zos icon indicating copy to clipboard operation
zos copied to clipboard
verified publisher icon threefoldtech

Multiple nodes can run with the same node id

Open scottyeager opened this issue 3 years ago • 3 comments

Farmers are sometimes backing up their nodes' seed files, and in at least one case, a farmer has accidentally brought two nodes online with the same node id. Of course this does not make economic sense and is unlikely to happen often, but it should really not be possible.

Ideally, someday node identity will be linked to hardware such that a seed file cannot be transferred. For now, I wonder if there's any simple check that can be performed, maybe around uptime reports, that won't require too much change?

scottyeager avatar Jul 26 '22 05:07 scottyeager

Yeah, we probably need to pickup work on #1580 to store nodeid on tpm.

I don't get though why farmers are backing up nodes

muhamadazmy avatar Jul 26 '22 07:07 muhamadazmy

Farmers back up their nodes because the node_id is linked to a connection price, which might be higher in the future, therefore if they lose the node ID (SSD dies or something else), the existing hardware might farm at a higher price leading to less tokens.

From the minting side, 2 nodes online at the same time will send conflicting uptime reports, which should be caught out, leading to no payout for this node id.

Using a hardware hash was considered in the past, and is a potential solution. The main problem is that adding new hardware or removing existing hardware will then effectively transform the old node into a new node, with a new node id. This is not ideal as the node would now connect at the current connection price, meaning a hardware upgrade might end up in a lower token payout. Also existing workloads would probably be destroyed. That being said, that would solve issues in the minting as node upgrades are currently unspecified.

LeeSmet avatar Jul 26 '22 07:07 LeeSmet

We have an existential question to settle here: what is a node? Currently it's an arbitrary hardware configuration plus a given seed file.

Defining a node as a specific hardware configuration is problematic for the reasons Lee mentioned. Farmers will need to replace a disk or stick of RAM occasionally and this should be handled as gracefully as possible.

Linking the node to the mainboard, either via the TPM or other means, seems like a reasonable incremental improvement here. There are enough nodes out there without TPM (or which won't have it enabled), that I think we'll need another way. How about a hardware hash whose inputs are only mainboard dependent?

scottyeager avatar Jul 26 '22 17:07 scottyeager