Context-Aware Private Address Advertisement in Hive #5308
Description
Summary
Implement context-aware address advertisement in the Hive protocol. Nodes should detect if a peer is connected via a private network and, if so, include private underlay addresses in the Hive Peers message sent to that specific peer. For public peers, the current behavior (filtering private IPs) remains unchanged.
Motivation
Currently, Bee nodes strictly filter out private IPs to prevent leaking internal topology to the public network. However, for node operators running large clusters behind a single NAT or VPN, this prevents nodes from discovering their direct high-speed LAN/VPN connections. Instead, they often route traffic via the public IP (hairpinning), resulting in higher latency, wasted public bandwidth, and reliance on external routing.
Since a significant portion of the Bee network consists of large operators running many nodes, optimizing these internal connections will significantly reduce the overall load on public gateways and improve latency and stability for the entire network, not just the operators themselves.
Implementation
Modify pkg/hive/hive.go to check the underlying libp2p connection state when sending the Peers message.
- In
sendPeers, inspect the stream.Conn().RemoteMultiaddr(). - Check if the address is private (using manet.IsPrivateAddr).
- Pass a allowPrivate boolean flag to filterAdvertisableUnderlays
- If true, include private IPs in the serialized underlay list for that specific peer.
Drawbacks
- Complexity: Adds a dynamic check to the Hive protocol which was previously stateless regarding peer connection type.
- Privacy Risk (Low): If the detection logic fails (false positive), a private IP might be sent to a public peer. However, private IPs are non-routable on the public internet, so the risk is primarily metadata leakage rather than an attack vector.