netann: channel status manager

[cfromknecht]

In this PR, we introduce a new subsystem called the netann.ChanStatusManager responsible for managing the announcement of channel updates which toggle a channel's disabled bit. Most of the logic has been moved into a new netann package, which offers greater unit testability of the subsystem's behavior.

The netann.ChanStatusManager exposes two methods:

func RequestEnable(outpoint wire.OutPoint) error {}
func RequestDisable(outpoint wire.OutPoint) error {}

Together, these allow other subsystems to request a toggle in a particular direction. The netann.ChanStatusManager then handles the task of dropping duplicate requests, and also ensuring that it's network behavior follows a well-defined state machine.

State Machine Description

At any point, the netann.ChanStatusManager categorizes known channels into three distinct ChanStatus states:

type ChanStatus uint8

const (
    // ChanStatusActive indicates that the channel's last announcement has
    // the disabled bit cleared.
    ChanStatusActive ChanStatus = iota

    // ChanStatusPendingInactive indicates that the channel's last
    // announcement has the disabled bit cleared, but that the channel was
    // detected in an inactive state. Channels in this state will have a
    // disabling announcement sent after the ChanInactiveTimeout expires
    // from the time of the first detection--unless the channel is explicitly
    // reenabled before the disabling occurs.
    ChanStatusPendingInactive

    // ChanStatusInactive indicates that the channel's last announcement has
    // the disabled bit set.
    ChanStatusInactive
)

Channels will always start in either ChanStatusActive or ChanStatusInactive on startup or after we detect a new outpoint (perhaps for a newly created channel) by examining the last channel update we have on disk.

One key distinction from the existing design is that the netann.ChanStatusManager only uses long polling to detect inactive channels, meaning that channels can ONLY be reenabled via an explict call to RequestEnable for an outpoint. This allows us to use a more accurate metric for enabling channels: connection duration.

Once a channel has been detected as inactive within the switch, presumably because of a disconnection, this kicks off a timed progression from ChanStatusActive -> ChanStatusPendingInactive -> ChanStatusInactive.

If RequestEnable is not received before the progression terminates, a new announcement setting the disable bit will be broadcast to the network.

Otherwise, any call to RequestEnable before the progression finishes will cancel the disable from being sent, and leaves the channel in the its still-enabled state on the network. This allows the netann.ChanStatusManager to tolerate short-lived reconnections, without causing the node to spam the network with channel updates.

Using the exposed configurations, users can tune this to a specific threshold, e.g. require ~95% uptime over a 20 minute interval, in order for the channel to remain enabled.

Supersedes #2080

Depends on:

• server: configurable min backoff #2417
• netann: move NodeSigner out of main package #2416
• netann: Add NANN subsystem logger #2445
• rpcserver: add connectpeer log, fix existing formatting #2418
• htlcswitch: stricter HasActiveLink #2452

[halseth]

Apart from the addition of tests, I'm struggling to see what this adds that is not already covered by #2080. How is this logic different than taking what we already have in #2080, making sure we only send updates if they alter the disable bit already in the DB?

[cfromknecht]

Apart from the addition of tests, I'm struggling to see what this adds that is not already covered by #2080.

To me this is the most crucial part, as we don't have much testing on the server or insight into the existing behavior apart from the integration tests.

Apart from that, the primary difference is that the state machine only performs the passive enable -> disable transition, while the current one will perform the transition in both directions. My hunch is that this is the primary thing leading to the instability we see on the network, and would probably have strange interactions with #2080 if left unchanged.

Another difference is that all state changes are serialized via the ChanStatusManagers main event loop, and are kept in sync with the on-disk state. Right now external commands can modify the persistent view of the graph separately from watchChannelStatus's view of each channel's current state.

With those things in mind, the goals in my mind are to reduce the state space, consolidate the logic into one unit, and provide a way of throughly testing it. It's also a good chance to work on our server bloat :)

[cfromknecht]

Testing framework has been significantly reworked, and additional state machine tests for the ChanStatusManager have been finished. The rework now brings just over 80% coverage to the netann package :D

[cfromknecht]

@halseth @wpaulino rebased on master and squashed prior fixups. also addressed @wpaulino's recent comments, PTAL

[wpaulino]

@cfromknecht looks like the latest version introduced a test failure:

    --- FAIL: TestLightningNetworkDaemon/update_channel_policy (7.19s)
        lnd_test.go:75: Failed: (update channel policy): exited with error: 
            *errors.errorString unable to send payment: received payment error: unable to find a path to destination
            /home/travis/gopath/src/github.com/lightningnetwork/lnd/lnd_test.go:1489 (0xbe2523)
            	testUpdateChannelPolicy: t.Fatalf("unable to send payment: %v", err)
            /home/travis/gopath/src/github.com/lightningnetwork/lnd/lnd_test.go:100 (0xbdac66)
            	(*harnessTest).RunTestCase: testCase.test(net, h)
            /home/travis/gopath/src/github.com/lightningnetwork/lnd/lnd_test.go:13282 (0xc39f74)
            	TestLightningNetworkDaemon.func4: ht.RunTestCase(testCase, lndHarness)
            /home/travis/.gimme/versions/go1.11.5.linux.amd64/src/testing/testing.go:827 (0x4f8caf)
            	tRunner: fn(t)
            /home/travis/.gimme/versions/go1.11.5.linux.amd64/src/runtime/asm_amd64.s:1333 (0x45dd91)
            	goexit: BYTE	$0x90	// NOP

[cfromknecht]

@wpaulino indeed still looking into it

[Roasbeef]

Running latest version on the faucet now, will observe le logs to see if anything peculiar happens over the next day or two.

[halseth]

Mostly just nits on code and commit structure at this point, looks really good 👮

[halseth]

It just bloats the exposed config, and seems like all three could be derived from just setting the longest one, even during integration tests.

[cfromknecht]

@wpaulino @halseth @Roasbeef comments addressed, commits restructured, and additional unit tests added. See this force-push for the majority of the changes, ptal

[wpaulino]

Clean code with excellent test coverage. LGTM 💥

[cfromknecht]

@wpaulino comments addressed, @halseth @Roasbeef ptal

[Roasbeef]

LGTM 🦄

I think we'll be saving the entire network a good bit of bandwidth once this lands in 0.6 ;)

[Roasbeef]

👍

I think I ran into this issue in a prior diff of this PR. It appears to be fixed now.

[Roasbeef]

Not a blocker, but this could have been hidden behind this new interface. With that path, then the ChanStatusManager doesn't need to know how to interpret the bits of the channel flag, or what an advertised channel even is.

[Roasbeef]

I have a feeling that we'll need to adjust these values due to Travis flakiness in the future...

[Roasbeef]

Nice, I think this'll probably make the biggest difference in our current handling, so we don't immediately enable and span the network due to a flappy peer.