add peer exchange nwaku config (#83)

* add peer exchange nwaku config * add PX security note
2023-07-07 02:17:02 +01:00 · 2023-07-07 02:17:02 +01:00 · 1346fc65aa
parent 3ca9cd352d
commit 1346fc65aa
4 changed files with 60 additions and 25 deletions
--- a/docs/guides/nwaku/configure-discovery.md
+++ b/docs/guides/nwaku/configure-discovery.md
@ -14,31 +14,31 @@ You can provide static peers to a `nwaku` node during startup using the `staticn

 ```bash
 ./build/wakunode2 \
-  --staticnode:[Libp2p MULTIADDR PEER 1] \
-  --staticnode:[Libp2p MULTIADDR PEER 2]
+  --staticnode=[PEER MULTIADDR 1] \
+  --staticnode=[PEER MULTIADDR 2]
 ```

 For instance, consider a `nwaku` node that connects to two static peers on the same local host (IP: `0.0.0.0`) using TCP ports `60002` and `60003`:

 ```bash
 ./build/wakunode2 \
-  --staticnode:/ip4/0.0.0.0/tcp/60002/p2p/16Uiu2HAkzjwwgEAXfeGNMKFPSpc6vGBRqCdTLG5q3Gmk2v4pQw7H \
-  --staticnode:/ip4/0.0.0.0/tcp/60003/p2p/16Uiu2HAmFBA7LGtwY5WVVikdmXVo3cKLqkmvVtuDu63fe8safeQJ
+  --staticnode=/ip4/0.0.0.0/tcp/60002/p2p/16Uiu2HAkzjwwgEAXfeGNMKFPSpc6vGBRqCdTLG5q3Gmk2v4pQw7H \
+  --staticnode=/ip4/0.0.0.0/tcp/60003/p2p/16Uiu2HAmFBA7LGtwY5WVVikdmXVo3cKLqkmvVtuDu63fe8safeQJ
 ```

 ## Configure DNS Discovery

 To enable [DNS Discovery](/overview/concepts/dns-discovery) in a `nwaku` node, use the following configuration options:

- `dns-discovery`: Enables DNS Discovery on the node (disabled by default).
+- `dns-discovery`: Enables `DNS Discovery` on the node (disabled by default).
 - `dns-discovery-url`: URL for DNS node list in the format `enrtree://<key>@<fqdn>` where `<fqdn>` is the fully qualified domain name and `<key>` is the base32 encoding of the compressed 32-byte public key that signed the list at that location.
 - `dns-discovery-name-server` (optional): DNS name server IPs to query. You can repeat this option to provide multiple DNS name servers.

 ```bash
 ./build/wakunode2 \
-  --dns-discovery:true \
-  --dns-discovery-url:[DNS NODE LIST] \
-  --dns-discovery-name-server:[DNS NAME SERVER IP]
+  --dns-discovery=true \
+  --dns-discovery-url=[DNS NODE LIST] \
+  --dns-discovery-name-server=[DNS NAME SERVER IP]
 ```

 :::info
@ -49,34 +49,64 @@ For instance, consider a `nwaku` node that enables `DNS Discovery`, connects to

 ```bash
 ./build/wakunode2 \
-  --dns-discovery:true \
-  --dns-discovery-url:enrtree://AOGECG2SPND25EEFMAJ5WF3KSGJNSGV356DSTL2YVLLZWIV6SAYBM@test.waku.nodes.status.im \
-  --dns-discovery-name-server:8.8.8.8 \
-  --dns-discovery-name-server:8.8.4.4
+  --dns-discovery=true \
+  --dns-discovery-url=enrtree://AOGECG2SPND25EEFMAJ5WF3KSGJNSGV356DSTL2YVLLZWIV6SAYBM@test.waku.nodes.status.im \
+  --dns-discovery-name-server=8.8.8.8 \
+  --dns-discovery-name-server=8.8.4.4
 ```

 ## Configure Discv5

 To enable [Discv5](/overview/concepts/discv5) in a `nwaku` node, use the following configuration options:

- `discv5-discovery`: Enables Discv5 on the node (disabled by default).
- `discv5-bootstrap-node`: ENR for Discv5 routing table bootstrap node. You can repeat this option to provide multiple bootstrap entries.
+- `discv5-discovery`: Enables `Discv5` on the node (disabled by default).
+- `discv5-bootstrap-node`: ENR for `Discv5` routing table bootstrap node. You can repeat this option to provide multiple bootstrap entries.

 ```bash
 ./build/wakunode2 \
-  --discv5-discovery:true \
-  --discv5-bootstrap-node:[DISCV5 ENR BOOTSTRAP ENTRY 1] \
-  --discv5-bootstrap-node:[DISCV5 ENR BOOTSTRAP ENTRY 2]
+  --discv5-discovery=true \
+  --discv5-bootstrap-node=[DISCV5 ENR BOOTSTRAP ENTRY 1] \
+  --discv5-bootstrap-node=[DISCV5 ENR BOOTSTRAP ENTRY 2]
 ```

 For instance, consider a `nwaku` node that enables `Discv5` and bootstraps its routing table using a static `ENR`:

 ```bash
 ./build/wakunode2 \
-  --discv5-discovery:true \
-  --discv5-bootstrap-node:enr:-IO4QDxToTg86pPCK2KvMeVCXC2ADVZWrxXSvNZeaoa0JhShbM5qed69RQz1s1mWEEqJ3aoklo_7EU9iIBcPMVeKlCQBgmlkgnY0iXNlY3AyNTZrMaEDdBHK1Gx6y_zv5DVw5Qb3DtSOMmVHTZO1WSORrF2loL2DdWRwgiMohXdha3UyAw
+  --discv5-discovery=true \
+  --discv5-bootstrap-node=enr:-IO4QDxToTg86pPCK2KvMeVCXC2ADVZWrxXSvNZeaoa0JhShbM5qed69RQz1s1mWEEqJ3aoklo_7EU9iIBcPMVeKlCQBgmlkgnY0iXNlY3AyNTZrMaEDdBHK1Gx6y_zv5DVw5Qb3DtSOMmVHTZO1WSORrF2loL2DdWRwgiMohXdha3UyAw
 ```

 :::info
 When Discv5 is enabled and used with [DNS Discovery](#configure-dns-discovery), the `nwaku` node will attempt to bootstrap the Discv5 routing table by extracting `ENRs` from peers discovered through DNS.
+:::
+
+## Configure Peer Exchange
+
+To enable [Peer Exchange](/overview/concepts/peer-exchange) in a `nwaku` node, use the following configuration options:
+
+- `peer-exchange`: Enables `Peer Exchange` on the node as a responder (disabled by default).
+- `peer-exchange-node` (optional): ENR for bootstrap node that has the peer exchange protocol enabled.
+
+```bash
+./build/wakunode2 \
+  --peer-exchange=true \
+  --peer-exchange-node=[PEER MULTIADDR WITH EXCHANGE ENABLED]
+```
+
+For instance, consider two `nwaku` nodes configured as a `server` (peer exchange responder node) and `client` (node using peer exchange) on the same local host (IP: `0.0.0.0`):
+
+```bash title="Server: Nwaku Node with Peer Exchange Enabled"
+./build/wakunode2 --peer-exchange=true
+```
+
+```bash title="Client: Nwaku Node Bootstrapping with Peer Exchange"
+./build/wakunode2 \
+  --tcp-port=30305 \
+  --ports-shift=1 \
+  --peer-exchange-node=/ip4/0.0.0.0/tcp/60000/p2p/16Uiu2HAmLCe6zVqCS6KMqqRbbhyoJjfYZGr1Q3thTSbyKzibQkFR
+```
+
+:::info
+`nwaku` provides a [`relay-peer-exchange`](/guides/reference/node-config-options#relay-config) option via `libp2p` for peer exchange, allowing network growth through neighboring nodes. However, this feature can compromise security and network robustness, so we recommend only using it in high-trust environments.
 :::
--- a/docs/guides/nwaku/run-docker.md
+++ b/docs/guides/nwaku/run-docker.md
@ -45,10 +45,10 @@ Run `nwaku` using the most typical configuration:

 ```bash
 docker run -i -t -p 60000:60000 -p 9000:9000/udp statusteam/nim-waku \
-  --dns-discovery:true \
-  --dns-discovery-url:enrtree://AOGECG2SPND25EEFMAJ5WF3KSGJNSGV356DSTL2YVLLZWIV6SAYBM@prod.waku.nodes.status.im \
-  --discv5-discovery \
-  --nat:extip:[YOUR PUBLIC IP] # or, if you are behind a nat: --nat=any
+  --dns-discovery=true \
+  --dns-discovery-url=enrtree://AOGECG2SPND25EEFMAJ5WF3KSGJNSGV356DSTL2YVLLZWIV6SAYBM@prod.waku.nodes.status.im \
+  --discv5-discovery=true \
+  --nat=extip:[YOUR PUBLIC IP] # or, if you are behind a nat: --nat=any
 ```

 To find your public IP, use:
--- a/docs/guides/run-nwaku-node.md
+++ b/docs/guides/run-nwaku-node.md
@ -57,6 +57,7 @@ To join the Waku Network, nodes must [bootstrap](/overview/reference/glossary#bo
 | Static Peers | Configure the bootstrap nodes that `nwaku` should establish connections upon startup | [Configure Static Peers](/guides/nwaku/configure-discovery#configure-static-peers) |
 | DNS Discovery | Enable `nwaku` to bootstrap nodes using the [DNS Discovery](/overview/concepts/dns-discovery) mechanism | [Configure DNS Discovery](/guides/nwaku/configure-discovery#configure-dns-discovery) |
 | Discv5 | Enable `nwaku` to discover peers using the [Discv5](/overview/concepts/discv5) mechanism | [Configure Discv5](/guides/nwaku/configure-discovery#configure-discv5) |
+| Peer Exchange | Enable [Peer Exchange](/overview/concepts/peer-exchange) protocol for light nodes to request peers from your `nwaku` node | [Configure Peer Exchange](/guides/nwaku/configure-discovery#configure-peer-exchange) |

 :::tip
 You can configure a `nwaku` node to use multiple peer discovery mechanisms simultaneously.
@ -112,7 +113,7 @@ The `listenAddresses` field stores the node's listening addresses, while the `en

 You can find the addresses of a running node through its logs or by calling the `get_waku_v2_debug_v1_info` method of the [JSON RPC API](https://rfc.vac.dev/spec/16/).

-:::tip
+:::info
 When starting the node, `nwaku` will display all the public listening and discovery addresses at the `INFO` log level.
 :::

--- a/docs/overview/concepts/peer-exchange.md
+++ b/docs/overview/concepts/peer-exchange.md
@ -2,7 +2,11 @@
 title: Peer Exchange
 ---

-The primary objective of this protocol is to facilitate peer connectivity for resource-limited devices. The peer exchange protocol enables lightweight nodes to request peers from other nodes within the network. Light nodes can bootstrap and expand their mesh independently without relying on `Discv5`. Please refer to the [Peer Exchange](https://rfc.vac.dev/spec/34/) specification to learn more.
+The primary objective of this protocol is to facilitate peer connectivity for resource-limited devices without relying on `Discv5`. The peer exchange protocol enables light nodes to request peers from other nodes within the network. To learn more, please refer to the [Peer Exchange](https://rfc.vac.dev/spec/34/) specification.
+
+:::info
+Peer Exchange enables requesting random peers from other network nodes without revealing information about their connectivity or neighborhood.
+:::

 #### Pros