|
| 1 | +# Circuit Breaker Plugin |
| 2 | + |
| 3 | +## Overview |
| 4 | +The Circuit Breaker plugin integrates the [circuitbreaker](https://github.com/lightningequipment/circuitbreaker) tool with Warnet to protect Lightning Network nodes from being flooded with HTLCs. Circuit Breaker functions like a firewall for Lightning, allowing node operators to set limits on in-flight HTLCs and implement rate limiting on a per-peer basis. |
| 5 | + |
| 6 | +## What is Circuit Breaker? |
| 7 | +Circuit Breaker is to Lightning what firewalls are to the internet. It provides protection against: |
| 8 | +- HTLC flooding attacks |
| 9 | +- Channel slot exhaustion (max 483 slots per channel) |
| 10 | +- DoS/spam attacks using large numbers of fast-resolving HTLCs |
| 11 | +- Channel balance probing attacks |
| 12 | + |
| 13 | +Circuit Breaker offers insights into HTLC traffic and provides configurable operating modes to handle excess traffic. |
| 14 | + |
| 15 | +## Usage |
| 16 | +In your Python virtual environment with Warnet installed and set up, create a new Warnet user folder: |
| 17 | + |
| 18 | +``` |
| 19 | +$ warnet new user_folder |
| 20 | +$ cd user_folder |
| 21 | +``` |
| 22 | + |
| 23 | +Deploy a network with Circuit Breaker enabled: |
| 24 | + |
| 25 | +``` |
| 26 | +$ warnet deploy networks/circuitbreaker |
| 27 | +``` |
| 28 | + |
| 29 | +## Configuration in `network.yaml` |
| 30 | +You can incorporate the Circuit Breaker plugin into your `network.yaml` file as shown below: |
| 31 | + |
| 32 | +```yaml |
| 33 | +nodes: |
| 34 | + - name: tank-0000 |
| 35 | + addnode: |
| 36 | + - tank-0001 |
| 37 | + ln: |
| 38 | + lnd: true |
| 39 | + |
| 40 | + - name: tank-0001 |
| 41 | + addnode: |
| 42 | + - tank-0002 |
| 43 | + ln: |
| 44 | + lnd: true |
| 45 | + |
| 46 | + - name: tank-0002 |
| 47 | + addnode: |
| 48 | + - tank-0000 |
| 49 | + ln: |
| 50 | + lnd: true |
| 51 | + |
| 52 | + - name: tank-0003 |
| 53 | + addnode: |
| 54 | + - tank-0000 |
| 55 | + ln: |
| 56 | + lnd: true |
| 57 | + lnd: |
| 58 | + channels: |
| 59 | + - id: |
| 60 | + block: 300 |
| 61 | + index: 1 |
| 62 | + target: tank-0004-ln |
| 63 | + capacity: 100000 |
| 64 | + push_amt: 50000 |
| 65 | + |
| 66 | +plugins: |
| 67 | + postDeploy: |
| 68 | + circuitbreaker: |
| 69 | + entrypoint: "../../plugins/circuitbreaker" |
| 70 | + nodes: ["tank-0000-ln", "tank-0003-ln"] # Nodes to apply Circuit Breaker to |
| 71 | + mode: "fail" # Operating mode: fail, queue, or queue_peer_initiated |
| 72 | + maxPendingHtlcs: 10 # Default maximum pending HTLCs per peer |
| 73 | + rateLimit: 1 # Minimum seconds between HTLCs (token bucket rate limit) |
| 74 | +``` |
| 75 | +
|
| 76 | +## Plugin Parameters |
| 77 | +
|
| 78 | +| Parameter | Description | Default | |
| 79 | +|-----------|-------------|---------| |
| 80 | +| `nodes` | List of LN node names to apply Circuit Breaker to | Required | |
| 81 | +| `mode` | Operating mode (`fail`, `queue`, or `queue_peer_initiated`) | `fail` | |
| 82 | +| `maxPendingHtlcs` | Default maximum number of pending HTLCs per peer | `30` | |
| 83 | +| `rateLimit` | Minimum interval in seconds between HTLCs | `0` (disabled) | |
| 84 | +| `port` | Port to expose the Circuit Breaker UI on | `9235` | |
| 85 | +| `trusted_peers` | Map of node pubkeys to their individual HTLC limits | `{}` | |
| 86 | + |
| 87 | +## Operating Modes |
| 88 | + |
| 89 | +- **fail**: Fail HTLCs when limits are exceeded. Minimizes liquidity lock-up but affects routing reputation. |
| 90 | +- **queue**: Queue HTLCs when limits are exceeded, forwarding them when space becomes available. Penalizes upstream nodes for bad traffic. |
| 91 | +- **queue_peer_initiated**: Queue only HTLCs from channels that the remote node initiated. Uses fail mode for channels we initiated. |
| 92 | + |
| 93 | +**WARNING**: Queue modes require LND 0.16+ with auto-fail support to prevent force-closes. |
| 94 | + |
| 95 | +## Accessing the UI |
| 96 | + |
| 97 | +After deploying, you can port-forward to access the Circuit Breaker UI: |
| 98 | + |
| 99 | +``` |
| 100 | +$ kubectl port-forward pod/circuitbreaker-tank-0000 9235:9235 |
| 101 | +``` |
| 102 | + |
| 103 | +Then open http://127.0.0.1:9235 in a browser to view and configure Circuit Breaker settings. |
| 104 | + |
| 105 | +## Advanced Configuration Example |
| 106 | + |
| 107 | +```yaml |
| 108 | +plugins: |
| 109 | + postDeploy: |
| 110 | + circuitbreaker: |
| 111 | + entrypoint: "../../plugins/circuitbreaker" |
| 112 | + nodes: ["tank-0000-ln", "tank-0003-ln"] |
| 113 | + mode: "fail" |
| 114 | + maxPendingHtlcs: 15 |
| 115 | + rateLimit: 0.5 |
| 116 | + trusted_peers: { |
| 117 | + "03abcdef...": 50, |
| 118 | + "02123456...": 100 |
| 119 | + } |
| 120 | +``` |
| 121 | + |
| 122 | +<!-- ## Combining with SimLN |
| 123 | + |
| 124 | +The Circuit Breaker plugin can be used alongside the SimLN plugin to test how Circuit Breaker behaves under various payment patterns: |
| 125 | + |
| 126 | +```yaml |
| 127 | +plugins: |
| 128 | + postDeploy: |
| 129 | + circuitbreaker: |
| 130 | + entrypoint: "../../plugins/circuitbreaker" |
| 131 | + nodes: ["tank-0000-ln"] |
| 132 | + mode: "fail" |
| 133 | + maxPendingHtlcs: 10 |
| 134 | + simln: |
| 135 | + entrypoint: "../../plugins/simln" |
| 136 | + activity: '[{"source": "tank-0003-ln", "destination": "tank-0005-ln", "interval_secs": 0.1, "amount_msat": 2000}]' |
| 137 | +``` --> |
| 138 | + |
| 139 | +## Limitations |
| 140 | + |
| 141 | +- Circuit Breaker is alpha quality software. Use with caution, especially on mainnet. |
| 142 | +- LND interfaces are not optimized for this purpose, which may lead to edge cases. |
| 143 | +- Queue modes require LND 0.16+ to prevent channel force-closes. |
| 144 | + |
| 145 | +## Development |
| 146 | + |
| 147 | +To build your own version of the Circuit Breaker plugin: |
| 148 | + |
| 149 | +1. Clone the Circuit Breaker repository: `git clone https://github.com/lightningequipment/circuitbreaker.git` |
| 150 | +2. Follow the build instructions in the repository |
| 151 | +3. Update the plugin's `values.yaml` to point to your custom image |
0 commit comments