[META] Private Addresses In Public #6932
Comments
Stebalien
added
kind/bug
|
I hate to bump this, but it's quite a low hanging fruit and causing many headaches - as it requires manual interventions on every installed node to not push private IPs to the DHT and also not try to connect to private IPs received from the public DHT. Is there a chance to get this on the roadmap for 0.9? :) |
|
bump. lots of people and orgs are hosting ipfs on hetzner. |
|
Bump. Just got a warning from Hetzner... |
This is happening when you are running with server profile? Is it a similar issue like #5418 (comment)? |
I thought I did, but they removed my warning after config patching it, so now I guess the issue was on my side - sorry for the unnecessary bump |
Can you give more details on your setup ? Are you using a dedicated server ? Or cloud ? I'm trying to install ipfs on a hetzner cloud server, I got a warning on my first try. |
|
I just got my server locked by hetzner due to this 😭 |
|
Hetzner's network team gets very unpleasant about these. Maybe IPFS could check the first non-loopback interface to see if that address is RFC1918 and then make local peer discovery opt-in at that point? |
|
Update: I got ejected from Hetzner again; server profile does not fix this issue. (Why? Because it doesn't ignore the CGNAT range and apparently people run IPFS on nodes with tailscale installed) I'm dropping IPFS from my stack for the time being. |
|
@acuteaura IPFS does not rate limit connections at all, and this repo has not acknowledged deep-running issues like this for multiple years, you're SOL, I heavily recommend permanently dropping IPFS from your stack. |
|
@ShadowJonathan do you know if there is any good alternative? |
|
@sharp2448 go-ipfs v0.13 will have a ResourceManager so rate limiting will be possible pretty soon. |
|
@Winterhuman Ok, sounds good. Thanks for info |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
|
@ROBERT-MCDOWELL this is a different issue, please comment on #8585 |
This comment was marked as off-topic.
This comment was marked as off-topic.
|
duplicate issue.... #8585 |
|
@Stebalien Sending out RFC1918 addresses over the public network is always a bug - this should be forbidden and any client doing this needs to be patched. Do you think this is a symptom of the client not knowing its external IP? What if there was an RPC that just echos back the IP address revived on the socket handle? With this RPC, the moment a peer has a connection they know how they routed out. This could be used to identify a double-NAT, which can still be traversed via UPnP as well as debug other issues like local peer discovery for peers who share a NAT but are on different network segments preventing mDNS, which is common in universities and corporate networks where multiple buildings or floors share the same up-link. Now if the client knows its IP address, they could hash this address (no port number) and see if anyone looks it up on the global DHT network. If every client tries to lookup their own external IP - they'll find each-other and can exchange their RFC1918 local address so that they can connect directly over the local network which is much higher bandwidth. Clients knowing about each other on the local network is also good as it prevents them from competing for resources, or clobbering each other's NAT routes. |
|
I think you guys need 5 more years to get this sorted out. |
Feel free to open a pull request |
|
Yeah, this feature already exists in I2p and cjdns. Is IPFS going to adopt
open source solutions or are we going to wait 10 years for someone to
reinvent the wheel on this one?
…On Sun, Mar 5, 2023, 3:23 AM Mourad Kejji ***@***.***> wrote:
I think you guys need 5 more years to get this sorted out.
Feel free to open a pull request
—
Reply to this email directly, view it on GitHub
<#6932 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAD7MN6GPESBCGLMCCZF32LW2RZSLANCNFSM4K3WWXVQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
what "open source solutions"? Kubo is open source |
|
Freenet launched this feature 23 years ago...
Kubo isn't using open source. With all due respect, Kubo is reinventing
wheels and then releasing the source code.
…On Sun, Mar 5, 2023, 12:31 PM Jonathan de Jong ***@***.***> wrote:
what "open source solutions"? Kubo is open source
—
Reply to this email directly, view it on GitHub
<#6932 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAD7MN75GE7SRJKDKVH2LG3W2TZ3XANCNFSM4K3WWXVQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
Freenet isn't Kubo, sorry to break the news if you'd want to implement your double-nat discovery ideas, i'd suggest taking it up with https://github.com/ipfs/specs, some chats, or some other effort, and/or make a pull request adding an experimental module for this discovery method, and then get it properly integrated, you can use as much preexisting Open Source code and libraries as you want doing that |
|
@TheRook this isn't a technological issue and have absolutely nothing to do with i2p or cjdns. This issue is about the fact that I can do This is not default because this fully disable all fast local connections that are possible when you run more than one ipfs node on a single network. If you want to have a usefull discussion it would be about changing default (if you think that advertising private addresses in public is insane defaults) and good points would be:
If mdns solves almost all local connection needs and the one aren't solved are edge cases where people can be reasonably asked to change some configuration and this have any real impact at all. We could change the defaults but stuff like this can't be done lightly:
|
|
There are a few open bugs that I believe are a symptom of the same problem; libp2p's nat traversal fails when it is behind multiple nats. Libp2p's hole punching is unstable when multiple clients attempt to use the same source port on the same subnet. One problem here is that a new node cannot know what the external IP address is by looking at it's local interface. Putting this on the human, means only smart humans will be able to use it - and that isn't a general solution. What if we create two new RPCs that facilitate network connectivity. Lets call them /net/ip and /net/ping. A new node can reach-out to a bootstrapped libp2p node and call /net/ip to get their external IP address so that external advertisements use an external ip address. The ping feature triggers a connect-back request to debug routing issues. Before the a new node even attempts to update the NAT it can check to see if the public_ip:default_port already has a node by trying to establish a connection with it. The /net/ping RPC can be used to get a connectback from a public node on the network. This RPC call will trigger a unique connect back to the same IP address where the call originated. This RPC takes two arguments; it will take the port number and a random Now these two RPCs should resolve external routing conflicts and the ping RPC call can be used to verify a route upon request - one benefit here is that the node will know right away when NAT traversal starts working. This approach gives us another way for nodes to find eachother. If both nodes share the same IP address - they can still communicate as peers via the public interface even if they are on separate subnets. But there is another issue that you brought up which is shortcomings of mdns. Two major reasons why mdns will fail is that the two clients are not on the same subnet - but still share the same NAT gateway, and the other being that mdns is filtered at the firewall level. If mdns is filtered a node is still free to send a UDP broadcast data-gram on another port - for example a HELLO broadcast via libp2p's UDP 162 is useful in helping identify any other nodes on the subnet. If they are on different subnets and share the same NAT gateway, they see the pattern above to establish connectivity via the public IP and a distinct port number. |
|
The real cool part of this solution is that every node - regardless of network topography will have the same unique connection string. Every node in the network will have a consistent and unique public_ip:port tuple to connect, and at no point would there ever be a need to advertise a local IP address to any node. This means that at most 65,535 libp2p nodes can all share the same public IP address - all of which can communicate with each-other and the global network. |
|
@Jorropo please confirm that your issue is solved with the two new RPC calls. Additionally, under no circumstance must libp2p node advertise a RFC1918 address to over to a non-RFC1918 address as this is guaranteed to result in a routing error in all cases. |
|
@Jorropo There there two additional methods on top of mDNS that can be used for any number of nodes to identify each-other on the same network. Most notability, if two nodes who are not on the same subnet - but share the same NAT can communicate so long nodes are made aware of their external IP address. Let me be clear RFC1918 address cannot be routed to over the internet as per the RFC definition and must never be advertised under as this will always be an error condition. This is always a bug, and there is a good patch here. |
|
@Jorropo please confirm. |
You may have noticed that IPFS currently announces private addresses on the public DHT. While IPFS does support local discovery through MDNS, (a) MDNS isn't always perfectly reliable and (b) when trying to find a specific peer, we don't actually query MDNS.
However, announcing private addresses to the public network is far from an ideal solution. There have been many discussions about this issue (#1226, #1173, #4343, #5418, #5511) and some deeper discussions in libp2p/go-libp2p#436.
Problems include:
However, we have good news!
should (unless something changes) shipships two DHTs. A public one and a private one: Private & Public DHTs libp2p/go-libp2p#803.Once all three of those land, we should be able to restrict private addresses to the private DHT.
The text was updated successfully, but these errors were encountered: