There was a problem hiding this comment.
Agreed, distinguishing uplink/downlink and/or first fragment vs not-first fragments would be good Datagram kinds.
There was a problem hiding this comment.
We don't need to order fragments anymore.
Why do you need to distinguish between uplink/downlink? A device will have to query if data is available before receiving some payload. If the query returns true, the device inherently knows it is a receiver and the gateway the sender. Otherwise the direction is implied to be the other way. The only other bi-directional communication is joining acknowledgement and a full message received acknowledgement.
There was a problem hiding this comment.
We don't need to order fragments anymore.
I don't think there's enough information in the spec to state this.
Why do you need to distinguish between uplink/downlink?
There is, again, not enough information to indicate that uplink/downlink could be implied.
I only propose those as potential types of Datagram kind. As the spec gets fleshed out, perhaps Datagram kind can be omitted as an explicit field.
There was a problem hiding this comment.
We don't need to order fragments anymore.
Fountain codes remove this problem.
Why do you need to distinguish between uplink/downlink?
DGK is included in generic format for now.
text/0000-longfi.md
Outdated
| ### Joining | ||
| [joining]: #joining | ||
|
|
||
| When device starts up, it is session-less, or not connected to its organization's router. The process of establish a session is called joining. |
There was a problem hiding this comment.
Does joining involve the same 5-field datagram format used for sessions? If so then DGK variants may need to be defined for the joining process.
| --- | ||
| **PAY** | ||
|
|
||
| Datagram payload. Payload lengths depend on spreading and coding, but on their actual content. Payloads are intended to be encrypted and opaque to hotspots. |
There was a problem hiding this comment.
Did you mean to say "Payload lengths [do not] depend on spreading and coding ..."?
| --- | ||
| **FP** | ||
|
|
||
| Fingerprint. Packet brokerage between hotspots and routers depend on fingerprints. They allow a hotspot to prove to a router the hotspot has a datagram destined for that router, without divulging the datagram's payload. This ability is core to hotspots earning data credits for forwarding datagrams. |
There was a problem hiding this comment.
Packet brokerage gets complicated. Do we reward hotspots for forwarding duplicate packets? Do hotspots stop forwarding packets they aren't being rewarded for? I don't know the answers to these questions.
There was a problem hiding this comment.
If there is no hardware link layer session, it seems you can either pay for packets until they are no longer needed, or drop duplicates and make gateways eat the cost of doing the work.
There was a problem hiding this comment.
I believe the model is:
- hotspots presents fingerpint (MAC) + device ID pair
- router says, gimme the payload
- hotspot delivers payload
- router is expected to burn DCs on behalf of router
The interaction is supposed to happen quickly and with a small amount of trust; ie: the hotspot does not wait to see the transaction post before delivering the payload. The theory is that if a router continuously stiff the hotspot, the hotspot will blacklist said router.
There was a problem hiding this comment.
The theory is that if a router continuously stiff the hotspot, the hotspot will blacklist said router.
Works for me but I don't think the blacklist period should be permanent. A hotspot should eventually give a router another chance to pay in the event that router's favorite hotspot goes down.
There was a problem hiding this comment.
A hotspot should eventually give a router another chance to pay in the event that router's favorite hotspot goes down.
I think the key thing is that the router must say "i like that fingerprint, give me the payload" if and only if it intends on burning a DC. Just providing the fingerprint and the router ignoring or NAK'ing should not be what makes a hotspot blacklist the router.
In the case where a router has said "I like that fingerprint give me the payload" and repeatedly doesn't pay, this is pretty nefarious behavior and I think a very long or permanent blacklisting of that hotspot is in order.
There was a problem hiding this comment.
In the case where a router has said "I like that fingerprint give me the payload" and repeatedly doesn't pay, this is pretty nefarious behavior and I think a very long or permanent blacklisting of that hotspot is in order.
Agreed. That is definitely bad behavior on the part of a router. So a router won't ask a hotspot for a packet payload if it already just received a packet from that same device via a different hotspot? I'm good with that.
There was a problem hiding this comment.
We currently do not have any method to atomically swap credits for packets via the blockchain, so this is still all up in the air and might be unspecified.
There was a problem hiding this comment.
My understanding was atomic swap is just unfeasible due to latencies, so it would be more of an untrusted microtransaction with eventual settlement.
| ## Protocol | ||
| [protocol]: #protocol | ||
|
|
||
| LongFi is a session-oriented protocol. However, unlike most wireless protocols which operate within a network of trusted base stations, devices in the Helium communicate _through_ untrusted hotspots. Therefore, sessions in the Helium network are between devices and routers. Sessions persist regardless of which or how many hotspots receive their packets. |
There was a problem hiding this comment.
So hotspots have no awareness of sessions? They merely see individual packets from devices that they forward on to their intended routers.
Are sessions mandatory for LongFi? Is there no session-less means of communication like UDP?
What about downlink communications from routers to devices? Are sessions bi-directional or are downlink sessions something different?
There was a problem hiding this comment.
You need a form of a session somewhere to have any down-link. The association between connected device to hotspot target is less certain with session associated with the router, but it may be manageable. We won't know how manageable this is until this is deployed in the wild.
I believe you will need to establish a session from the device side, where they can query if a down-link packet is available or not.
There was a problem hiding this comment.
Are sessions mandatory for LongFi? Is there no session-less means of communication like UDP?
From a practical standpoint, I don't think we can enforce sessions if a device/router pair decided not to; at least there's no way for us to force some a device/router pair from using the hotspots to move packets despite a lack of session. And I think your UDP analogy is really good.
That being said, I think the LongFi spec is describes a possible device/router protocol in addition to the hotspot routing protocol.
As a side-note, have we dropped LoFi/HiFi nomenclature, @JayKickliter?
There was a problem hiding this comment.
have we dropped LoFi/HiFi nomenclature
Yes, at least for now. I didn't want to force the separation from the outset.
There was a problem hiding this comment.
Using fountain codes, we will implicitly have sessions between routers and devices to fulfill the droplet aggregation process.
There was a problem hiding this comment.
I'm curious why droplet aggregation has to be on the hotspot vs router?
If we use fountain code, reconstruction will be on the router and not on the hotspot.
There was a problem hiding this comment.
I'm curious what the reasoning was though? I had dreamed up schemes where aggregation/reassembly could happen router side
There was a problem hiding this comment.
That's what I thought I was saying:
- Hotspot: does not do reassembly
- Router: does reassembly
There was a problem hiding this comment.
Or am I misreading something?
There was a problem hiding this comment.
I am the one misreading something. My bad
| > - ~indended~ required to be encrypted? | ||
|
|
||
| --- | ||
| **FP** |
There was a problem hiding this comment.
This was previously called MAC/HMAC. I like Fingerprint better because it's more expressive, but I know the blog post by Dal and perhaps the white paper make reference to MAC.
| > - Spreading-factor vs dwell-time vs range | ||
| > - Initial uplink spreading factor | ||
|
|
||
| ### Downlink |
There was a problem hiding this comment.
Do we have two categories of devices?
Category Sync: downlink triggered only by uplink packets
Category Async: devices are always on and ready to receive downlink
Or do we say everything is "sync" but that some devices have a long dwell time waiting for downlink packets. If they pulse out every 6 hours and wait for 6 hours on some channel, they're pretty much always on and this might allow for more dynamic behavior (whereas "device category" feels pretty static).
There was a problem hiding this comment.
That's a good question. The expectation that a device is "always on" seems unreasonable to me. Most downlink communications are what I call WriteRequests and hence synchronous in nature because a corresponding WriteResponse is expected by the router. I did not consider how downlink communications would be triggered by uplink packets but that makes sense in an environment where devices sleep most of the time to conserve battery power.
There was a problem hiding this comment.
Downlink communication will have to be initiated by a query from the device to router due to the class of device we deal with. Devices that are not dependent upon power conservation and network models which have stronger device-to-gateway association (sessions and handoff) are capable of asynchronously receiving in practice. We can't guarantee the former and explicitly do not have the latter for our devices.
| Datagram kind. A tag value indicating this datagram's variant type. | ||
|
|
||
| > **TODO:** | ||
| > - How many variants are needed? |
There was a problem hiding this comment.
I'm not sure that is the kind of Type that should be here as it seems more relevant to Payload contents than Datagram function.
| > - Initial uplink spreading factor | ||
|
|
||
| ### Fragmentation | ||
| [fragmentation]: #fragmentation |
There was a problem hiding this comment.
Based on what @refugeesus described to me in our meeting last week I believe the LDPC layer handles all message fragmentation, reassembly and retransmission.
There was a problem hiding this comment.
fragmentation, reassembly, and FEC are covered by the process linked in a previous comment. No need for retransmission anymore. The paper excerpt also covers the ACK and rolling window timeout concepts needed to make the link layer mostly complete.
| |-----|-----|-----|-----|-----| | ||
|
|
||
| > TODO: | ||
| > - Detail information on when ACK's can occur may be needed. Alternatively, should it be excluded for brevity in this doc? |
There was a problem hiding this comment.
I don't think ACKs should be excluded from this document. IoT developers want some guidance on what to expect from a LongFi router.
There was a problem hiding this comment.
I can include it from the prior doc then.
| > TODO: | ||
| > - Detail information on when ACK's can occur may be needed. Alternatively, should it be excluded for brevity in this doc? | ||
| > - Size of fields to be included | ||
| > - S1/S1 may be converted to sequence number? |
There was a problem hiding this comment.
Are S1 and S2 simply sequence numbers? If so then why are there two for each "Call" datagram? I thought LDPC didn't require sequence numbers to distinguish between droplets.
There was a problem hiding this comment.
No S1 and S2 are seed numbers used for the fountain code process.
| > - Detail information on when ACK's can occur may be needed. Alternatively, should it be excluded for brevity in this doc? | ||
| > - Size of fields to be included | ||
| > - S1/S1 may be converted to sequence number? | ||
|
|
||
| @vagabond | ||
|
|
||
| > TODO: | ||
| > - diffie hellman? | ||
| > - how long do sessions live for? |
There was a problem hiding this comment.
I remember @refugeesus telling me that an LDPC decoder can determine how much of a message has been received. A device can decide to terminate a session and start a new one when a download stops making progress.
There was a problem hiding this comment.
Yes, see second standard deviation comment below.
text/0000-longfi.md
Outdated
|
|
||
| #### Connection Frame | ||
|
|
||
| Before sending a payload, a device must broadcast identifying information and receive confirmation from a router via hotspot that it is ready to receive data. The call/response for this described above again is: |
There was a problem hiding this comment.
Are super and connection frames distinct DGK types? What about "Call" and "Response" connection frames?
There was a problem hiding this comment.
Yes those frames need to have distinct DGK values.
I just used "Call" and "Response" to indicate what the transmitting entity is expecting to send, and what it should expect to receive in response to its transmission. I am open to better terminology suggestions.
There was a problem hiding this comment.
"Request" sounds better than "Call".
| Datagram Key (DGK) - OUI - Device ID (DID) - Fingerprint (FP) | ||
|
|
||
| |DGK | OUI | DID | FP | | ||
| |-----|-----|-----|-----| | ||
|
|
||
| Sessions have a finite lifetime. |
There was a problem hiding this comment.
Based on what? A known timeout?
There was a problem hiding this comment.
Once the second standard deviation of total payload size in addition to the payload (198% total) is collected without getting a full message, the session is terminated and it needs to be re-initiated right now. This puts a cap on chattyness of devices and gives us a fixed memory overhead required for embedded.
There was a problem hiding this comment.
You maybe answered a different question @refugeesus ? I think the maximum length of a packet is after encoding is different than lifetime session, which I think @fvasquez is asking about.
I don't think we have defined lifetime of a session. It needs to be as infrequent as possible, to save on resources, but frequent enough to be secure. So it might depend on how many bytes you've sent using that session key?
There was a problem hiding this comment.
I am working from payloads being collections of packets.
The total lifetime of a session, given a payload 100 bytes in length, is 198 bytes collected or the maximum amount of time it would take to send this amount of data.
There was a problem hiding this comment.
Unique session key per ACK'ed payload sounds expensive as I mention here #3 (comment)
| > - Detail information on when ACK's can occur may be needed. Alternatively, should it be excluded for brevity in this doc? | ||
| > - Size of fields to be included | ||
| > - S1/S1 may be converted to sequence number? | ||
|
|
There was a problem hiding this comment.
I know they're a pain but UML sequence diagrams might help others visualize session message flow.
There was a problem hiding this comment.
yeah....
I'll get to it then
| Device identifier. DIDs are assigned to devices by organizations. Every hardware device in an organization _should_ have a unique DID, but sharing DIDs is not forbidden. | ||
|
|
||
| > TODO: | ||
| > - Can DIDs really be shared? |
There was a problem hiding this comment.
From our perspective, we don't care if organizations want to do weird things with DIDs.
| Datagram payload. Payload lengths depend on spreading and coding, but on their actual content. Payloads are intended to be encrypted and opaque to hotspots. | ||
|
|
||
| > **TODO:** | ||
| > - ~indended~ required to be encrypted? |
There was a problem hiding this comment.
Again, we don't care what organizations want to do. They probably should encrypt the information but it's not required. Imagine open networks of weather stations, etc.
| |-----|-----|-----|-----|-----|-----| | ||
| | X | X | X | X | X | X | | ||
|
|
||
| Once the device receives a complete super frame structure (has been assigned a session ID) it is considered connected and can begin transmitting data frames. |
There was a problem hiding this comment.
I would suggest that the device allocate the session ID and make the acknowledgement optional so devices can be 'fire and forget'
There was a problem hiding this comment.
If you give one-shot transmissions a different DGK value the optional ack is implied and session ID (which should probably be the last field) can be ignored.
There was a problem hiding this comment.
I think your definition of session ID is different then what I was understanding previously from @Vagabond
My previous understand, you might "connect" and create a session ID once a day let's say, and then use that key to send every packet during the day, with or without ACKs.
From what you're writing, it sounds like anything that's not fire and forget requires a unique session key which expires after the payload is sent. Which sounds expensive to me...
text/0000-longfi.md
Outdated
|
|
||
| #### Connection Frame | ||
|
|
||
| Before sending a payload, a device must broadcast identifying information and receive confirmation from a router via hotspot that it is ready to receive data. The call/response for this described above again is: |
There was a problem hiding this comment.
This definition puts a minimum level of quality of service that I find excessive. You have to be able to cheaply YOLO out a packet if you don't care about guaranteed delivery.
text/0000-longfi.md
Outdated
|
|
||
| Super frames contain necessary connection information and requested payload size needed to facilitate communication. The added fields are: Session ID (SID), Payload Size (PLS). The generic super frame structure is as follows: | ||
|
|
||
| |DGK | OUI | DID | FP | SID | PLS | |
There was a problem hiding this comment.
I think we need to start distinguishing LoFi and HiFi frames. This looks like it's more or less a HiFi frame definition, but I don't think we've done a good job of distinguishing from LoFi frames yet.
What I'm thinking need to be made clear is:
- DKG, OUI, DID, FP are transparent to the hotspot
- SID, PLS, etc are encrypted and opaque to the hotspot
- whether a superframe is initiating a session or during a session should be opaque, or at least, not the concern of the hotspot
There was a problem hiding this comment.
We have abandoned LoFi/HiFi definitions. This is all link layer information.
I'm not sure any of these fields need to be encrypted, or opaque to the hotspot.
Super frames only initiate sessions or are wrapping a one-shot transmission. The hotspot doesn't do anything but relay this information to router.
There was a problem hiding this comment.
I'm not sure any of these fields need to be encrypted, or opaque to the hotspot.
I know we abandoned them but this is where the distinction is helpful. LoFi is transparent and HiFi is opaque to the hotspot.
| Datagram Key (DGK) - OUI - Device ID (DID) - Fingerprint (FP) | ||
|
|
||
| |DGK | OUI | DID | FP | | ||
| |-----|-----|-----|-----| | ||
|
|
||
| Sessions have a finite lifetime. |
There was a problem hiding this comment.
You maybe answered a different question @refugeesus ? I think the maximum length of a packet is after encoding is different than lifetime session, which I think @fvasquez is asking about.
I don't think we have defined lifetime of a session. It needs to be as infrequent as possible, to save on resources, but frequent enough to be secure. So it might depend on how many bytes you've sent using that session key?
|
Oops. I accidentally merged @Vagabond's branch into master instead of mine |
Create XXXX-subdao-onboarding-fees.md
This HIP proposes the high-level semantics of LongFi, the Helium network's wireless protocol.
Pre-HIP
Rendered