Closed lenerd closed 5 years ago
Hi,
I'm really sorry for the misunderstanding, you are right! I will merge your PR. If you have any more issues, don't hesitate to open new issue.
Lior
Thanks for merging, Lior!
There are some other things; I will open issues when I find the time.
Lennart
Hi,
as follow-up of the unresolved discussion in #29, I opened this issue to track the problem and state it (hopefully) more clearly.
Currently, this prevents us from using protocols like ABY when the parties are located in different AWS regions. I.e. we consider external protocols without a coordinator on AWS. I did only look at ABY's two-party protocols but the problem should also appear with more parties.
The AWS instances have both, private and public. The private ip addresses are allocated from a private address range, e.g. from the 172.16.0.0/12 block. These are the addresses that are bound to the VMs network interfaces, but they are only routed inside the same region. The public ip addresses are used to connect to the instances from the outside (or from other AWS regions).
So when both parties are in the same region, then the
parties.conf
file is filled using the private addresses:https://github.com/cryptobiu/MATRIX/blob/d4b16244a44129606198ba9d53b0b41c866863e4/Deployment/aws_deploy.py#L250-L251
For context of the previous code snipped, the
else
branch means that only a single region of a single cloud provider is used. This results (in my example) in the following parties.conf uploaded to the instances:In the case with multiple regions, the public IP addresses are used instead:
https://github.com/cryptobiu/MATRIX/blob/d4b16244a44129606198ba9d53b0b41c866863e4/Deployment/aws_deploy.py#L245-L247
Now a
parties.conf
like the following is uploaded:As said above, we can use these to connect to an instance from the other AWS region. However, trying to listen on these addresses result in errors, since they are not bound to the instances' network interfaces.
To circumvent this issue, special files
parties0.conf
andparties1.conf
are created for the parties 0 and 1, respectively, if they are located in different regions.https://github.com/cryptobiu/MATRIX/blob/d4b16244a44129606198ba9d53b0b41c866863e4/Deployment/deploy.py#L112-L114
The function
create_parties_files_multi_regions
creates these files in the following way: For each party, its address is replaced with0.0.0.0
in the file corresponding to its ID. Hence, this results in e.g.Note, that we can bind to 0.0.0.0 (accepting connections at any IP address).
The problem is, that for protocols like ABY these files (
parties0.conf
,parties1.conf
) are never uploaded to the instances. Here is the case corresponding to external protocols without coordinator in therun_protocol
function in Execution/fabfile.py:https://github.com/cryptobiu/MATRIX/blob/d4b16244a44129606198ba9d53b0b41c866863e4/Execution/fabfile.py#L133-L139
In contrast to the above, here are the corresponding, working code snippets for the other setups:
https://github.com/cryptobiu/MATRIX/blob/d4b16244a44129606198ba9d53b0b41c866863e4/Execution/fabfile.py#L124-L128
https://github.com/cryptobiu/MATRIX/blob/d4b16244a44129606198ba9d53b0b41c866863e4/Execution/fabfile.py#L99-L103
As noted before (here and in #29), the missing code existed before but was accidentally removed in the meantime.
So, I would like to ask you to readd these lines again; I have prepared an according pull request based on the current state of branch 1.2: #35.
Please ask me if anything remained unclear or misunderstood.
Best
Lennart
Edit: referenced PR