IPFS Improvements #284
IPFS Improvements #284
Conversation
|
Allot of these changes assume that we will be running a MESH ONLY network which is the exact opposite. Additionally the ipfs-setup script does not take into account the fact that i may plug my computer into a my wired home network after the fact. I think i'd be more comfortable with some sort of toggle to enable/disable internet peers instead of testing for internet. |
scripts/ipfs/ipfs-setup.sh
Outdated
| echo "Blocked Yggdrasil network" | ||
| fi | ||
| # Clearnet or regular Internet IPv4 access | ||
| if ! [ "$(ping -c 3 1.1.1.1 &> /dev/null)" ]; then |
There was a problem hiding this comment.
Not sure this works how you think.
Also in past experience this can return false data.
Also what if your tunnled over hyperbola (IP TUNNEL)? Do we care?
[root@localhost 1]# if ! [ "$(ping -c 3 99.99.99.99 &> /dev/null)" ]; then echo Good; fi
Good
[root@localhost 1]# if ! [ "$(ping -c 3 1.1.1.1 &> /dev/null)" ]; then echo Good; fi
Good
There was a problem hiding this comment.
❯ ping -w 2 99.99.99.99 &>/dev/null; if [ $? -eq 0 ]; then echo hello; fi
❯ ping -w 2 1.1.1.1 &>/dev/null; if [ $? -eq 0 ]; then echo hello; fi
hello
I will add this fix.
There was a problem hiding this comment.
After shellcheck, I am going with:
if ! ping -w 2 1.1.1.1 &>/dev/null; then
scripts/ipfs/install
Outdated
| # Enable Filestore for --nocopy capability | ||
| ipfs config --bool Experimental.FilestoreEnabled true | ||
|
|
||
| # Disable NAT port mapping used for NAT traversal | ||
| ipfs config --bool DisableNatPortMap true |
There was a problem hiding this comment.
What about pis connected to the home internet, your killing their ability to try to gain more peer by nat port.
There was a problem hiding this comment.
Yeah, I mentioned that in my description but didn't change it. I will change it back.
scripts/ipfs/install
Outdated
| @@ -29,9 +29,25 @@ ipfs init || true | |||
| # Enable gossipsub routing | |||
| ipfs config Pubsub.Router gossipsub | |||
|
|
|||
| # Enable relay hop to help peers with connecting | |||
| ipfs config --bool Swarm.EnableRelayHop true | |||
There was a problem hiding this comment.
This would increase bandwidth usage on internet connected peers.
Also how does this work when you block internet peers. Will that mean that a non-internet enabled peer will not want to relay through an internet relayed one?
There was a problem hiding this comment.
This would increase bandwidth usage on internet connected peers.
Possibly, but only if we manually set up the relay to be used. The current release does not automatically use relays. With this, we have the option too, and it will improve the overall health of the network.
Also how does this work when you block internet peers. Will that mean that a non-internet enabled peer will not want to relay through an internet relayed one?
As was said in chat by me:
Whether it will allow the connection to a blacklisted peer over a relay is a good question though, something to be tested. Just keep in mind IPFS won't try to do that on its own just yet
Relaying through an Internet peer would actually be a good thing for nodes to do, but we will have to wait until IPFS does it automatically, possibly in the next release. Once that happens, we can likely remove all the filtering entirely.
|
In regards to |
makew0rld
changed the title
|
|
|
@makeworld-the-better-one i would suggest looking at the latest release and doing a version bump |
|
@darkdrgn2k The latest IPFS release? Yes, that's the comment I made just above. I will also remerge from develop. |
|
I am going to move on to the testing stage for this PR, but before/as I do, does anyone (@benhylau and @darkdrgn2k) have issues with the script being a loop that blocks access to certain groups of peers as the environment changes? I'm not requesting a review yet. I have confirmed that even with the latest IPFS release, you cannot access hidden networks (Yggdrasil on a CJDNS-only node, for example) by automatically using a relay. Manually connecting through a relay to access these networks could be possible, but should be done in a different PR. |
I can tell you from experience that something like "is there internet" by pinging 8.8.8.8 cannot guarantee an internet connection. Just the other day in the chat Ikata incorrectly though his internet was not working when 8.8.8.8 did not respond to pings. Additional your code will block an Lan peering if there is no internet. You also cant assume that private ip addresses will be used. Finally there has not been any established baseline of blacklisting a peer vs simply letting it fail the connection. If you wish to peruse this method anyway i would suggest the following
Remember also that we ill need to separate the yggdrasil and cjdns stuff away from the main ipfs module to make it more "generic" for DEBifying. |
|
Comment from IPFS channel
I think the key here was This means that there are so many internet peers trying to be contacted that there i no room for cjdns ones. I'm pretty sure this number is high so makes me question the effectiveness of this hack in the grand scheme of things. |
| @@ -38,6 +38,16 @@ ipfs config Pubsub.Router gossipsub | |||
| # Enable Filestore for --nocopy capability | |||
| ipfs config --bool Experimental.FilestoreEnabled true | |||
|
|
|||
| # Setup connection management - Reduce connections to stress the Pi less | |||
| # XXX: These values need to be tweaked and tested | |||
There was a problem hiding this comment.
@makeworld-the-better-one How will you measure whether these values provide an improvement or otherwise?
There was a problem hiding this comment.
CPU and RAM usage can be looked, as well as file retrieval times and IPNS resolve. It will require a formal test, but I know that these values will be better than the ones we have now, especially since this is on such limited hardware.
scripts/ipfs/ipfs-setup.sh
Outdated
| # Wait for IPFS to initalize | ||
| attempts=15 | ||
| until [[ $(curl http://localhost:5001/api/v0/id -s 2>/dev/null) || ${attempts} -eq 0 ]]; do | ||
| sleep 1 |
There was a problem hiding this comment.
I don't think we need to test so often and I don't think 15 s is enough in some cases?
scripts/ipfs/ipfs-setup.sh
Outdated
| echo "Connecting to ${addr} with QUIC" | ||
| else | ||
| ipfs swarm connect "/ip6/${addr}/tcp/4001/ipfs/${id}" | ||
| echo "Connecting to ${addr} regularly" |
There was a problem hiding this comment.
| echo "Connecting to ${addr} regularly" | |
| echo "Connecting to ${addr} over TCP" |
scripts/ipfs/ipfs-setup.sh
Outdated
| # Check for QUIC connections first | ||
| if [ "$(echo "${res}" | jq -r -M '.services.IPFS.quic_enabled')" == 'true' ]; then | ||
| # ID is not needed for QUIC connections | ||
| ipfs swarm connect "/ip6/${addr}/udp/4001/quic" |
There was a problem hiding this comment.
I think the log should come before the command
scripts/ipfs/ipfs-setup.sh
Outdated
| ipfs swarm filters add '/ip6/fc00::/ipcidr/8' | ||
| echo "Blocked CJDNS network" | ||
| fi | ||
|
|
There was a problem hiding this comment.
| # Check if Yggdrasil is running |
scripts/ipfs/ipfs-setup.sh
Outdated
| while read -r ygg_peer; do | ||
| addPeer "${ygg_peer}" | ||
| done <<< "$(sudo yggdrasilctl getPeers | grep -v "(self)" | awk '{print $1}' | grep -v bytes_recvd | xargs)" | ||
|
|
There was a problem hiding this comment.
| # Remove a filter if there was one |
scripts/ipfs/ipfs-setup.sh
Outdated
| # Clearnet or regular Internet IPv4 access | ||
| if ! ping -w 2 1.1.1.1 &>/dev/null; then | ||
| # Block all IPv4 - it's not used anywhere else | ||
| ipfs swarm filters add '/ip4/0.0.0.0/ipcidr/0' |
There was a problem hiding this comment.
What if I am on a off-Internet LAN local meshnet plugged into my local switch? Now my IPFS won't swarm?
scripts/ipfs/ipfs-setup.sh
Outdated
| fi | ||
|
|
||
| # Clearnet or regular Internet IPv4 access | ||
| if ! ping -w 2 1.1.1.1 &>/dev/null; then |
There was a problem hiding this comment.
This type of Internet check is usually problematic. What is the motivation behind adding this filter at all?
scripts/ipfs/ipfs-setup.sh
Outdated
| echo "Enabled access to all of IPv4" | ||
| fi | ||
|
|
||
| # Clearnet IPv6 access |
There was a problem hiding this comment.
Same as IPv4. Recommend removing both.
scripts/ipfs/ipfs-setup.sh
Outdated
| else | ||
| ipfs swarm filters rm '/ip6/2000::/ipcidr/3' | ||
| echo "Enabled access to IPv6 internet" | ||
| fi |
There was a problem hiding this comment.
I would at least so a 60 s sleep on this loop. Probably more.
scripts/ipfs/ipfs-setup.sh
Outdated
| } | ||
|
|
||
| # Continually mesh with peers and add or remove filter rules as networks go up and down | ||
| while true; do |
There was a problem hiding this comment.
I dont know how postexec will work for long running processes. Upon service restart I dont think the PID will be killed but it will spawn again.
This will created multiple scripts running in parallel.
Better off running in a service
|
Thanks for the comments on the PR! I will edit it and remove the loop, and instead just leave the tweaking of some settings and doing a version update. |
|
I've now updated the PR, it is much smaller now. Here are the changes as compared to
|
Yggdrasil IPTunnel now does not change config files
Yggdrasil IPtunnel drop in service adjustment
Yggdrsail IPTunnel supports IPv6 and routed IPv6
Yggdrsail version bump
Support for x86 and x64
Profile selection menu format changed in Dialog
Rewritten and simplified board detection
IPFS Improvments #284
CJDNS now module
Prototype can run without CJDNS now
Better docs
Grafan database now can be removed when uninstalling
Moved network config to interface.d model
Removed Network Manager
Added Modules.md
Added confSet function and implemented confget/confset config files
NodeJS now shared module
NodeJS version bump
MESH_NAME now a config
Added ipv6 netcat option
Localized Patch Foo in TOMESH repo to prevent version conflicts and outage
Added support for PI4
Added support for Buster
Fixed ETH0 vs BR0 issue on espressoBIN
Prometheus version bump
Raspberry Pi Watch Dog Timer
This PR adds several experimental IPFS improvements. It needs testing.
They are:
LowWaterHighWaterGracePeriodipfs-swarm.shwas renamed toipfs-setup.shipfs-setup.shchecks if CJDNS, Yggdrasil, IPv4 Internet and IPv6 Internet are available, and blacklists them if they are notquic_enabledbool to nodeinfo.jsonipfs-setup.shwill try and use QUIC to peer with mesh peers, if they say they have enabled it in their nodeinfo