Wrong parties.conf file is uploaded
Closed this issue · 2 comments
Hi,
as follow-up of the unresolved discussion in #29, I opened this issue to track the problem and state it (hopefully) more clearly.
Currently, this prevents us from using protocols like ABY when the parties are located in different AWS regions. I.e. we consider external protocols without a coordinator on AWS. I did only look at ABY's two-party protocols but the problem should also appear with more parties.
The AWS instances have both, private and public. The private ip addresses are allocated from a private address range, e.g. from the 172.16.0.0/12 block. These are the addresses that are bound to the VMs network interfaces, but they are only routed inside the same region. The public ip addresses are used to connect to the instances from the outside (or from other AWS regions).
So when both parties are in the same region, then the parties.conf
file is filled using the private addresses:
MATRIX/Deployment/aws_deploy.py
Lines 250 to 251 in d4b1624
For context of the previous code snipped, the else
branch means that only a single region of a single cloud provider is used. This results (in my example) in the following parties.conf uploaded to the instances:
$ cat ABY/MATRIX/parties.conf
party_0_ip=172.31.18.160
party_1_ip=172.31.29.249
party_0_port=8000
party_1_port=8000
In the case with multiple regions, the public IP addresses are used instead:
MATRIX/Deployment/aws_deploy.py
Lines 245 to 247 in d4b1624
Now a parties.conf
like the following is uploaded:
$ cat ABY/MATRIX/parties.conf
party_0_ip=18.234.88.203
party_1_ip=3.120.147.224
party_0_port=8000
party_1_port=8000
As said above, we can use these to connect to an instance from the other AWS region. However, trying to listen on these addresses result in errors, since they are not bound to the instances' network interfaces.
To circumvent this issue, special files parties0.conf
and parties1.conf
are created for the parties 0 and 1, respectively, if they are located in different regions.
Lines 112 to 114 in d4b1624
The function create_parties_files_multi_regions
creates these files in the following way: For each party, its address is replaced with 0.0.0.0
in the file corresponding to its ID. Hence, this results in e.g.
$ cat parties0.conf
party_0_ip=0.0.0.0
party_1_ip=3.120.147.224
party_0_port=8000
party_1_port=8000
Note, that we can bind to 0.0.0.0 (accepting connections at any IP address).
The problem is, that for protocols like ABY these files (parties0.conf
, parties1.conf
) are never uploaded to the instances. Here is the case corresponding to external protocols without coordinator in the run_protocol
function in Execution/fabfile.py:
Lines 133 to 139 in d4b1624
In contrast to the above, here are the corresponding, working code snippets for the other setups:
- external protocol with coordinator
Lines 124 to 128 in d4b1624
- internal protocol
Lines 99 to 103 in d4b1624
As noted before (here and in #29), the missing code existed before but was accidentally removed in the meantime.
So, I would like to ask you to readd these lines again; I have prepared an according pull request based on the current state of branch 1.2: #35.
Please ask me if anything remained unclear or misunderstood.
Best
Lennart
Edit: referenced PR
Hi,
I'm really sorry for the misunderstanding, you are right!
I will merge your PR.
If you have any more issues, don't hesitate to open new issue.
Lior
Thanks for merging, Lior!
There are some other things; I will open issues when I find the time.
Lennart