p2p: dialing addresses provided by a seed node disregards `MaxNumOutboundPeers` parameter

[cason]

Migrated from tendermint/tendermint#9548.

The method ensurePeers defines when a node should dial peer addresses in order to establish outbound peer connections. It dials new peers when the number of outbound peers plus the number of ongoing connections attempts is lower than the configured MaxNumOutboundPeers parameter. If the node defines it has to dial peers but it cannot find, in its address book, any suitable peer to dial, this method will submit a PEX request to the configured seed nodes in order to retrieve candidate peer addresses.

The ensurePeers method is invoked periodically, every ensurePeersPeriod = 30s. This means that between requesting peer addresses to a seed node and actually attempting to dial them, a node will wait for this interval, which was considered too long (tendermint/tendermint#2093). A fix was proposed in tendermint/tendermint#2115, where ensurePeers was immediately invoked when a node receives peer addresses provided by a seed node. This solution introduced another issue (tendermint/tendermint#3338): by executing ensurePeers in intervals below ensurePeersPeriod, a node could end up submitting PEX requests too often, which consists on a misbehavior.

To solve this issue, tendermint/tendermint#3762 replaced the invocation of ensurePeers, when receiving addresses from a seed node, by go routines that attempt connecting to all peer addresses received from a seed node. The introduced code excerpt, however, does not takes into consideration the number of connected peers or of connection attempts, nor the MaxNumOutboundPeers parameter. In other words, the logic implemented in ensurePeers to limit the number of outbound peers is ignored. As a result, upon resorting on a seed node to retrieve candidate peers to dial, a node may end up connected to all peers informed by the seed node, which tends to be more than the configured MaxNumOutboundPeers, with default value of 10.

This breach in the limits of outbound peers was identified when writing the spec of the p2p layer (tendermint/tendermint#9089). In testnet experiments (tendermint/tendermint#9499), it was observed that nodes had more peers than the maximum configured number (MaxNumOutboundPeers + MaxNumInboundPeers, 50 by default). This issue represents the suspect that the reason for this is the breach above detailed. Reinforces this suspect the fact that nodes in the testnet resort by default to seed nodes to learn addresses of potential peers.

Suggested fix: restore the solution introduced by tendermint/tendermint#2115, while creating another way to prevent sending PEX requests to often to connected peers or seed nodes.

[gaia]

On osmosisd 18.0.0., I removed all seeds from the config file and deleted addrbook.json. Restarted the daemon. 92 peers, despite

cat config.toml | grep _num_ && curl -s http://localhost:26657/net_info | jq -r .result.n_peers && /home/ubuntu/bin/osmosisd version
 && systemctl status osmosisd | grep 'Active:' &&  ps aux | grep [o]smosisd && ll config.toml
max_num_inbound_peers = 40
max_num_outbound_peers = 20
109
18.0.0
     Active: active (running) since Tue 2023-08-29 16:25:20 UTC; 4min 18s ago
ubuntu     43320  0.0  7.7 5585304 3013036 ?     Ssl  16:25   5:15 /home/ubuntu/bin/osmosisd start
-rw-rw-r-- 1 ubuntu ubuntu 24K Aug 29 16:23 config.toml

if peers from the seeds are to blame, how do they remain after clearing the addrbook? and how do I remove them?

[cason]

Hey, can you share the content of the config file, specially the p2p section? It would also be useful to have access to the log produced by the node. If you prefer, you can reach us through Slack.

[cason]

Regarding the question itself: if there are no seed nodes configured nor addresses in the address book, the node, a priori, would be unable to dial any other node in the network. Because it just does not know any address to dial. It is possible, however, that other nodes know the node's addresses (maybe from previous executions) and would dial it. Once establishing these inbound connections, the node would learn peer addresses from them via PEX protocol, being from this point able to dial some of the provided addresses. Another possibility is that addresses are manually provided to the node. This can be done using the persistent peers configuration flag or via RPC calls instructing the node to dial some specific addresses.

To understand better what is happening to the node, it would be particularly valuable to get the evolution of the log entries produced by the ensure peers routine. Those entries are produced every 30s, by default:

r.Logger.Info(
                "Ensure peers",
                "numOutPeers", out,
                "numInPeers", in, 
                "numDialing", dial,
                "numToDial", numToDial,
        )

As observed above, they report the number of peers, with distinction between inbound and outbound peers, plus the number of peers the node is currently dialing or will attempt dialing at each call of this method.

[gaia]

Hey, can you share the content of the config file, specially the p2p section? It would also be useful to have access to the log produced by the node. If you prefer, you can reach us through Slack.

best privately via slack/discord/telegram. pls send link.

[gaia]

[p2p]

# Address to listen for incoming connections
laddr = "tcp://0.0.0.0:26656"

# Address to advertise to peers for them to dial
# If empty, will use the same port as the laddr,
# and will introspect on the listener or use UPnP
# to figure out the address.
external_address = ""

# Comma separated list of seed nodes to connect to
seeds = ""

# Comma separated list of nodes to keep persistent connections to
persistent_peers = "79f4b2ad0540c2cb6540641d68fa7624db03ab68@65.108.202.244:12556,89757803f40da51678451735445ad40d5b15e059@169.155.44.27:26656,5462597450ccd3aeef4dbaba8e692e9e530a7c90@148.251.183.254:12000,4ce7a2154e113cd0d3dcf22bca1717fb445490c4@65.21.89.240:26629,b52da66da859c39b8edf59cab2758b287ff1771e@164.92.106.56:30438,c5358545d951ae666c695903036c1e93578951eb@135.181.176.113:26656,7f36123a395e902deaecf63bdaf5656bbb209623@15.204.52.75:26656,b212d5740b2e11e54f56b072dc13b6134650cfb5@169.155.169.71:26656,c61bf85fd330bb702b1f13f58dd3cf83c5363bf2@149.56.26.22:26656,da7994c3dc691b1f24aa3811a11d90c27683a307@66.206.15.130:26656,d03e94c7ad1695ddd6145b187d10323991ec02f9@157.90.131.229:26656,b69e57cd6f796ac5d6efb1a834163365c37cbfa8@78.46.69.29:26656,b73c7389b7ef5fa0eefba819a5840137de5b6a09@15.204.141.186:12556,08ceabce6dadc0aa5d33dc2058b9eeeff6186116@142.132.248.253:27656,d0c050f33b7aa1032a3763da0e7eb8df0ac72a2c@162.55.92.114:12000,c51c7cf2855d3fbbc4319b3b5bc0ac394826a046@18.189.57.228:26656,cb6ae22e1e89d029c55f2cb400b0caa19cbe5523@172.111.52.52:32668,011dd13ae7e8c4d983395b8b6ec9793f99c227b4@15.235.53.78:26656,cd476528b52970012f9c4d4018d11bf33ced4ad1@74.96.207.61:26656,e77dfb0389f6944fa2843f4567594ff8387848eb@146.59.52.48:46656,f024eadf265f72f4240e5e3ea20eac22f6695ccb@159.65.100.92:26656,4060aa514fc01b398420f0138ac0205b071d1fa0@46.166.172.247:26656,9d2a0e58bb99ee650d2a92d76ea35afea3910454@116.202.224.210:56656,1a4706c2194cbc055adf4eb89a7b24493bcf33f8@15.235.9.22:26656,d929af809b87632e83a3e01379792e085a0bdd88@38.242.232.248:26656,d396f2bc89ab9b1586a35a0c0cf2cd20c1ea39f4@85.215.100.71:26656,df22137b0f996102b70a971230ecea0a99015062@131.153.158.249:26656,dee509648f608abccac9b705b99ee2fd35c23e60@85.10.197.58:12556,677ef9606ea18a13b5dbfad19493d99d7ea068f5@149.56.24.130:26656,1c398af2208984d4e59bc41132e3eac0508abb0f@95.216.76.251:26656,aaa024e39034b4c3900153e8c560e85c8c8cf70a@178.211.139.24:26656,f3262b9f490720920b0002fadd500af1cef3e6a6@51.222.40.84:26656,960a180a1fe27bdbe4bf19295bf72a6c5828fbf3@65.108.43.130:26656,120908ac6e79df7ad48b3954474afeca0401682a@141.94.248.63:26656,fe7873a8c6c4e2bda68a53c83d35fbf52016441c@185.119.118.110:2000,07db7d141686559045bfd4f39feff5ecf5f57f15@141.164.55.118:14100,6b1dd134b30aeaeb2f21f33bd2cd0370a2275501@138.68.6.165:26656,cf2f2a6c412c102eb0362ebd1741ad728b7462c0@65.108.235.33:2000,a850f6d18912606e3dcab0c93e3d169d069d6915@51.79.99.19:26656,71f2451869d7363ce5d91366143de63069641303@65.108.71.166:33656,3d2efd13a1d6b7ebd780d5c21b9d2c493f75aa40@142.132.209.151:56656,b0d2b883976f4fb8994d100e3adc85b9c4d22749@49.13.59.239:26656,5550af699e55f6132acf15172575963989445b37@162.55.245.149:12000,f0eae9784c5bcbfc94530ceb548e428470bb162b@54.177.235.99:26656,38603679652ae180f551c29165af39b3a4fbb6fc@138.197.185.225:26656,97e4468ac589eac505a800411c635b14511a61bb@169.155.171.140:26656,a50c8dcd0e83032b5e29d5c5beef6e54ddafb508@35.83.253.164:26656,87b5bcf9f930a9417dbf5e8c1bb17c8752d71ac8@164.90.158.138:26656,59fcef11ce153980b8e7431e8285f2bb8de1d121@195.14.6.2:26656,e83c322769d616a7e94f71e01f303cdc00e37441@188.166.220.245:26656,7bb62afdc4adb147205e6888406aa66924ddc4df@95.217.150.236:26656,25c562d758d7139b22f920317b80e215cf2f0c77@65.21.156.193:26656,752f393a2720a27caaebc35b600997491e8f8702@65.21.196.250:36656,e31ddff13ca9bdd3accdca5dd7e7e769d7787e21@116.202.238.233:26656,5598cc01183fa659cdcd83e16b884daee9ce8d79@135.181.176.237:16656,68ab2cb506314492e3ecaae3f0d2870abcac8712@44.202.202.153:26656,9e1698b35041778794d4cfa97c623d4239603c82@95.216.185.206:26656,834d65bab50dc073c61fa111b418799e51a88fc7@35.213.129.89:26656,13832193ba6d478e53b3887fd0452dca9f494acc@147.182.231.31:26656,071ae914b06e14148a6286a0fa087c797336f043@34.105.246.121:26656,14518696ba870cdf138aa0c699d9481f110ad0c9@78.46.251.151:26656,b8dc8d3fe0d7be4cdfcea4d376a5738b551e1314@135.181.18.112:38656,45127f099b5961c204005fcf1ca5c2e27fa55c2c@65.108.198.118:12556,2e173f5459f7b3510a2218cc8972783b0e446f55@135.148.35.114:26656,30a7ced9df42a6811dcac6a5a0f948b391a081e1@51.91.152.102:16190,f98e6fc970b6d76ed2c93cbda3c2b8c1a505d537@208.91.106.12:26656,8c5e9342661a728b810d82221152b2a2fce5018a@162.19.84.205:26656,c86f21aebfbf5cea0dd699dc84d6a15c14b06f0e@18.191.194.7:26656,024a615ea051461357046c00f67eac6300b03215@65.108.128.240:26656,3a6c3beb03ed050f9aac3dba664a8bf543cb498a@185.136.167.89:26656,9021222169c169a1be821099a391a3968ff70e20@93.115.25.178:2000,f1fe0a080d561d37a94bea6022cbc0972395a0f4@65.108.121.190:2000,4a837e3411b0281f00c07706cfea72d3ebc575f1@176.9.38.49:26656,6d2769b070df0cdea85b0bd2c39235fc3b8eccc9@178.63.21.33:26656,19100b01b0d22224d8f8ed0fa85df7ece2449cbc@212.95.49.139:34656,62bd5a7309bb8bfa41c2312ad02ee164860f6aaf@137.184.227.198:26656,f8acadbf25f083547be129b935d62997044e7651@34.147.80.87:26656,38ab18cb2ea1dfeb6232b429e1508f56b6ae5031@65.21.202.61:65535,f95d9634ad68b8f0ac80ce308adb71d8c119ada5@141.98.219.104:26656,77bb5fb9b6964d6e861e91c1d55cf82b67d838b5@35.212.77.47:26656,7d0e0410ee66fc54ea4bd4aa6443ebb66ad77b97@168.119.106.234:26656,4bb3629e3dc67e59c2367f6baa1e12e79cbc7ab2@128.140.93.9:26656,82e224c9640048a6513c589e904c0d903bb99f32@74.118.140.23:26656,b14b470425df99085e46e85e8cf23841a2004fe8@62.210.89.216:26656,3918d0e114ce819644e966141a5f5229d4248da8@135.181.138.95:2000,aa458f41a1753ec9430a15ef37b95df03698becf@52.208.33.235:26656,93271c00dbc1432a91e1ca4e04878acf602154d9@158.247.234.228:26656,24abb28109e6bc59973cbc1d988cb0861c068044@176.9.104.60:26656,d4e6a9d74abbf4676c8fd2d58d27fc24b59056b9@143.198.22.206:26656,1be3c544e1c88c20c05a1b82fba80603d0acc3ea@51.15.243.112:26656,33cf290cc0cfec8c59e6af86f1a5579303d21087@138.68.14.64:26656,7b45d963eef82cefd973a2649b7db37c738d07d3@18.191.26.73:26656,471518432477e31ea348af246c0b54095d41352c@169.155.47.35:26656,e153cc49052d67280dfdd6d660f3d98622905850@209.133.193.74:26656,2048e1bc1f020fa210fb475e7a0ec0948919609f@185.217.125.64:26656,34ae1a6664529f016eac50d30a9212a19febc343@65.108.142.81:26679,0b859e6004143ce8f629d636a5b2e53d681a72ec@88.198.35.12:56656,559167a59e5aeb881e5159455aafa2c2f4bb97fb@5.161.216.37:26656,000736bda3b7fa26990783e8034bbc37d1d8d81c@74.50.73.38:26656,934d712bb7b707ee16ce4b21d7569bfb3277f414@159.223.206.248:30263,4e1c2471efb89239fb04a4b75f9f87177fd91d00@169.155.171.103:26656,baa7572065e18f1796f50b336a01dcaa85eccd01@65.108.101.214:26656,8df03c283680dd2ed139a6415a61bcbec5349b38@95.217.8.91:26656,8c20d5d59287f2c28692cd39596abedb027aeec4@135.181.92.165:26656,0bb96aa57bc785dd71b65690f1efc9e8f1803548@164.90.144.186:32323,079e46670699cf59860abe4b2db1cf3b7f1fa47f@176.9.139.74:46656,23a0f85a17f140f90a56b3e1c1cc7c2a58bc6ba2@128.199.144.199:26656,aa8177784064aeb9b9de557bc44be1a41f08f489@51.79.21.221:26656,b7ce0d88c8718f387beeb119fd2190bfdc18c8e1@65.21.122.102:26656,2ef2206bfa11c7d36bb6c06e3e94b27ac9bf7f6b@66.172.36.137:36656,2f1ecfd274b892bd9bb12c8cd3e0b350e293a737@54.160.142.138:26656,d215dbe3293656f0e56898d868e86f86263b0b3a@15.204.47.112:26756,50491afd6cb3910f94ccbf7190ac32f693e76d5b@185.216.179.86:26656,63e4dd6530bf4dc4c2202be256b262a27d661106@146.19.24.108:26656,9ee471b41eb8b1184c75d078c155eca85e3d5b29@149.202.72.166:26624,807eda3abecff79df294d127cf58d6d5e07393ee@67.209.54.21:26656,a72323512ddedf580affb0e0ba0bb32218ae8e6d@35.214.18.41:26656,13a7950a04e989f817094e77d1f1e554d994a4a0@142.93.95.139:30022,619e98805cb9ba870f0da81e76ca5be4f23147a0@5.10.24.86:26656,47987080e86e0b5dda26cd9be1c1677f00c46dcd@5.75.149.205:26656,217dce38d2c63dd84b8467bcf4db1c65b80a1183@34.146.187.186:26656,616327f7ca045fb57827683e471ca472a232ef1f@89.33.8.233:26656,d371b66fcdc7f23d6d609658f95ad5225998aef4@143.244.190.227:31693,94a5f37693ba36617029a47d654460d161678af6@128.0.51.4:26656,5bda7b3070d62b4ddbea815e8bea6c6e9548d17d@65.108.140.115:26656,15dbc59a2b8dc7c3e4d7f969b2a6b54725f91fbf@147.182.194.160:26656,4a3f9eff7719555a8107d684c2ed21fdf6712be9@65.108.98.235:24856,f8ed17f9df41e68ea60902bfaacc1b163c6ad6e6@95.217.134.62:26656,fc590afe489a1b9ca8ff3f2fb396dbc20b1997a4@204.16.244.254:26656,4526b7f4a1b85116a0ad67e8a13ae549eadd2cb2@54.243.237.43:26656,7a31c2e871bca29ffc24fd43e6c0fd9e1df5f220@5.78.100.45:26656,91050cbd3da659fddd536c1323a695d22c729d34@103.180.28.206:26656,10539f7c0e3ab233cf0deec9930aa8b660aeeabf@65.109.33.48:12656,663f79f1e646ed4a7b27f3f8ad7770323d76f06b@3.71.218.95:26656,f225f8a168ec794d334d7100994b62e5e7648072@35.214.106.64:26656,d9bfa29e0cf9c4ce0cc9c26d98e5d97228f93b0b@65.108.233.103:12956"

# UPNP port forwarding
upnp = false

# Path to address book
addr_book_file = "config/addrbook.json"

# Set true for strict address routability rules
# Set false for private or local networks
addr_book_strict = true

# Maximum number of inbound peers
max_num_inbound_peers = 40

# Maximum number of outbound peers to connect to, excluding persistent peers
max_num_outbound_peers = 20

# List of node IDs, to which a connection will be (re)established ignoring any existing limits
unconditional_peer_ids = ""

# Maximum pause when redialing a persistent peer (if zero, exponential backoff is used)
persistent_peers_max_dial_period = "0s"

# Time to wait before flushing messages out on the connection
flush_throttle_timeout = "100ms"

# Maximum size of a message packet payload, in bytes
max_packet_msg_payload_size = 1024

# Rate at which packets can be sent, in bytes/second
send_rate = 5120000

# Rate at which packets can be received, in bytes/second
recv_rate = 5120000

# Set true to enable the peer-exchange reactor
pex = true

# Seed mode, in which node constantly crawls the network and looks for
# peers. If another node asks it for addresses, it responds and disconnects.
#
# Does not work if the peer-exchange reactor is disabled.
seed_mode = true

# Comma separated list of peer IDs to keep private (will not be gossiped to other peers)
private_peer_ids = ""

# Toggle to disable guard against peers connecting from the same ip.
allow_duplicate_ip = false

# Peer connection configuration.
handshake_timeout = "20s"
dial_timeout = "3s"

Logs (at this time there were 94 peers)
osmosisd.zip
(ZIP password is your username, david)

[cason]

Your config file contains 136 persistent peers, is that correct?

% grep 'persistent_peers' /tmp/config | tr , '\n' | wc -l
     136

[gaia]

Your config file contains 136 persistent peers, is that correct?

% grep 'persistent_peers' /tmp/config | tr , '\n' | wc -l
     136

yes. 60 max should be respected. i can try removing all of them and see how many peers I end up with (known id@address will get inbound connections any way)

[cason]

Yes, I understand your point and I agree with it, but this is not how it works in the current p2p layer implementation.

Persistent peers are addresses to which a node will dial at startup and keep dialing when dialing attempts fail. They are more likely to be set as outbound peers, as we are dialing them (they can be inbound if the peer dials us before or at the same time). When added as outbound peers, they are not filtered out based on the maximum configured number of outbound peers, as it is mentioned in the associated comment in the configuration file:

# Maximum number of outbound peers to connect to, excluding persistent peers
max_num_outbound_peers = 20

The limit of outbound peers applies to the peers we learned via PEX protocol and/or are stored in our address book, from which we randomly pick addresses to dial. The PEX reactor is not dialing peers when the logic present here realizes that the number of outbound connections plus the number of ongoing connection attempts is larger than the configured MaxNumOutboundPeers. In the logs you have sent us, the log message produced by this method is not present, at will probably show that the node is not dialing anyone at each round of this routine.

This logic, however, is independent from the logic used to dial persistent peers. Persistent peers are manually configured to be dialed by the node, and do not fall in the category of peers which number of connections is bound the MaxNumOutboundPeers flag.

In fact, if you add all addresses configured as persistent peers to the node's address book (prior from starting it), you will probably realize that the MaxNumOutboundPeers will be observed.

[gaia]

your explanation makes sense.

but MaxNumOutboundPeers + MaxNumInboundPeers should be respected and agnostic to where the peers were sourced from. UnconditionalPeers should be the only exception.

More peers than necessary taxes the HW (CPU + Disk) and the uplink. We run our own HW (add disk wear & tear cost), we use virtualization (need to share CPU+Disk+Uplink) and the limit not being respected becomes an unnecessary burden to our infrastructure (must be noted, without advantages, even for the rest of the network. there is a law of diminishing returns after you add a certain amount of peers)

[cason]

I agree with you in general terms. Would you mind to open an issue describing your request? I can follow up and provide context.

The only issue that I have regarding your observation is more conceptual. When you configure a node (address) as persistent peer, you are telling Comet that you want to keep a connection with this peer, no matter what is the connection policy configured. You are manually instructing the node to connect to that address. So the node will dial the peer, continue dialing when attempts fails (there is a limit for that, but we are talking about days), and re-dial the peer if the connection, for any reason, is lost.

If you provide X persistent peers, you manually instructing the node to maintain connections to those X peers. If at the same time you set MaxNumOutboundPeers < X, you are definitely providing contradictory instructions to the node.

My main point here is that some users, and maybe this is also your case, are not using the persistent peers manual configuration properly. The point here is to understand what you wanted from this configuration and see whether a different configuration key could be adopted instead. Because if we say that persistent peers are optional connections, what is the point of it? If you say that manual commands should respect the configured bounds, how can we provide a way to overcome the configure bounds by manual action of the operators?