[Collection] Rate limiting transaction by payer

[zhangchiqing]

This PR adds a rate limiter to the collection node when adding to the transaction mempool as a short term solution for preventing from attacks.

[codecov-commenter]

Codecov Report

Attention: 26 lines in your changes are missing coverage. Please review.

Comparison is base (690a250) 55.47% compared to head (74e0be0) 55.47%.

Files	Patch %	Lines
engine/collection/ingest/rate_limiter.go	68.05%	22 Missing and 1 partial ⚠️
model/flow/address.go	62.50%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #5218   +/-   ##
=======================================
  Coverage   55.47%   55.47%           
=======================================
  Files         996      997    +1     
  Lines       95787    95866   +79     
=======================================
+ Hits        53136    53181   +45     
- Misses      38661    38689   +28     
- Partials     3990     3996    +6     

Flag	Coverage Δ
unittests	55.47% <68.29%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[yhassanzadeh13]

Is it intended?

[zhangchiqing]

This is a placeholder. The actual rate limiter is not implemented, which needs some discussion.

This PR implemented the check for rate limiting transactions when they are received and before being added to the mempool.

[zhangchiqing]

Adding a new method, so that the emulator can still depend on the existing NewTransactionValidator method

[zhangchiqing]

This is the error message returned to the client which sends the transaction to the AN.

Is it possible to alter the error message?

[zhangchiqing]

@kc1116 could you review the rate limiter implementation? Please check if it's implementing the correct behavior explained here.

[kc1116]

Looks good this is the expected behavior, you can also cross reference with the godoc for the rate package

[jordanschalm]

Suggested change

	type InvalidTxRateLimittedError struct {
	type InvalidTxRateLimitedError struct {

A few other similar typos in the PR, could do a find+replace limitted->limited.

[jordanschalm]

I think it is worth documenting in this new component how these rate limiter configs set on individual nodes will translate to network-wide effective rate limits. I think the assumption of someone setting these configs would otherwise reasonably be that the limit value they set will translate more or less directly to the network-wide effect limit, but this isn't the case.

For simplicity, let's assume that all Collection Nodes in the network are configured with the same limit, burst, and payerAddresses config.

The question is, if I configure all Collection Nodes with this common individual config, with limit $L_i$ and burst $B_i$, what will the effective network-wide rate limit for a given payer be? Let's call the effective global rate limit $L_g$ and burst $B_g$

There are two parameters I can think of that will impact this:

• The number of clusters
• The propagation redundancy factor - how many nodes we replicate a transaction to upon receiving it

The cluster count ($k$) will proportionally increase the effective $L_g$ and $B_g$, because each Collection Node only ingests at most $\frac{1}{k}$ transactions. For Mainnet, where we have 3 clusters, we would have $L_g=3L_i$ and $B_g=3B_i$.

The impact of the propagation redundancy factor is less straightforward, but will further increase $L_g$ and $B_g$. Roughly, I think it will increase the effective limits proportionally to $\frac{ClusterSize}{PropagationRedundancyFactor}$.

There's some uncertainty in the second term, but overall, my gut feeling is that setting a rate limit of for example 1TPS in this config would result in an effective rate limit of somewhere in the range of 5-10TPS. That's fairly unintuitive, so we should be aware of it when using this, and document it.

[jordanschalm]

should remove or change to t.Log

[jordanschalm]

Suggested change

	require.Contains(t, list, limited1)
	require.Contains(t, list, limited2)

Should this be limited2 since we just added it?

[jordanschalm]

Suggested change

	time.Sleep(time.Millisecond * 1100) // wait 1.1 second
	time.Sleep(time.Millisecond * 1100) // wait 1.1 second

Could we set numPerSec to eg. 0.1 and then wait 110ms?

Better to minimize sleeps in tests if possible.

[kc1116]

Use require.Eventually

	require.Eventually(t, func() bool {
		return l.IsRateLimited(addr1) == false && l.IsRateLimited(addr1) == true
	}, 2*time.Second, 100*time.Millisecond)

[kc1116]

👍

[jordanschalm]

Nice work 🎸

• I added some code suggestions for documentation from the comment about the effective network-wide rate limit in my last review
• There is also this comment from the last review, which hasn't been addressed. Could you check to confirm that line is correct the way it is, if you haven't already? (If it is, feel free to resolve the comment)

[peterargue]

looks good other than comment about lock