Preventing anyone joining the network

[ghenry]

Hi all,

I'm running a public node on port 4222 for SentryPeer use at bootstrap.sentrypeer.org and already noticed:

OpenDHT node e83de88b72539594d45db90d08230fe8859c47d2 running on port 50836
1 ongoing operations
IPv4 stats:
Known nodes: 26 good, 12 dubious, 7 incoming.
4 searches, 293 total cached nodes
Routing table depth: 4
Network size estimation: 128 nodes

IPv6 stats:
Known nodes: 0 good, 0 dubious, 0 incoming.
1 searches, 8 total cached nodes

Is this a good thing?

[ghenry]

Should I be concerned? ld:

IP 51.91.75.152:52732 uses 77616 bytes
IP 54.36.178.20:48033 uses 70177 bytes
IP 51.222.10.40:35625 uses 57769 bytes

Total 67 storages, 52 values (200 / 65536 KB)

I don't know what they are storing...

[aberaud]

OpenDHT is a public distributed key-value network, like others such as the mainline BitTorrent DHT, IPFS, ZeroNet and others.

That means other nodes on the network will help store your data, and your node will store data for others.

Unlike persistent networks like IPFS, OpenDHT is meant for small volatile data.

OpenDHT is often used as an overlay network, to map Application-level IDs with IP addresses.
For instance, the Bittorrent DHT maps the torrent ID (magnet link) with announcers (peers advertizing the file on the DHT).
Jami uses the DHT to discover devices from the JamiID and exchange encrypted ICE candidates to establish p2p connections.

OpenDHT can also be used as a best-effort signaling mechanism or to exchange light messages (it's used by Jami to signal incoming calls and messages when there is no existing p2p connection with a peer)

[ghenry]

Thanks. I’m thinking I can have a key of bad_actors and pop a compact json payload or msgpack/nanomsg with a listener to add it to my SQLite backend when other nodes add one. I was just planning to store a UDP hole punched public IP/port and then use Zyre with a custom replication protocol, but best efforts could work as the listeners are fast and auto expire the data. I could encrypt the data and shares keys out of band. Gavin. -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 330 44 50 000 D +44 (0) 330 44 55 007 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ***@***.*** Open Source. Open Solutions(tm). http://www.suretecsystems.com/ Suretec Systems is a limited company registered in Scotland. Registered number: SC258005. Registered office: The James Gregory Centre, Campus 2, Balgownie Road, Aberdeen. AB22 8GU. Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html

[ghenry]

Any tips?

[ghenry]

SentryPeer/SentryPeer#39

[ghenry]

Actually, just some UDP bandwidth control or max number is sessions would be ideal. Otherwise the connection gets saturated pretty quick.

[aberaud]

UDP bandwidth saturation is not supposed to happen, nor is CPU saturation.

We run a significant amount of dht nodes (standalone, as bootstrap nodes, proxy nodes, and as part of Jami) and don't encounter these issues.

To investigate

[ghenry]

It was related to this SentryPeer/SentryPeer#39 (comment)

[ghenry]

I think the deletion loops