Ziggurat 3.0

I’ve opened a ticket so we can track and prioritise the remaining fix here:

We have no info for this IP where we saw a zebrad (potentially a single zebra) with nine connections, but we have seen duplicated connections towards our own zebrad, for which we know it’s a single node behind our IP.

our_zebrad_IP:46274 (Initiator) connection established for 138684.341747943 seconds
our_zebrad_IP:54530 (Initiator) connection established for 40923.097415758 seconds

It kind of confirms the issue.
We can collect more logs from our zebrad when this happens - for our zebrad, we have full access.

Thanks!

Just letting you know that we don’t need any more logs from older Zebra versions right now. We want to test if other fixes solve the issue first, those fixes will be in our next release candidate.

(Or feel free to test with our main branch if you’d like.)

Hi again @shieldedmark ,

Always exciting to see the output from Ziggurat! Haven’t had a chance to skim through the repos but fwiw(unless tooling already exists in your repo), in order to support the proposal:

Culminates in a coordinated red-teaming exercise on testnet.

It might be worth checking out GitHub - zcash-hackworks/zcash-testnet-in-a-box: A method to deploy a quarantined zcashd testnet with monitoring.

Ideally this(or something similar) provides a CD into N testnets to run red teaming exercises. This would be a more controlled and repeatable environment, but could provide additional grant ideas to support N testnet suites for the community etc. Additionally, if the red teaming bricks testnet you would not be dependent on maintainers to rollback or unbrick the current environment, thus increasing your velocity.

@shieldedmark Forgot to mention, looking forward this does allow you to also shim in a given testnet to potentially test out lightwalletd components and the various configuration options of zcashd/lwd instances. It could provide a more robust formalized testing suite of similar features also seen here lightwalletd/darksidewalletd.md at master · zcash/lightwalletd · GitHub. For further grant ideas, you could also append on a generic SDK/iOS layer to see how the red teaming is persisted through these layers to ensure the testing is complete across the architecture.

Hello once again!

It’s time to report on our final deliverable for Ziggurat 3.0: The Testnet Red Teaming!

Our Red Team Exercise (RTE) focused on a variety of scenarios involving peering, resource allocation, and performance bottlenecks. This is all covered in a full 30 page report that details our preparation, research, execution and outcomes. This report has been privately disclosed to the proper security parties and discussion about releasing information from this to the community is pending.

But thats not all! In addition to the RTE we have completed the following CI/CD improvements:

• Updated all workflows to run successfully with the Google Cloud integration (mostly missing env variables and credentials).
• Removed diff-with-previous step (will be done in UI instead).
• Enabled IPv6 support for Crawler workflow by running it on a self-hosted machine.
• Set up workflow environment on that machine.
• Made the test suite step a composite action (reusable within jobs, as opposed to a pre-defined job in itself).
• Procure some node metadata in CI so we can display node commit, node name, etc. in UI.
• Update the test suite step to scaffold an initial results file containing some node data.
• Maintenance as always.

Also UI/UX Updates (see https://app.runziggurat.com)

• Integrate visualizations into the NextJS app and fetch data on the server side.
• Render the graphs per page accessed through navbar tabs, pages are prefetched and allows for faster switching due to after-load rendering of graphs.
• Preserve tab for network-switcher. Therefore switching networks, from a specific tab like force or geo, would render the same graph for the new network.
• Touch support, revamped mouse and keyboard events for the geo graph.
• Zoom gestures: New touch, trackpad pinch and mouse wheel gestures for the geo graph. ctrl pressed mouse wheel has a higher magnitude.
• Better cleanup and fixing memory leak after moving away from the graph pages.
• Revamped keyboard actions for the geo graph. These include zoom-in i, zoom-out o and arrow keys for panning.
• Geo graph displays the selected node’s connections and a toggle to display all connections.
• Load state files via keyboard-only shortcut for both graphs.

This work concludes our grant work for the time being. As always, it’s an honor and a privilege to work with this community and technology, and we hope to have the opportunity to do it again in the near future.