Centralized seed services, inspired by WebSeeds #57
Comments
|
Without thinking too hard about all implications, it sounds good to me. |
|
If I understand the proposal correctly, once the request comes in we are essentially parallelizing the data fetch via IPFS and one of these backend services? That sounds pretty great to me. One concern would be that we deemphasize our need to make bitswap more performant and would complicate our metrics on bitswap performance on the gateway (which we don't actually have implemented yet) |
Agreed on the concerns about performance, but I think metrics we'd get from the block services could compensate for any lost gateway metrics. We could even estimate decent metrics in the p2p network we have a hard time measuring if we just look at the difference between the "top of graph" pulled from the block service and the rest of the graph which we can assume they are pulling from a p2p network. |
|
Let's take a step back and consider where the real performance issues are. Given:
We hit the first snag in 1, not 2: IPNS, as it exists today, is really slow. Really, it's slow for the exact same reason 2.a is slow: Peer-to-peer routing (well, as it exists today) is slow. There are two things we can do here to improve the situation:
Basically, we can use (2) to get the speed of a centralized service and (1) to reduce the load on (2). However, we'll still keep our fully p2p routing methods and continue to use them as-needed (giving us the best of both worlds). Note, I didn't say centralized routing. We don't actually need a central authority because everything is signed/validated (although we do need to be careful about censorship). Aside: WebSeeds. Bittorrent uses webseeds for two reasons:
This means that services offering torrent downloads don't need to run any software other than a webserver. Running a special-purpose HTTP/2 REST server doesn't give us any advantage over bitswap/graphsync. Now, we could, instead, build a filestore-like tool that:
These could then be uploaded to a centralized service (i.e., a "tracker"). This way, users would resolve the CID to a "ipfs-torrent" file using the (trusted) tracker and then pull content from the web server. However, I'm not sure if this is really worth it (for now at least). Our motivation here was "faster content retrieval", not "making files available to IPFS without running IPFS".
IPFS is supposed to be able to operate in "proxy" mode. That is, bitswap should be able to forward wantlist requests. We don't currently support this but that would cover the caching case quite well. Really, we desperately need this feature for mobile support. |
|
In my initial post I conflated two very different threads of reasoning: reliability and performance. My bad. Going forward, I'll try to separate these more clearly. ReliabilityThe primary purpose of WebSeeds is reliability. Most (maybe all) clients use them solely as a "peer of last resort." The same could apply to IPLD/IPFS. When WebSeeds were created it was already trivial to host files somewhere accessible via HTTP/HTTPS and it has become almost as trivial to host arbitrary blocks on a service like S3 or one of its many competitors. It's a far more accessible solution to average developers today than running a cluster. That may change in the future, we're certainly working on making it better, but in the meantime we have this incredibly large barrier to entry when using IPLD/IPFS for real world applications. Today, if you want your data to be reliably available you need to setup custom infrastructure with IPFS/IPLD and don't with virtually any other approach to building applications. To meet our short terms goals of developer adoption we need to start making things easier on a timeline that is widely available within the year and not consistently back-burner them because at some point in the future.
This may have been true for most uses of WebSeeds before Webtorrent but I don't think this is true today. WebSeeds allowed Webtorrent to be far more useful by application and service builders because it gave them a single embed that was as bandwidth efficient as possible but still reliable if they stored the file somewhere accessible. Many services that were built on Webtorrent wouldn't have been built if the only way to ensure reliability was to run a Bitorrent cluster. This isn't a case where these files would be "served anyway," the service simply would not exist were it not for WebSeeds.
While the delivery mechanism is different this is also true of a BlockService + CID. Sure, you have to grab the data for that CID in order to make your way through the information needed to get the rest of the blocks and verify them, but if the delivery service for the data also provides the metadata in a verifiable way I don't think it's all that materially different.
This is precisely the point :) Making files accessible to IPFS nodes without running a cluster service would greatly reduce the barriers developers currently have in keeping the files available. Performance
I'm 100% supportive of improvements and changes to IPNS that would make it faster. I'd also love to reduce the need to wait for DNS propagation when the CID is changed.
If you could produce a manifest for all the CID's in the file, nested properly so that they could be verified as a connected graph as they are grabbed, a block service could be just about as fast as a raw GET of a single file, assuming you had HTTP2 and could make all the block requests in parallel. Keep in mind that, in the WebSeed case, the file is not always downloaded in a single GET, often only parts of the file aren't available in the network and so sections of the file are grabbed with range requests to satisfy the sections not available in the torrent network. This isn't all that different from atomic block gets and, with HTTP2, could be optimized quite a lot. |
? This:
Is in conflict with:
The former is concerned with small developers who just want to store their data with Amazon. The latter sounds more like an "IPLD cache as a service" system (that could totally run an IPFS cluster with a click). The former would likely be configured on a per-dapp basis (a dapp would configure a "backup" block exchange that just fetches blocks from S3). The latter would be well-known a known centralized service which, IMO, doesn't really need to exist given bitswap. Note: the former isn't going to help with things like page loading because we'd need to know which s3 bucket to use before we start loading the page. Let's try to hone in on the problem a bit. What's the UX or DX flow you're trying to enable? |
I should have been clearer. While this would open up the possibility of a large of block cache the primary use would be a developer configuring it for a single application. This could still be a very large amount of data in a multi-user application, but as you point out is not a necessary solution for global caching outside of the data in this specific application.
I see the DX in an API like IPFS being one of two forms.
This would only cover the read side of the equation. The write side of this can be done in the application itself as it will likely require some form of authentication. We should leave this to application developers for now, enabling this in IPFS itself would require re-thinking the guarantees a successful write return gives you (did it finish the write to the remote block store?). This will also open up another replication case (push to single peer) that we should let the ecosystem work on optimizing before we would include it in IPFS. |
|
So, what if we instead we push features that better enable pinning services? A web-backed blockservice will work for individual apps but makes it much harder for apps to interoperate unless said blockservice also runs an IPFS node, making it's blocks available over bitswap. |
We are doing this to some extent, it's why we have The problem is that we have adoption goals we are trying to reach on a much shorter timeline than we can expect Adding block/graph services won't prohibit us from improving pinning services but waiting for pinning services to be widely available and easy to use will prohibit us from getting broader adoption in the next few years. |
|
Yeah, but if data gets soloed into per-app S3 buckets, we're not building dapps. We're going to have a very hard time convincing devs to use IPLD if we're not going to give them something substantially better than firebase. Worse, I'm worried the system will end up depending on these per-app shared blockstores. |
The data isn't completely silo'd, any data that is in use by connected peers will be in the DHT. Essentially, one "mega-peer" is not in the DHT and not available to Bitswap. This is already a better case than we have with forked DHT's, where none of the connected peers for that app are sharing data in the mainline DHT. Sure, saying "you have to run a cluster to have reliable data" will make sure all the data used is available but it also means that many applications simply won't be written as a result, so the data from those applications is still never going to be accessible. But I think there's a way we can still avoid these segmentation concerns with graph/block services. If we do not enable the second API I suggested and only enable the node level configuration |
|
Note for the readers: js-ipfs has supported S3 backed datastores for over than an year now. Tutorial at: |
|
Additional note for readers: I detailed the gap between the current S3 storage backend and what this is proposing here protocol/pl-ipfs-team#24 (comment) |
|
@mikeal that link seems to be to a private repo. Can you repeat the information here? |
|
@eocarragain apologies, here it is: The problem with our current S3 backed storage is that it doesn't distinguish between read and write configuration. In the most common use cases you want:
|
|
also: S3 is not the sole backend type possible (Google Cloud Storage, DigitalOcean Storage, owndatacenter, etc) using the S3 API has certain advantages, but the least common denominator for access is probably HTTP |
|
Yup, and all of these services have a similar enough HTTP interface that we could do the same thing across all of them if it’s read-only since only authentication differs between them. |
|
While I see the utility of having a centralized service you could fall back on for getting content, it feels strange to be running these two systems in parallel and requiring end-user software to have preconfigured centralized services to use for every application (e.g. An alternative that's close to this, but perhaps a little more IPFS friendly, would be to allow using Multiaddrs to indicate content routing over non-libp2p protocols (libp2p/notes#11). In particular, the flow from CID to data is: Currently
With HTTP Support
Yes, someone still needs to run an IPFS node that submits Provider records pointing at the HTTP addresses, however, the node no longer needs 24/7 up time. Additionally, we could potentially allow anyone to publish these HTTP-based Provider records allowing us to effectively draft content into IPFS that is currently only accessible via the centralized web. |
I don't think I know enough yet about discovery but is there an attack vector here? Is it a cheaper operation to poison the DHT with pointers to content that you don't host yourself and don't have to take responsibility for not existing than advertising that you have a certain CID? |
|
@rvagg I could be mistaken, but I don't think there is any new attack on the DHT node storing the provider record. The DHT nodes never ask for any sort of "proof" that you have the data (e.g. probabilistically ask advertisers to send the data, ask for the data hashed with some nonce, etc.), so you could easily not have the data. This is on top of the issue that even if the provider node has the data there's no way to know they'll be able to/want to provide it at an acceptable upload speed. You're basically just trusting the advertising nodes off of their reputation (we could add various types of reputation systems going forward, but currently I think we trust all nodes equally). However, one attack that we do open up if we allow any node to advertise on behalf of another party is a DoS attack on the other party. For example, if I know QmABC is really popular I could setup a DoS on http://InnocentBystander.com/index.html by just advertising It's also worth noting that if we are nonetheless still concerned about random advertisers then we could potentially require that the advertising nodes be "certified" by the non-libp2p service (e.g. signed DNS records with a field for the advertiser). However, I'm not currently convinced this is necessary. |
|
Related: |
mikeal commentedNov 30, 2018
First, some background.
Bittorrent WebSeeds
Bittorrent has this great feature called "WebSeeds." It's rather simple, instead of having to spin up a service of bittorrent nodes in order to keep content alive you can simply add an HTTP or FTP URL as the fallback location of the content.
Bittorrent clients try to pull content from other peers but if none are available, or nobody has a complete copy of the file, or if they are just too slow, the client has the option of pulling the content out of the centralized service.
This allows people to keep content up much more simply that they would otherwise be able to if they had to manage a cluster of bittorrent nodes, without sacrificing the other benefits of bittorrent when the content is popular and the network around it is healthy.
Centralized Block and Graph services
The data-structures in IPLD offer some big benefits and upgrades compared to bittorrent. Instead of associating a specific URL with a specific file we could actually have fallback services which are known to have large caches of IPLD blocks.
These services could provide not just a fallback but also get us out around certain performance penalties in IPFS/IPLD. For instance, take the simple case of pulling up a website for the first time using IPNS/IPFS:
This is always slower for the first load than centralized solutions because it takes longer to establish the network to retrieve that content than it would to just connect to a central server.
However, if you could configure a block/graph service in IPFS it could look more like this:
Now you're already pulling in content while the network is established and you can continue to parallize/optimize grabbing the content as the connections are made. This is the best of both worlds and could actually beat the performance of existing web fetches.
Applications that use IPFS could either configure a set of known services in the node or provide a list of seed services when they ask for specific pieces of content.
I'm thinking that there are two distinct sets of services:
If something like this was available it would make a lot of our infrastructure challenges a lot simpler. We could define a very simple REST API that is more or less compatible with S3 and people could literally just stick Cloudflare in front of it for global caching.
Yes, this is a centralized service, but hosted IPFS clusters are also centralized services, they are just available in the DHT. As long as the data-structures are content-addressed centralized services are no more than a caching layer and do about as much to "centralize" the data-structure as an offline cache does.
Thoughts? @daviddias @alanshaw @olizilla @vmx @eefahy
The text was updated successfully, but these errors were encountered: