I deployed IPFS to a docker container in my Synology NAS. I added one file, of a few 100 bytes.
I added 4001 tcp/udp port forward to the container IP. Occasionally, I checked the IPFS status page and would see perhaps 1000 max peers. Seemed innocuous.
The past few days, the network was acting “funny”. The modem (fritz) was sluggish (more so than usual). The connexion was flapping down/up randomly, about 12 or more disconnects per day. Pings, just from the LAN to the external modem were losing ~10% of packets. I was chasing the connexion flapping down/up issue when I noticed that the IPFS container IP address had recently uploaded ~50GB, per some traffic snooping my firewall does. Here is my recent traffic log:
The usual upload is around 2 to 3 GB per day. On 2022-08-18 (the day I deployed the IPFS container) it goes up to 23GB, and keeps increasing to 51GB on 08-23.
This is an IPFS daemon running doing nothing much at all except that I wanted to start exploring IPFS.
What on earth could it be doing?
As soon as I suspend the IPFS container, the load on the modem immediately reduces: pings are not lost, and the fritz!box goes back to its normal level of sluggishness when using the WEB interface, upload traffic goes back to normal.
I did find a bunch of
baf* items (raw blocks) which
ipfs repo gc cleaned up. I supposed I pulled them in with my poking about, but there were only a few hundred KB total in my repo. Nothing to suggest why I have such huge upload traffic over the last few days, and increasing day-on-day, to the point where it was impacting my modem to the point it kept dropping the connexion. My ISP tech contact insists there are no line issues — apparently, the disconnects are initiated from the modem, not due to any line noise or excessive errors.
Anyway, I sort of trust docker containers to be contained. I have verified that the container does not have access to the NAS filesystem, apart for the dedicated areas I map in. I did perform a tcpdump while the madness was in progress, but natch, it is encrypted, so I can’t tell what was being sent/received.
Can anyone shed some light onto this?
For now, I have deleted the port forwards, and the traffic has reduced.
Are there any tools for seeing what is being exchanged with peers? I really can’t believe that ~200MB of data might have been in such high demand that I would have swamped my internet connexion and both downloaded and uploaded ~40GB per day.
I am running
ipfs/kubo:latest from 2022-08-18.
top tells me that I am running
ipfs daemon --migrate=true --agent-version-suffix=docker. IPFS version is 0.14.0.