NAT Auto Discovery

[vyzo]

Provides an ambient NAT auto-discovery service.

TBD:

• doscstrings
• README
• tests
• CI

[Kubuxu]

You don't have to select here.
<-ctx.Done() is enough.

[vyzo]

yes, indeed; habbit.

[Kubuxu]

I would give those constants explicit type of NATStatus.

[vyzo]

sure, will do.

[Kubuxu]

10s might be a bit short here. Automatic port forwarding has about 10s timeout.
From another hand, if it is timing out we won't get and forwarding either way.

[Kubuxu]

For testing, it might be useful for it to be configurable.

[vyzo]

We can bump it a bit, say to 15s.

Re: testing
I don't think it will be useful, as we won't be able to unit-test this aspect with go test.
I plan to run some test programs and try it in the wild.

[vyzo]

Then again we probably do want to test the autodiscovery without waiting for this time, so maybe we can make it a variable.

We can revisit when I have the test suite ready.

[whyrusleeping]

I would pull these durations out into named constants at least.

[vyzo]

ok, will do.

[vyzo]

Lifted them and turned them into variables, per @Kubuxu's suggestion in 6d4bc41

[whyrusleeping]

the naming here is a bit weird. Its not clear from reading that AutoNATState is an implementation of AutoNAT

[vyzo]

hrm, good point. Easy to fix, should I call it AutoNATImpl? boring.

[vyzo]

I like AmbientAutoNAT:

• it conveys that it is an AutoNAT instance
• it conveys that it is ambient, meaning that the user doesn't have anything to do other than creating an instance.

[vyzo]

renamed to AmbientAutoNAT in 1562e1b

[whyrusleeping]

creating a single use thingy here feels a bit weird. Maybe just make the dial method take the host and peer?

[vyzo]

we can also reuse the client objects.

[vyzo]

on the other hand it's a very simple object, with no state. Not sure it's worth the trouble to cache it.

[vyzo]

It might make sense to make it take a peer so that we can reuse the object for all peers in the interaction; no need to hold it across function calls i think.

[vyzo]

fixed in bb5cad4

The client object is reused for dialing all peers as needed.

[whyrusleeping]

magic number

[vyzo]

we can give a name to the incantation.

[vyzo]

named it and made it a variable so that we can unit test; fa14117

[whyrusleeping]

probably want to put this locked section into a separate method so we can use defers nicely

[vyzo]

sure, will do.

[vyzo]

done in d16ca79

[Stebalien]

This was a lot simpler than I thought it would be. Nice!

[Stebalien]

Not that important but this should probably select in a context and a time.After.

[Stebalien]

Nit: Network().Connectedness() == inet.Connected avoids allocating.

[Stebalien]

What about "no nat"? Do we need that state?

[vyzo]

What does that state mean though? We have Uknown and Public -- no nat is equivalent to public.

[Stebalien]

Ah, I was thinking:

• NatStatusPrivate -> Behind a nat and undiablable.
• NatStatusPublic -> Behind a nat and dialable.

(although we may not need to track the undialable case.

[vyzo]

It's more of "dialable" or not "dialable".
Do we gain anything by knowing that there is no NAT whatsoever?
Note that the inference might be hard to make.

[Stebalien]

Can we call this something else? When I see "Dial" I think "establish a connection". When I saw this function used in the code, I had absolutely no idea why dialing a peer would tell us anything about our NAT status.

[vyzo]

Ok, will rename.

[vyzo]

Called it DialBack.

[Stebalien]

Nice!

[Stebalien]

Probably better to call as.dialer.Network.ClosePeer. We can, unfortunately, successfully open multiple connections.

[Stebalien]

I wonder if we could configure libp2p with a custom connection manager that just kills all connections after 30s. Just to be extra safe :wink.

[Stebalien]

So, we really don't need a large set of peers that support this protocol. Instead of testing every one, How about we:

a. Keep a list of known autonat peers (discovered as we try to use them, not when we first connect).
b. Keep a list of known non-autonat peers.

Then, periodically*, we can:

1. Try every connected peer in the known good set.
2. Try every open connection not in the bad set, adding peers to the good set and bad set as we try them.

That way we aren't unnecessarily noisy.

*later, we can get even fancier and set the period to be "time since last inbound connection from a public address", or something like that.

[vyzo]

I think we can reduce the noise by simply checking on the protocols reported by identify.

[vyzo]

I changed it to look at the protocols reported by identify through the peerstore in 46d352f
I don't quite like the delay for identify, but it seems to be necessary.

[Stebalien]

I don't quite like the delay for identify, but it seems to be necessary.

Yeah... that annoys me to me to no end as well.

[raulk]

Identify keeps the stream open after identification. If we made it close the stream, we could hook onto the ClosedStream event to know when identify was over deterministically.

[Stebalien]

Let's really not. I know it should work, but that's just horrible.

[raulk]

It is, but that's all we have now 😅

Should we think about setting up some kind of "in-mem event bus" so that different layers of libp2p can emit and react to events? Identify would then emit a protocols:identify/1.0.0:complete event when it finished, or a ...:error one if it failed.

[Stebalien]

Yeah... Ideally services would just hook into identify (or the peerstore? that doesn't seem right) and get called when we connect to a peer supporting protocol X.

[vyzo]

Made the delay configurable, with an initial value of 5 sec (per @magik6k's suggestion)

[Stebalien]

Why can't we just walk over each connected peer and check lazily? That way, we don't even need this check.

[vyzo]

I don't think we gain anything by the lazy check.
We'll have to iterate through the list of peers, which also adds complexity for recognizing new autonat servers after we have iterated once.
So we might as well do it at connect time, the goroutine cost is marginal.

[Stebalien]

I'm not worried about the goroutine cost, I'm worried about the race. However, this is probably fine as an initial implementation.

[vyzo]

The race is probably benign, as we are just collecting peer IDs of peers that implement the protocol.

[raulk]

Yeah, I'm just worried that if the peer supported AutoNAT –but their Identify took longer than 250ms– we will have missed that peer forever, no?

[vyzo]

We can increase a tad... but how much is too much?

[raulk]

I'm afraid this black or white decision could yield erratic results, e.g. if you only have 1 active connection to an autonat peer, we're going to restrict our query to a single peer. I much rather have a minimum threshold we strive for, e.g. 5 peers, for resilience purposes, starting with peers we hold a connection to.

As it is, the autodetect does a round-robin, so no risk of establishing redundant connections if we shuffle the connected and non-connected sublists separately, i.e.

A..G: connected
U..Z: not connected

A B C D E F G || U V W X Y Z
<- shuffle ->   <- shuffle ->

[vyzo]

I am not sure I follow. The code tries to use an already existing connection purely to avoid creating unnecessary new connections.
Do you want to try multiple peers? And each peer multiple times?

[raulk]

The code tries to use an already existing connection purely to avoid creating unnecessary new connections.

Currently, if we happen to be connected to 1 autonat peer only, we'll restrict ourselves to it. If it fails, we're out of luck. This makes us fragile, especially because we expect scarcity in autonat peers.

What I'm proposing is to target N peers (e.g. 5), preferring connected peers, and falling back to disconnected ones to fill up the slice. To avoid connected and unconnected peers getting mixed up in the shuffle, we keep track of the pivot index and shuffle both sublists separately.

Since autodetect is round-robin, it'll only resort to disconnected peers if the connected ones fail. This makes us more resilient overall.

[vyzo]

That's fine, but do we want to dial more than one peers when we get a DIAL_ERROR?

[raulk]

That's a good question. I'm not sure I have the answer. Right now we flag NATStatusPrivate on the first dial err, and abort. However, what if that peer is behind some kind of firewall (corporate, geographical, etc.)? Wouldn't it be better to corroborate with more observations?

[vyzo]

I guess we could do a few more tries if we have more known autonat peers, but accept the failure if we don't have enough.
I would arbitrarily go for "3 times is enemy action".

[raulk]

I guess we could do a few more tries if we have more known autonat peers, but accept the failure if we don't have enough.

Yep. If we don't have enough, we'd defer to the next iteration. If by then we've found more autonat peers, with this new logic we'll query them even if not connected, and hence have a chance to improve our connectivity.

I would arbitrarily go for "3 times is enemy action".

We detect "enemy action" on the receiving side through the throttling, no? (3 is fine for that)

That makes me realise that we should probably move peers who have sent us E_DIAL_REFUSED or E_INTERNAL_ERROR to a blacklist, to avoid dwelling on them, and to be well-behaved.

[vyzo]

That's probably too much complexity for marginal improvement :)

Also, I think I want some slightly more clever strategy for making multiple dial attempts -- if our nat status was unknown or public, then try 3 times.
If it was private, then a single failure should be enough to convince us.

[vyzo]

Implemented the "3 times is enemy action" strategy in aadb8db, with memory of past failures so that it stops asking multiple peers once it has enough confidence we are NATed.

[vyzo]

In d7f55b0 we ensure that we have at least 3 autonat peers in the candidate set, even when we are connected to less than that.
This uses the strategy you suggested for ordering.

[raulk]

Identify keeps the stream open after identification. If we made it close the stream, we could hook onto the ClosedStream event to know when identify was over deterministically.

[raulk]

Two comments:

1. Perhaps this n=1 limiting is too optimistic. The first attempt could've failed due to an intermittent issue, not because the address is unroutable. How about allowing n=3 (or configurable) grace attempts per peer?
2. It's confusing that AutoNATService and AmbientAutoNAT both have a peers field, and they're both referred to by as.peers in code. I suggest renaming this one to dialedPeers to reduce ambiguity.

[raulk]

On a related note, both peers maps are never cleaned, so they'll keep growing forever. Any thoughts on adding a cleanup routine?

[vyzo]

On a related note, both peers maps are never cleaned, so they'll keep growing forever. Any thoughts on adding a cleanup routine?

The number of autonat peers is expected to be relatively small for the network size and we'd like to know about our peers even if we are not connected to them any more.
If this becomes a problem, we can add some cleanup logic.

[vyzo]

How about allowing n=3 (or configurable) grace attempts per peer?

ok, although we should probably have some backoff.

[vyzo]

It's confusing that AutoNATService and AmbientAutoNAT both have a peers field, and they're both referred to by as.peers in code.

They serve different purposes, but they are both sequences of peer ids -- hence the name.

[vyzo]

We could add a comment in the struct though.

[vyzo]

Implemented configurable throttle in 8ea9f1b

[raulk]

They serve different purposes, but they are both sequences of peer ids -- hence the name.

It took me several reads to understand that as.peers referred to different things in the same package. Let's be nice to future maintainers and rename one of them to contextualise it.

[vyzo]

ok, fine. I'll be nice to future self and call the limiter requests reqs.

[magik6k]

Looks good for the most part, there are some points in other discussions which seem to need adressing

[magik6k]

Seems to be missing a few deps, but since this needs to be split anyways I guess it's fine

[vyzo]

yeah, the rationale was that all the deps get pulled by go-libp2p, but it will be split and not depend on that at all.