The snap
protocol runs on top of RLPx, facilitating the exchange of Ethereum state
snapshots between peers. The protocol is an optional extension for peers supporting (or
caring about) the dynamic snapshot format.
The current version is snap/1
.
The snap
protocol is designed for semi real-time data retrieval. It's goal is to make
dynamic snapshots of recent states available for peers. The snap
protocol does not take
part in chain maintenance (block and transaction propagation); and it is meant to be run
side-by-side with the eth
protocol, not standalone (e.g. chain progression is
announced via eth
).
The protocol itself is simplistic by design (take note, the supporting implementation is
everything but simple). In its crux, snap
supports retrieving a contiguous segment of
accounts from the Ethereum state trie, or a contiguous segment of storage slots from one
particular storage trie. Both replies are Merkle proven for immediate verification. In
addition batches of bytecodes can also be retrieved similarly to the eth
protocol.
The synchronization mechanism the protocol enables is for peers to retrieve and verify all
the account and storage data without downloading intermediate Merkle trie nodes. The final
state trie is reassembled locally. An additional complexity nodes must be aware of, is
that state is ephemeral and moves with the chain, so syncers need to support reassembling
partially consistent state segments. This is supported by trie node retrieval similar to
eth
, which can be used to heal trie inconsistencies (more on this later).
The snap
protocol permits downloading the entire Ethereum state without having to
download all the intermediate Merkle proofs, which can be regenerated locally. This
reduces the networking load enormously:
- Ingress bandwidth is reduced from
O(accounts * log account + SUM(states * log states))
(Merkle trie nodes) toO(accounts + SUM(states))
(actual state data). - Egress bandwidth is reduced from
O(accounts * log account + SUM(states * log states)) * 32 bytes
(Merkle trie node hashes) toO(accounts + SUM(states)) / 100000 bytes
(number of 100KB chucks to cover the state). - Round trip time is reduced from
O(accounts * log account + SUM(states * log states)) / 384
(states retrieval packets) toO(accounts + SUM(states)) / 100000 bytes
(number of 100KB chucks to cover the state).
To put some numbers on the above abstract orders of magnitudes, synchronizing Ethereum
mainnet state (i.e. ignoring blocks and receipts, as those are the same) with eth
vs.
the snap
protocol:
Block ~#11,177,000:
- Accounts: 107,598,788 @ 19.70GiB
- Byte codes: 319,654 @ 1.48GiB
- Storage slots: 365,787,020 @ 49.88GiB
- Trie nodes: 617,045,138
Time | Upload | Download | Packets | Serving disk reads* | |
---|---|---|---|---|---|
eth |
10h50m | 20.38GB | 43.8GB | 1607M | 15.68TB |
snap |
2h6m | 0.15GB | 20.44GB | 0.099M | 0.096TB |
-80.6% | -99.26% | -53.33% | -99.993% | -99.39% |
*Also accounts for other peer requests during the time span.
Post snap state heal:
- Additional trie nodes: 541,260 @ 160.44MiB
- Additional byte codes: 34 @ 234.98KiB
The snap
protocol is a dependent satellite of eth
(i.e. to run snap
, you need to
run eth
too), not a fully standalone protocol. This is a deliberate design decision:
snap
is meant to be a bootstrap aid for newly joining full nodes. By enforcing allsnap
peers to also speaketh
, we can avoid non-full nodes from lingering attached tosnap
indefinitely.eth
already contains well established chain and fork negotiation mechanisms, as well as remote peer staleness detection during sync. By running both protocols side-by-side,snap
can benefit of all these mechanisms without having to duplicate them.
This satellite status may be changed later, but it's better to launch with a more restricted protocol first and then expand if need be vs. trying to withdraw depended-upon features.
The snap
protocol is not an extension / next version of eth
as it relies on the
availability of a snapshot acceleration structure that can iterate accounts and storage
slots linearly. Its purpose is also one specific sync method that might not be suitable
for all clients. Keeping snap
as a separate protocol permits every client to decide to
pursue it or not, without hindering their capacity to participate in the eth
protocol.
The crux of the snapshot synchronization is making contiguous ranges of accounts and storage slots available for remote retrieval. The sort order is the same as the state trie iteration order, which makes it possible to not only request N subsequent accounts, but also to Merkle prove them. Some important properties of this simple algorithm:
- Opposed to fast sync, we only need to transfer the useful leaf data from the state trie and can reconstruct internal nodes locally.
- Opposed to warp sync, we can download small chunks of accounts and storage slots and immediately verify their Merkle proofs, making junk attacks impossible.
- Opposed to warp sync, random account ranges can be retrieved, thus synchronization concurrency is totally dependent on client implementation and is not forced by the protocol.
The gotcha of the snapshot synchronization is that serving nodes need to be able to
provide fast iterable access to the state of the most recent N
(128) blocks.
Iterating the Merkle trie itself might be functional, but it's not viable (iterating the
state trie at the time of writing takes 9h 30m on an idle machine). Geth introduced
support for dynamic snapshots, which allows iterating all the accounts in 7m
(see blog for more). Some important properties of the dynamic snapshots:
- Serving a contiguous range of accounts or storage slots take
O(n)
operations, and more importantly, it's the same for disk access too, being stored contiguously on disk (not counting the database read amplification). - Maintaining a live dynamic snapshot means:
- Opposed to warp sync, syncing nodes can always get the latest data, thus they don't need to process days' worth of blocks afterwards.
- Opposed to warp sync, there is no pre-computation to generate a snapshot (it's updated live), so there's no periodic burden on the nodes to iterate the tries (there it an initial burden to create the first snapshot after sync though).
- Providing access to 128 recent snapshots permits
O(1)
direct access to any account and state, which can be used during EVM execution forSLOAD
.
The caveat of the snapshot synchronization is that as with fast sync (and opposed to warp sync), the available data constantly moves (as new blocks arrive). The probability of finishing sync before the 128 block window (15m) moves out is asymptotically zero. This is not a problem, because we can self-heal. It is fine to import state snapshot chunks from different tries, because the inconsistencies can be fixed by running a fast-sync-style-state-sync on top of the assembled semi-correct state afterwards. Some important properties of the self-healing:
- Synchronization can be aborted at any time and resumed later. It might cause self-healing to run longer, but it will fix the data either way.
- Synchronization on slow connections is guaranteed to finish too (as long as the node can download data faster than it's being produced by the network), the data cannot disappear from the network (opposed to warp sync).
The accounts in the snap
protocol are analogous to the Ethereum RLP consensus encoding
(same fields, same order), but in a slim format:
- The code hash is
empty list
instead ofKeccak256("")
- The root hash is
empty list
instead ofHash(<empty trie>)
This is done to avoid having to transfer the same 32+32 bytes for all plain accounts over the network.
[reqID: P, rootHash: B_32, startingHash: B_32, limitHash: B_32, responseBytes: P]
Requests an unknown number of accounts from a given account trie, starting at the specified account hash and capped by the maximum allowed response size in bytes. The intended purpose of this message is to fetch a large number of subsequent accounts from a remote node and reconstruct a state subtrie locally.
reqID
: Request ID to match up responses withrootHash
: Root hash of the account trie to servestartingHash
: Account hash of the first to retrievelimitHash
: Account hash after which to stop serving dataresponseBytes
: Soft limit at which to stop returning data
Notes:
- Nodes must always respond to the query.
- If the node does not have the state for the requested state root, it must return an empty reply. It is the responsibility of the caller to query an state not older than 128 blocks.
- The responding node is allowed to return less data than requested (own QoS limits),
but the node must return at least one account. If no accounts exist between
startingHash
andlimitHash
, then the first (if any) account afterlimitHash
must be provided. - The responding node must Merkle prove the starting hash (even if it does not exist) and the last returned account (if any exists after the starting hash).
Rationale:
- The starting account is identified deliberately by hash and not by address. As the accounts in the Ethereum Merkle trie are sorted by hash, the address is irrelevant. In addition, there is no consensus requirement for full nodes to be aware of the address pre-images.
- The response is capped by byte size and not by number of accounts, because it makes the network traffic more deterministic. As the state density is unknowable, it's also impossible to delimit the query with an ending hash.
Caveats:
- When requesting accounts from a starting hash, malicious nodes may skip ahead and return a gapped reply. Such a reply would cause sync to finish early with a lot of missing data. Proof of non-existence for the starting hash prevents this attack, completely covering the range from start to end.
- No special signaling is needed if there are no more accounts after the last returned one, as the attached Merkle proof for the last account will have all trie nodes right of the proven path zero.
[reqID: P, accounts: [[accHash: B_32, accBody: B], ...], proof: [node_1: B, node_2, ...]]
Returns a number of consecutive accounts and the Merkle proofs for the entire range (boundary proofs). The left-side proof must be for the requested origin hash (even if an associated account does not exist) and the right-side proof must be for the last returned account.
reqID
: ID of the request this is a response foraccounts
: List of consecutive accounts from the trieaccHash
: Hash of the account address (trie path)accBody
: Account body in slim format
proof
: List of trie nodes proving the account range
Notes:
- If the account range is the entire state (requested origin was
0x00..0
and all accounts fit into the response), no proofs should be sent along the response. This is unlikely for accounts, but since it's a common situation for storage slots, this clause keeps the behavior the same across both.
[reqID: P, rootHash: B_32, accountHashes: [B_32], startingHash: B, limitHash: B, responseBytes: P]
Requests the storage slots of multiple accounts' storage tries. Since certain contracts have huge state, the method can also request storage slots from a single account, starting at a specific storage key hash. The intended purpose of this message is to fetch a large number of subsequent storage slots from a remote node and reconstruct a state subtrie locally.
reqID
: Request ID to match up responses withrootHash
: Root hash of the account trie to serveaccountHashes
: Account hashes of the storage tries to servestartingHash
: Storage slot hash of the first to retrievelimitHash
: Storage slot hash after which to stop servingresponseBytes
: Soft limit at which to stop returning data
Notes:
- Nodes must always respond to the query.
- If the node does not have the state for the requested state root or for any requested account hash, it must return an empty reply. It is the responsibility of the caller to query an state not older than 128 blocks; and the caller is expected to only ever query existing accounts.
- The responding node is allowed to return less data than requested (serving QoS limits), but the node must return at least one slot, unless none exists.
- If multiple accounts' storage is requested, serving nodes should reply with the entire storage ranges (thus no Merkle proofs needed), up to the first contract which exceeds the packet limit. If the last included storage range does not fit entirely, a Merkle proof must be attached to that and only that.
- If a single account's storage is requested, serving nodes should only return slots starting with the requested starting hash, up to the last one or until the packet fills up. It the entire storage range is not being returned, a Merkle proof must be attached.
- If a proof is attached, the responding node must Merkle prove the starting hash (even if it does not exist) and the last returned slot (if any exists after the starting hash).
Rationale:
- The response is capped by byte size and not by number of slots, because it makes the network traffic more deterministic.
- The request supports querying multiple contracts at the same time as most storage tries are in the order of 100s of bytes. Querying these individually would produce a lot of network round trips.
Caveats:
- When requesting storage slots from a starting hash, malicious nodes may skip ahead and return a prefix-gapped reply. Such a reply would cause sync to finish early with a lot of missing data. Proof of non-existence for the starting hash prevents this attack, completely covering the range from start to end.
- Although serving nodes should respect the response limit requested by the caller, it is valuable to slightly force the limit (consider it soft only) when adding the last contract to avoid having to split it and prove it.
- No special signaling is needed if there are no more slots after the last returned one, as the attached Merkle proof for the last account will have all trie nodes right of the proven path zero.
[reqID: P, slots: [[[slotHash: B_32, slotData: B], ...], ...], proof: [node_1: B, node_2, ...]]
Returns a number of consecutive storage slots for the requested account (i.e. list of list of slots) and optionally the Merkle proofs for the last range (boundary proofs) if it only partially covers the storage trie. The left-side proof must be for the requested origin slots (even if it does not exist) and the right-side proof must be for the last returned slots.
reqID
: ID of the request this is a response forslots
: List of list of consecutive slots from the trie (one list per account)slotHash
: Hash of the storage slot key (trie path)slotData
: Data content of the slot
proof
: List of trie nodes proving the slot range
Notes:
- If the slot range is the entire storage state, no proofs will be sent along the response.
[reqID: P, hashes: [hash1: B_32, hash2: B_32, ...], bytes: P]
Requests a number of contract byte-codes by hash. This is analogous to the eth/63
GetNodeData
, but restricted to only bytecode to break the generality that causes issues
with database optimizations. The intended purpose of this request is to allow retrieving
the code associated with accounts retrieved via GetAccountRange, but it's needed during
healing too.
reqID
: Request ID to match up responses withhashes
: Code hashes to retrieve the code forbytes
: Soft limit at which to stop returning data
This functionality was duplicated into snap
from eth/65
to permit eth
long term to
become a chain maintenance protocol only and move synchronization primitives out into
satellite protocols only.
Notes:
- Nodes must always respond to the query.
- The returned codes must be in the request order.
- The responding node is allowed to return less data than requested (serving QoS limits), but the node must return at least one bytecode, unless none requested are available, in which case it must answer with an empty response.
- If a bytecode is unavailable, the node must skip that slot and proceed to the next
one. The node must not return
nil
or other placeholders.
Rationale:
- The response is capped by byte size and not by number of slots, because it makes the network traffic more deterministic, as contract sizes can vary randomly up to 24KB with current consensus rules.
- By retaining the original request order and skipping unavailable bytecodes, the requesting node can differentiate between unavailable data (gaps in the hashes) and QoS limitations (missing suffix).
Caveats:
- Implementations are free to request as many or as few bytecodes in a single request, but
they should keep in mind that requesting too few results in wasted time due to network
latency; but requesting too many results in wasted bandwidth if the response doesn't
fit. Average (unique) contract size on mainnet is about 5-6KB, so
bytes / 6KB
is a good heuristic for the number of codes to request in a single packet (e.g. for 512KB desired response size, 80-100 bytecodes per request is a good choice).
[reqID: P, codes: [code1: B, code2: B, ...]]
Returns a number of requested contract codes. The order is the same as in the request, but there might be gaps if not all codes are available or there might be fewer is QoS limits are reached.
[reqID: P, rootHash: B_32, paths: [[accPath: B, slotPath1: B, slotPath2: B, ...]...], bytes: P]
Requests a number of state (either account or storage) Merkle trie nodes by path. This
is analogous in functionality to the eth/63
GetNodeData
, but restricted to only tries
and queried by path, to break the generality that causes issues with database
optimizations.
reqID
: Request ID to match up responses withrootHash
: Root hash of the account trie to servepaths
: Trie paths to retrieve the nodes for, grouped by accountbytes
: Soft limit at which to stop returning data
The paths
is one array of trie node paths to retrieve per account (i.e. list of list of
paths). Each list in the array special cases the first element as the path in the account
trie and the remaining elements as paths in the storage trie. To address an account node,
the inner list should have a length of 1 consisting of only the account path. Partial
paths (<32 bytes) should be compact encoded per the Ethereum wire protocol, full paths
should be plain binary encoded.
This functionality was mutated into snap
from eth/65
to permit eth
long term to
become a chain maintenance protocol only and move synchronization primitives out into
satellite protocols only.
Notes:
- Nodes must always respond to the query.
- The returned nodes must be in the request order.
- If the node does not have the state for the requested state root or for any requested account paths, it must return an empty reply. It is the responsibility of the caller to query an state not older than 128 blocks; and the caller is expected to only ever query existing trie nodes.
- The responding node is allowed to return less data than requested (serving QoS limits), but the node must return at least one trie node.
Rationale:
- The response is capped by byte size and not by number of slots, because it makes the network traffic more deterministic. Although opposed to the previous request types (accounts, slots, codes), trie nodes are relatively deterministic (100-500B), the protocol remains cleaner if all packets follow the same traffic shaping rules.
- A naive way to represent trie nodes would be a simple list of
account || storage
path segments concatenated, but that would be very wasteful on the network as it would duplicate the account hash for every storage trie node.
[reqID: P, nodes: [node1: B, node2: B, ...]]
Returns a number of requested state trie nodes. The order is the same as in the request, but there might be fewer is QoS limits are reached.
Version 1 was the introduction of the snapshot protocol.