On Jormungandr v0.6.5, we are seeing large amounts of traffic in short time frames on our nodes.
Some details from a packet capture on one of our nodes:
• 15 min capture produced 14 GB pcap file, ~16 MB per second of traffic.
• Pcap shows vast majority of data is TCP and jormungandr related via port 3000
• In the 15 min capture, there are about ~1,800 TCP streams and each stream having a variable number of 'turns' in the conversation with a remote server ranging from fairly short conversations (100 turns, 1 MB conversation) to longer running streams (ex: ~20,000 turns, 250 MB, 70,000 packets)
• TCP streams, while not overtly appearing to be TLS encrypted (I'm not seeing TLS handshakes) do not contain any readable information that I'm seeing either
@johnalotoski can we add in here information about the configuration of the node e.g. trusted peers it connects to, if it runs a stakepool etc.? this will help with the development teams efforts to replicate and diagnose the fault.
also do we have any relevant log files we can attach to the issue to help with investigation?
• TCP streams, while not overtly appearing to be TLS encrypted (I'm not seeing TLS handshakes) do not contain any readable information that I'm seeing either
I was able to interpret the streams as HTTP/2 and even dissect gRPC payloads in a recent version of Wireshark.
Most of the run-of-the mill traffic should be:
HTTP/2 stream IDs for the subscription streams over which these items are propagated should be typically assigned as follows:
This has been fixed since 0.7.0-rc3