Deprecate the mempool from CometBFT #1424

zmanian · 2023-10-03T08:22:42Z

zmanian
Oct 3, 2023

The CometBFT mempool has a number of significant flaws.

It is both practically and conceptually broken.

The mempool layer is extremely inefficient. Each tx floods across the network being rebroadcast many times.
The mempool provides no mechanism to provide back pressure, prioritize dissemination or inform users about what fees are needed.
This essentially forms a dos vector by creating thundering herd problems that can slow block production.

It makes no sense to flood txs into the network when txs just need to be sent to the next proposer.

zmanian · 2023-10-03T08:46:39Z

zmanian
Oct 3, 2023
Author

Different app chains will want different semantics for their tx dissemination.

I think the best possible default would be that every validator registers an ip address that it will receive txs over.

Http3 would be a good fit for standardized responses

5 replies

alexanderbez Oct 3, 2023

Huge fan of (A) removing the mempool from CometBFT and (B) providing finer grain control over tx dissemination, preferably dictated by the app.

WRT to default dissemination, my fear with public IPs is DoS attacks and flooding the ingestion endpoint. Perhaps if validators had a private network they can transmit txs amongst themselves and public endpoints that allow public facing agents to submit txs, i.e. a firewall or router.

faddat Oct 3, 2023

I really like the idea of private networks that exist between validators, and have for a long time.

I've been thinking that this private network should follow the established trust graph of the chain, I think validators could easily self-organize such a thing.

wellingsworth Oct 4, 2023

I'm a noob here, but shedding some thoughts in case they're helpful.

Do nodes not already have DoS protections built-in? My understanding was that the sentinel node architecture made it much more difficult to DoS the validator node itself.

Separately, it seems like in most cases a node could have an in-memory cache of seen (account, nonce) duples, bypassing CheckTx with an extremely efficient cache check. For applications where expenditure scales with number of unique-nonce txs, this should make DoS cost-per-tx-checking-time very high.

It seems like the role we're worried about losing from the mempool here is load balancing, which seems like it could be handled internally by the validator.

alexanderbez Oct 5, 2023

Do nodes not already have DoS protections built-in?

No, the idea is that if there exists a public ingress endpoint that validators expose, then that endpoint could be flooded with bogus txs, preventing honest txs for entering in a timely fashion. We could implement an ingestion service that sits atop the ingress endpoint, filtering out bogus txs, but that's more infra for validators to run, which is a downside.

Separately, it seems like in most cases a node could have an in-memory cache of seen (account, nonce) duples, bypassing CheckTx with an extremely efficient cache check.

What does this have to do with tx dissemination? The core idea here is how and what txs are gossiped and in what order.

wellingsworth Oct 5, 2023

What does this have to do with tx dissemination? The core idea here is how and what txs are gossiped and in what order.

Ah I figured that the main drawback of the new transaction dissemination method is that it leads the validator to receive a greater number of tx requests. Thus my thoughts on how to efficiently resolve that.

zmanian · 2023-10-05T08:53:39Z

zmanian
Oct 5, 2023
Author

The core changes needs to remove the mempool is that CometBFT needs to provide an api the enables running check tx against the transaction and mechanism to call out to an external process when reeping txs for the block

0 replies

faddat · 2023-10-05T10:16:44Z

faddat
Oct 5, 2023

new rpc design

reap max bytes need to be able to call out to an external process that returns the target number of bytes of transactions
block parts should contain a list of transaction hashes
an endpoint that gives the addresses of the next proposers
wallet, etc submits to the next ... 3 validators

Current state of block parts

tx data comes from reap max bytes
make a block proposal
distribute the hash of the proposal
spam all peers block parts in random order

0 replies

adizere · 2023-10-06T12:59:31Z

adizere
Oct 6, 2023
Maintainer

Thanks everyone,
How does the need to deprecate the mempool inform this discussion to open the P2P layer to the application? #1112 Note that opening the P2P layer is likely a priority, and if we do that we can have a safe path to kick out mempool from Comet.

1 reply

zmanian Oct 12, 2023
Author

It should be understood that building a peer to peer system which is resistant to denial of service attacks while providing high quality UX for wallets, relayers, MEV searchers etc will have to be narrowly scoped.

Ie. You might be able to build a reasonable system for Celestia data blobs or limit orders but there are no examples of a widely used general purpose p2p transaction propagation layer in any blockchain system.

men-boost relayer build 99% of Ethereum blocks. Solana is 75% Gulfstream/25% Jito.

Bitcoin users fiber

albertchon · 2023-10-31T20:19:29Z

albertchon
Oct 31, 2023

Espresso systems employs a CDN for fast point to point communication between validators but with a fallback mechanism that uses p2p gossip. Perhaps Comet could be inspired by a similar design

0 replies

andynog · 2023-11-04T12:16:40Z

andynog
Nov 4, 2023
Collaborator

Adding this here #1565

0 replies

andynog · 2023-11-09T15:52:49Z

andynog
Nov 9, 2023
Collaborator

Hi guys, feedback is welcome on this PR #1585 about an ADR for a nil mempool, this is a simpler alternative to the ADR110 Remote Mempool

0 replies

adizere · 2023-11-23T10:25:31Z

adizere
Nov 23, 2023
Maintainer

Implementation of ADR 111 nop mempool (previously called nil mempool): #1643

0 replies

adizere · 2024-01-18T19:39:37Z

adizere
Jan 18, 2024
Maintainer

Organization of a working group to explore mempool improvements

Logistics

Where: CometBFT community call, calendar instructions available upon joining this Google group
When: 25 Jan 2024 @ 6pm - 7pm CET

Notes

Will be captured here.

Agenda

Under construction

Please don't hesitate to comment if any specific items should be added to the agenda.

0 replies

zmanian · 2024-02-04T22:44:32Z

zmanian
Feb 4, 2024
Author

The current mempool implementation displays a thundering herd problem when a CometBFT network is under sustained load due to contention on the ABCI mutex.

I'm not really sure this should do into the baseline v1 mempool behavior so I'm instead documenting this here.

Symptoms included increased round failures and empty blocks while the network is under heavy load.

Here is a proposed mechanism to make some naive mitigations again this are.

add a paramater for stopping max mempool size here
https://github.com/cometbft/cometbft/blob/main/config/config.go#L848-L908
The mcheck if memR. config.MaxMempoolTxs < protoTxs.Size() + memR.mempool.Size() here
Here
https://github.com/cometbft/cometbft/blob/main/mempool/reactor.go#L163

What does the patch do?

If there 1000 tx is the mempool, there are around be 1000 abci mutexs locks for abci recheck.
There is also a continuous flow of new abci mutex locks being triggered by rpc calls and by other nodes broadcasting txs.
In full mempool situation, the number of abci mutexes from other validators might equal or exceed the mutex locks from abci rechecks.
The proposed patch changes behavior so that if number of resident txs exceeds a certain configured number. The sentry node will not injest txs from other peers. Thus only directly inserting txs + on new block rechecks will be the abci mutex load.
Once this load falls below the configured target, injestion begins again. The target number can be set depending on the 1E0A underlying sentry node hardware.
This configuration should ensure that the validator node is getting an adequate number of txs to fill blocks and isn’t generally proposing invalid txs.
This system comes at a cost to UX. If the sentry node has a public rpc and it’s directly receiving txs this can saturate the nodes and it will never propose a tx circulating in the P2P network. Second depending on how validators configure their sentry nodes and overall volume,Txs might be frequently dropped from all mempools before they reach a validator. This leads to rebroadcasting txs and further load on the collective network. I don’t know how to fix these without proper out of process builders

1 reply

cason Feb 5, 2024

So, your suggestion is to move this check up in the stack, namely, when we receive the transaction at first. Actually, the check must preserved there in case we receive a transaction via RPC.

This is a good idea. We should save some contention (acquiring locks) when we know that we can't accept a transaction. The question is that CheckTx is an interface method. So, in this case, the best solution is probably add this check to this method, before we acquire all the locks etc. etc. The same could apply for checking the tx size: we don't need locks to check that.

melekes · 2024-04-23T11:00:35Z

melekes
Apr 23, 2024
Collaborator

@zmanian:

"Instead we add a new msg type to the mempool reactor where the mempools sends messages to its's peers that says stop sending me txs for x blocks. The reactor should track what peers it sent this message to. If the peers keeps sending txs after recieving this message before the target height has been reached then drop the peer and blacklist them.

So I think instead we setup a similar structure to the txSender structure where we track the height of the peers that. have sent a message that they are not receiving txs and wait the peer state has exceeded the target height before sending more messages.
The reactor can track how many txs were recieved per block and then send out this message"

0 replies

Deprecate the mempool from CometBFT #1424

Uh oh!

Replies: 11 comments · 7 replies

Uh oh!

zmanian Oct 3, 2023 Author

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

zmanian Oct 5, 2023 Author

Uh oh!

Uh oh!

Uh oh!

adizere Oct 6, 2023 Maintainer

Uh oh!

Uh oh!

zmanian Oct 12, 2023 Author

Uh oh!

Uh oh!

andynog Nov 4, 2023 Collaborator

Uh oh!

andynog Nov 9, 2023 Collaborator

Uh oh!

adizere Nov 23, 2023 Maintainer

Uh oh!

Uh oh!

adizere Jan 18, 2024 Maintainer

Organization of a working group to explore mempool improvements

Logistics

Notes

Agenda

Uh oh!

zmanian Feb 4, 2024 Author

Uh oh!

Uh oh!

melekes Apr 23, 2024 Collaborator

Replies: 11 comments 7 replies

zmanian
Oct 3, 2023
Author

zmanian
Oct 5, 2023
Author

adizere
Oct 6, 2023
Maintainer

zmanian Oct 12, 2023
Author

andynog
Nov 4, 2023
Collaborator

andynog
Nov 9, 2023
Collaborator

adizere
Nov 23, 2023
Maintainer

adizere
Jan 18, 2024
Maintainer

zmanian
Feb 4, 2024
Author

melekes
Apr 23, 2024
Collaborator