SAFE Crossroads Podcast #46, Connection Needs of an Autonomous Network, with Spandan Sharma

The Chinese seem to try to change, bit by bit, that special status of Hong Kong (with a new bridge however, not a wall :wink: ). Partly because they are economically less relevant as in the past. China has now other cities/areas with a good economy, like neighboring Shenzhen.
However, for the time being, I see you can pick a server from Hong Kong, but not from (the rest of) China by at least 1 big VPN service provider.

Anyhow the talk of the Chinese is a distraction from the real question of all those who did use a VPN, to what extent did they skew the results. Whether the Chinese using VPNs appeared inside Hong Kong or outside China is immaterial to the real question.

I know in my case it only really worked with a VPN. Without the VPN, you could say “forget it”

1 Like

I wanted to be difficult so I ran the crust test from behind two routers, three standard firewalls, and a virtual machine. :crazy_face: Not sure if that skews the results???:thinking: So I wan’t too surprised by the symmetric NAT warning from Crust…

4 Likes

hehe thanks ! I heard it once it was published (i generally find hearing my recorded voice embarrassing for some reason :smiley: ) and thought there were a few places i could have been more precise. Like in one of the places i say routing invariant requires 100% connectivity and on hearing it back i thought “ah mean in a section and with neighbours, not the entire network ofc” though i think ppl would have got it anyway and much later i did say a bit about disjoint sections in some other context and not everybody’s connected to everybody - so an inadvertent saving grace maybe :smiley:

uTP is the layer that would add reliability and congestion control over UDP. So takes UDP closer to TCP. It’s difficult or impossible to use vanilla UDP in many cases where you require re-ordering detection, congestion control, connection-orientedness etc. So you need something on top of it to add those - uTP/UDT/QUIC/RUDP etc. are those “stuff” adding various bells and whistles to different degrees.

Once you NAT traverse via UDP one would normally wrap that into a uTP etc., and then use it for proper communication.

9 Likes

It shouldn’t skew much i would guess. Whether VPNs or not the peer will need to know your public IP allotted to you, does not matter from which IP pool - whether by your router/ISP/VPN. So that is the IP that’s taken into account while trying to determine a region. If the region says Country X for e.g. it does not really matter if you were originally in X or you VPN’d through X. What it says is that traversal through a router in X is successful/not-successful.

If you see, the address translation will be done by the VPN provider too. I am guessing VPNs even if you are connected to one currently, are not going to allow unsolicited communications (from ppl you have not contacted before) just like an ISPs router. So exact same mech are happening in that you are forcing a translation at the VPNs router to allow the connection to happen. I would believe VPNs could cause holepunching to fail rather than assist it due to multiple layers of translations that are going to be done by involving them than without (they are usually more complex depending on how much they want to annonymise you or bounce you around).

VPNs role would be more pronounced in cases where a country bans an IP though. So say you know my IP and that’s banned by your ISP. So obviously you can’t holepunch or direct connect to me (basically you can’t do any connection with me even if i were a public endpoint). Here if you go via VPN then you have better chances of success as your ISP sees you going to the VPN IP instead. Given the short amt of time the test ran for i don’t think any IP involved in the test would have been blacklisted by the govt/ISP for VPN to make any positive impact.

So give all those point ^^^ i think VPNs would have had an overall negative (though not much) impact on the test.

4 Likes

The issue is that you are not testing the home router but a well engineered VPN end point that may not even have address translation. Some do and some don’t. And then you are just testing maybe a couple of different router designs for connecting to the internet rather than the many different home routers out there.

So a few VPNs is fine but if many used the VPNs then I am wondering if it might have skewed things a little. Anyhow thought I’d ask. That was my question/concern about skewing.

Yes that is reasonable.

But then there are those of us who live in countries where the government records our internet accesses, at the ISP level, and so on average have a higher use of VPNs to negate this data snooping. Even Nord is advertising to Australians the use of their VPN to the ordinary Australian, so expect a higher use in AU. I could not get connections without the use of VPN.

Now SAFE will allow us to not use VPNs since the data gathering done by the government is useless to them and thus we no longer need VPNs which end up slowing things down a little.

1 Like

Ah that’s true - so instead of multitude of home routers you are testing VPN’s routers etc.

Yes but connecting to the Internet (why which i assume you are meaning a publicly reachable endpoint) is very different than connecting to a peer. It’s not like if you connect to Google through VPN, then VPN will allow Yahoo to contact you. There will still be translation or at the very least filtering. Holepunching maybe should be more defined like punching through the router filtering or something because as you say Translation might not always be involved. So yes holepunching is still forging connections through the routers of VPN providers, but we might not be testing user routers if many are just converging to same VPN router.

That why one symmetric NAT router with random port/ip allocation at VPN causes failures for all going through the same VPN (which also means there’s some translation or mapping going on there)

2 Likes

Yes and the basis of my question.

I do understand the rest of the testing and testing VPNs is also useful and needed. Just the lack of home routers being tested. I was a (qualified) network engineer at various times when I was not being a real electrical engineer :wink:

Thus you might get a small number per type of (home) router being tested but a significantly larger group behind a couple of VPN designs. Thus a potential skewing of results.

Also VPNs work well for crust. Thus potentially we have a slightly higher success rate that might not be indicative of how people will connect their nodes to the safenetwork. I personally would not like to need a VPN so I could run my NODE.

4 Likes

Na that makes sense - hopefully not everyone used VPNs; well we have pretty varied results and good distribution of successes/failures so at-least thinking not everyone went through just a few same VPNs - as long as the VPNs or their bouncing ppl around were varying that’s OK too. That’s why a community wide test is good to get an idea of the average real world case. I suspect a few might have also done something with the firewall that might have affected the test - but that’s the idea, see what’s happening in practice and what are the results that come naturally instead of asking ppl to do something special that would cause improvement/degradation.

3 Likes

Some mundane comments from me:

After dev conference I was always thinking that “hey, this bright Spandan dude, don’t think I ever saw him on the forum”
and also, at other times I was wondering about that ustulation guy with the mighty beard style “was he not at the dev con? I must have missed him”.

So things fall in place, and world is more understandable again :sweat_smile:

(EDIT: oh, I missed which topic I was writing in, great to see the steady stream of podcasts @fergish, and great job both of you @ustulation)

8 Likes

I suspect this community may not be very representative of the real world average. Many people are here because the exact opposite is true. People here tend to care more about privacy, understand technology better, and probably use a VPN a lot more often than the average surfer.

3 Likes

My thoughts too.

@ustulation, maybe if there is another test or in alpha3 a couple of fields are added where the user when starting their node (or crust test) are able to enter their router’s brand & model and maybe if specially configured router/firewall for he likes of @jlpell :slight_smile:

If they are using a VPN then brand is vpn company and model is the end point.
If they are not sure of their router/vpn then enter unknown in to the fields.

This would allow you to do some real statistics and know where work is needed in order to improve connectivity and to know the mix of connection VPN/home-router/business-router. For instance if you found ASUS routers or opensourced router s/w gave problems then you could work on those to improve things if needed.

4 Likes

Unless we get sabotageers that enter incorrect info on purpose :face_with_raised_eyebrow: wouldn’t be the first time.

Yea, you’re right of course. We can just ignore such results though since they would be fairly obvious I’d think. And the invite system really helps to reduce this problem

3 Likes

Wow great episode @fergish
Wanted to tip, but when txfee are a third of what you can send :roll_eyes:
I can tip soon :yum:

Keep it up sir, love sxr

Super fun to hear @ ustulation whole life story :rofl:

:stuck_out_tongue:

5 Likes

Yes true - next time we should perhaps at-least make are prior request that ppl try to run it without VPNs if possible (though there are symmetrically NAT’ed VPNs that are very unfriendly to holepunch - so should get some stats on those as well, but considering that SAFE encourages ppl to not go via VPN (at-least for some of the reasons ppl do so now), might be better off with a request prior to the tests/alpha. Good inputs though.

I suspect we can do a poll and find out how many used VPNs vs how many didn’t in this test ? Assuming participants of the test report truly we’ll get a ballpark. I can create a poll topic if that’s something ppl are up for (or i’m happy if anyone wants to take the reigns - then i’ll just have the easy task to read the results :stuck_out_tongue: )

7 Likes

When you make the poll allow people to tick more than one box since they could try a number of different methods using different “names” at different times but still one forum account VPN, no VPN, or datacentre or office computer (w/firewall)

3 Likes

And or ask the question in the crust test executable in the same way we are prompted for a name.\

“Are you using a VPN?” enter yes or no:

3 Likes

Poll created here now

5 Likes

We also need to know if mobile networks succeeded or not. There is many routers that use the 4G and soon 5G networks for internet connection. And becoming popular are the WiFi portable hotspots which is a battery/wall powered 4G router with WiFi for devices to connect to it.

People will definitely wish to connect their nodes via mobile network since they can give much higher bandwidth than their ADSL and in AU and Japan have unlimited mobile data plans available (with reasonable fair use clauses)

People could have tried their mobile network and it failing switched over to VPN or fixed line connection. @happybeing being one such example.

2 Likes