43
Lemmy Federation Architecture Change Proposal
(github.com)
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
That doesn't do anything to fix the problem. If a server can only handle 5k updates per minute (a completely made up number), it doesn't matter if those 5k updates come from one server or a thousand. In theory you could cut down on outbound messages a bit if you could tell a "hub server" that post #123456 got another upvote, so please tell instances A, B, C, D, and E. But the total number of messages would increase, so even if the hub instance can handle more updates, it may eventually hit capacity again.
The core of the problem is that if an instance doesn't process an update (inbound or outbound), it doesn't ever retry, the instances are just out of sync for that post forever.
With the pub/sub method- that should be able to be minimized.
At least, with my experience of messing with rabbitmq- A message stays in the queue, until I have told rabbitMQ, Hey, I have processed this message.
If I accept a message, an encounter an exception mid-way through, that message returns back to the queue, until It has been processed, or dead-letter logic handles it.
Granted, there is a hard-coded timeout somewhere in lemmy, where, older messages cannot be processed. That would need to be adjusted.
If you ensure that all messages are queued until processed, with retries on failure, what's the point of the hub model? As pointed out elsewhere, the large instances would be acting as hubs already.
Just removing that load from the main instance server, allowing it to just handle serving its local user-base.
In short- splitting the load into multiple components, rather than everything being handled by just the single instance server.
I'm just not seeing a benefit here, I think this is a solution to the wrong problem. Your proposal in theory cuts outbound updates from the big hubs, but in reality they're only updating a subset of other instances for any given update, and it doesn't do anything to help with inbound updates. And to do that, you have to solve a pretty tricky problem.
If my instance gets an update from Beehaw, I can validate that they're allowed to do so, because Beehaw has a TLS certificate that says "Yep, this is actually Beehaw." If you introduce a hub system, I need some way to determine that the hub system that's telling me "Beehaw has an update for you" is allowed to send updates on behalf of Beehaw.
To clarify-
After feedback/comments, I have modified the idea- this would be a optional local proxy/hub/delegation server/service, hosted by the instance owners.
https://github.com/LemmyNet/lemmy/issues/3245#issuecomment-1601585922
Ie- you can optionally scale your federation updates, independent of your main application server.