Report RPC Errors to the application on peer disconnections #5680
Conversation
Squashed commit of the following: commit f5dc1a3 Author: dapplion <[email protected]> Date: Wed May 1 17:14:50 2024 +0900 Expect RPCError::Disconnect to fail ongoing requests commit 888f129 Author: dapplion <[email protected]> Date: Wed May 1 14:14:22 2024 +0900 Report RPC Errors to the application on peer disconnections Co-authored-by: Age Manning <[email protected]>
| if matches!( | ||
| self.state(), | ||
| BackFillState::Failed | BackFillState::NotRequired | ||
| ) { | ||
| return Ok(()); | ||
| } | ||
|
|
||
| if let Some(batch_ids) = self.active_requests.remove(peer_id) { |
There was a problem hiding this comment.
This is a great simplification. The repeated logic was a source of many seen/unseen bugs earlier. Kudos for having the big picture and spotting that this can be removed 🙌
My only concern with this is that in inject_error, we call batch.download_failed(true) instead of false which we shouldn't be doing for disconnections maybe? Repeated peer disconnections for the same batch might end up marking the entire chain as invalid and redoing a bunch of stuff.
There was a problem hiding this comment.
Good point. Should also be noted that these disconnects are ungraceful.
i.e When lighthouse disconnects from a peer, it will wait to try and fulfill all its requests. It wont just drop the connection. In fact, a stream timeout will occur before a disconnection in a graceful disconnect.
The error peer disconnect should only happen when a peer drops the connection without fulfilling a request (which lighthouse doesn't do unless there is a network error).
There was a problem hiding this comment.
Right, current stable assumes that peer disconnection == failed download. But this RPCError::Disconnect error will only fire if there is an active outgoing request that gets terminated ungracefully.
Repeated peer disconnections for the same batch might end up marking the entire chain as invalid and redoing a bunch of stuff.
Should only apply if:
- we initiate request to peer A
- peer A disconnects ungracefully before completing request
- we initiate a retry request to peer B
- peer B disconnects ungracefully before completing request
This should not happen frequently
| for id in batch_ids { | ||
| if let Some(batch) = self.batches.get_mut(&id) { | ||
| if let BatchOperationOutcome::Failed { blacklist } = | ||
| batch.download_failed(true)? |
There was a problem hiding this comment.
similar comment as above regarding marking the batch as failed/not failed.
In forward sync, this might mean potentially not retrying a valid chain because the peers on the good chain are disconnecting.
| sender.send_request(peer_id, 42, rpc_request.clone()); | ||
| } | ||
| NetworkEvent::RPCFailed { error, id: 42, .. } => match error { | ||
| RPCError::Disconnected => return, |
There was a problem hiding this comment.
the test should make sure we only get to this branch
There was a problem hiding this comment.
Since this branch is the only way to break out of the loop, not hitting this branch will timeout the test. I considered adding something explicit but it feels redundant
pawanjay176
added
waiting-on-author
| if matches!( | ||
| self.state(), | ||
| BackFillState::Failed | BackFillState::NotRequired | ||
| ) { | ||
| return Ok(()); | ||
| } | ||
|
|
||
| if let Some(batch_ids) = self.active_requests.remove(peer_id) { |
There was a problem hiding this comment.
Good point. Should also be noted that these disconnects are ungraceful.
i.e When lighthouse disconnects from a peer, it will wait to try and fulfill all its requests. It wont just drop the connection. In fact, a stream timeout will occur before a disconnection in a graceful disconnect.
The error peer disconnect should only happen when a peer drops the connection without fulfilling a request (which lighthouse doesn't do unless there is a network error).
Squashed commit of the following: commit f5dc1a3 Author: dapplion <[email protected]> Date: Wed May 1 17:14:50 2024 +0900 Expect RPCError::Disconnect to fail ongoing requests commit 888f129 Author: dapplion <[email protected]> Date: Wed May 1 14:14:22 2024 +0900 Report RPC Errors to the application on peer disconnections Co-authored-by: Age Manning <[email protected]>
|
@realbigsean noted that a lookup can get stuck if it has no available peers and is awaiting a download. This case should never happen with current code as a lookup is never left in AwaitingDownload state. However, for completeness I have added a check to drop lookups in that case in 02f1b2d |
pawanjay176
removed
the
waiting-on-author
Squashed commit of the following: commit 02f1b2d Author: dapplion <[email protected]> Date: Fri May 3 10:17:42 2024 +0900 Drop lookups after peer disconnect and not awaiting events commit f5dc1a3 Author: dapplion <[email protected]> Date: Wed May 1 17:14:50 2024 +0900 Expect RPCError::Disconnect to fail ongoing requests commit 888f129 Author: dapplion <[email protected]> Date: Wed May 1 14:14:22 2024 +0900 Report RPC Errors to the application on peer disconnections Co-authored-by: Age Manning <[email protected]>
|
The RPCError events are never received by sync due to this condition here lighthouse/beacon_node/lighthouse_network/src/service/mod.rs Lines 1370 to 1377 in 3058b96 The tests on network/sync/block_lookups and lighthouse_network pass respectively as they don't test the full integration. @AgeManning there's a lot of code in this function that is currently not expecting events for disconnected peers. Would be best to just allow events for disconnected peers if the event type if RPCError::Disconnect? |
There was a problem hiding this comment.
The latest changes allowing the RpcError::Disconnected to propagate, looks good to me.
To be clear, this edge case happens where:
- We make a request
- The peer disconnects ungracefully
- There is a race between receiving the RpcError::Disconnected from the rpc handler and the Swarm peer-discconected message. Potentially we always lose this race, and the peer manager considers the peer disconnected before we can read the final handler message.
The only issue I see here, is that it's going to break a previously intuitive construct we previously had, which was that the last log/message we ever see from a peer is "Peer Disconnected".
After this change, we can see logs and messages after the peer has disconnected.
i.e
"Peer Disconnected"
"RPC Error::Disconnected"
I don't immediately see a solution to this, because the ordering is coming from the swarm which we don't have much control over here.
|
@mergify queue |
✅ The pull request has been merged automaticallyThe pull request has been merged automatically at b87c36a |
Issue Addressed
Extends
As we are overhaling some internal RPC infrastructure, a desired feature is to report peer disconnects on RPC requests.
This PR should report an RPCError(Disconnected) if a connection is terminated whilst an RPC request is underway.
Proposed Changes
RPCError::Disconnectto any outbound streams with a disconnecting peerinject_errorto handle it