Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement rate limits for network messages #11617

Open
8 tasks done
Trisfald opened this issue Jun 19, 2024 · 3 comments
Open
8 tasks done

Implement rate limits for network messages #11617

Trisfald opened this issue Jun 19, 2024 · 3 comments
Assignees
@Trisfald

Comments

@Trisfald
Copy link
Contributor

Trisfald commented Jun 19, 2024
edited
Loading

Issue to track the implementation of rate limits for network messages received by nodes.

Motivation

Prevent abuse and attacks carried by malicious actors. Technically, as of today, a bad actor could attempt to establish a connection to a node as a peer and proceed with sending a huge number of network messages; some of those messages might cause the node to be overwhelmed by intensive computations.

Tasks

  • Research current traffic received per message
  • Analysis of existing network messages to discover which of them are computational intensive
  • First draft of possible rate limits
  • Implement or import basic utilities to rate limit network messages
  • Use the utilities mentioned above in the context of a peer connection to apply the limits
  • Implement a way to configure rate limits, considering all ramifications of node operations (updates, many types of deployments, etc)
  • Update grafana dashboards
  • Test the feature
@Trisfald Trisfald self-assigned this Jun 19, 2024
@Trisfald
Copy link
Contributor Author

Draft document with tentative rate limits.

@Trisfald Trisfald mentioned this issue Jun 21, 2024
Merged
@Trisfald
Copy link
Contributor Author

Snippet of configuration showing how default rate limits can be customized:

    "experimental": {
      "inbound_disabled": false,
      "connect_only_to_boot_nodes": false,
      "skip_sending_tombstones_seconds": 0,
      "tier1_enable_inbound": true,
      "tier1_enable_outbound": true,
      "tier1_connect_interval": {
        "secs": 60,
        "nanos": 0
      },
      "tier1_new_connections_per_attempt": 50,
      "network_config_overrides": {
        "connect_to_reliable_peers_on_startup": null,
        "max_send_peers": null,
        "routed_message_ttl": null,
        "max_routes_to_store": null,
        "highest_peer_horizon": null,
        "push_info_period_millis": null,
        "outbound_disabled": null,
        "accounts_data_broadcast_rate_limit_burst": null,
        "accounts_data_broadcast_rate_limit_qps": null,
        "routing_table_update_rate_limit_burst": null,
        "routing_table_update_rate_limit_qps": null,
        "received_messages_rate_limits": {
          "rate_limits": {
            "Block": {
              "maximum_size": 1,
              "refill_rate": 1.0,
              "initial_size": 1
            }
          }
        }
      }
    }
  },

github-merge-queue bot pushed a commit that referenced this issue Jun 27, 2024
@Trisfald
feat: rate limit for network messages (#11646)
ee85b26 
Implementation for rate limits of incoming network messages. 
Original issue: #11617. Also supersedes #11618.

**Note:** rate limits are implemented but not defined with this PR; in
practice, nothing should change for a node.

## PR summary
This PR adds:
- A module to arbitrate rate limits using a token bucket algorithm (see
`token_bucket.rs`)
- Convenience class to handle all rate limits of a network connection
(see `messages_limits.rs`)
- Changes to `peer_actor.rs` to implement the rate limits on received
messages
- Changes to the network configuration
- A new metric to count messages dropped due to rate limits
- Unit tests

## Leftovers
- ~Make rate limits configurable, likely through config files with
overrides~ _done_
- ~Use more accurate token allocation for some network messages, in
particular the ones containing a dynamic number of elements. For
reference:
[analysis](https://docs.google.com/document/d/1Uo4211zkjgU7lHEnrEBBqD997Tn19eIh67P6Czl4JUg/edit#heading=h.711dlbykkndl)~
_to be done in a another PR_
@github-actions github-actions bot mentioned this issue Jul 1, 2024
Open
@Trisfald
Copy link
Contributor Author

Trisfald commented Jul 3, 2024

Test is in progress with two custom made nodes deployed on mainnet. Dashboard link.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Trisfald Trisfald

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Trisfald