Conversation
|
I think overall DZDs should be using their telemetry key to write this data onchain. I don't think we want this as part of the onchain user, since I think we don't want to give DZDs the authority to modify user accounts. instead, probably a separate onchain program (bgp-monitor?) that maintains this data. Eventually perhaps add a cross-program call to have the bgp-monitor call into serviceability to delete users when uploaded data shows stale sessions. |
|
We would be creating an instruction that can be executed by the agent using the telemetry PK, which is only allowed to update this field in the user account. It does not have permission to modify any other fields. Additionally, it internally sets the slot values. |
ben-malbeclabs
left a comment
ben-malbeclabs
left a comment
There was a problem hiding this comment.
Approved from a conceptual perspective, would be good to have another dev confirm too.
rfcs/rfc17-user-bgp-status.md
Outdated
|
|
||
| 3. `last_bgp_reported_at: u64` (8 bytes, DZ ledger slot) — the last slot when the | ||
| telemetry agent successfully wrote a BGP status change for this user. Updated only | ||
| when `bgp_status` transitions to a different value. Consumers can use this field to |
There was a problem hiding this comment.
Agents should write their status whether it changed or not. Otherwise last_bgp_reported_at isn't actually useful to determine if the agent is silent/reporting.
There was a problem hiding this comment.
This is more of a devil's advocate comment. What if we had a field on the device to track when it last reported bgp sessions to the smartcontract and only update users when the state changes, thus reducing writes?
There was a problem hiding this comment.
That seems fine too, or something like this
There was a problem hiding this comment.
It should only write the state when the value has changed, or after a sufficiently long interval since the last write, to refresh the timestamp (slot).
|
|
||
| ### Telemetry collector | ||
|
|
||
| After each BGP socket collection tick in `collectBGPStateSnapshot`: |
There was a problem hiding this comment.
Not sure we need to write this every collectBGPStateSnapshot tick (5m), especially if we write status no matter if it has changed. It should probably be on a slower moving ticker, like 1h or something. The use case of this doesn't need 5m granularity, right?
There was a problem hiding this comment.
I think if we update everything, I agree it should be slower. If we only write deltas, then I think it could be event driven with throttling.
There was a problem hiding this comment.
It should only write the state when the value has changed, or after a sufficiently long interval since the last write, to refresh the timestamp (slot).
| @@ -0,0 +1,148 @@ | |||
| # RFC 17 — User BGP Status | |||
There was a problem hiding this comment.
Would be RFC 18 I think.
There was a problem hiding this comment.
This was a reference at the time of writing the RFC; it will be updated during implementation.
rfcs/rfc17-user-bgp-status.md
Outdated
| (1 + 8 + 8), with the metrics publisher covering any additional rent. `last_bgp_up_at` | ||
| and `last_bgp_reported_at` are both updated only when the status value changes. | ||
|
|
||
| ### New instruction: SetUserBGPStatus (variant 94) |
There was a problem hiding this comment.
104* since 94-103 are taken
There was a problem hiding this comment.
This was a reference at the time of writing the RFC; it will be updated during implementation.
|
|
||
| ### User account: new fields | ||
|
|
||
| Add three fields to the end of the `User` struct: |
There was a problem hiding this comment.
I kind of think this should live in a different account/structure, like UserBGPSession, if not just generically in the record program. What do you see as the downsides of a different account/structure for these vs living directly on User?
There was a problem hiding this comment.
-
The Record program is intended to register on-chain data from off-chain applications, but it does not provide control over who can write or read that data, so it does not seem applicable in this case.
-
I do not see a strong reason to introduce a new account. For
User, this is simply adding three additional fields with a 1:1 relationship to the user and its BGP session state. Splitting it into a separate account would require reading two accounts just to retrieve a small amount of additional data associated with the user. -
Additionally, it is necessary to access the
Devicerelationship to verify the authority that can manage the users connected to the device. Therefore, interacting with these instructions will inevitably require reading both theUserand theDeviceaccounts.
- last_bgp_reported_at updated on every write (not only on transitions) - telemetry agent writes on state change or after periodic refresh interval (~1h) - removed user.status == Activated validation constraint - instruction variant changed from 94 to TBD (94-103 are taken) - expanded UserBGPSession alternative with rejection rationale - removed resolved open question about periodic reconfirmation writes
juan-malbeclabs
force-pushed
the
jo/rfc-user-bgp-status
branch
from
c43c227 to
738bdc5
Compare
6 participants
This pull request introduces RFC 17, which proposes a new onchain mechanism to track the real BGP session status for each user, closing the gap between configuration and actual client connectivity. The RFC details new fields to be added to the User account, a new instruction for updating BGP status, and changes to telemetry collection and SDKs. This enhancement will enable more accurate diagnostics and user lifecycle management by making BGP session state observable onchain.
User account and onchain status tracking:
Userstruct:bgp_status(session state),last_bgp_up_at(last time session was Up), andlast_bgp_reported_at(last time status changed), requiring a 17-byte account reallocation on first write.SetUserBGPStatus, allowing authorized metrics publishers to update BGP status for each user, with strict validation.Telemetry and agent changes:
SDK and compatibility: