Skip to content
This repository was archived by the owner on Nov 15, 2023. It is now read-only.

DoS protection on the collator protocol #3446

Merged
merged 16 commits into from
Jul 12, 2021
Merged

DoS protection on the collator protocol #3446

merged 16 commits into from
Jul 12, 2021

Conversation

eskimor
Copy link
Member

@eskimor eskimor commented Jul 8, 2021

Closes #3384 .

Both validators and collators will try another collator/validator after some time of exclusive bandwidth. This is to prevent a single slow/malicious validator/collator from starving the parachain.

@eskimor eskimor added A0-please_review Pull request needs code review. B0-silent Changes should not be mentioned in any release notes C1-low PR touches the given topic and has a low impact on builders. labels Jul 8, 2021
@eskimor eskimor requested a review from bkchr July 8, 2021 16:11
@eskimor eskimor added the D3-trivial 🧸 PR contains trivial changes in a runtime directory that do not require an audit. label Jul 8, 2021
bkchr
bkchr reviewed Jul 8, 2021
View reviewed changes
node/network/collator-protocol/src/validator_side/mod.rs Outdated
/// This is to protect from a single slow collator preventing collations from happening.
///
/// With a collation size of 5Meg and bandwidth of 500Mbit/s (requirement for Kusama validators),
/// the transfer should be possible within 0.1 seconds. 300 milliseconds should therefore be
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already knew that these calculations are not correct. Otherwise we would not have required to implement this feature of only uploading one collation at a time.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah it is still guess work. That's why I added debug logs when the timeouts hit, so we can see how it goes in practice. Previously the calculations were wrong, because they did not take into account concurrent fetches and multiple heads at all. This time I made it 3 times what it should take for one head, so even with 3 heads it should finish before the next download starts. Either way, made it more conservative now and picked 400ms ... in the end we have to test in practice. Just had to justify the numbers somehow.

ordian
ordian approved these changes Jul 12, 2021
View reviewed changes
@ordian
Copy link

ordian commented Jul 12, 2021

@bkchr if you have any further feedback I can address that

@bkchr
Copy link
Member

bkchr commented Jul 12, 2021

I'm on holidays, so nothing further from me ;)

@ordian ordian merged commit 1d47832 into master Jul 12, 2021
@ordian ordian deleted the rk-dos-protection-collator-validator branch July 12, 2021 11:01
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
2 more reviewers

@bkchr bkchr bkchr left review comments

@ordian ordian ordian approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
A0-please_review Pull request needs code review. B0-silent Changes should not be mentioned in any release notes C1-low PR touches the given topic and has a low impact on builders. D3-trivial 🧸 PR contains trivial changes in a runtime directory that do not require an audit.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Do not starve parachains because of slow validators/collators
3 participants
@eskimor @ordian @bkchr