Opened 3 months ago

Last modified 11 hours ago

#29207 new task

New design for broker -- proxy protocol for snowflakes

Reported by: cohosh Owned by:
Priority: Very High Milestone:
Component: Obfuscation/Snowflake Version:
Severity: Normal Keywords: snowflake, design
Cc: dcf, arlolra, cohosh Actual Points:
Parent ID: Points: 5
Reviewer: Sponsor: Sponsor19

Description (last modified by cohosh)

This is related to the Snowflake protocol design tickets #29206 and #29293.

We want to write these protocols in a way that is not Snowflake-specific but allows any type of bridge to connect to or poll our broker/BridgeDB bridge distribution service.

The idea is that in the beginning we will start with very reliable "bridge" (which could be snowflakes) that perhaps rotate IP addresses every month or so. After that we can collect measurements and move towards more ephemeral "bridges".

Some things to keep in mind are the types of information that the snowflakes give to the broker (such as proxy version/type) to allow for metrics. This information might change so we'll want a flexible and extensible protocol.

Child Tickets

TicketStatusOwnerSummaryComponent
#29260assignedcohoshShould Snowflake proxies have a way to identify themselves to the brokerObfuscation/Snowflake
#29734needs_revisioncohoshBroker should receive country stats information from Proxy and ClientObfuscation/Snowflake
#29736assignedahfUse WebSocket protocol to communicate between snowflake proxies and brokerObfuscation/Snowflake

Change History (9)

comment:1 Changed 3 months ago by cohosh

Cc: cohosh added

comment:2 Changed 3 months ago by cohosh

Sponsor: Sponsor19

comment:3 Changed 3 months ago by cohosh

Description: modified (diff)
Keywords: snowflake design added

comment:4 Changed 3 months ago by gaba

Points: 5

comment:5 Changed 3 months ago by cohosh

As referenced in #29426, the broker currently gives proxies a 504 message if no client is available which is a questionable design:

2019/02/07 12:11:51 broker returns: 504
INFO: peerconnection.go:468: fired OnIceCandidateError: 143
2019/02/07 12:12:01 broker returns: 504

At the very least it makes logs confusing.

comment:6 Changed 2 months ago by gaba

Keywords: network-team-roadmap-2019-Q1Q2 added

comment:7 Changed 7 weeks ago by cohosh

We have some preliminary notes about what the protocols between each part of the Snowflake system should accomplish: https://github.com/ahf/snowflake-notes/blob/master/Protocol.markdown

comment:8 in reply to:  7 Changed 7 weeks ago by dcf

Replying to cohosh:

We have some preliminary notes about what the protocols between each part of the Snowflake system should accomplish: https://github.com/ahf/snowflake-notes/blob/master/Protocol.markdown

Regarding the question

Does the "token bucket" algorithm in Snowflake right now do what we think?

I suspect the answer is no. I'm pretty sure BucketRateLimit didn't work before ab34f8e889 (part of #28732), and I won't swear that the commit fixed it :) I was tempted, then, to rip out the rate-limit code for the sake of starting from a simpler basis, but decided not to.

I'm pretty sure BucketRateLimit and DummyRateLimit are based off objects of the same name in the flash proxy code. As I recall, they were working in flash proxy.

comment:9 Changed 11 hours ago by gaba

Keywords: network-team-roadmap-2019-Q1Q2 removed
Note: See TracTickets for help on using tickets.