Circuit relay stops accepting relay requests

[julienmalard]

• Version: 2.2.1

• Platform: Issue encountered on Ubuntu and MacOS

• Subsystem: Circuit relay v2

Severity: High

Description:

The circuit relay stops accepting new reservations after 5-10 connections by peers. Rebooting the relay temporarily solves the issue. The problem seems to occur independently of whether the reconnecting peers are the same peer or different peers. While peers can always connect to the relay, they are unable to connect to each other through p2p-circuit.

Steps to reproduce the error:

1. Start a circuit relay.
2. Connect a few peers to the relay.
3. Disconnect and reconnect 5-10 times.
4. Eventually, peers will be unable to connect to each other through p2p-circuit on the relay.

[achingbrain]

There is a limit to how many reservations a relay will accept - are you sure you're not hitting this limit?

[julienmalard]

Yes, few or no peers are connected to the relay when the issue is encountered. I have a feeling that the reservations or reservation count is not being cleared.

[achingbrain]

Can you share a link to a demo project that shows the problem?

[julienmalard]

Sure; here's the relay code in question: https://github.com/reseau-constellation/relai-libp2p/
The same problem occurs whether I run it on localhost or properly deployed on DigitalOcean with a domain name and SSL/nginx.
Many thanks!!

[NiKrause]

I had this too. When you develop locally you reach the maximum reservations very quickly. E.g. when using a browser I was ending up to set it to infinity for local developments. When you test in production the same can happen quickly. You can enable libp2p logs in browser and nodejs to watch reservations. https://github.com/silkroadnomad/libp2p-relay/blob/main/relay/src/relay.js#L38 (not sure if thats 100% correct)

In fact this a malicious node protection you ran into. Your node stops interacting with maliciously behaving nodes. E.g. nodes which send too many of the same messages in a short amount of time etc. This is an interesting science where we might need a talk on some future libp2p day. :-)

[julienmalard]

Thanks for confirming @silkroadnomad . However, I still have the issue even with newly generated libp2p nodes which have not yet tried to connect to the relay. Does the node protection track the IP address?

[NiKrause]

Yes, I guess so. In the beginning, I tried switching off and on the relay, which helped for some time. Maybe deleting the data store etc might be of help in case you have.

Intelligent protection from malicious peers would go beyond the peerId and would track ip addresses and ip networks in worst case. I'd guess that libp2p is so intelligent "by nature." At least I expect the libp2p developers to be.

I remember having seen a very detailed document about this topic. I can't remember anymore where. I'll post it as soon as I remember. Must be somewhere around here. Maybe documentation of gossip sub might help here.