Short Story

Check the “Introducer” flag for a node to import any nodes added there. A typical use case would be to have a central sync server which is trusted as an introducer by the clients. When a new client is added on the central server, the other clients will also add that node to their config, for the same shared repositories.

Background & Theory

As part of the connection handshake between two nodes, some information about the cluster setup is exchanged. When node Alice connects to node Bob, the following is sent:

• A list of all repositories Alice shares with Bob.
• For each such repository, the list of nodes Alice shares that repository with.

In effect, this is a complete view of the cluster, as it pertains to the repositories that are shared with Bob. Until now, that information wasn’t actually used for anything. With the new “Introducer Node” feature, Bob can chose to mark Alice as an introducer, and automatically adopt any nodes that Alice has but not Bob.

Introducer status is transferrable; that is, an introducers’ introducer will become your introducer as well. This is best clarified by an example.

Lets assume that Alice already has connections toCharlie (trusted as introducer) and Eve (not trusted as an introducer). Now Bob, an otherwise blank node, is added to Alice. Bob adds Alice to his configuration too and sets the introducer flag. Alice sends her cluster configuration. Bob thus adds Charlie (as an introducer node, since he was trusted by Alice) and Eve (as a normal node).

Similarly, Alice will send information about Bob to Charlie and Eve. If they trust Alice as an introducer, a full mesh will be formed.

Note that propagation can be a bit delayed currently, since the information is only sent at connection establishment.

Ok, so if I understand this correctly, if I mark Alice an introducer I can see what other node she is connected to. Or only the ones that share my repositories? And Alice does not have a choice as to whether or not she wants to introduce her trusted nodes to me? Maybe she trusts Charlie to be her introducer node but doesn’t want me to see all her nodes? As I see it, the choice should be with Alice. And then again, maybe I just misunderstood this feature. Oh well… I mean - this sounds like a nice feature that should make setting up a larger cluster a piece of cake. As long as you only use it in your circle of friends (being all trusted nodes) or similar.

I’ll have to see this in action, but it might raise some privacy concerns unless I am mistaken about this. Maybe it just needs some finetuning

Excellent! Thank you! The biggest usability improvement in a long time!

If Alice and Bob are mutually introducers, and Alice shares a second repository with Charlie, I assume Bob and Charlie won’t see each other right?

Let me rephrase: Will only nodes with which an introducer shares a common repository be added?

EDIT: Never mind, this cleared things up for me:

For each such repository, the list of nodes Alice shares that repository with.

(Emphasis mine)

BTW: Great feature! It also help a bunch with proxy-like hosts, since they can just mark the others as introducers.

Not sure I understand how to use this. To illustrate, I created a diagram for a hypothetical case:

(a) I have an existing simple cluster sharing one repo - Node 1 and Node 2. Both are trusted and I can configure them. I want to add trusted Node 3, and mesh it with Node 1 and Node 2.

(b) I want to add untrusted Node 4 and also Node 5. I do not own these nodes. I can’t edit or configure them as they are operated by other people.

© I want Node 3 to see ONLY Nodes 1 and 2. And Node 2 to ONLY see Nodes 1 and 3.

(d) I want Nodes 4 and 5 to ONLY see Node 1, and not see each other.

Pretty sure I can set this up manually, but how is this configured using the Introducer option?

You need to use different repos for this kind of segmentation, regardless of any introducer flags or not. The full list of nodes sharing a repo is always sent in the connection handshake; the new introducer flags only affect what the receiving side does with this information.

However if ultimate privacy isn’t what you mean with “see ONLY”, then all you need to do is configure your network as above and not set any introducer flags, just as it has been in earlier versions.

Thank you for the explanation! Yeah … where I want ultimate privacy, a separate repo makes sense, and Introducer would not be used.

On the other hand - Introducer is a really nice feature to simplify connecting trusted nodes into a mesh cluster. Very useful in this case, and saves a lot of steps.

I want to use the example of @calmh and illustrate it. @calmh please feel free to use any pictures and correct me if i am wrong.

Lets assume that Alice already has connections to Charlie (trusted as introducer and trustes Alice as introducer) and Eve (not trusted as an introducer, doesnt trust Alice as an introducer). They are all sharing only one folder.

This means that Charlie will add Eve, but is not added back:

– Now Bob, an otherwise blank node, is added to Alice. Bob adds Alice to his configuration too and sets the introducer flag.-- < This is the only user interaction in this explanation.

Alice sends her cluster configuration. Bob thus adds Charlie (as an introducer node, since he was trusted by Alice) and Eve (as a normal node).

Similarly, Alice will send information about Bob to Charlie and Eve. Charlie trusts Alice as an introducer and will be add Bob, but Eve does not trust Alice and so will not accept the connection. Note that Alice doesnt accept Bob as an introducer and so Charlie will also not accept Bob as an introducer. Note that propagation can be a bit delayed currently, since the information is only sent at connection establishment.

Note that this is happening per folder.

@bigbear2nd We need a common visual representation model when we discuss the interaction between nodes and repos, and your design is the best we’ve seen yet! Nice job.

While we wait for @calmh to come in and confirm or correct your assumptions about the introducer, let me throw out a few thoughts:

(1) Introducer is somewhat viral in nature (something like Facebook friends/likes). One should not be careless about adding another node as an introducer.

(2) I still don’t understand how introducer works at the per folder level. The introducer “Yes / No” switch is inside the node configuration. Seems to me that the user switches on an external node as an introducer, and then uses the “share with” feature (in the repo configuration) as the gateway to determine which repo is shared and with whom. Is this correct?

(3) In the interest of privacy, I would like to see a feature to opt out of allowing my node to act as an introducer. In your example, Eve shares a repo with Alice, Charlie and Bob - although Eve is not a trusted node. Eve may have been setup as an introducer by other nodes (Dave, Frank, and George) that she would rather not be known to Alice, Charlie or Bob. How can Eve block Bob from adding her as an introducer and revealing the rest of the nodes in her cluster?

(4) And finally, I am more convinced than ever that we need some tools in the Syncthing GUI to help us visualize links between nodes and repos as discussed in another forum thread.

I think this is a great solution to the ease-of-use problems many people have talked about. Nice work @calmh!

This will be part of the protocol spec, right?

btw. it is possible to set also the name of the node and not only the node ID?

Yes. What I mean with “per folder” is that the introducer only sends information about devices who also share the same folder you do. There might be other devices sharing other folders, but you don’t get to know about those.

That wouldn’t help. Well, it would avoid adding the other devices to the GUI, but information about them is still sent in the handshake. This has been the way for a long, long time. For privacy separation, use separate folders.

Thanks for responding. Helpful advice when setting up hybrid clusters containing both trusted and untrusted devices.