Downscore and retry custody failures

[dapplion]

Issue Addressed

Partially addresses

• Improve range sync with PeerDAS #6258

Proposed Changes

TBD

1000 lines are for new unit tests :)

Questions / TODO

• Should custody_by_range requests try all possible peers before giving up? i.e. should they ignore the failures counter for custody failures? Add a test for this behaviour.

Tests to add

• Peer does not send columns at all on specific index
• We find no-one serving columns on a specific index, how to recover
• Random tests where most peer are faulty and we have to keep cycling them. Use randomness and run the tests with different levels of fault % :=> build a simulator
• Permanently fail a single column many times, but then resolve the rest such that we can reconstruct.
• Send non-matching data columns
• Test downscoring of custody failures
• Test the fallback mechanism of peer selection
• Test a syncing chain reaching 0 peers, both for forward sync and backwards sync
• Test forwards sync on Fulu with blocks without data

[dapplion]

Every interval (15 sec), we call continue_custody_by_range / by_root requests, which will cause the request to error if it has been alive for too long. This allows the requests to not error immediately if they do not have enough custody peers.

[dapplion]

Every time a peer joins, attempt to progress custody_by_root and custody_by_range requests

[dapplion]

Logic moved to beacon_node/network/src/sync/network_context/block_components_by_range.rs

[dapplion]

Renamed existing custody module to custody_by_root and added a new one custody_by_range

[dapplion]

Changed this signature for tests, to have access to all active RPC requests

[dapplion]

network_context no longer spawns _by_range requests, this logic is now inside BlockComponentsByRangeRequest

[dapplion]

Maintains the same behaviour for mainnet:

• deneb: issue blocks + blobs requests at the same time
• fulu: issue blocks request first, then columns

[dapplion]

Requests do not error now on send if they don't have peers. Instead, custody_by_root and custody_by_range requests are left idle for some time, expecting peers.

[jimmygchen]

@dapplion I've started reviewing this but haven't got to the meat of the changes - will continue tomorrow but I've submitted my comments so far.

[jimmygchen]

I don't think it matters currently - but thought might be worth mentioning - we use config.subscribe_all_data_column_subnets for determine the gossip topics, and it doesn't seem like we use it for determining is_supernode elsewhere, but something to keep in mind - if we want consistency maybe we can derive is_supernode from network config, but that may not be relevant from once we move to validator custody.

[dapplion]

Good point, we should revisit after impl validator custody. Since this function is for unit tests without gossip, it doesn't matter

[jimmygchen]

I often get confused here as we have layers of on_xxx_by_range_response functions, what about renaming:

• resp to result
• self.on_block_components_by_range_response to self.on_range_components_rpc_result, and add a comment describing it:

Suggested change

	self.on_block_components_by_range_response(
	// Process it further if the response results in a completed request or a failure that needs to be handled.
	self.on_range_components_rpc_result(

[jimmygchen]

also might help to add some comment to self.network.on_blocks_by_range_response. I wrote these notes while reviewing:

    /// Processes the `BlocksByRange` response (`RpcEvent`), depending on the event, it may:
    /// - update the active request state; or do nothing.
    /// - complete the active request and return an `Ok` response containing a list of response objects.
    /// - propagate the error if necessary.
    pub(crate) fn on_blocks_by_range_response(
        &mut self,
        id: BlocksByRangeRequestId,
        peer_id: PeerId,
        rpc_event: RpcEvent<Arc<SignedBeaconBlock<T::EthSpec>>>,
    ) -> Option<RpcResponseResult<Vec<Arc<SignedBeaconBlock<T::EthSpec>>>>> {

[jimmygchen]

What's the reason for this comment?

[jimmygchen]

testing_only seems redundant for a TestRig function

[dapplion]

I agree the add_peer functions are a bit of a mess, but changing them will trigger a big diff on the lookup tests, which use them extensively

[jimmygchen]

feel like sorting may be useful for debugging in prod? should we just sort them after computing here

lighthouse/beacon_node/lighthouse_network/src/peer_manager/mod.rs

Lines 746 to 762 in a497ec6

	let custody_subnets = custody_groups
	.into_iter()
	.flat_map(|custody_index| {
	self.subnets_by_custody_group
	.get(&custody_index)
	.cloned()
	.unwrap_or_else(|| {
	warn!(
	%custody_index,
	%peer_id,
	"Custody group not found in subnet mapping"
	);
	vec![]
	})
	})
	.collect();
	peer_info.set_custody_subnets(custody_subnets);

[dapplion]

In the code snipped you linked we collect as a HashSet for set_custody_subnets

[jimmygchen]

I'm a little confused with all the add peer functions here, is it possible to consolidate some of them?

• add_connected_peer: adds a peer with connected status (but no status yet)
• add_connected_peer_with_status: adds a connected peer and also send the SyncInfo to sync

If not, I think some comments will help with readability here.

[dapplion]

Added comments.

I agree the add_peer functions are a bit of a mess, but changing them will trigger a big diff on the lookup tests, which use them extensively

[jimmygchen]

Why exactly 1 here?

[dapplion]

Added a comment to the function

    /// If there's a single active request, returns its peer, else panics
    fn peer(&self) -> PeerId {

Where this function is used, I expect a single request. If there are more and we return the first peer it feels a bit random an too loose

[jimmygchen]

This would be true in the below case:

peerA: block
peerB: col_1, col_2
peerC: col_2, col_3,

we get 1 req for each peer.

BUT for this below scenario:

peerA: block, col_5
peerB: col_1, col_2
peerC: col_2, col_3,

we still get 1 for each peer, which isn't fully correct.

Or we could just use BatchPeers and count block peer separately and correctly.

Either way I don't think it makes a big difference - I think we can get rid of this TODO and document the assumptions.

[jimmygchen]

We still the peer to track failed block peers, and this will break the current peer prioritisation for block and blobs. I think this needs a bit more thought.

[jimmygchen]

I've added a few more comments. I've spent quite a bit of time reading but I'm really struggling with reviewing this in the current state, with potential missing pieces and a bunch of outstanding TODOs. I find it quite difficult to understand the changes, assumptions, intentions and how the working solution would eventually look like.

I think it might be useful to go through the plan and code together with @pawanjay176, or re-review this once this is complete. What do you think?