Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Filecoin / Retrieval Market Builders Mini-Summit, April 2021 / 6 May 2021
Filecoin / Retrieval Market Builders Mini-Summit, April 2021 / 6 May 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: RETMKT Builders - Lotus Node Architecture

Description

Raúl presents on the evolution of a lotus node at the Retrieval Market Builders Mini-Summit in April 2021.

A

Welcome to day two um today we're gonna, as david said, we're gonna cover some some basics about um about some changes that we plan to to make to to to the lotus runtime architecture. I think um I was told that juan presented. I wasn't here for day one, but I was told that that juan kind of like presented a little bit of what we're calling the architecture for for the golden path. And uh you see that there are two. Let me change one thing on my screen because I think it's a little bit yellow.

A

um I don't know if you, if you saw that that tin, we don't we don't. We don't see the plot right. You don't do that all right, okay, cool! That's that's great yeah because uh I had uh flux and uh night shift enable both at the same time, so they were compounding, and it was really you know anyway, um yeah. So we're gonna, we're gonna focus on on two elements of this overall architecture diagram uh have we has this been covered uh in this session and we.

B

We briefly showed this diagram earlier. I think what the maybe maybe it is useful to have a little bit of context, which is so this service thinking about. Okay, we've got existing lotus clients and minors, and there's work to do especially on retrieval side to make it more easy to get that content right, and that is what eventually, that that's that's this path towards a retrieval market, um and so in the shorter term.

B

uh What what are the you know, next steps that we should be thinking about evolving, um more concretely to get towards this market that we're that we're headed towards, um and so I think what the next piece is is sort of more core, like next steps that we can imagine on. These two highlighted portions of this. So what?

B

How is a file point miner going to change and what needs to happen there to make uh itself uh more easy for external clients to get stuff out of it and then introducing the start of some interfaces and then implementations of this network. Indexer thing: that's here, which is: we need some way to to quickly learn which miners have which content, and so how do we? How do we start evolving? That subsystem.

A

Exactly and we can like potentially dive into other areas of this diagram as well, but uh the areas that we're focusing on today are the ones that we believe are highly relevant to the retrieval work here, because there are things that are going to be that we plan to change on the architecture that are going to off of lotus itself and those principles. We propose that other clients also adopt them and of course this is an open conversation.

A

So if you think that you know there is uh we're going in the wrong direction or there are things that we haven't considered, then this is you know a really good moment to to actually voice that out. uh There are gonna be more discussions in the community around around these changes that I'm gonna that I'm gonna be presenting. Today, we are uh within kind of like the lotus maintainers team, uh doing a little bit of like the initial work of getting the rough ideas um getting an internal consensus before we actually start engaging.

A

You know the the actual stakeholders of of all this and the in the community and open up the conversations a lot more. So these two, these two elements, I think, are- are highly relevant to to uh to the retrieval retrieval marcus works, so, let's, uh let's dive in all right.

A

So what I'm gonna be talking about personally, is the evolution of a lotus node and um the really the kind of like the thread that is open right now uh for us relates a lot more to the architecture of the miner itself, so not from we're not really looking at the holistic picture of a lotus node as it is, but I think it's a really good.

A

uh It's a really good opportunity to do that now, as uh retrieval markets is really um the the the the initiatives that that you guys are going to be working on really, you know potentially need to need to evolve the larger scope of of what a lotus client is not just a minor part of it, but kind of like the whole architecture of the client. So just to give you a little bit of context, uh project bedrock, retrieval markets and other projects are intending to introduce new capabilities to the platform network.

A

So we talked about indexing cds, payment channel networks, uh not payment channels. Those already exist public, retrieval and many of these initiatives actually require new capabilities and new logic on the minor side of things.

A

On the other hand, uh we have miners that have actually worked around features that they personally consider unstable or unprofitable, to run for now, and this is uh basically a good signal that they want more flexibility right, because the moment that you take the stock, um the stock um product and you modify it to like remove things or you, like short circuit, uh certain features, because you don't want to make storage deals, so you don't want to like serve retrieval deals uh then these are.

A

These are really good indicators that the product itself should be giving miners like. There should be some more embedded modularity within the product itself within the the the code itself. So uh we also detected that monolithic lotus architecture is quite limiting in terms of like many things that I'm gonna that I'm gonna be touching on. So just to give you kind of like the initial picture of what the status quo is of of lotus itself. First of all, lotus.

A

We consider it largely monolithic, but it does have like some small sprouts of like a little bit of physical segregation of responsibilities. Concretely, you would be familiar with two with two. There are two entry points into the lotus binary itself right now as it stands today, we've got the demon and we've got the minor, and these two have some uh these two perform entirely.

A

You know different um responsibilities, so the demon is owning chainsync, it is offering the full json rpc it's offering wallet functionality and it's offering a bunch of a bunch of other things, and the miner, on the other hand, is taking care of ceiling. Running storage, deals, retrieval deals and and a few more things now. There are also a few commands that also encapsulate uh specialized small services like, for example, there are commands to or lotus shed tools uh that run the off chain window, post challenger or the consensus port reporter.

A

So it's already kind of like an emergence of like encapsulation of potentially services around the falcon network uh or responsibilities that could be considered self-packaged services that are being provided to the filecoin network.

A

However, if you zoom in to the miner itself, you see that a miner is taking care of ceiling, storage, deals and retrieval deals and a bunch of things more that I'm going to outline in the next slide.

A

And this lack of segregation between, like all the things that the miner that that single binary process is taking care of is, is problematic for several reasons, um and we also gotta like take into account that most miners seek to sort of like maximize their their economic profit um and they seek to undertake as little operational risk as possible.

A

So um just to kind of like outline what the responsibilities of lotus miner the binary itself are- uh and this is like a non-comprehensive uh comprehensive list. uh We've got participating, storage, mining, onboarding, storage, coordinating the ceiling activity in the pipeline sector, proving block mining, and then we've got evaluating and accepting storage storage deals. Conducting the data transfer, assigning deals to sectors, blah blah blah taking care of uh serving those those deals and a bunch of other things.

A

So really, there are like two big chunks of functionality that lotus that the lotus miner binary is taking care of right now and those are mining and markets, and this is the initial segregation that we're gonna, that we're gonna, be that that we're proposing to do and you'll realize that these two have these two layers have very different quality of service and and sla requirements right.

A

The mining operation of a miner is really the right now, the most profitable activity of the miner, and it actually can be entirely private, so lotus miner is an entirely private thing uh that interacts with a demon to interact with the network right, but in but the mining activity within lotus miner could stay entirely private. However, markets is, by definition, entirely public facing right. So now, you've got these two like disjoint, um um like critic, critical, like two pieces that have different criticality that also have different levels of exposure.

A

Right now, two should be having different levels of exposure to the network, but are being bundled into one thing that uh makes it like more fragile than it should be. So precisely what are the problems with this? With this, uh with this architecture, the one hand I just talked about that fragility bugs in one area of of the code can impact other areas, and this means that non-critical processes or what miners can consider today to be non-critical processes, can end up affecting uh the operation of critical processing and potentially even crashing the inspects right.

A

This lack of isolation also leads to attack to an increased attack surface, because we've got processes that require public endpoints and now attackers can use those public endpoints to to attack the critical processes that actually don't require public endpoints right or are fronted by another process.

A

That is doing the public interfacing with the network right, like the lotus demon um and also like it might not just be attacks, it might be legitimate traffic spikes right, so we've got different workloads here that have different levels of predictability and when you're serving deals and potentially retrieval deals, you can't really plan for uh the amount of traffic that you're gonna that you're gonna receive right. So any activity on that endpoint could potentially deschedule or displace or impact other critical processes.

A

Now, as we add more functionality uh on the minus side of things like, for example, indexing and and what is going to talk a little bit more about that, um we really don't want to like continue bloating this one thing that miners are are running because it's going to make them even more apprehensive to like adopting those features right.

A

Other problems are there is it's it's hard in the current arrangement to to scale specific features independently of others? No matter they have different quality of service characteristics or uh sla requirements or criticality.

A

As I said before, uh some activities are, like you know, potentially scheduled, like the ceiling activity can be predicted ahead of time, but other activities might be unpredictable.

A

Bursty and- and this like is very incongruent um one thing with the other, and we need to fix that um other two other other problems are the lack of deployment flexibility so, for example, with a current architecture, it's impossible to to segregate responsibilities in different subnets, so miners might want to keep might want to have different responsibilities running in different subnets that are completely isolated with one another, and it's also difficult to introduce uh highly available setups with failover clustering or it's difficult to, for example, orchestrate if you want to have um a a farm of retrieval workers, for example, um serving that dynamically scales with the load that comes in from the network right via something using something like you know, kubernetes controllers or whatever.

A

uh That's that's really hard to achieve, because it's all bundled into into a single process and also like, as I said, load balancing firewalling as well. If you want to like, if you want to protect uh these public-facing endpoints uh to to like prevent denial of service attacks or other things, it's hard to just achieve that level of like protection for this particular type of workload right.

A

um Another thing is that miners cannot cleanly opt in and opt out of features right, so right now, what miners do is they work around them, uh potentially sometimes like finding ways to short circuits and some features like, for example, refusing deals or pricing them with like outrageous amounts, so that no deals uh would be made right with with them or are right rejecting them um or they they can even resort to to forking the code base, and all of this kind of like leads to innovation slowdown as well, because, ideally, as we introduce more and more features to a file card network, we would like to tag certain certain features as experimental features and have miners or other clients uh run those features in a separate subnet that is like governed in a different manner.

A

That is completely isolated from everything else right because they are experimental. So you don't want to uh you, don't you don't want to affect your production uh production setup right? So what we've been talking? What we've been thinking of is kind of like already paved the way and like set the stage for for this. uh We are right now thinking about separating the lotus miner process into the lotus markets process and the lotus mining process.

A

The lotus mining process can stay entirely internal, uh the loc, the lotus markets process can be fronted by um it will be the the external facing and endpoint of a miner, and it's gonna like um run all those processes that have to do with uh storage, uh provided uh providing storage, providing retrieval capability, indexing and so on, and it's gonna speak uh with the lotus mining process and the daemon process, and this is like a very initial sketch of potential a potential direction uh in which in which we can go.

A

uh One key thing that we would like to do is like uh keep the runtime and the the operational side of running these processes really simple and I'm gonna. I'm gonna talk about that a little bit later in the in the next slides right.

A

So one idea that I wanted to introduce is you know that you've seen that kind of, like my whole talk, has revolved around what we want to do in the lotus minor itself right, but there is opportunity to um as we dive into into projects and completely retrieval markets, which is like going to be composed of a lot of services that that provide functionality and like together, make up. You know the the ideal retrieval experience for users.

A

um Do we want to consider file coin, potentially as a layer, one protocol that offers foundational primitives on on which, uh on top of which a plethora of services and capabilities can be built? So do we want to like move towards a capability uh like a capability oriented deployment right so like users and clients would be able to start lotus, and just you know, run the chain capability.

A

If all they want to do is follow the chain and interact with the chain, maybe potentially start just a lotus wallet uh capability or stride, a retrieval capability, if you're a miner right or like how do we want to kind of um make the ability to select what features we wanna run from uh from kinda like the filecoin network, um easy um from from the user's perspective right, but we gotta be careful because capabilities can be stacked or interdependent. So, for example, storage deal making depends on the chain.

A

Indexing uh operates on storage deals right like. If you don't have a storage deal, then then you have nothing to to index. Really. uh Retrieval uh can only happen if there are storage deals. So like all these things are like. If you break apart all these services, then the reality is that these services um will end up having dependencies or some services would be downstream consequences of of offering another service right. So these are things to take into account. I just wanted to like put out there.

A

Some of the design principles have been out of the office for one week, but the team has made a lot of progress and I've kind of like picked up on um on the. What we're considering what the team is. Considering the current design principles of how we want to conduct this, this potential re-architecture of of lotus.

A

First of all, uh we are explicitly staying away from microservice, architectures or microservices like architectures, and when I talk about this I mean you know, service meshes and things that are super um super complex to operate in practice because they end up be like enabling or permitting patterns of like spaghetti interactions between a lot of pieces, creating webs of interdependencies that are really really hard to debug and like. We think that that is the wrong level of complexity to introduce in in lotus, so definitely staying away from from those patterns.

A

We want to make sure that we maximize the the operational simplicity for users and miners and we are adopting or moving towards a hub and spoke architecture, so the current design- and this is very much in drop because it needs to kind of be discussed uh with with the community and also internally, because this is like fresh out of the oven internally um with it within the lotus uh uh maintenance team.

A

We think that um the like one right approach, one potential right approach here- could be to have supervisor instances which know which capabilities are provisioned in the deployment. So if you have a miner that is offering that is obviously doing ceiling and is running a farm of retrieval nodes, a farm of storage nodes and it's running as well indexing nodes and a bunch of other things that might come that might come down the pike. uh The supervisor supervisor instances would know which capabilities are provisioned by which nodes in the network right.

A

So um there would be a way for nodes to uh to be discoverable or to be explicitly registered with with those supervisors.

A

And once you have this kind of like level of of oversight of insight into the network, the supervisors themselves can serve as the external json rpc api entry points so, rather than now that you've like divided your functionality in uh into many components that are placed in different machines. Now, do you wanna, like we don't wanna? um We don't want the user to have to face or the the end line to have to face the ultimate like complexity of dealing with. Where is each thing?

A

So, if I want to, uh I want to invoke a particular json, rpc method. We don't want the client to have to like figure out, which is the instance where they need to invoke that method, so, supervisors, knowing which capabilities are provisioned by which nodes could also serve as the as the json rpc api endpoints, and at this stage we're thinking that routing could be done in a reverse proxy manner. So, basically, the the request comes into the supervisor, supervisor, load, balances and then just does uh does a reverse proxy.

A

One really key thing here is: I mentioned it before. uh There are dependencies between these services so supervising the pros. The process, life cycle of everything that is running in the deployment is really is really critical, because if uh something fails- and that means that you know downstream- other services are going to fail. um Then we must be. The entire system must be able to notice and react right.

A

So one potential idea here to simplify the operational side of things is instead of having like each of these potential processes, be a separate physical process. uh We just have lotus, be lotus with a start command to which you to which a operator can provide a services stack, so you provide a flag, and you say I want to run markets and miner.

A

I want to run this and that- and this allows you operators to to build the kind of deployment it gives them that deployment flexibility to be able to place the exact workloads they want wherever they want, and there are many sources of inspiration to for kind of like the modularity um discussion and kind of like the supervision and the management and like the like, the life cycle, management and the dependencies and so on, and I've just cited a few and we we think or like this is more uh an opinion and personal opinion.

A

I think that that this is definitely worthy investment, because uh we think I think that that the return here is going to be on higher reliability, security and and uh development agility of robustness, not just to for for miners and operators and node operators, but also for you know, as a result uh collectively for for the entire network.

A

um Here are some some resources. So there is um everything most of what I've covered today is um discovered here in the mind, minor, runtime segregation proposal. uh I know I'm a little bit over time, so I'll just I'll just wrap up quickly, uh so make sure to to uh to to read that if you're interested and then there is also a draft prototype of the separation and lotus of markets and the miner uh kind of like as a as a starting point and as an as an initial as an initial stab to this.

B

And we'll get these slides shared as well, so yep so end up in the channel as soon as I guess we get through talking over them. um I don't know if you want to keep doing the slides or switch to have me screen share um for this next thing. Yes, all right, I will do.

B

It.

B

Same same deck, all right, um okay, so.