network: Require validators to provide CLI param --public-addresses for starting nodes
#5266
Comments
|
Why? I still don't get this. You should just be able to query the local interfaces to find out the public addr? (Assuming they are not behind a NAT, which we don't support any way for validators) |
|
in a datacenter environment, it's pretty common to be behind a load balancer, in which case the public ip is never discoverable from a local interface. but libp2p has various mechanisms to find the "real" ip so I also think it should not be mandatory to force-set it. |
What kind of load balancer? I mean you can only have 1 validator running, so what is it load balancing? |
|
My initial thought was that we may have validators running under a NAT. Similar to the comment above, a node operator might start a node on their machine and will probably be behind a firewall. I think we can change the behavior of the authority discovery to:
I double checked the listen addresses reported by litep2p running in the cloud, they will look similar to: From these details, it looks like we can find at least 2 global addresses, so in most of the cases we'll never emit the warning. I'll come with a follow-up to the initial PR and only warn if we cannot find global ips in our listen addresses: #5240 Thanks for the feedback, let me know if that sounds like a plan 🙏 |
At least for Polkadot we would not support this right now. AFAIK we don't support NAT hole punching and this would be problematic for collators who need a direct connection to the validators.
Yeah that sounds reasonable. I think I had proposed somewhere already.
Yeah also a good point. |
#6298) This PR's main goal is to add public listen addresses to the DHT authorities records. This change improves the discoverability of validators that did not provide the `--public-addresses` flag. This PR populates the authority DHT records with public listen addresses if any. The change effectively ensures that addresses are added to the DHT record in following order: 1. Public addresses provided by CLI `--public-addresses` 2. Maximum of 4 public (global) listen addresses (if any) 3. Any external addresses discovered from the network (ie from `/identify` protocol) While at it, this PR adds the following constraints on the number of addresses: - Total number of addresses cached is bounded at 16 (increased from 10). - A maximum number of 32 addresses are published to DHT records (previously unbounded). - A maximum of 4 global listen addresses are utilized. This PR also removes the following warning: `WARNING: No public address specified, validator node may not be reachable.` ### Next Steps - [ ] deploy and monitor in versi network Closes: #6280 Part of: #5266 cc @paritytech/networking --------- Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io> Co-authored-by: Dmitry Markin <dmitry@markin.tech> Co-authored-by: Bastian Köcher <git@kchr.de>
#6298) This PR's main goal is to add public listen addresses to the DHT authorities records. This change improves the discoverability of validators that did not provide the `--public-addresses` flag. This PR populates the authority DHT records with public listen addresses if any. The change effectively ensures that addresses are added to the DHT record in following order: 1. Public addresses provided by CLI `--public-addresses` 2. Maximum of 4 public (global) listen addresses (if any) 3. Any external addresses discovered from the network (ie from `/identify` protocol) While at it, this PR adds the following constraints on the number of addresses: - Total number of addresses cached is bounded at 16 (increased from 10). - A maximum number of 32 addresses are published to DHT records (previously unbounded). - A maximum of 4 global listen addresses are utilized. This PR also removes the following warning: `WARNING: No public address specified, validator node may not be reachable.` ### Next Steps - [ ] deploy and monitor in versi network Closes: #6280 Part of: #5266 cc @paritytech/networking --------- Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io> Co-authored-by: Dmitry Markin <dmitry@markin.tech> Co-authored-by: Bastian Köcher <git@kchr.de> (cherry picked from commit 762f824)
#6298) This PR's main goal is to add public listen addresses to the DHT authorities records. This change improves the discoverability of validators that did not provide the `--public-addresses` flag. This PR populates the authority DHT records with public listen addresses if any. The change effectively ensures that addresses are added to the DHT record in following order: 1. Public addresses provided by CLI `--public-addresses` 2. Maximum of 4 public (global) listen addresses (if any) 3. Any external addresses discovered from the network (ie from `/identify` protocol) While at it, this PR adds the following constraints on the number of addresses: - Total number of addresses cached is bounded at 16 (increased from 10). - A maximum number of 32 addresses are published to DHT records (previously unbounded). - A maximum of 4 global listen addresses are utilized. This PR also removes the following warning: `WARNING: No public address specified, validator node may not be reachable.` ### Next Steps - [ ] deploy and monitor in versi network Closes: #6280 Part of: #5266 cc @paritytech/networking --------- Signed-off-by: Alexandru Vasile <alexandru.vasile@parity.io> Co-authored-by: Dmitry Markin <dmitry@markin.tech> Co-authored-by: Bastian Köcher <git@kchr.de>
Requiring validators to provide public addresses ensures the authority can be discovered sooner.
This should happen in one of the following releases, after the release that includes:
The text was updated successfully, but these errors were encountered: