servers should attempt to open connections to clients #1086
Labels
No labels
c/code
c/code-dirnodes
c/code-encoding
c/code-frontend
c/code-frontend-cli
c/code-frontend-ftp-sftp
c/code-frontend-magic-folder
c/code-frontend-web
c/code-mutable
c/code-network
c/code-nodeadmin
c/code-peerselection
c/code-storage
c/contrib
c/dev-infrastructure
c/docs
c/operational
c/packaging
c/unknown
c/website
kw:2pc
kw:410
kw:9p
kw:ActivePerl
kw:AttributeError
kw:DataUnavailable
kw:DeadReferenceError
kw:DoS
kw:FileZilla
kw:GetLastError
kw:IFinishableConsumer
kw:K
kw:LeastAuthority
kw:Makefile
kw:RIStorageServer
kw:StringIO
kw:UncoordinatedWriteError
kw:about
kw:access
kw:access-control
kw:accessibility
kw:accounting
kw:accounting-crawler
kw:add-only
kw:aes
kw:aesthetics
kw:alias
kw:aliases
kw:aliens
kw:allmydata
kw:amazon
kw:ambient
kw:annotations
kw:anonymity
kw:anonymous
kw:anti-censorship
kw:api_auth_token
kw:appearance
kw:appname
kw:apport
kw:archive
kw:archlinux
kw:argparse
kw:arm
kw:assertion
kw:attachment
kw:auth
kw:authentication
kw:automation
kw:avahi
kw:availability
kw:aws
kw:azure
kw:backend
kw:backoff
kw:backup
kw:backupdb
kw:backward-compatibility
kw:bandwidth
kw:basedir
kw:bayes
kw:bbfreeze
kw:beta
kw:binaries
kw:binutils
kw:bitcoin
kw:bitrot
kw:blacklist
kw:blocker
kw:blocks-cloud-deployment
kw:blocks-cloud-merge
kw:blocks-magic-folder-merge
kw:blocks-merge
kw:blocks-raic
kw:blocks-release
kw:blog
kw:bom
kw:bonjour
kw:branch
kw:branding
kw:breadcrumbs
kw:brians-opinion-needed
kw:browser
kw:bsd
kw:build
kw:build-helpers
kw:buildbot
kw:builders
kw:buildslave
kw:buildslaves
kw:cache
kw:cap
kw:capleak
kw:captcha
kw:cast
kw:centos
kw:cffi
kw:chacha
kw:charset
kw:check
kw:checker
kw:chroot
kw:ci
kw:clean
kw:cleanup
kw:cli
kw:cloud
kw:cloud-backend
kw:cmdline
kw:code
kw:code-checks
kw:coding-standards
kw:coding-tools
kw:coding_tools
kw:collection
kw:compatibility
kw:completion
kw:compression
kw:confidentiality
kw:config
kw:configuration
kw:configuration.txt
kw:conflict
kw:connection
kw:connectivity
kw:consistency
kw:content
kw:control
kw:control.furl
kw:convergence
kw:coordination
kw:copyright
kw:corruption
kw:cors
kw:cost
kw:coverage
kw:coveralls
kw:coveralls.io
kw:cpu-watcher
kw:cpyext
kw:crash
kw:crawler
kw:crawlers
kw:create-container
kw:cruft
kw:crypto
kw:cryptography
kw:cryptography-lib
kw:cryptopp
kw:csp
kw:curl
kw:cutoff-date
kw:cycle
kw:cygwin
kw:d3
kw:daemon
kw:darcs
kw:darcsver
kw:database
kw:dataloss
kw:db
kw:dead-code
kw:deb
kw:debian
kw:debug
kw:deep-check
kw:defaults
kw:deferred
kw:delete
kw:deletion
kw:denial-of-service
kw:dependency
kw:deployment
kw:deprecation
kw:desert-island
kw:desert-island-build
kw:design
kw:design-review-needed
kw:detection
kw:dev-infrastructure
kw:devpay
kw:directory
kw:directory-page
kw:dirnode
kw:dirnodes
kw:disconnect
kw:discovery
kw:disk
kw:disk-backend
kw:distribute
kw:distutils
kw:dns
kw:do_http
kw:doc-needed
kw:docker
kw:docs
kw:docs-needed
kw:dokan
kw:dos
kw:download
kw:downloader
kw:dragonfly
kw:drop-upload
kw:duplicity
kw:dusty
kw:earth-dragon
kw:easy
kw:ec2
kw:ecdsa
kw:ed25519
kw:egg-needed
kw:eggs
kw:eliot
kw:email
kw:empty
kw:encoding
kw:endpoint
kw:enterprise
kw:enum34
kw:environment
kw:erasure
kw:erasure-coding
kw:error
kw:escaping
kw:etag
kw:etch
kw:evangelism
kw:eventual
kw:example
kw:excess-authority
kw:exec
kw:exocet
kw:expiration
kw:extensibility
kw:extension
kw:failure
kw:fedora
kw:ffp
kw:fhs
kw:figleaf
kw:file
kw:file-descriptor
kw:filename
kw:filesystem
kw:fileutil
kw:fips
kw:firewall
kw:first
kw:floatingpoint
kw:flog
kw:foolscap
kw:forward-compatibility
kw:forward-secrecy
kw:forwarding
kw:free
kw:freebsd
kw:frontend
kw:fsevents
kw:ftp
kw:ftpd
kw:full
kw:furl
kw:fuse
kw:garbage
kw:garbage-collection
kw:gateway
kw:gatherer
kw:gc
kw:gcc
kw:gentoo
kw:get
kw:git
kw:git-annex
kw:github
kw:glacier
kw:globalcaps
kw:glossary
kw:google-cloud-storage
kw:google-drive-backend
kw:gossip
kw:governance
kw:grid
kw:grid-manager
kw:gridid
kw:gridsync
kw:grsec
kw:gsoc
kw:gvfs
kw:hackfest
kw:hacktahoe
kw:hang
kw:hardlink
kw:heartbleed
kw:heisenbug
kw:help
kw:helper
kw:hint
kw:hooks
kw:how
kw:how-to
kw:howto
kw:hp
kw:hp-cloud
kw:html
kw:http
kw:https
kw:i18n
kw:i2p
kw:i2p-collab
kw:illustration
kw:image
kw:immutable
kw:impressions
kw:incentives
kw:incident
kw:init
kw:inlineCallbacks
kw:inotify
kw:install
kw:installer
kw:integration
kw:integration-test
kw:integrity
kw:interactive
kw:interface
kw:interfaces
kw:interoperability
kw:interstellar-exploration
kw:introducer
kw:introduction
kw:iphone
kw:ipkg
kw:iputil
kw:ipv6
kw:irc
kw:jail
kw:javascript
kw:joke
kw:jquery
kw:json
kw:jsui
kw:junk
kw:key-value-store
kw:kfreebsd
kw:known-issue
kw:konqueror
kw:kpreid
kw:kvm
kw:l10n
kw:lae
kw:large
kw:latency
kw:leak
kw:leasedb
kw:leases
kw:libgmp
kw:license
kw:licenss
kw:linecount
kw:link
kw:linux
kw:lit
kw:localhost
kw:location
kw:locking
kw:logging
kw:logo
kw:loopback
kw:lucid
kw:mac
kw:macintosh
kw:magic-folder
kw:manhole
kw:manifest
kw:manual-test-needed
kw:map
kw:mapupdate
kw:max_space
kw:mdmf
kw:memcheck
kw:memory
kw:memory-leak
kw:mesh
kw:metadata
kw:meter
kw:migration
kw:mime
kw:mingw
kw:minimal
kw:misc
kw:miscapture
kw:mlp
kw:mock
kw:more-info-needed
kw:mountain-lion
kw:move
kw:multi-users
kw:multiple
kw:multiuser-gateway
kw:munin
kw:music
kw:mutability
kw:mutable
kw:mystery
kw:names
kw:naming
kw:nas
kw:navigation
kw:needs-review
kw:needs-spawn
kw:netbsd
kw:network
kw:nevow
kw:new-user
kw:newcaps
kw:news
kw:news-done
kw:news-needed
kw:newsletter
kw:newurls
kw:nfc
kw:nginx
kw:nixos
kw:no-clobber
kw:node
kw:node-url
kw:notification
kw:notifyOnDisconnect
kw:nsa310
kw:nsa320
kw:nsa325
kw:numpy
kw:objects
kw:old
kw:openbsd
kw:openitp-packaging
kw:openssl
kw:openstack
kw:opensuse
kw:operation-helpers
kw:operational
kw:operations
kw:ophandle
kw:ophandles
kw:ops
kw:optimization
kw:optional
kw:options
kw:organization
kw:os
kw:os.abort
kw:ostrom
kw:osx
kw:osxfuse
kw:otf-magic-folder-objective1
kw:otf-magic-folder-objective2
kw:otf-magic-folder-objective3
kw:otf-magic-folder-objective4
kw:otf-magic-folder-objective5
kw:otf-magic-folder-objective6
kw:p2p
kw:packaging
kw:partial
kw:password
kw:path
kw:paths
kw:pause
kw:peer-selection
kw:performance
kw:permalink
kw:permissions
kw:persistence
kw:phone
kw:pickle
kw:pip
kw:pipermail
kw:pkg_resources
kw:placement
kw:planning
kw:policy
kw:port
kw:portability
kw:portal
kw:posthook
kw:pratchett
kw:preformance
kw:preservation
kw:privacy
kw:process
kw:profile
kw:profiling
kw:progress
kw:proxy
kw:publish
kw:pyOpenSSL
kw:pyasn1
kw:pycparser
kw:pycrypto
kw:pycrypto-lib
kw:pycryptopp
kw:pyfilesystem
kw:pyflakes
kw:pylint
kw:pypi
kw:pypy
kw:pysqlite
kw:python
kw:python3
kw:pythonpath
kw:pyutil
kw:pywin32
kw:quickstart
kw:quiet
kw:quotas
kw:quoting
kw:raic
kw:rainhill
kw:random
kw:random-access
kw:range
kw:raspberry-pi
kw:reactor
kw:readonly
kw:rebalancing
kw:recovery
kw:recursive
kw:redhat
kw:redirect
kw:redressing
kw:refactor
kw:referer
kw:referrer
kw:regression
kw:rekey
kw:relay
kw:release
kw:release-blocker
kw:reliability
kw:relnotes
kw:remote
kw:removable
kw:removable-disk
kw:rename
kw:renew
kw:repair
kw:replace
kw:report
kw:repository
kw:research
kw:reserved_space
kw:response-needed
kw:response-time
kw:restore
kw:retrieve
kw:retry
kw:review
kw:review-needed
kw:reviewed
kw:revocation
kw:roadmap
kw:rollback
kw:rpm
kw:rsa
kw:rss
kw:rst
kw:rsync
kw:rusty
kw:s3
kw:s3-backend
kw:s3-frontend
kw:s4
kw:same-origin
kw:sandbox
kw:scalability
kw:scaling
kw:scheduling
kw:schema
kw:scheme
kw:scp
kw:scripts
kw:sdist
kw:sdmf
kw:security
kw:self-contained
kw:server
kw:servermap
kw:servers-of-happiness
kw:service
kw:setup
kw:setup.py
kw:setup_requires
kw:setuptools
kw:setuptools_darcs
kw:sftp
kw:shared
kw:shareset
kw:shell
kw:signals
kw:simultaneous
kw:six
kw:size
kw:slackware
kw:slashes
kw:smb
kw:sneakernet
kw:snowleopard
kw:socket
kw:solaris
kw:space
kw:space-efficiency
kw:spam
kw:spec
kw:speed
kw:sqlite
kw:ssh
kw:ssh-keygen
kw:sshfs
kw:ssl
kw:stability
kw:standards
kw:start
kw:startup
kw:static
kw:static-analysis
kw:statistics
kw:stats
kw:stats_gatherer
kw:status
kw:stdeb
kw:storage
kw:streaming
kw:strports
kw:style
kw:stylesheet
kw:subprocess
kw:sumo
kw:survey
kw:svg
kw:symlink
kw:synchronous
kw:tac
kw:tahoe-*
kw:tahoe-add-alias
kw:tahoe-admin
kw:tahoe-archive
kw:tahoe-backup
kw:tahoe-check
kw:tahoe-cp
kw:tahoe-create-alias
kw:tahoe-create-introducer
kw:tahoe-debug
kw:tahoe-deep-check
kw:tahoe-deepcheck
kw:tahoe-lafs-trac-stream
kw:tahoe-list-aliases
kw:tahoe-ls
kw:tahoe-magic-folder
kw:tahoe-manifest
kw:tahoe-mkdir
kw:tahoe-mount
kw:tahoe-mv
kw:tahoe-put
kw:tahoe-restart
kw:tahoe-rm
kw:tahoe-run
kw:tahoe-start
kw:tahoe-stats
kw:tahoe-unlink
kw:tahoe-webopen
kw:tahoe.css
kw:tahoe_files
kw:tahoewapi
kw:tarball
kw:tarballs
kw:tempfile
kw:templates
kw:terminology
kw:test
kw:test-and-set
kw:test-from-egg
kw:test-needed
kw:testgrid
kw:testing
kw:tests
kw:throttling
kw:ticket999-s3-backend
kw:tiddly
kw:time
kw:timeout
kw:timing
kw:to
kw:to-be-closed-on-2011-08-01
kw:tor
kw:tor-protocol
kw:torsocks
kw:tox
kw:trac
kw:transparency
kw:travis
kw:travis-ci
kw:trial
kw:trickle
kw:trivial
kw:truckee
kw:tub
kw:tub.location
kw:twine
kw:twistd
kw:twistd.log
kw:twisted
kw:twisted-14
kw:twisted-trial
kw:twitter
kw:twn
kw:txaws
kw:type
kw:typeerror
kw:ubuntu
kw:ucwe
kw:ueb
kw:ui
kw:unclean
kw:uncoordinated-writes
kw:undeletable
kw:unfinished-business
kw:unhandled-error
kw:unhappy
kw:unicode
kw:unit
kw:unix
kw:unlink
kw:update
kw:upgrade
kw:upload
kw:upload-helper
kw:uri
kw:url
kw:usability
kw:use-case
kw:utf-8
kw:util
kw:uwsgi
kw:ux
kw:validation
kw:variables
kw:vdrive
kw:verify
kw:verlib
kw:version
kw:versioning
kw:versions
kw:video
kw:virtualbox
kw:virtualenv
kw:vista
kw:visualization
kw:visualizer
kw:vm
kw:volunteergrid2
kw:volunteers
kw:vpn
kw:wapi
kw:warners-opinion-needed
kw:warning
kw:weapi
kw:web
kw:web.port
kw:webapi
kw:webdav
kw:webdrive
kw:webport
kw:websec
kw:website
kw:websocket
kw:welcome
kw:welcome-page
kw:welcomepage
kw:wiki
kw:win32
kw:win64
kw:windows
kw:windows-related
kw:winscp
kw:workaround
kw:world-domination
kw:wrapper
kw:write-enabler
kw:wui
kw:x86
kw:x86-64
kw:xhtml
kw:xml
kw:xss
kw:zbase32
kw:zetuptoolz
kw:zfec
kw:zookos-opinion-needed
kw:zope
kw:zope.interface
p/blocker
p/critical
p/major
p/minor
p/normal
p/supercritical
p/trivial
r/cannot reproduce
r/duplicate
r/fixed
r/invalid
r/somebody else's problem
r/was already fixed
r/wontfix
r/worksforme
t/defect
t/enhancement
t/task
v/0.2.0
v/0.3.0
v/0.4.0
v/0.5.0
v/0.5.1
v/0.6.0
v/0.6.1
v/0.7.0
v/0.8.0
v/0.9.0
v/1.0.0
v/1.1.0
v/1.10.0
v/1.10.1
v/1.10.2
v/1.10a2
v/1.11.0
v/1.12.0
v/1.12.1
v/1.13.0
v/1.14.0
v/1.15.0
v/1.15.1
v/1.2.0
v/1.3.0
v/1.4.1
v/1.5.0
v/1.6.0
v/1.6.1
v/1.7.0
v/1.7.1
v/1.7β
v/1.8.0
v/1.8.1
v/1.8.2
v/1.8.3
v/1.8β
v/1.9.0
v/1.9.0-s3branch
v/1.9.0a1
v/1.9.0a2
v/1.9.0b1
v/1.9.1
v/1.9.2
v/1.9.2a1
v/cloud-branch
v/unknown
No milestone
No project
No assignees
4 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: tahoe-lafs/trac#1086
Loading…
Add table
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Currently each client attempts to open a connection to each server. If it were the case that a server were behind NAT or firewall and connections couldn't be opened to that server, but that server were able to open connections out to clients, then if it did so the clients would be able to use that connection to issue requests to the server.
To do this, servers should ask the introducer(s) to tell them about all clients and then servers should attempt to establish a foolscap connection to each client. If there is already such a connection (because, for example the client has already opened a connection to the server) then foolscap will automatically deduplicate and keep just one working connection.
[//pipermail/tahoe-dev/2010-June/004451.html]
Yeah, something like that. As I mentioned on the email thread, one way to do this might be to have clients publish a special "please connect to me" announcement, which servers could then subscribe to and use to initiate outbound connections.
Now that I think about it, that does seem slightly backwards, since it's the NAT-bound server which is in the unusual position. So it would feel better to do something to the server (to indicate that it should connect to clients) rather than do something to the otherwise-normal clients.
I'd sort of like it if clients didn't have to publish contact information all the time (specifically, foolscap location hints).. that feels a bit weird too. I'm not sure how to accomplish both yet, though.
What's the difference between publishing a "stub_client" record and publishing a "please connect to me" announcement?
I don't understand the motivation about doing something to the behind-NAT server instead of to the client and about not publishing contact information. I think it would be simple and effective to just have all clients publish contact information and all servers attempt to connect to all clients.
See also #344 (more client-vs-server refactoring: servers-only shouldn't subscribe to storage announcements).
Note that this would conflict with gdt's suggestion in /tahoe-lafs/trac/issues/26954#comment:18, that clients (actually non-servers) should only include 127.0.0.1 in their furls by default.
When I ran a server, one of the annoyances was it trying to open connections to RFC1918 addresses of servers behind NATs. If you assume mobile clients, then having a server behind a NAT means that sometimes one can connect and sometimes, not, and that's a mess with the current repair behavior. If you assume that all clients have global IP addresses and some servers don't, you inhabit a strange world. So I see this as addressing an odd case, and think that clients advertising any addresses at all and servers trying to connect to clients should be non-default behaviors.
tjgillies on IRC just had a confusing situation where he enabled storage service on a routeable node and this caused the gateway on that routeable node to start using a storage server on a behind-NAT node. This was understandably confusing to him.
I think we should take one design strategy and "go all the way" with it, because either extreme is simpler for users to understand than what we currently have.
"all the way" in the minimal unix style is that servers never attempt to open connections to clients, and if a node has both a server and a client in it then the client part of it will not re-use a connection which a different node earlier established to the server part of it. In other words, the only thing that ever works is if the server is routeable, and if you want to run a server behind a firewall or NAT then you have to learn how to configure that firewall or NAT in order to give your server a routeable IP address. It is important to understand that if we do it this way then it is a bug if connections sometimes magically work when your server doesn't have a routable IP address and you didn't explicitly configure your firewall/NAT to forward this port. It is a bug because it confuses users when things "sometimes" work and it irritates minimal-unix-style people like gdt when programs do clever non-standard things.
"all the way" in the p2p style is that all nodes publish all of the "ways to contact me" that they can think of (including RFC1918 addresses and "my port number on localhost"), regardless of whether they are running a server or not, and all servers attempt to open connections to all clients and all clients attempt to open connections to all servers. This is non-standard and bothers expert sysadmins who want precise control over what TCP connection attempts are made, but it means that servers behind firewall/NAT can serve clients that are routeable without the server's operator having to learn how to configure their NAT. This can be understandable to users by explaining that the client and the server each try to connect to each other, and if it is possible for a TCP connection to be established in either of the two possible directions, then the client will be able to use the server. (Note that in addition to this approach supporting NATted-server + routeable client, it also supports client and server both on the same private network and neither one routeable from the public Internet.)
Both approaches have their merits and drawbacks and let's not get distracted by arguing which is "better". Currently we have something that is almost like the p2p style, except that servers don't attempt to open connections to clients and clients don't necessarily publish their contact info (if they aren't offering a server).
I think we should go ahead and make this style "complete" by the extensions I've requested in this ticket, which will I believe make it easier for users to understand and to use (even users who don't know how to configure their NAT device). I also think that in the future as we move to an HTTP-based transport instead of the current foolscap-based transport, we should probably switch to the extreme "minimal unix style".
tjgillies added a FAQ entry on the wiki: wiki/FAQ?version=52#Q21_NAT
I concur with the notion that the implementation should be "all the way" in either the unix style (which I would call client/server) or the p2p style. (I am amused at being the canonical example of minimal.)
This is also an argument for having v6 support working. It's boggling that Twisted is so far (10+ years) behind the curve.
On the notion of not arguing about better, two points:
As I've been using tahoe-lafs with a private grid, each node (process) is a client or a server. If the machine I want to use as a client happens to host a server node, then I run a client node (also). With the current implementation, client nodes have the aliases file and thus must be per-user, and server nodes are about the grid. (I am talking about the CLI, mounting, and WAPI, and reject the WUI as unsafe.) And to make servers that have private addresses reachable and usable to all clients, I would have to configure NAT translation. Given that, the client/server approach is sensible.
People using the pubgrid may want maximal connectivity, but if on a laptop/etc. they are going to find that servers come and go depending on whether their address is private or routable (and unfirewalled) at the moment. (But this is not currently helpful as tahoe does not work well with server churn (ticket:1209).)
So, it could be that the introducer should have a "connect-to-clients" flag, and if set then 1) clients publish contact information and 2) servers try to connect to clients (and use connections in either direction). I'd want this off, but it would be interesting to see what it should be on the pubgrid. Perhaps the client should have a connect-to-clients config with yes/introducer/no, where "introducer" means to respect the config value from the introducer. In a future with a distributed introducer function, this is just a piece of data that needs to be available from the function. And it could be that the flag is passed in the setup of each connection, so reverse channels are not used to those who say connect-to-clients=off.
It could also be that it's easier to make the flag be purely local, causing a client to publish contact information, causing a node that offers storage to connect to nodes that do not, trying to use the reverse channel, and allowing the reverse channel to be used.
I think it's an important property that if on a node of mine I set connect-to-clients=off, then my client node will not publish anything (I realize the introducer still knows about it) and my server node won't try to make connections to clients. (I do find repeated connection attempts to RFC1918 addresses annoying, and this helps but does not fix the issue.)
Related, if a server is only a server, and not a client (no associated uid/human), then it shouldn't try to open any connections (in the minimal style). So perhaps in addition to configuring storage on/off, the client behavior should be configurable. That makes it more clear that this ticket is (in part) talking about servers that don't have a need to be clients making connections to client-only nodes.
The main advantage of the p2p way is that a user might be able to successfully run a server even if they don't know what a "port number" is and they don't want to learn. Perhaps this is not a desirable result! Because such servers are likely to be unreliable anyway.
In any case, if we supported multiple ways to do it (note: I'm almost always opposed to having more than one way to do it), then as long as the way that is friendly to non-technical users is the default then that advantage is preserved. If the user has to set a configuration setting in order to get that behavior then that advantage evaporates.
Replying to zooko:
which says:
The current behaviour is a bug for the following reason: If a node is behind a NAT and is only intermittently connected, but has storage service enabled (by mistake, perhaps), then it will sometimes be used as a server and sometimes be inaccessible. Worse, it will only be accessible to some subset of the other nodes. This leads to poor preservation and availability. It is better for the NAT to cause the node to always be inaccessible as a server.
I also disagree that we should be changing the behaviour to one style now and then changing it to the opposite style later. It makes more sense to have a config switch (but I don't know where that switch should be).
Replying to davidsarah:
Hm, well if we're going to converge on the minimal-unix style, this is mostly just a matter of eliminating the use of certain foolscap features. It isn't obvious how to eliminate them -- foolscap doesn't provide a way to turn them off. I mean features like: all objects in one foolscap tub can access all objects in the other foolscap tub as long as there is currently a TCP connection open to them. One simple way to make it so that this feature no longer allows clients to use an unrouteable server as long as that server's tub happens to have opened a connection to that client would be to stop running both clients and servers in the same tub! That appeals to me. Then if you want to run both a gateway and a server you have to launch two separate processes in your operating system.
Another feature which should probably be eliminated if we're going to the minimal unix style is the foolscap feature of listing multiple alternative IP addresses or hostnames, possibly including ones that are not routeable from the public Internet, and having a client attempt to connect to all of them in parallel and then use whichever connection succeeds. This feels like kind of a loss -- that feature is cool because it allows two nodes behind NAT to connect directly to one another over the LAN, for example. The minimal unix way to do that is that they cannot talk to each other until their human manually configures the NAT, in which case their packets get routed to the NAT box and then back to their LAN, or the human manually configures their IP address to be the LAN-scoped IP address, in which case they can connect to one another directly.
David-Sarah: the reason to go the rest of the way to one style now and then switch to the opposite extreme style later is that we plan to switch from foolscap to HTTP. Foolscap provides a lot of very cool features in the p2p style, and in fact it is hard to use Foolscap without the p2p style. HTTP would be hard to use in the p2p style. I think we should work with the tools rather than against them here.
Whatever we do, I hope we don't let this ticket just lie here because there are differing opinions about which direction to head. Heading in either direction would be an improvement, in my opinion, where the measurement of value I'm using is "How hard is it for users to understand and predict the behavior".
Replying to [zooko]comment:13:
The introducer is responsible for connecting clients to servers. If the introducer doesn't connect them, it doesn't matter which objects are in which vats, IIUC. There are no implicit connections due to objects being in the same vat; that would not be consistent with a capability model.
adding keyword
p2p
to tag tickets that have to do with the open question of "Is Tahoe-LAFS client-server or is it peer-to-peer?": [//pipermail/tahoe-dev/2012-July/007533.html]Over the last few years, I think we've converged on believing that clients (nodes that do not have Storage or a Helper enabled) should not accept connections. We've made several changes recently to support this:
tahoe create-client
(ok that landed a while ago)tub.port=
(empty) mean "don't listen, don't set a location"At this point, I think we'd all feel comfortable making
tahoe create-client
settub.port=
to disable listening. In this world, clients never listen, so servers cannot connect to client-only nodes.So I'm going to close this as a WONTFIX.