limits number of unique pubkeys in the crds table #15539
Conversation
|
What about unstaked RPC nodes? Those are quite important to the network, too |
Yeah good point. I've been wondering if it makes sense to strongly recommend that RPC nodes have at least a couple SOL staked to them. Not enough to get in the leader schedule but enough so that they actually get prioritized over the rest of the 0 nodes |
core/src/cluster_info.rs
Outdated
| @@ -114,6 +114,8 @@ pub const DEFAULT_CONTACT_DEBUG_INTERVAL_MILLIS: u64 = 10_000; | |||
| pub const DEFAULT_CONTACT_SAVE_INTERVAL_MILLIS: u64 = 60_000; | |||
| /// Minimum serialized size of a Protocol::PullResponse packet. | |||
| const PULL_RESPONSE_MIN_SERIALIZED_SIZE: usize = 167; | |||
| // Limit number of unique pubkeys in the crds table. | |||
| const CRDS_UNIQUE_PUBKEY_CAPACITY: usize = 1024; | |||
There was a problem hiding this comment.
1k seems really low. I would expect like 10-20k is probably ok?
There was a problem hiding this comment.
Increased it to 4k, which is ~6x current mainnet cluster (~4x current tds).
This is the number of unique pubkeys and the size of table itself is 830x of this value. So 10k might be a bit stretch performance wise. We can update this number as the code is optimized further to handle larger cluster.
We may do some whitelisting too. The commit includes a |
We're running a whole bunch of private RPC-only nodes these days and having to stake them (and manage the keys) would be a big headache... not that I have a better idea on solving this |
Is it really a problem? the infos are not that expensive, I think we can make the limit high enough that unless we are in constant DOS from nodes spamming ContactInfo it will be ok. |
|
The limit can't be too high as the DOS primarily depends on the contact infos being in the table long enough to get pushed out via gossip (which is not long). They get evicted after 15 seconds anyways. II'm not sure what the number has to be, but 20k already seems very high, that should probably be tested first. |
But not doing it would leave the network latently vulnerable to such DoS attacks, so I would assume that anyone running an important RPC node would want to stake it? |
|
I do not think So, the limit is on the number of unique pubkeys. With each pubkey there can be 830 values associated. So with 1000 limit on unique pubkeys, potentially the table can be as large as 830k records. |
Well for unstaked nodes, we don't need to propagate votes and the other labels. |
That might be a good a idea to implement. But currently the gossip propagation code does not look at the stakes. So this will be a new logic in the code. On the other hand it only takes 1 sol to work around that. So might not be enough. |
Oh yeah that'd be really nice. There's now probably hundreds of RPC nodes on mainnet-beta |
Codecov Report
@@ Coverage Diff @@
## master #15539 +/- ##
=========================================
- Coverage 80.1% 80.0% -0.1%
=========================================
Files 407 407
Lines 105452 105514 +62
=========================================
+ Hits 84487 84506 +19
- Misses 20965 21008 +43 |
True, but it limits the attack surface, you cannot stake/unstake quickly. I think for the stalling issue actually we might need to do something to limit the outgoing unstaked entries even further and then as came up in the thread have the whitelist for like a staked node + unstaked RPC setups. Since each node doesn't really know what the rest of the network is sending, then the limits to stop a distributed reflection type attack has to be pretty low. |
behzadnouri
force-pushed
the
crds-pubkey-trim
branch
from
81222b6 to
606c9eb
Compare
sent out #15561 |
behzadnouri
force-pushed
the
crds-pubkey-trim
branch
from
40a1148 to
ad96d3d
Compare
behzadnouri
force-pushed
the
crds-pubkey-trim
branch
from
ad96d3d to
f32e2e6
Compare
|
@behzadnouri once we have this, we can start optimizing for stake weighted propagation in gossip as well. |
|
we might also want to take into consideration the vote frequency, basically votes burn sol, which pays for message access on the network. That might be a stronger spam filter then just stake weighted filters |
Oh I like this. We've been talking about giving RPC backend nodes a pinch of stake for network access, but that's annoying to manage. Easier to just get all the RPC backends to vote with no delegated stake |
sounds like a nightmare for block sizes... |
But if we can't deal with a couple thousand votes per second how's 50k TPS going to ever work? |
(cherry picked from commit 56923c9) # Conflicts: # core/src/cluster_info.rs
Problem
Summary of Changes
Fixes #