From 3979f62aa2d5d726378848c7c038b0d097f7a5e7 Mon Sep 17 00:00:00 2001
From: Mykhailo Kremniov <mkremniov@gmail.com>
Date: Fri, 12 Jan 2024 16:26:00 +0200
Subject: [PATCH] p2p: peer discouragement was added; peer eviction tests were
 refactored; ban tests were rewritten; PeermanagerConfig was moved to a
 separate file; some cleanup

---
 dns-server/src/crawler_p2p/crawler/mod.rs     |   18 +-
 .../src/crawler_p2p/crawler/tests/mod.rs      |   22 +-
 .../crawler_manager/tests/mock_manager.rs     |    6 +-
 .../crawler_p2p/crawler_manager/tests/mod.rs  |   10 +-
 dns-server/src/main.rs                        |    5 +-
 node-lib/src/config_files/mod.rs              |    4 +
 node-lib/src/config_files/p2p.rs              |   17 +-
 node-lib/src/options.rs                       |    4 +-
 .../src/block_announcement.rs                 |    3 +-
 p2p/p2p-test-utils/src/lib.rs                 |   16 +
 p2p/src/ban_config.rs                         |   54 +
 p2p/src/config.rs                             |   15 +-
 p2p/src/error.rs                              |    2 +
 p2p/src/lib.rs                                |    1 +
 p2p/src/peer_manager/config.rs                |  141 ++
 p2p/src/peer_manager/mod.rs                   |  248 +-
 p2p/src/peer_manager/peerdb/mod.rs            |   68 +-
 p2p/src/peer_manager/peerdb/storage.rs        |    9 +
 p2p/src/peer_manager/peerdb/storage_impl.rs   |   35 +-
 p2p/src/peer_manager/peerdb/storage_load.rs   |   12 +-
 p2p/src/peer_manager/peerdb/tests.rs          |  104 +-
 p2p/src/peer_manager/peers_eviction/mod.rs    |   40 +-
 p2p/src/peer_manager/peers_eviction/tests.rs  | 2059 +++++++----------
 .../tests/addr_list_response_caching.rs       |   52 +-
 p2p/src/peer_manager/tests/addresses.rs       |    3 +-
 p2p/src/peer_manager/tests/ban.rs             |  893 ++++---
 p2p/src/peer_manager/tests/connections.rs     |  192 +-
 p2p/src/peer_manager/tests/discouragement.rs  |  503 ++++
 p2p/src/peer_manager/tests/eviction.rs        |   77 +-
 p2p/src/peer_manager/tests/mod.rs             |    1 +
 p2p/src/peer_manager/tests/peer_types.rs      |    3 +-
 p2p/src/peer_manager/tests/ping.rs            |    3 +-
 p2p/src/peer_manager/tests/utils.rs           |   87 +-
 p2p/src/peer_manager/tests/whitelist.rs       |    7 +-
 p2p/src/peer_manager_event.rs                 |    2 +-
 p2p/src/sync/tests/block_announcement.rs      |    9 +-
 p2p/src/sync/tests/block_response.rs          |   21 +-
 p2p/src/sync/tests/header_list_request.rs     |    3 +-
 p2p/src/sync/tests/header_list_response.rs    |    3 +-
 p2p/src/sync/tests/network_sync.rs            |    6 +-
 p2p/src/sync/tests/tx_announcement.rs         |    6 +-
 p2p/src/testing_utils.rs                      |   65 +-
 p2p/src/tests/helpers/mod.rs                  |    7 +
 p2p/src/tests/peer_discovery_on_stale_tip.rs  |    5 +-
 wallet/wallet-node-client/tests/call_tests.rs |    3 +-
 wallet/wallet-test-node/src/lib.rs            |    3 +-
 46 files changed, 2866 insertions(+), 1981 deletions(-)
 create mode 100644 p2p/src/ban_config.rs
 create mode 100644 p2p/src/peer_manager/config.rs
 create mode 100644 p2p/src/peer_manager/tests/discouragement.rs

diff --git a/dns-server/src/crawler_p2p/crawler/mod.rs b/dns-server/src/crawler_p2p/crawler/mod.rs
index 1a8f2eb29f..b5cc7ce591 100644
--- a/dns-server/src/crawler_p2p/crawler/mod.rs
+++ b/dns-server/src/crawler_p2p/crawler/mod.rs
@@ -39,13 +39,13 @@ use common::{chain::ChainConfig, primitives::time::Time};
 use crypto::random::{seq::IteratorRandom, Rng};
 use logging::log;
 use p2p::{
-    config::{BanDuration, BanThreshold},
     error::P2pError,
     net::types::PeerInfo,
     peer_manager::{ADDR_RATE_BUCKET_SIZE, ADDR_RATE_INITIAL_SIZE, MAX_ADDR_RATE_PER_SECOND},
     types::{bannable_address::BannableAddress, peer_id::PeerId, socket_address::SocketAddress},
     utils::rate_limiter::RateLimiter,
 };
+use utils::make_config_setting;
 
 use crate::crawler_p2p::crawler::address_data::AddressStateTransitionTo;
 
@@ -53,24 +53,16 @@ use self::address_data::{AddressData, AddressState};
 
 /// How many outbound connection attempts can be made per heartbeat
 const MAX_CONNECTS_PER_HEARTBEAT: usize = 25;
-const DEFAULT_BAN_THRESHOLD: u32 = 100;
-const DEFAULT_BAN_DURATION: Duration = Duration::from_secs(60 * 60 * 24);
 
-#[derive(Clone)]
+make_config_setting!(BanThreshold, u32, 100);
+make_config_setting!(BanDuration, Duration, Duration::from_secs(60 * 60 * 24));
+
+#[derive(Default, Clone)]
 pub struct CrawlerConfig {
     pub ban_threshold: BanThreshold,
     pub ban_duration: BanDuration,
 }
 
-impl Default for CrawlerConfig {
-    fn default() -> Self {
-        Self {
-            ban_threshold: BanThreshold::from(DEFAULT_BAN_THRESHOLD),
-            ban_duration: BanDuration::from(DEFAULT_BAN_DURATION),
-        }
-    }
-}
-
 /// The `Crawler` is the component that communicates with Mintlayer peers using p2p,
 /// and based on the results, commands the DNS server to add/remove ip addresses.
 /// The `Crawler` emits events that communicate whether addresses were reached or,
diff --git a/dns-server/src/crawler_p2p/crawler/tests/mod.rs b/dns-server/src/crawler_p2p/crawler/tests/mod.rs
index ac9ec6b53c..df3419f09e 100644
--- a/dns-server/src/crawler_p2p/crawler/tests/mod.rs
+++ b/dns-server/src/crawler_p2p/crawler/tests/mod.rs
@@ -27,7 +27,7 @@ use common::{
     primitives::{time::Time, user_agent::mintlayer_core_user_agent},
 };
 use p2p::{
-    config::{BanDuration, BanThreshold, NodeType},
+    config::NodeType,
     error::{DialError, P2pError, ProtocolError},
     net::types::PeerInfo,
     testing_utils::TEST_PROTOCOL_VERSION,
@@ -312,8 +312,8 @@ fn ban_misbehaved_peer(#[case] seed: Seed) {
     let chain_config = common::chain::config::create_mainnet();
     let mut crawler = test_crawler(
         CrawlerConfig {
-            ban_duration: BanDuration::new(BAN_DURATION),
-            ban_threshold: BanThreshold::new(ban_threshold),
+            ban_duration: BAN_DURATION.into(),
+            ban_threshold: ban_threshold.into(),
         },
         BTreeSet::new(),
         BTreeMap::new(),
@@ -442,8 +442,8 @@ fn ban_misbehaved_peers_with_same_address(#[case] seed: Seed) {
     let chain_config = common::chain::config::create_mainnet();
     let mut crawler = test_crawler(
         CrawlerConfig {
-            ban_duration: BanDuration::new(BAN_DURATION),
-            ban_threshold: BanThreshold::new(ban_threshold),
+            ban_duration: BAN_DURATION.into(),
+            ban_threshold: ban_threshold.into(),
         },
         BTreeSet::new(),
         BTreeMap::new(),
@@ -589,8 +589,8 @@ fn ban_on_misbehavior_during_handshake(#[case] seed: Seed) {
     let chain_config = common::chain::config::create_mainnet();
     let mut crawler = test_crawler(
         CrawlerConfig {
-            ban_duration: BanDuration::new(BAN_DURATION),
-            ban_threshold: BanThreshold::new(ban_threshold),
+            ban_duration: BAN_DURATION.into(),
+            ban_threshold: ban_threshold.into(),
         },
         BTreeSet::new(),
         BTreeMap::new(),
@@ -665,8 +665,8 @@ fn no_ban_on_connection_error(#[case] seed: Seed) {
     let chain_config = common::chain::config::create_mainnet();
     let mut crawler = test_crawler(
         CrawlerConfig {
-            ban_duration: BanDuration::new(BAN_DURATION),
-            ban_threshold: BanThreshold::new(ban_threshold),
+            ban_duration: BAN_DURATION.into(),
+            ban_threshold: ban_threshold.into(),
         },
         BTreeSet::new(),
         BTreeMap::new(),
@@ -712,8 +712,8 @@ const BAN_THRESHOLD: u32 = 100;
 
 fn make_config() -> CrawlerConfig {
     CrawlerConfig {
-        ban_duration: BanDuration::new(BAN_DURATION),
-        ban_threshold: BanThreshold::new(BAN_THRESHOLD),
+        ban_duration: BAN_DURATION.into(),
+        ban_threshold: BAN_THRESHOLD.into(),
     }
 }
 
diff --git a/dns-server/src/crawler_p2p/crawler_manager/tests/mock_manager.rs b/dns-server/src/crawler_p2p/crawler_manager/tests/mock_manager.rs
index 85d9435671..bf16f9ae90 100644
--- a/dns-server/src/crawler_p2p/crawler_manager/tests/mock_manager.rs
+++ b/dns-server/src/crawler_p2p/crawler_manager/tests/mock_manager.rs
@@ -35,7 +35,7 @@ use common::{
     time_getter::TimeGetter,
 };
 use p2p::{
-    config::{BanDuration, BanThreshold, NodeType, P2pConfig},
+    config::{NodeType, P2pConfig},
     error::{DialError, P2pError},
     message::{AnnounceAddrRequest, PeerManagerMessage},
     net::{
@@ -295,8 +295,8 @@ pub fn test_crawler(
         default_p2p_port: 3031,
     };
     let crawler_config = CrawlerConfig {
-        ban_duration: BanDuration::default(),
-        ban_threshold: BanThreshold::default(),
+        ban_duration: Default::default(),
+        ban_threshold: Default::default(),
     };
 
     let state = MockStateRef {
diff --git a/dns-server/src/crawler_p2p/crawler_manager/tests/mod.rs b/dns-server/src/crawler_p2p/crawler_manager/tests/mod.rs
index 61c3768930..4ac42cdc58 100644
--- a/dns-server/src/crawler_p2p/crawler_manager/tests/mod.rs
+++ b/dns-server/src/crawler_p2p/crawler_manager/tests/mod.rs
@@ -19,16 +19,18 @@ use std::time::Duration;
 
 use chainstate::ban_score::BanScore;
 use p2p::{
-    config::{BanDuration, BanThreshold},
     error::{P2pError, ProtocolError},
     types::socket_address::SocketAddress,
 };
 use p2p_test_utils::{expect_no_recv, expect_recv};
 
 use crate::{
-    crawler_p2p::crawler_manager::tests::mock_manager::{
-        advance_time, assert_banned_addresses, assert_known_addresses, test_crawler,
-        ErraticNodeConnectError,
+    crawler_p2p::{
+        crawler::{BanDuration, BanThreshold},
+        crawler_manager::tests::mock_manager::{
+            advance_time, assert_banned_addresses, assert_known_addresses, test_crawler,
+            ErraticNodeConnectError,
+        },
     },
     dns_server::DnsServerCommand,
 };
diff --git a/dns-server/src/main.rs b/dns-server/src/main.rs
index 5004300797..03a55ed30f 100644
--- a/dns-server/src/main.rs
+++ b/dns-server/src/main.rs
@@ -58,8 +58,9 @@ async fn run(config: Arc<DnsServerConfig>) -> Result<Never, error::DnsServerErro
         boot_nodes: Vec::new(),
         reserved_nodes: Vec::new(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        // Note: this ban config (as well as any other non-backend setting here) won't have
+        // any effect on the dns server.
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
diff --git a/node-lib/src/config_files/mod.rs b/node-lib/src/config_files/mod.rs
index da81645f7b..2ea40329a9 100644
--- a/node-lib/src/config_files/mod.rs
+++ b/node-lib/src/config_files/mod.rs
@@ -174,6 +174,8 @@ fn p2p_config(config: P2pConfigFile, options: &RunOptions) -> P2pConfigFile {
         max_inbound_connections,
         ban_threshold,
         ban_duration,
+        discouragement_threshold,
+        discouragement_duration,
         max_clock_diff,
         outbound_connection_timeout,
         ping_check_period,
@@ -212,6 +214,8 @@ fn p2p_config(config: P2pConfigFile, options: &RunOptions) -> P2pConfigFile {
         max_inbound_connections,
         ban_threshold,
         ban_duration,
+        discouragement_threshold,
+        discouragement_duration,
         max_clock_diff,
         outbound_connection_timeout,
         ping_check_period,
diff --git a/node-lib/src/config_files/p2p.rs b/node-lib/src/config_files/p2p.rs
index 8c85d58b00..7d9fe36892 100644
--- a/node-lib/src/config_files/p2p.rs
+++ b/node-lib/src/config_files/p2p.rs
@@ -19,8 +19,9 @@ use common::primitives::user_agent::mintlayer_core_user_agent;
 use serde::{Deserialize, Serialize};
 
 use p2p::{
+    ban_config::BanConfig,
     config::{NodeType, P2pConfig},
-    peer_manager::PeerManagerConfig,
+    peer_manager::config::PeerManagerConfig,
     types::ip_or_socket_address::IpOrSocketAddress,
 };
 
@@ -76,6 +77,10 @@ pub struct P2pConfigFile {
     pub ban_threshold: Option<u32>,
     /// Duration of bans in seconds.
     pub ban_duration: Option<u64>,
+    /// The score threshold after which a peer becomes discouraged.
+    pub discouragement_threshold: Option<u32>,
+    /// Duration of discouragement in seconds.
+    pub discouragement_duration: Option<u64>,
     /// Maximum acceptable time difference between this node and the remote peer (in seconds).
     /// If a large difference is detected, the peer will be disconnected.
     pub max_clock_diff: Option<u64>,
@@ -106,6 +111,8 @@ impl From<P2pConfigFile> for P2pConfig {
             max_inbound_connections,
             ban_threshold,
             ban_duration,
+            discouragement_threshold,
+            discouragement_duration,
             max_clock_diff,
             outbound_connection_timeout,
             ping_check_period,
@@ -122,8 +129,12 @@ impl From<P2pConfigFile> for P2pConfig {
             boot_nodes: boot_nodes.unwrap_or_default(),
             reserved_nodes: reserved_nodes.unwrap_or_default(),
             whitelisted_addresses: whitelisted_addresses.unwrap_or_default(),
-            ban_threshold: ban_threshold.into(),
-            ban_duration: ban_duration.map(Duration::from_secs).into(),
+            ban_config: BanConfig {
+                ban_threshold: ban_threshold.into(),
+                ban_duration: ban_duration.map(Duration::from_secs).into(),
+                discouragement_threshold: discouragement_threshold.into(),
+                discouragement_duration: discouragement_duration.map(Duration::from_secs).into(),
+            },
             max_clock_diff: max_clock_diff.map(Duration::from_secs).into(),
             outbound_connection_timeout: outbound_connection_timeout
                 .map(|t| Duration::from_secs(t.into()))
diff --git a/node-lib/src/options.rs b/node-lib/src/options.rs
index 8e6a36d625..4c34ecef92 100644
--- a/node-lib/src/options.rs
+++ b/node-lib/src/options.rs
@@ -136,7 +136,9 @@ pub struct RunOptions {
     #[clap(long)]
     pub p2p_max_inbound_connections: Option<usize>,
 
-    /// The p2p score threshold after which a peer is baned.
+    // TODO: add all the options related to banning/discouragement thresholds and durations,
+    // for completeness.
+    /// The p2p score threshold after which a peer is banned.
     #[clap(long)]
     pub p2p_ban_threshold: Option<u32>,
 
diff --git a/p2p/backend-test-suite/src/block_announcement.rs b/p2p/backend-test-suite/src/block_announcement.rs
index 74b70a02df..b6fe969d1e 100644
--- a/p2p/backend-test-suite/src/block_announcement.rs
+++ b/p2p/backend-test-suite/src/block_announcement.rs
@@ -179,8 +179,7 @@ where
         boot_nodes: Vec::new(),
         reserved_nodes: Vec::new(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
diff --git a/p2p/p2p-test-utils/src/lib.rs b/p2p/p2p-test-utils/src/lib.rs
index ed2a08f7ce..9aab799d3f 100644
--- a/p2p/p2p-test-utils/src/lib.rs
+++ b/p2p/p2p-test-utils/src/lib.rs
@@ -221,6 +221,7 @@ macro_rules! expect_no_recv {
     };
 }
 
+/// Wait until the specified value is received from the channel.
 pub async fn wait_for_recv<T: Eq>(receiver: &mut mpsc::UnboundedReceiver<T>, value: &T) {
     let wait_loop = async {
         loop {
@@ -232,3 +233,18 @@ pub async fn wait_for_recv<T: Eq>(receiver: &mut mpsc::UnboundedReceiver<T>, val
 
     expect_future_val!(wait_loop);
 }
+
+/// Wait until the sender stops putting messages into the channel.
+pub async fn wait_for_no_recv<T>(receiver: &mut mpsc::UnboundedReceiver<T>) {
+    let wait_loop = async {
+        loop {
+            let wait_result =
+                tokio::time::timeout(Duration::from_millis(100), receiver.recv()).await;
+            if wait_result.is_err() {
+                break;
+            }
+        }
+    };
+
+    expect_future_val!(wait_loop);
+}
diff --git a/p2p/src/ban_config.rs b/p2p/src/ban_config.rs
new file mode 100644
index 0000000000..e2a09652c6
--- /dev/null
+++ b/p2p/src/ban_config.rs
@@ -0,0 +1,54 @@
+// Copyright (c) 2021-2024 RBB S.r.l
+// opensource@mintlayer.org
+// SPDX-License-Identifier: MIT
+// Licensed under the MIT License;
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://github.com/mintlayer/mintlayer-core/blob/master/LICENSE
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use std::time::Duration;
+
+use utils::make_config_setting;
+
+make_config_setting!(BanThreshold, u32, 100);
+// TODO: initially, the ban duration was 24h, but later it was changed to 30 min because automatic
+// banning can be dangerous. E.g. it's possible for an attacker to force the node to use malicious
+// Tor exit nodes by making it ban all honest ones. Using a smaller interval seemed less dangerous,
+// so we chose 30 min. But even automatic disconnection of seemingly misbehaving peers may lead
+// to network splitting; e.g. if in a future version some previously incorrect behavior becomes
+// valid, the network may be split between old and new nodes, because the old ones would ban peers
+// that exhibit such behavior. Also, 30 min doesn't make much sense for manual banning. So, we
+// should probably get rid of automatic banning and return the old duration for the manual banning.
+// But if we decide to keep the auto-ban functionality:
+// a) the config names should be changed to AutoBanDuration, AutoBanThreshold;
+// b) manual banning should have a separate ManualBanDuration; or event better, the ban duration
+// should be specified by the user via RPC and the config should become ManualBanDefaultDuration.
+// c) there should be the ability to turn auto-banning off, e.g. by setting the threshold to 0;
+// by default, auto banning should be turned off.
+make_config_setting!(BanDuration, Duration, Duration::from_secs(60 * 30));
+make_config_setting!(DiscouragementThreshold, u32, 100);
+make_config_setting!(
+    DiscouragementDuration,
+    Duration,
+    Duration::from_secs(60 * 60 * 24)
+);
+
+/// Settings related to banning and discouragement.
+#[derive(Default, Debug, Clone)]
+pub struct BanConfig {
+    /// The score threshold after which a peer is banned.
+    pub ban_threshold: BanThreshold,
+    /// The duration of a ban.
+    pub ban_duration: BanDuration,
+    /// The score threshold after which a peer becomes discouraged.
+    pub discouragement_threshold: DiscouragementThreshold,
+    /// The duration of discouragement.
+    pub discouragement_duration: DiscouragementDuration,
+}
diff --git a/p2p/src/config.rs b/p2p/src/config.rs
index 68152c556f..8ca2b012d4 100644
--- a/p2p/src/config.rs
+++ b/p2p/src/config.rs
@@ -21,15 +21,12 @@ use p2p_types::ip_or_socket_address::IpOrSocketAddress;
 use utils::make_config_setting;
 
 use crate::{
+    ban_config::BanConfig,
     net::types::services::{Service, Services},
-    peer_manager::PeerManagerConfig,
+    peer_manager::config::PeerManagerConfig,
     protocol::ProtocolConfig,
 };
 
-make_config_setting!(BanThreshold, u32, 100);
-// BanDuration is only 30 mins as a compromise between banning for a longer period of time
-// and not banning at all with alternative approaches such as discouragement
-make_config_setting!(BanDuration, Duration, Duration::from_secs(60 * 30));
 make_config_setting!(OutboundConnectionTimeout, Duration, Duration::from_secs(10));
 make_config_setting!(NodeTypeSetting, NodeType, NodeType::Full);
 make_config_setting!(AllowDiscoverPrivateIps, bool, false);
@@ -85,10 +82,8 @@ pub struct P2pConfig {
     pub reserved_nodes: Vec<IpOrSocketAddress>,
     /// Optional list of whitelisted addresses. Such addresses cannot be automatically banned.
     pub whitelisted_addresses: Vec<IpAddr>,
-    /// The score threshold after which a peer is banned.
-    pub ban_threshold: BanThreshold,
-    /// Duration of bans in seconds.
-    pub ban_duration: BanDuration,
+    /// Settings related to banning and discouragement.
+    pub ban_config: BanConfig,
     /// The outbound connection timeout value in seconds.
     pub outbound_connection_timeout: OutboundConnectionTimeout,
     /// How often send ping requests to peers
@@ -108,7 +103,7 @@ pub struct P2pConfig {
     pub user_agent: UserAgent,
     /// A timeout after which a peer is disconnected.
     pub sync_stalling_timeout: SyncStallingTimeout,
-    /// Various limits used internally by the peer manager; these should only be overridden in tests.
+    /// Various settings used internally by the peer manager.
     pub peer_manager_config: PeerManagerConfig,
     /// Various limits related to the protocol; these should only be overridden in tests.
     pub protocol_config: ProtocolConfig,
diff --git a/p2p/src/error.rs b/p2p/src/error.rs
index 6787982450..77cbcefd59 100644
--- a/p2p/src/error.rs
+++ b/p2p/src/error.rs
@@ -88,6 +88,8 @@ pub enum PeerError {
     },
     #[error("Address {0} is banned")]
     BannedAddress(String),
+    #[error("Address {0} is discouraged")]
+    DiscouragedAddress(String),
     #[error("PeerManager has too many peers")]
     TooManyPeers,
     #[error("Connection to address {0} already pending")]
diff --git a/p2p/src/lib.rs b/p2p/src/lib.rs
index 77856573f2..2843a3aea5 100644
--- a/p2p/src/lib.rs
+++ b/p2p/src/lib.rs
@@ -13,6 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+pub mod ban_config;
 pub mod config;
 pub mod error;
 pub mod interface;
diff --git a/p2p/src/peer_manager/config.rs b/p2p/src/peer_manager/config.rs
new file mode 100644
index 0000000000..739914cbbe
--- /dev/null
+++ b/p2p/src/peer_manager/config.rs
@@ -0,0 +1,141 @@
+// Copyright (c) 2021-2024 RBB S.r.l
+// opensource@mintlayer.org
+// SPDX-License-Identifier: MIT
+// Licensed under the MIT License;
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://github.com/mintlayer/mintlayer-core/blob/master/LICENSE
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use std::time::Duration;
+
+use utils::make_config_setting;
+
+use super::{
+    peerdb::config::PeerDbConfig,
+    peers_eviction::{
+        OutboundBlockRelayConnectionMinAge, OutboundFullRelayConnectionMinAge,
+        PreservedInboundCountAddressGroup, PreservedInboundCountNewBlocks,
+        PreservedInboundCountNewTransactions, PreservedInboundCountPing,
+    },
+};
+
+make_config_setting!(MaxInboundConnections, usize, 128);
+make_config_setting!(OutboundFullRelayCount, usize, 8);
+make_config_setting!(OutboundFullRelayExtraCount, usize, 1);
+make_config_setting!(OutboundBlockRelayCount, usize, 2);
+make_config_setting!(OutboundBlockRelayExtraCount, usize, 1);
+make_config_setting!(StaleTipTimeDiff, Duration, Duration::from_secs(30 * 60));
+make_config_setting!(MainLoopTickInterval, Duration, Duration::from_secs(1));
+make_config_setting!(
+    FeelerConnectionsInterval,
+    Duration,
+    Duration::from_secs(2 * 60)
+);
+make_config_setting!(EnableFeelerConnections, bool, true);
+make_config_setting!(ForceDnsQueryIfNoGlobalAddressesKnown, bool, false);
+make_config_setting!(AllowSameIpConnections, bool, false);
+
+// TODO: this name is too generic, because not all peer manager settings are contained here.
+// PeerManagerInternalConfig would be a better name.
+// Alternatively, we may want to actually put all peer manager settings here. If we do this,
+// it might be better to revise the entire structure of p2p config and make it more hierarchical.
+// E.g. we may have separate structs for backend, sync manager and peer manager settings at the
+// top level; then, eviction settings in PeerManagerConfig may go to their separate struct, etc.
+#[derive(Default, Debug, Clone)]
+pub struct PeerManagerConfig {
+    /// Maximum allowed number of inbound connections.
+    pub max_inbound_connections: MaxInboundConnections,
+
+    /// The number of inbound peers to preserve based on the address group.
+    pub preserved_inbound_count_address_group: PreservedInboundCountAddressGroup,
+    /// The number of inbound peers to preserve based on ping.
+    pub preserved_inbound_count_ping: PreservedInboundCountPing,
+    /// The number of inbound peers to preserve based on the last time they sent us new blocks.
+    pub preserved_inbound_count_new_blocks: PreservedInboundCountNewBlocks,
+    /// The number of inbound peers to preserve based on the last time they sent us new transactions.
+    pub preserved_inbound_count_new_transactions: PreservedInboundCountNewTransactions,
+
+    /// The desired maximum number of full relay outbound connections.
+    /// Note that this limit may be exceeded temporarily by up to outbound_full_relay_extra_count
+    /// connections.
+    pub outbound_full_relay_count: OutboundFullRelayCount,
+    /// The number of extra full relay connections that we may establish when a stale tip
+    /// is detected.
+    pub outbound_full_relay_extra_count: OutboundFullRelayExtraCount,
+
+    /// The desired maximum number of block relay outbound connections.
+    /// Note that this limit may be exceeded temporarily by up to outbound_block_relay_extra_count
+    /// connections.
+    pub outbound_block_relay_count: OutboundBlockRelayCount,
+    /// The number of extra block relay connections that we will establish and evict regularly.
+    pub outbound_block_relay_extra_count: OutboundBlockRelayExtraCount,
+
+    /// Outbound block relay connections younger than this age will not be taken into account
+    /// during eviction.
+    /// Note that extra block relay connections are established and evicted on a regular basis
+    /// during normal operation. So, this interval basically determines how often those extra
+    /// connections will come and go.
+    pub outbound_block_relay_connection_min_age: OutboundBlockRelayConnectionMinAge,
+    /// Outbound full relay connections younger than this age will not be taken into account
+    /// during eviction.
+    /// Note that extra full relay connections are established if the current tip becomes stale.
+    pub outbound_full_relay_connection_min_age: OutboundFullRelayConnectionMinAge,
+
+    /// The time after which the tip will be considered stale.
+    pub stale_tip_time_diff: StaleTipTimeDiff,
+
+    /// How often the main loop should be woken up when no other events occur.
+    pub main_loop_tick_interval: MainLoopTickInterval,
+
+    /// Whether feeler connections should be enabled.
+    pub enable_feeler_connections: EnableFeelerConnections,
+    /// The minimum interval between feeler connections.
+    pub feeler_connections_interval: FeelerConnectionsInterval,
+
+    /// If true, the node will perform an early dns query if the peer db doesn't contain
+    /// any global addresses at startup (more precisely, the ones for which is_global_unicast_ip
+    /// returns true).
+    ///
+    /// Note that this is mainly needed to speed up the startup of the test
+    /// nodes in build-tools/p2p-test. Those nodes always start with a boot_nodes
+    /// list that contains addresses of their siblings, which are always some private ips;
+    /// therefore, they all will have peers from the beginning, which will prevent normal
+    /// dns queries, but will be unable to obtain blocks until stale_tip_time_diff has elapsed,
+    /// which is 30 min by default. Setting this option to true will force the peer manager
+    /// to perform an early dns query in such a situation.
+    pub force_dns_query_if_no_global_addresses_known: ForceDnsQueryIfNoGlobalAddressesKnown,
+
+    /// If true, multiple connections to the same ip address (but using a different port) will
+    /// always be allowed.
+    ///
+    /// Normally, the peer manager won't always allow connecting to the same ip using a different
+    /// port; e.g. if an inbound connection exists, a new outbound connection to the same ip
+    /// will only be allowed if it's manual. This may be inconvenient for some (legacy) unit tests,
+    /// so they can set this option to true to override this behavior.
+    /// TODO: consider rewriting tests that need this option and remove it.
+    pub allow_same_ip_connections: AllowSameIpConnections,
+
+    /// Peer db configuration.
+    pub peerdb_config: PeerDbConfig,
+}
+
+impl PeerManagerConfig {
+    pub fn total_preserved_inbound_count(&self) -> usize {
+        *self.preserved_inbound_count_address_group
+            + *self.preserved_inbound_count_ping
+            + *self.preserved_inbound_count_new_blocks
+            + *self.preserved_inbound_count_new_transactions
+    }
+
+    /// The desired maximum number of automatic outbound connections.
+    pub fn outbound_full_and_block_relay_count(&self) -> usize {
+        *self.outbound_full_relay_count + *self.outbound_block_relay_count
+    }
+}
diff --git a/p2p/src/peer_manager/mod.rs b/p2p/src/peer_manager/mod.rs
index 278efb3429..6563795c10 100644
--- a/p2p/src/peer_manager/mod.rs
+++ b/p2p/src/peer_manager/mod.rs
@@ -17,6 +17,7 @@
 
 mod addr_list_response_cache;
 pub mod address_groups;
+pub mod config;
 pub mod dns_seed;
 pub mod peer_context;
 pub mod peerdb;
@@ -45,10 +46,7 @@ use common::{
 };
 use crypto::random::{make_pseudo_rng, seq::IteratorRandom, Rng};
 use logging::log;
-use utils::{
-    bloom_filters::rolling_bloom_filter::RollingBloomFilter, ensure, make_config_setting,
-    set_flag::SetFlag,
-};
+use utils::{bloom_filters::rolling_bloom_filter::RollingBloomFilter, ensure, set_flag::SetFlag};
 
 use crate::{
     config::P2pConfig,
@@ -81,122 +79,9 @@ use self::{
     address_groups::AddressGroup,
     dns_seed::{DefaultDnsSeed, DnsSeed},
     peer_context::{PeerContext, SentPing},
-    peerdb::{config::PeerDbConfig, storage::PeerDbStorage},
-    peers_eviction::{
-        OutboundBlockRelayConnectionMinAge, OutboundFullRelayConnectionMinAge,
-        PreservedInboundCountAddressGroup, PreservedInboundCountNewBlocks,
-        PreservedInboundCountNewTransactions, PreservedInboundCountPing,
-    },
+    peerdb::storage::PeerDbStorage,
 };
 
-#[derive(Default, Debug, Clone)]
-pub struct PeerManagerConfig {
-    /// Maximum allowed number of inbound connections.
-    pub max_inbound_connections: MaxInboundConnections,
-
-    /// The number of inbound peers to preserve based on the address group.
-    pub preserved_inbound_count_address_group: PreservedInboundCountAddressGroup,
-    /// The number of inbound peers to preserve based on ping.
-    pub preserved_inbound_count_ping: PreservedInboundCountPing,
-    /// The number of inbound peers to preserve based on the last time they sent us new blocks.
-    pub preserved_inbound_count_new_blocks: PreservedInboundCountNewBlocks,
-    /// The number of inbound peers to preserve based on the last time they sent us new transactions.
-    pub preserved_inbound_count_new_transactions: PreservedInboundCountNewTransactions,
-
-    /// The desired maximum number of full relay outbound connections.
-    /// Note that this limit may be exceeded temporarily by up to outbound_full_relay_extra_count
-    /// connections.
-    pub outbound_full_relay_count: OutboundFullRelayCount,
-    /// The number of extra full relay connections that we may establish when a stale tip
-    /// is detected.
-    pub outbound_full_relay_extra_count: OutboundFullRelayExtraCount,
-
-    /// The desired maximum number of block relay outbound connections.
-    /// Note that this limit may be exceeded temporarily by up to outbound_block_relay_extra_count
-    /// connections.
-    pub outbound_block_relay_count: OutboundBlockRelayCount,
-    /// The number of extra block relay connections that we will establish and evict regularly.
-    pub outbound_block_relay_extra_count: OutboundBlockRelayExtraCount,
-
-    /// Outbound block relay connections younger than this age will not be taken into account
-    /// during eviction.
-    /// Note that extra block relay connections are established and evicted on a regular basis
-    /// during normal operation. So, this interval basically determines how often those extra
-    /// connections will come and go.
-    pub outbound_block_relay_connection_min_age: OutboundBlockRelayConnectionMinAge,
-    /// Outbound full relay connections younger than this age will not be taken into account
-    /// during eviction.
-    /// Note that extra full relay connections are established if the current tip becomes stale.
-    pub outbound_full_relay_connection_min_age: OutboundFullRelayConnectionMinAge,
-
-    /// The time after which the tip will be considered stale.
-    pub stale_tip_time_diff: StaleTipTimeDiff,
-
-    /// How often the main loop should be woken up when no other events occur.
-    pub main_loop_tick_interval: MainLoopTickInterval,
-
-    /// Whether feeler connections should be enabled.
-    pub enable_feeler_connections: EnableFeelerConnections,
-    /// The minimum interval between feeler connections.
-    pub feeler_connections_interval: FeelerConnectionsInterval,
-
-    /// If true, the node will perform an early dns query if the peer db doesn't contain
-    /// any global addresses at startup (more precisely, the ones for which is_global_unicast_ip
-    /// returns true).
-    ///
-    /// Note that this is mainly needed to speed up the startup of the test
-    /// nodes in build-tools/p2p-test. Those nodes always start with a boot_nodes
-    /// list that contains addresses of their siblings, which are always some private ips;
-    /// therefore, they all will have peers from the beginning, which will prevent normal
-    /// dns queries, but will be unable to obtain blocks until stale_tip_time_diff has elapsed,
-    /// which is 30 min by default. Setting this option to true will force the peer manager
-    /// to perform an early dns query in such a situation.
-    pub force_dns_query_if_no_global_addresses_known: ForceDnsQueryIfNoGlobalAddressesKnown,
-
-    /// If true, multiple connections to the same ip address (but using a different port) will
-    /// always be allowed.
-    ///
-    /// Normally, the peer manager won't always allow connecting to the same ip using a different
-    /// port; e.g. if an inbound connection exists, a new outbound connection to the same ip
-    /// will only be allowed if it's manual. This may be inconvenient for some (legacy) unit tests,
-    /// so they can set this option to true to override this behavior.
-    /// TODO: consider rewriting tests that need this option and remove it.
-    pub allow_same_ip_connections: AllowSameIpConnections,
-
-    /// Peer db configuration.
-    pub peerdb_config: PeerDbConfig,
-}
-
-impl PeerManagerConfig {
-    pub fn total_preserved_inbound_count(&self) -> usize {
-        *self.preserved_inbound_count_address_group
-            + *self.preserved_inbound_count_ping
-            + *self.preserved_inbound_count_new_blocks
-            + *self.preserved_inbound_count_new_transactions
-    }
-
-    /// The desired maximum number of automatic outbound connections.
-    pub fn outbound_full_and_block_relay_count(&self) -> usize {
-        *self.outbound_full_relay_count + *self.outbound_block_relay_count
-    }
-}
-
-make_config_setting!(MaxInboundConnections, usize, 128);
-make_config_setting!(OutboundFullRelayCount, usize, 8);
-make_config_setting!(OutboundFullRelayExtraCount, usize, 1);
-make_config_setting!(OutboundBlockRelayCount, usize, 2);
-make_config_setting!(OutboundBlockRelayExtraCount, usize, 1);
-make_config_setting!(StaleTipTimeDiff, Duration, Duration::from_secs(30 * 60));
-make_config_setting!(MainLoopTickInterval, Duration, Duration::from_secs(1));
-make_config_setting!(
-    FeelerConnectionsInterval,
-    Duration,
-    Duration::from_secs(2 * 60)
-);
-make_config_setting!(EnableFeelerConnections, bool, true);
-make_config_setting!(ForceDnsQueryIfNoGlobalAddressesKnown, bool, false);
-make_config_setting!(AllowSameIpConnections, bool, false);
-
 /// Lower bound for how often [`PeerManager::heartbeat()`] is called
 pub const HEARTBEAT_INTERVAL_MIN: Duration = Duration::from_secs(5);
 /// Upper bound for how often [`PeerManager::heartbeat()`] is called
@@ -544,13 +429,8 @@ where
 
     /// Adjust peer score
     ///
-    /// If the peer is known, update its existing peer score and report
-    /// if it should be disconnected when score reached the threshold.
-    /// Unknown peers are reported as to be disconnected.
-    ///
-    /// If peer is banned, it is removed from the connected peers
-    /// and its address is marked as banned.
-    fn adjust_peer_score(&mut self, peer_id: PeerId, score: u32) {
+    /// Discourage and/or ban the peer if the score reaches the corresponding threshold.
+    fn adjust_peer_score(&mut self, peer_id: PeerId, score_adjustment: u32) {
         let peer = match self.peers.get(&peer_id) {
             Some(peer) => peer,
             None => return,
@@ -558,7 +438,7 @@ where
 
         if self.is_whitelisted_node(peer.peer_role, &peer.peer_address) {
             log::info!(
-                "Not adjusting peer score for the whitelisted peer {peer_id}, adjustment {score}",
+                "Not adjusting peer score for the whitelisted peer {peer_id}, adjustment {score_adjustment}",
             );
             return;
         }
@@ -568,27 +448,31 @@ where
             None => return,
         };
 
-        peer.score = peer.score.saturating_add(score);
+        let new_score = peer.score.saturating_add(score_adjustment);
+        let peer_address = peer.peer_address.as_bannable();
+        peer.score = new_score;
 
         log::info!(
-            "Adjusting peer score for peer {peer_id}, adjustment {score}, new score {}",
-            peer.score
+            "Adjusting peer score for peer {peer_id}, adjustment {score_adjustment}, new score {new_score}",
         );
 
         if let Some(o) = self.observer.as_mut() {
             o.on_peer_ban_score_adjustment(peer.peer_address, peer.score)
         }
 
-        if peer.score >= *self.p2p_config.ban_threshold {
-            let address = peer.peer_address.as_bannable();
-            self.ban(address);
+        if new_score >= *self.p2p_config.ban_config.ban_threshold {
+            self.ban(peer_address);
+        }
+
+        if new_score >= *self.p2p_config.ban_config.discouragement_threshold {
+            self.discourage(peer_address);
         }
     }
 
     /// Adjust peer score after a failed handshake.
     ///
     /// Note that currently intermediate scores are not stored in the peer db, so this call will
-    /// only make any effect if the passed score is bigger than the ban threshold.
+    /// only make any effect if the passed score is bigger than the threshold.
     fn adjust_peer_score_on_failed_handshake(&mut self, peer_address: SocketAddress, score: u32) {
         let whitelisted_node =
             self.pending_outbound_connects
@@ -610,10 +494,15 @@ where
             o.on_peer_ban_score_adjustment(peer_address, score);
         }
 
-        if score >= *self.p2p_config.ban_threshold {
+        if score >= *self.p2p_config.ban_config.ban_threshold {
             let address = peer_address.as_bannable();
             self.ban(address);
         }
+
+        if score >= *self.p2p_config.ban_config.discouragement_threshold {
+            let address = peer_address.as_bannable();
+            self.discourage(address);
+        }
     }
 
     fn ban(&mut self, address: BannableAddress) {
@@ -629,7 +518,11 @@ where
             })
             .collect::<Vec<_>>();
 
-        log::info!("Ban {:?}, disconnect peers: {:?}", address, to_disconnect);
+        log::info!(
+            "Banning {:?}, the following peers will be disconnected: {:?}",
+            address,
+            to_disconnect
+        );
 
         self.peerdb.ban(address);
 
@@ -642,6 +535,16 @@ where
         }
     }
 
+    fn discourage(&mut self, address: BannableAddress) {
+        log::info!("Discouraging {address:?}");
+
+        self.peerdb.discourage(address);
+
+        if let Some(o) = self.observer.as_mut() {
+            o.on_peer_discouragement(address);
+        }
+    }
+
     /// Try to initiate a new outbound connection
     ///
     /// This function doesn't block on the call but sends a command to the
@@ -661,11 +564,17 @@ where
         self.maybe_reject_because_already_connected(&address, peer_role)?;
 
         let bannable_address = address.as_bannable();
+        let is_reserved = self.peerdb.is_reserved_node(&address);
+        let is_banned = self.peerdb.is_address_banned(&bannable_address);
+        let is_discouraged = self.peerdb.is_address_discouraged(&bannable_address);
         ensure!(
-            !self.peerdb.is_address_banned(&bannable_address)
-                || self.peerdb.is_reserved_node(&address),
+            !is_banned || is_reserved,
             P2pError::PeerError(PeerError::BannedAddress(address.to_string())),
         );
+        ensure!(
+            !is_discouraged || is_reserved,
+            P2pError::PeerError(PeerError::DiscouragedAddress(address.to_string())),
+        );
 
         self.peer_connectivity_handle.connect(address, local_services_override)?;
 
@@ -789,7 +698,11 @@ where
         // Ok and for outbound ones we've already called it in try_connect. But new connections
         // might have appeared since try_connect was called, so the call below is not redundant.
         self.maybe_reject_because_already_connected(address, peer_role)?;
-
+        
+        // Note: for outbound connections, ban and discouragement statuses have already been
+        // checked in try_connect, so when we do the checks here, they'll only work for
+        // inbound connections. And since inbound connections from discouraged addresses are
+        // allowed, we only check the banned status here.
         ensure!(
             !self.peerdb.is_address_banned(&address.as_bannable()),
             P2pError::PeerError(PeerError::BannedAddress(address.to_string())),
@@ -853,7 +766,13 @@ where
                     && !self.pending_disconnects.contains_key(&peer.info.peer_id)
             })
             .map(|peer| {
-                peers_eviction::EvictionCandidate::new(peer, &self.peer_eviction_random_state, now)
+                let addr = peer.peer_address.as_bannable();
+                peers_eviction::EvictionCandidate::new(
+                    peer,
+                    &self.peer_eviction_random_state,
+                    now,
+                    self.peerdb.is_address_banned_or_discouraged(&addr),
+                )
             })
             .collect()
     }
@@ -865,6 +784,7 @@ where
         if let Some(peer_id) = peers_eviction::select_for_eviction_inbound(
             self.eviction_candidates(PeerRole::Inbound),
             &self.p2p_config.peer_manager_config,
+            &mut make_pseudo_rng(),
         ) {
             log::info!("inbound peer {peer_id} is selected for eviction");
             self.disconnect(peer_id, PeerDisconnectionDbAction::Keep, None);
@@ -880,6 +800,7 @@ where
             self.eviction_candidates(PeerRole::OutboundBlockRelay),
             &self.p2p_config.peer_manager_config,
             self.time_getter.get_time(),
+            &mut make_pseudo_rng(),
         ) {
             log::info!("block relay peer {peer_id} is selected for eviction");
             self.disconnect(peer_id, PeerDisconnectionDbAction::Keep, None);
@@ -892,6 +813,7 @@ where
             self.eviction_candidates(PeerRole::OutboundFullRelay),
             &self.p2p_config.peer_manager_config,
             self.time_getter.get_time(),
+            &mut make_pseudo_rng(),
         ) {
             log::info!("full relay peer {peer_id} is selected for eviction");
             self.disconnect(peer_id, PeerDisconnectionDbAction::Keep, None);
@@ -1227,7 +1149,7 @@ where
     /// establish new connections. After that it updates the peer scores and discards any records
     /// that no longer need to be stored.
     fn heartbeat(&mut self) {
-        // Expired banned addresses are dropped here, keep this call!
+        // Expired banned and discouraged addresses are dropped here.
         self.peerdb.heartbeat();
 
         self.establish_new_connections();
@@ -1360,7 +1282,9 @@ where
             && cur_feeler_conn_count == 0
             && now >= self.next_feeler_connection_time
         {
-            if let Some(address) = self.peerdb.select_non_reserved_address_from_new_addr_table() {
+            if let Some(address) =
+                self.peerdb.select_non_reserved_outbound_address_from_new_addr_table()
+            {
                 self.connect(address, OutboundConnectType::Feeler);
                 self.next_feeler_connection_time =
                     Self::choose_next_feeler_connection_time(&self.p2p_config, now);
@@ -1399,13 +1323,15 @@ where
 
             self.peerdb.peer_discovered(address);
 
-            let peer_ids = self
-                .subscribed_to_peer_addresses
-                .iter()
-                .cloned()
-                .choose_multiple(&mut make_pseudo_rng(), PEER_ADDRESS_RESEND_COUNT);
-            for new_peer_id in peer_ids {
-                self.announce_address(new_peer_id, address);
+            if !self.peerdb.is_address_banned_or_discouraged(&address.as_bannable()) {
+                let peer_ids = self
+                    .subscribed_to_peer_addresses
+                    .iter()
+                    .cloned()
+                    .choose_multiple(&mut make_pseudo_rng(), PEER_ADDRESS_RESEND_COUNT);
+                for new_peer_id in peer_ids {
+                    self.announce_address(new_peer_id, address);
+                }
             }
         }
     }
@@ -1428,10 +1354,23 @@ where
             .get_or_create(peer, now, || {
                 self.peerdb
                     .known_addresses()
-                    .map(SocketAddress::as_peer_address)
-                    .filter(|address| Self::is_peer_address_valid(address, &self.p2p_config))
+                    .filter_map(|address| {
+                        let peer_addr = address.as_peer_address();
+                        let bannable_addr = address.as_bannable();
+                        if Self::is_peer_address_valid(&peer_addr, &self.p2p_config)
+                            && !self.peerdb.is_address_banned_or_discouraged(&bannable_addr)
+                        {
+                            Some(peer_addr)
+                        } else {
+                            None
+                        }
+                    })
                     .choose_multiple(&mut make_pseudo_rng(), max_addr_count)
             })
+            // Note: some of the addresses may have become banned or discouraged after they've been
+            // cached. It's not clear whether it's better to filter them out here, which will
+            // reveal to peers what addresses we've ban or discouraged, or keep them as is.
+            // But it's probably not that important.
             .clone();
 
         assert!(addresses.len() <= max_addr_count);
@@ -2122,6 +2061,7 @@ where
 pub trait Observer {
     fn on_peer_ban_score_adjustment(&mut self, address: SocketAddress, new_score: u32);
     fn on_peer_ban(&mut self, address: BannableAddress);
+    fn on_peer_discouragement(&mut self, address: BannableAddress);
     // This will be called at the end of "heartbeat" function.
     fn on_heartbeat(&mut self);
     // This will be called for both incoming and outgoing connections.
@@ -2133,10 +2073,10 @@ pub trait PeerManagerInterface {
     fn peers(&self) -> &BTreeMap<PeerId, PeerContext>;
 
     #[cfg(test)]
-    fn peerdb(&self) -> &dyn peerdb::PeerDbInterface;
+    fn peer_db(&self) -> &dyn peerdb::PeerDbInterface;
 
     #[cfg(test)]
-    fn peerdb_mut(&mut self) -> &mut dyn peerdb::PeerDbInterface;
+    fn peer_db_mut(&mut self) -> &mut dyn peerdb::PeerDbInterface;
 }
 
 impl<T, S> PeerManagerInterface for PeerManager<T, S>
@@ -2151,12 +2091,12 @@ where
     }
 
     #[cfg(test)]
-    fn peerdb(&self) -> &dyn peerdb::PeerDbInterface {
+    fn peer_db(&self) -> &dyn peerdb::PeerDbInterface {
         &self.peerdb
     }
 
     #[cfg(test)]
-    fn peerdb_mut(&mut self) -> &mut dyn peerdb::PeerDbInterface {
+    fn peer_db_mut(&mut self) -> &mut dyn peerdb::PeerDbInterface {
         &mut self.peerdb
     }
 }
diff --git a/p2p/src/peer_manager/peerdb/mod.rs b/p2p/src/peer_manager/peerdb/mod.rs
index f6268f2be7..6e327376df 100644
--- a/p2p/src/peer_manager/peerdb/mod.rs
+++ b/p2p/src/peer_manager/peerdb/mod.rs
@@ -58,7 +58,7 @@ use super::{
 };
 
 pub use storage::StorageVersion;
-pub use storage_load::open_storage;
+pub use storage_load::{open_storage, CURRENT_STORAGE_VERSION};
 
 pub struct PeerDb<S> {
     /// P2P configuration
@@ -82,6 +82,9 @@ pub struct PeerDb<S> {
     /// Banned addresses along with the ban expiration time.
     banned_addresses: BTreeMap<BannableAddress, Time>,
 
+    /// Discouraged addresses along with the discouragement expiration time.
+    discouraged_addresses: BTreeMap<BannableAddress, Time>,
+
     /// Anchor addresses
     anchor_addresses: BTreeSet<SocketAddress>,
 
@@ -103,6 +106,7 @@ impl<S: PeerDbStorage> PeerDb<S> {
         let LoadedStorage {
             known_addresses,
             banned_addresses,
+            discouraged_addresses,
             anchor_addresses,
             salt,
         } = LoadedStorage::load_storage(&storage, &p2p_config.peer_manager_config.peerdb_config)?;
@@ -177,6 +181,7 @@ impl<S: PeerDbStorage> PeerDb<S> {
             reserved_nodes,
             address_tables,
             banned_addresses,
+            discouraged_addresses,
             anchor_addresses,
             p2p_config,
             time_getter,
@@ -239,6 +244,7 @@ impl<S: PeerDbStorage> PeerDb<S> {
                     && !cur_outbound_conn_addr_groups
                         .contains(&AddressGroup::from_peer_address(&addr.as_peer_address()))
                     && !self.banned_addresses.contains_key(&addr.as_bannable())
+                    && !self.discouraged_addresses.contains_key(&addr.as_bannable())
                     && additional_filter(addr)
             }
             None => {
@@ -289,7 +295,9 @@ impl<S: PeerDbStorage> PeerDb<S> {
         addr_group_to_addr_map.values().copied().collect()
     }
 
-    pub fn select_non_reserved_address_from_new_addr_table(&self) -> Option<SocketAddress> {
+    pub fn select_non_reserved_outbound_address_from_new_addr_table(
+        &self,
+    ) -> Option<SocketAddress> {
         let now = self.time_getter.get_time();
 
         self.address_tables
@@ -298,7 +306,7 @@ impl<S: PeerDbStorage> PeerDb<S> {
                 Some(addr_data) => {
                     addr_data.connect_now(now)
                         && !addr_data.reserved()
-                        && !self.banned_addresses.contains_key(&addr.as_bannable())
+                        && !self.is_address_banned_or_discouraged(&addr.as_bannable())
                 }
                 None => {
                     debug_assert!(false, "Address {addr} not found in self.addresses");
@@ -344,7 +352,7 @@ impl<S: PeerDbStorage> PeerDb<S> {
         });
 
         self.banned_addresses.retain(|addr, banned_till| {
-            let banned = now <= *banned_till;
+            let banned = now < *banned_till;
 
             if !banned {
                 update_db(&self.storage, |tx| tx.del_banned_address(addr))
@@ -353,6 +361,17 @@ impl<S: PeerDbStorage> PeerDb<S> {
 
             banned
         });
+
+        self.discouraged_addresses.retain(|addr, discouraged_till| {
+            let discouraged = now < *discouraged_till;
+
+            if !discouraged {
+                update_db(&self.storage, |tx| tx.del_discouraged_address(addr))
+                    .expect("removing discouraged address is expected to succeed");
+            }
+
+            discouraged
+        });
     }
 
     /// Add a new peer address
@@ -539,24 +558,48 @@ impl<S: PeerDbStorage> PeerDb<S> {
 
     /// Changes the address state to banned
     pub fn ban(&mut self, address: BannableAddress) {
-        let ban_till = (self.time_getter.get_time() + *self.p2p_config.ban_duration)
+        let ban_till = (self.time_getter.get_time() + *self.p2p_config.ban_config.ban_duration)
             .expect("Ban duration is expected to be valid");
 
         update_db(&self.storage, |tx| {
             tx.add_banned_address(&address, ban_till)
         })
-        .expect("adding banned address is expected to succeed (ban_peer)");
+        .expect("adding banned address is expected to succeed");
 
         self.banned_addresses.insert(address, ban_till);
     }
 
     pub fn unban(&mut self, address: &BannableAddress) {
         update_db(&self.storage, |tx| tx.del_banned_address(address))
-            .expect("adding banned address is expected to succeed (ban_peer)");
+            .expect("removing banned address is expected to succeed");
 
         self.banned_addresses.remove(address);
     }
 
+    /// Checks if the given address is discouraged
+    pub fn is_address_discouraged(&self, address: &BannableAddress) -> bool {
+        self.discouraged_addresses.contains_key(address)
+    }
+
+    /// Changes the address state to discouraged
+    pub fn discourage(&mut self, address: BannableAddress) {
+        // TODO: do we need to prolong the discouragement if the peer continues misbehaving?
+        let discourage_till = (self.time_getter.get_time()
+            + *self.p2p_config.ban_config.discouragement_duration)
+            .expect("Discouragement duration is expected to be valid");
+
+        update_db(&self.storage, |tx| {
+            tx.add_discouraged_address(&address, discourage_till)
+        })
+        .expect("adding discouraged address is expected to succeed");
+
+        self.discouraged_addresses.insert(address, discourage_till);
+    }
+
+    pub fn is_address_banned_or_discouraged(&self, address: &BannableAddress) -> bool {
+        self.is_address_banned(address) || self.is_address_discouraged(address)
+    }
+
     pub fn anchors(&self) -> &BTreeSet<SocketAddress> {
         &self.anchor_addresses
     }
@@ -596,10 +639,21 @@ impl<S: PeerDbStorage> PeerDb<S> {
 }
 
 pub trait PeerDbInterface {
+    fn is_address_banned(&self, address: &BannableAddress) -> bool;
+    fn is_address_discouraged(&self, address: &BannableAddress) -> bool;
+
     fn peer_discovered(&mut self, address: SocketAddress);
 }
 
 impl<S: PeerDbStorage> PeerDbInterface for PeerDb<S> {
+    fn is_address_banned(&self, address: &BannableAddress) -> bool {
+        self.is_address_banned(address)
+    }
+
+    fn is_address_discouraged(&self, address: &BannableAddress) -> bool {
+        self.is_address_discouraged(address)
+    }
+
     fn peer_discovered(&mut self, address: SocketAddress) {
         self.peer_discovered(address)
     }
diff --git a/p2p/src/peer_manager/peerdb/storage.rs b/p2p/src/peer_manager/peerdb/storage.rs
index 2aa82ff16b..ecd16c0314 100644
--- a/p2p/src/peer_manager/peerdb/storage.rs
+++ b/p2p/src/peer_manager/peerdb/storage.rs
@@ -47,6 +47,8 @@ pub trait PeerDbStorageRead {
 
     fn get_banned_addresses(&self) -> crate::Result<Vec<(BannableAddress, Time)>>;
 
+    fn get_discouraged_addresses(&self) -> crate::Result<Vec<(BannableAddress, Time)>>;
+
     fn get_anchor_addresses(&self) -> crate::Result<Vec<SocketAddress>>;
 }
 
@@ -67,6 +69,13 @@ pub trait PeerDbStorageWrite {
     fn add_banned_address(&mut self, address: &BannableAddress, time: Time) -> crate::Result<()>;
     fn del_banned_address(&mut self, address: &BannableAddress) -> crate::Result<()>;
 
+    fn add_discouraged_address(
+        &mut self,
+        address: &BannableAddress,
+        time: Time,
+    ) -> crate::Result<()>;
+    fn del_discouraged_address(&mut self, address: &BannableAddress) -> crate::Result<()>;
+
     fn add_anchor_address(&mut self, address: &SocketAddress) -> crate::Result<()>;
     fn del_anchor_address(&mut self, address: &SocketAddress) -> crate::Result<()>;
 }
diff --git a/p2p/src/peer_manager/peerdb/storage_impl.rs b/p2p/src/peer_manager/peerdb/storage_impl.rs
index 1857e164db..c2e280f9c4 100644
--- a/p2p/src/peer_manager/peerdb/storage_impl.rs
+++ b/p2p/src/peer_manager/peerdb/storage_impl.rs
@@ -42,9 +42,14 @@ storage::decl_schema! {
         /// Table for known addresses
         pub DBKnownAddresses: Map<String, KnownAddressState>,
 
-        /// Table for banned addresses vs when they can be unbanned (Duration is timestamp since UNIX Epoch)
+        /// Table for banned addresses vs the time when they should be unbanned
+        /// (Duration is a timestamp since UNIX Epoch)
         pub DBBannedAddresses: Map<String, Duration>,
 
+        /// Table for discouraged addresses vs the time when the discouragement should expire
+        /// (Duration is a timestamp since UNIX Epoch)
+        pub DBDiscouragedAddresses: Map<String, Duration>,
+
         /// Table for anchor peers addresses
         pub DBAnchorAddresses: Map<String, ()>,
     }
@@ -95,6 +100,21 @@ impl<'st, B: storage::Backend> PeerDbStorageWrite for PeerDbStoreTxRw<'st, B> {
         Ok(self.storage().get_mut::<DBBannedAddresses, _>().del(address.to_string())?)
     }
 
+    fn add_discouraged_address(
+        &mut self,
+        address: &BannableAddress,
+        time: Time,
+    ) -> crate::Result<()> {
+        Ok(self
+            .storage()
+            .get_mut::<DBDiscouragedAddresses, _>()
+            .put(address.to_string(), time.as_duration_since_epoch())?)
+    }
+
+    fn del_discouraged_address(&mut self, address: &BannableAddress) -> crate::Result<()> {
+        Ok(self.storage().get_mut::<DBDiscouragedAddresses, _>().del(address.to_string())?)
+    }
+
     fn add_anchor_address(&mut self, address: &SocketAddress) -> crate::Result<()> {
         Ok(self.storage().get_mut::<DBAnchorAddresses, _>().put(address.to_string(), ())?)
     }
@@ -159,6 +179,19 @@ impl<'st, B: storage::Backend> PeerDbStorageRead for PeerDbStoreTxRo<'st, B> {
         itertools::process_results(iter, |iter| iter.collect::<Vec<_>>())
     }
 
+    fn get_discouraged_addresses(&self) -> crate::Result<Vec<(BannableAddress, Time)>> {
+        let map = self.storage().get::<DBDiscouragedAddresses, _>();
+        let iter = map.prefix_iter_decoded(&())?.map(|(addr_str, dur)| {
+            let addr = addr_str.parse::<BannableAddress>().map_err(|err| {
+                P2pError::InvalidStorageState(format!(
+                    "Error parsing address from {addr_str:?}: {err}"
+                ))
+            })?;
+            Ok((addr, Time::from_duration_since_epoch(dur)))
+        });
+        itertools::process_results(iter, |iter| iter.collect::<Vec<_>>())
+    }
+
     fn get_anchor_addresses(&self) -> crate::Result<Vec<SocketAddress>> {
         let map = self.storage().get::<DBAnchorAddresses, _>();
         let iter = map.prefix_iter_decoded(&())?.map(|(addr_str, _)| {
diff --git a/p2p/src/peer_manager/peerdb/storage_load.rs b/p2p/src/peer_manager/peerdb/storage_load.rs
index 9d0c112db6..49245f0317 100644
--- a/p2p/src/peer_manager/peerdb/storage_load.rs
+++ b/p2p/src/peer_manager/peerdb/storage_load.rs
@@ -32,11 +32,12 @@ use super::{
     storage_impl::PeerDbStorageImpl,
 };
 
-const CURRENT_STORAGE_VERSION: StorageVersion = StorageVersion::new(2);
+pub const CURRENT_STORAGE_VERSION: StorageVersion = StorageVersion::new(3);
 
 pub struct LoadedStorage {
     pub known_addresses: BTreeMap<SocketAddress, KnownAddressState>,
     pub banned_addresses: BTreeMap<BannableAddress, Time>,
+    pub discouraged_addresses: BTreeMap<BannableAddress, Time>,
     pub anchor_addresses: BTreeSet<SocketAddress>,
     pub salt: Salt,
 }
@@ -52,7 +53,7 @@ impl LoadedStorage {
 
         match version {
             None => Self::init_storage(storage, peerdb_config),
-            Some(CURRENT_STORAGE_VERSION) => Self::load_storage_v2(storage),
+            Some(CURRENT_STORAGE_VERSION) => Self::load_storage_v3(storage),
             Some(version) => Err(P2pError::PeerDbStorageVersionMismatch {
                 expected_version: CURRENT_STORAGE_VERSION,
                 actual_version: version,
@@ -74,12 +75,13 @@ impl LoadedStorage {
         Ok(LoadedStorage {
             known_addresses: BTreeMap::new(),
             banned_addresses: BTreeMap::new(),
+            discouraged_addresses: BTreeMap::new(),
             anchor_addresses: BTreeSet::new(),
             salt,
         })
     }
 
-    fn load_storage_v2<S: PeerDbStorage>(storage: &S) -> crate::Result<LoadedStorage> {
+    fn load_storage_v3<S: PeerDbStorage>(storage: &S) -> crate::Result<LoadedStorage> {
         let tx = storage.transaction_ro()?;
 
         let known_addresses = tx.get_known_addresses()?.iter().copied().collect::<BTreeMap<_, _>>();
@@ -87,6 +89,9 @@ impl LoadedStorage {
         let banned_addresses =
             tx.get_banned_addresses()?.iter().copied().collect::<BTreeMap<_, _>>();
 
+        let discouraged_addresses =
+            tx.get_discouraged_addresses()?.iter().copied().collect::<BTreeMap<_, _>>();
+
         let anchor_addresses = tx.get_anchor_addresses()?.iter().copied().collect::<BTreeSet<_>>();
 
         let salt = tx
@@ -96,6 +101,7 @@ impl LoadedStorage {
         Ok(LoadedStorage {
             known_addresses,
             banned_addresses,
+            discouraged_addresses,
             anchor_addresses,
             salt,
         })
diff --git a/p2p/src/peer_manager/peerdb/tests.rs b/p2p/src/peer_manager/peerdb/tests.rs
index 32bd3a50f2..57e076be82 100644
--- a/p2p/src/peer_manager/peerdb/tests.rs
+++ b/p2p/src/peer_manager/peerdb/tests.rs
@@ -24,14 +24,12 @@ use itertools::Itertools;
 use rstest::rstest;
 
 use ::test_utils::random::{make_seedable_rng, Seed};
-use common::{
-    chain::config::create_unit_test_config, primitives::user_agent::mintlayer_core_user_agent,
-};
+use common::chain::config::create_unit_test_config;
 use crypto::random::Rng;
 use p2p_test_utils::P2pBasicTestTimeGetter;
 
 use crate::{
-    config::P2pConfig,
+    ban_config::BanConfig,
     peer_manager::{
         peerdb::{
             address_data::{self, PURGE_REACHABLE_FAIL_COUNT, PURGE_UNREACHABLE_TIME},
@@ -41,8 +39,8 @@ use crate::{
         peerdb_common::Transactional,
     },
     testing_utils::{
-        peerdb_inmemory_store, test_p2p_config, test_p2p_config_with_peer_db_config,
-        TestAddressMaker,
+        peerdb_inmemory_store, test_p2p_config, test_p2p_config_with_ban_config,
+        test_p2p_config_with_peer_db_config, TestAddressMaker,
     },
 };
 
@@ -64,28 +62,13 @@ fn unban_peer() {
     let chain_config = create_unit_test_config();
     let mut peerdb = PeerDb::<_>::new(
         &chain_config,
-        Arc::new(P2pConfig {
+        Arc::new(test_p2p_config_with_ban_config(BanConfig {
             ban_duration: Duration::from_secs(60).into(),
+            discouragement_duration: Duration::from_secs(600).into(),
 
-            bind_addresses: Default::default(),
-            socks5_proxy: None,
-            disable_noise: Default::default(),
-            boot_nodes: Default::default(),
-            reserved_nodes: Default::default(),
-            whitelisted_addresses: Default::default(),
             ban_threshold: Default::default(),
-            outbound_connection_timeout: Default::default(),
-            ping_check_period: Default::default(),
-            ping_timeout: Default::default(),
-            peer_handshake_timeout: Default::default(),
-            max_clock_diff: Default::default(),
-            node_type: Default::default(),
-            allow_discover_private_ips: Default::default(),
-            user_agent: mintlayer_core_user_agent(),
-            sync_stalling_timeout: Default::default(),
-            peer_manager_config: Default::default(),
-            protocol_config: Default::default(),
-        }),
+            discouragement_threshold: Default::default(),
+        })),
         time_getter.get_time_getter(),
         db_store,
     )
@@ -94,15 +77,84 @@ fn unban_peer() {
     let address = TestAddressMaker::new_random_address();
     peerdb.ban(address.as_bannable());
 
+    // The address is banned.
     assert!(peerdb.is_address_banned(&address.as_bannable()));
     let banned_addresses = peerdb.storage.transaction_ro().unwrap().get_banned_addresses().unwrap();
     assert_eq!(banned_addresses.len(), 1);
+    assert_eq!(banned_addresses[0].0, address.as_bannable());
+
+    // But not discouraged.
+    assert!(!peerdb.is_address_discouraged(&address.as_bannable()));
+    let discouraged_addresses =
+        peerdb.storage.transaction_ro().unwrap().get_discouraged_addresses().unwrap();
+    assert_eq!(discouraged_addresses.len(), 0);
+
+    time_getter.advance_time(Duration::from_secs(120));
+
+    // Banned addresses are updated in the `heartbeat` function
+    peerdb.heartbeat();
+
+    // The address is no longer banned.
+    assert!(!peerdb.is_address_banned(&address.as_bannable()));
+    let banned_addresses = peerdb.storage.transaction_ro().unwrap().get_banned_addresses().unwrap();
+    assert_eq!(banned_addresses.len(), 0);
+
+    // And still not discouraged.
+    assert!(!peerdb.is_address_discouraged(&address.as_bannable()));
+    let discouraged_addresses =
+        peerdb.storage.transaction_ro().unwrap().get_discouraged_addresses().unwrap();
+    assert_eq!(discouraged_addresses.len(), 0);
+
+    assert_addr_consistency(&peerdb);
+}
+
+#[tracing::instrument]
+#[test]
+fn undiscourage_peer() {
+    let db_store = peerdb_inmemory_store();
+    let time_getter = P2pBasicTestTimeGetter::new();
+    let chain_config = create_unit_test_config();
+    let mut peerdb = PeerDb::<_>::new(
+        &chain_config,
+        Arc::new(test_p2p_config_with_ban_config(BanConfig {
+            discouragement_duration: Duration::from_secs(60).into(),
+            ban_duration: Duration::from_secs(600).into(),
+
+            ban_threshold: Default::default(),
+            discouragement_threshold: Default::default(),
+        })),
+        time_getter.get_time_getter(),
+        db_store,
+    )
+    .unwrap();
+
+    let address = TestAddressMaker::new_random_address();
+    peerdb.discourage(address.as_bannable());
+
+    // The address is discouraged.
+    assert!(peerdb.is_address_discouraged(&address.as_bannable()));
+    let discouraged_addresses =
+        peerdb.storage.transaction_ro().unwrap().get_discouraged_addresses().unwrap();
+    assert_eq!(discouraged_addresses.len(), 1);
+    assert_eq!(discouraged_addresses[0].0, address.as_bannable());
+
+    // But not banned.
+    assert!(!peerdb.is_address_banned(&address.as_bannable()));
+    let banned_addresses = peerdb.storage.transaction_ro().unwrap().get_banned_addresses().unwrap();
+    assert_eq!(banned_addresses.len(), 0);
 
     time_getter.advance_time(Duration::from_secs(120));
 
-    // Banned addresses updated in the `heartbeat` function
+    // Discouraged addresses are updated in the `heartbeat` function
     peerdb.heartbeat();
 
+    // The address is no longer discouraged.
+    assert!(!peerdb.is_address_discouraged(&address.as_bannable()));
+    let discouraged_addresses =
+        peerdb.storage.transaction_ro().unwrap().get_discouraged_addresses().unwrap();
+    assert_eq!(discouraged_addresses.len(), 0);
+
+    // And still not banned.
     assert!(!peerdb.is_address_banned(&address.as_bannable()));
     let banned_addresses = peerdb.storage.transaction_ro().unwrap().get_banned_addresses().unwrap();
     assert_eq!(banned_addresses.len(), 0);
diff --git a/p2p/src/peer_manager/peers_eviction/mod.rs b/p2p/src/peer_manager/peers_eviction/mod.rs
index 1793364051..5d029b4ad8 100644
--- a/p2p/src/peer_manager/peers_eviction/mod.rs
+++ b/p2p/src/peer_manager/peers_eviction/mod.rs
@@ -16,12 +16,12 @@
 use std::{collections::BTreeMap, hash::Hasher, time::Duration};
 
 use common::primitives::time::Time;
-use crypto::random::Rng;
+use crypto::random::{seq::IteratorRandom, Rng};
 use utils::make_config_setting;
 
 use crate::{net::types::PeerRole, types::peer_id::PeerId};
 
-use super::{address_groups::AddressGroup, peer_context::PeerContext, PeerManagerConfig};
+use super::{address_groups::AddressGroup, config::PeerManagerConfig, peer_context::PeerContext};
 
 #[derive(Debug, PartialEq, Eq, PartialOrd, Ord, Clone, Copy)]
 struct NetGroupKeyed(u64);
@@ -67,6 +67,9 @@ pub struct EvictionCandidate {
     /// The time since which we've been expecting a block from the peer; if None, we're not
     /// expecting any blocks from it.
     expecting_blocks_since: Option<Time>,
+
+    /// Whether the address is banned or discouraged.
+    is_banned_or_discouraged: bool,
 }
 
 pub struct RandomState(u64, u64);
@@ -84,7 +87,12 @@ impl RandomState {
 }
 
 impl EvictionCandidate {
-    pub fn new(peer: &PeerContext, random_state: &RandomState, now: Time) -> Self {
+    pub fn new(
+        peer: &PeerContext,
+        random_state: &RandomState,
+        now: Time,
+        is_banned_or_discouraged: bool,
+    ) -> Self {
         EvictionCandidate {
             age: now.saturating_sub(peer.created_at),
             peer_id: peer.info.peer_id,
@@ -97,6 +105,8 @@ impl EvictionCandidate {
             last_tx_time: peer.last_tx_time,
 
             expecting_blocks_since: peer.block_sync_status.expecting_blocks_since,
+
+            is_banned_or_discouraged,
         }
     }
 }
@@ -185,11 +195,21 @@ fn find_group_most_connections(candidates: Vec<EvictionCandidate>) -> Option<Pee
 pub fn select_for_eviction_inbound(
     candidates: Vec<EvictionCandidate>,
     config: &PeerManagerConfig,
+    rng: &mut impl Rng,
 ) -> Option<PeerId> {
     // TODO: Preserve connections from whitelisted IPs
 
     debug_assert!(candidates.iter().all(|c| c.peer_role == PeerRole::Inbound));
 
+    if candidates.len() <= config.total_preserved_inbound_count() {
+        return None;
+    }
+
+    if let Some(candidate) = candidates.iter().filter(|ec| ec.is_banned_or_discouraged).choose(rng)
+    {
+        return Some(candidate.peer_id);
+    }
+
     let candidates =
         filter_address_group(candidates, *config.preserved_inbound_count_address_group);
     let candidates = filter_fast_ping(candidates, *config.preserved_inbound_count_ping);
@@ -208,6 +228,7 @@ pub fn select_for_eviction_block_relay(
     candidates: Vec<EvictionCandidate>,
     config: &PeerManagerConfig,
     now: Time,
+    rng: &mut impl Rng,
 ) -> Option<PeerId> {
     select_for_eviction_outbound(
         candidates,
@@ -215,6 +236,7 @@ pub fn select_for_eviction_block_relay(
         *config.outbound_block_relay_connection_min_age,
         *config.outbound_block_relay_count,
         now,
+        rng,
     )
 }
 
@@ -223,6 +245,7 @@ pub fn select_for_eviction_full_relay(
     candidates: Vec<EvictionCandidate>,
     config: &PeerManagerConfig,
     now: Time,
+    rng: &mut impl Rng,
 ) -> Option<PeerId> {
     // TODO: in bitcoin they protect full relay peers from eviction if there are no other
     // connection to their network (counting outbound-full-relay and manual peers). We should
@@ -234,6 +257,7 @@ pub fn select_for_eviction_full_relay(
         *config.outbound_full_relay_connection_min_age,
         *config.outbound_full_relay_count,
         now,
+        rng,
     )
 }
 
@@ -274,9 +298,19 @@ fn select_for_eviction_outbound(
     min_age: Duration,
     max_count: usize,
     now: Time,
+    rng: &mut impl Rng,
 ) -> Option<PeerId> {
     debug_assert!(candidates.iter().all(|c| c.peer_role == peer_role));
 
+    if candidates.len() <= max_count {
+        return None;
+    }
+
+    if let Some(candidate) = candidates.iter().filter(|ec| ec.is_banned_or_discouraged).choose(rng)
+    {
+        return Some(candidate.peer_id);
+    }
+
     // Give peers some time to have a chance to send blocks.
     let candidates = filter_mature_peers(candidates, min_age);
     if candidates.len() <= max_count {
diff --git a/p2p/src/peer_manager/peers_eviction/tests.rs b/p2p/src/peer_manager/peers_eviction/tests.rs
index efc2b2aadd..b58b9c6b59 100644
--- a/p2p/src/peer_manager/peers_eviction/tests.rs
+++ b/p2p/src/peer_manager/peers_eviction/tests.rs
@@ -26,1287 +26,948 @@ fn shuffle_vec<T>(mut vec: Vec<T>, rng: &mut impl Rng) -> Vec<T> {
     vec
 }
 
-#[tracing::instrument(skip(seed))]
-#[rstest::rstest]
-#[trace]
-#[case(Seed::from_entropy())]
-fn test_filter_address_group(#[case] seed: Seed) {
-    let mut rng = test_utils::random::make_seedable_rng(seed);
-
-    let peer1 = PeerId::new();
-    let peer2 = PeerId::new();
-    let peer3 = PeerId::new();
-
-    assert_eq!(
-        filter_address_group(
-            vec![EvictionCandidate {
+// Make a random non-banned-or-discouraged candidate.
+fn random_candidate(peer_role: PeerRole, rng: &mut impl Rng) -> EvictionCandidate {
+    EvictionCandidate {
+        age: Duration::from_secs(rng.gen_range(0..10000)),
+        peer_id: PeerId::new(),
+        net_group_keyed: NetGroupKeyed(rng.gen()),
+        ping_min: rng.gen_range(0..100),
+        peer_role,
+        last_tip_block_time: Some(Time::from_secs_since_epoch(rng.gen_range(0..10000))),
+        last_tx_time: Some(Time::from_secs_since_epoch(rng.gen_range(0..10000))),
+        expecting_blocks_since: Some(Time::from_secs_since_epoch(rng.gen_range(0..10000))),
+        is_banned_or_discouraged: false,
+    }
+}
+
+mod inbound {
+    use super::*;
+
+    #[tracing::instrument(skip(seed))]
+    #[rstest::rstest]
+    #[trace]
+    #[case(Seed::from_entropy())]
+    fn test_filter_address_group(#[case] seed: Seed) {
+        let mut rng = test_utils::random::make_seedable_rng(seed);
+
+        let peer1 = PeerId::new();
+        let peer2 = PeerId::new();
+        let peer3 = PeerId::new();
+
+        fn make_candidate(peer_id: PeerId, net_group_keyed: NetGroupKeyed) -> EvictionCandidate {
+            EvictionCandidate {
                 age: Duration::ZERO,
-                peer_id: peer1,
-                net_group_keyed: NetGroupKeyed(1),
+                peer_id,
+                net_group_keyed,
                 ping_min: 0,
                 peer_role: PeerRole::Inbound,
                 last_tip_block_time: None,
                 last_tx_time: None,
                 expecting_blocks_since: None,
-            },],
-            1
-        ),
-        vec![]
-    );
-
-    assert_eq!(
-        filter_address_group(
-            shuffle_vec(
-                vec![
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer1,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 0,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer2,
-                        net_group_keyed: NetGroupKeyed(2),
-                        ping_min: 0,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                ],
-                &mut rng
-            ),
-            1
-        ),
-        vec![EvictionCandidate {
-            age: Duration::ZERO,
-            peer_id: peer1,
-            net_group_keyed: NetGroupKeyed(1),
-            ping_min: 0,
-            peer_role: PeerRole::Inbound,
-            last_tip_block_time: None,
-            last_tx_time: None,
-            expecting_blocks_since: None,
-        },]
-    );
-
-    assert_eq!(
-        filter_address_group(
-            shuffle_vec(
-                vec![
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer2,
-                        net_group_keyed: NetGroupKeyed(2),
-                        ping_min: 0,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer1,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 0,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                ],
-                &mut rng
+                is_banned_or_discouraged: false,
+            }
+        }
+
+        assert_eq!(
+            filter_address_group(vec![make_candidate(peer1, NetGroupKeyed(1))], 1),
+            vec![]
+        );
+
+        assert_eq!(
+            filter_address_group(
+                shuffle_vec(
+                    vec![
+                        make_candidate(peer1, NetGroupKeyed(1)),
+                        make_candidate(peer2, NetGroupKeyed(2))
+                    ],
+                    &mut rng
+                ),
+                1
             ),
-            1
-        ),
-        vec![EvictionCandidate {
-            age: Duration::ZERO,
-            peer_id: peer1,
-            net_group_keyed: NetGroupKeyed(1),
-            ping_min: 0,
-            peer_role: PeerRole::Inbound,
-            last_tip_block_time: None,
-            last_tx_time: None,
-            expecting_blocks_since: None,
-        },]
-    );
-
-    assert_eq!(
-        filter_address_group(
-            shuffle_vec(
-                vec![
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer1,
-                        net_group_keyed: NetGroupKeyed(2),
-                        ping_min: 0,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer2,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 0,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer3,
-                        net_group_keyed: NetGroupKeyed(2),
-                        ping_min: 0,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                ],
-                &mut rng
+            vec![make_candidate(peer1, NetGroupKeyed(1))]
+        );
+
+        assert_eq!(
+            filter_address_group(
+                shuffle_vec(
+                    vec![
+                        make_candidate(peer1, NetGroupKeyed(2)),
+                        make_candidate(peer2, NetGroupKeyed(1)),
+                        make_candidate(peer3, NetGroupKeyed(2)),
+                    ],
+                    &mut rng
+                ),
+                2
             ),
-            2
-        ),
-        vec![EvictionCandidate {
-            age: Duration::ZERO,
-            peer_id: peer2,
-            net_group_keyed: NetGroupKeyed(1),
-            ping_min: 0,
-            peer_role: PeerRole::Inbound,
-            last_tip_block_time: None,
-            last_tx_time: None,
-            expecting_blocks_since: None,
-        },]
-    );
-}
+            vec![make_candidate(peer2, NetGroupKeyed(1))]
+        );
+    }
 
-#[tracing::instrument(skip(seed))]
-#[rstest::rstest]
-#[trace]
-#[case(Seed::from_entropy())]
-fn test_ping(#[case] seed: Seed) {
-    let mut rng = test_utils::random::make_seedable_rng(seed);
+    #[tracing::instrument(skip(seed))]
+    #[rstest::rstest]
+    #[trace]
+    #[case(Seed::from_entropy())]
+    fn test_ping(#[case] seed: Seed) {
+        let mut rng = test_utils::random::make_seedable_rng(seed);
 
-    let peer1 = PeerId::new();
-    let peer2 = PeerId::new();
-    let peer3 = PeerId::new();
+        let peer1 = PeerId::new();
+        let peer2 = PeerId::new();
+        let peer3 = PeerId::new();
 
-    assert_eq!(
-        filter_fast_ping(
-            vec![EvictionCandidate {
+        fn make_candidate(peer_id: PeerId, ping_min: i64) -> EvictionCandidate {
+            EvictionCandidate {
                 age: Duration::ZERO,
-                peer_id: peer1,
+                peer_id,
                 net_group_keyed: NetGroupKeyed(1),
-                ping_min: 123,
+                ping_min,
                 peer_role: PeerRole::Inbound,
                 last_tip_block_time: None,
                 last_tx_time: None,
                 expecting_blocks_since: None,
-            },],
-            1
-        ),
-        vec![]
-    );
-
-    assert_eq!(
-        filter_fast_ping(
-            shuffle_vec(
-                vec![
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer1,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 123,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer2,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 234,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                ],
-                &mut rng
+                is_banned_or_discouraged: false,
+            }
+        }
+
+        assert_eq!(
+            filter_fast_ping(vec![make_candidate(peer1, 123)], 1),
+            vec![]
+        );
+
+        assert_eq!(
+            filter_fast_ping(
+                shuffle_vec(
+                    vec![make_candidate(peer1, 123), make_candidate(peer2, 234)],
+                    &mut rng
+                ),
+                1
             ),
-            1
-        ),
-        vec![EvictionCandidate {
-            age: Duration::ZERO,
-            peer_id: peer2,
-            net_group_keyed: NetGroupKeyed(1),
-            ping_min: 234,
-            peer_role: PeerRole::Inbound,
-            last_tip_block_time: None,
-            last_tx_time: None,
-            expecting_blocks_since: None,
-        },]
-    );
-
-    assert_eq!(
-        filter_fast_ping(
-            shuffle_vec(
-                vec![
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer1,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 123,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer2,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 234,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer3,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 123,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                ],
-                &mut rng
+            vec![make_candidate(peer2, 234)]
+        );
+
+        assert_eq!(
+            filter_fast_ping(
+                shuffle_vec(
+                    vec![
+                        make_candidate(peer1, 123),
+                        make_candidate(peer2, 234),
+                        make_candidate(peer3, 123)
+                    ],
+                    &mut rng
+                ),
+                2
             ),
-            2
-        ),
-        vec![EvictionCandidate {
-            age: Duration::ZERO,
-            peer_id: peer2,
-            net_group_keyed: NetGroupKeyed(1),
-            ping_min: 234,
-            peer_role: PeerRole::Inbound,
-            last_tip_block_time: None,
-            last_tx_time: None,
-            expecting_blocks_since: None,
-        },]
-    );
-}
+            vec![make_candidate(peer2, 234)]
+        );
+    }
+
+    #[tracing::instrument(skip(seed))]
+    #[rstest::rstest]
+    #[trace]
+    #[case(Seed::from_entropy())]
+    fn test_filter_by_last_block_time(#[case] seed: Seed) {
+        let mut rng = test_utils::random::make_seedable_rng(seed);
+
+        let peer1 = PeerId::new();
+        let peer2 = PeerId::new();
+        let peer3 = PeerId::new();
+
+        fn make_candidate(
+            peer_id: PeerId,
+            last_tip_block_time_secs: Option<u64>,
+        ) -> EvictionCandidate {
+            EvictionCandidate {
+                age: Duration::ZERO,
+                peer_id,
+                net_group_keyed: NetGroupKeyed(1),
+                ping_min: 123,
+                peer_role: PeerRole::Inbound,
+                last_tip_block_time: last_tip_block_time_secs.map(Time::from_secs_since_epoch),
+                last_tx_time: None,
+                expecting_blocks_since: None,
+                is_banned_or_discouraged: false,
+            }
+        }
+
+        assert_eq!(
+            filter_by_last_tip_block_time(vec![make_candidate(peer1, None)], 1),
+            vec![]
+        );
+
+        assert_eq!(
+            filter_by_last_tip_block_time(
+                shuffle_vec(
+                    vec![make_candidate(peer1, None), make_candidate(peer2, Some(10000000))],
+                    &mut rng
+                ),
+                1
+            ),
+            vec![make_candidate(peer1, None)]
+        );
+
+        assert_eq!(
+            filter_by_last_tip_block_time(
+                shuffle_vec(
+                    vec![
+                        make_candidate(peer1, Some(10000000)),
+                        make_candidate(peer2, Some(10000001)),
+                        make_candidate(peer3, Some(10000002)),
+                    ],
+                    &mut rng
+                ),
+                2
+            ),
+            vec![make_candidate(peer1, Some(10000000))]
+        );
+    }
 
-#[tracing::instrument(skip(seed))]
-#[rstest::rstest]
-#[trace]
-#[case(Seed::from_entropy())]
-fn test_filter_by_last_block_time(#[case] seed: Seed) {
-    let mut rng = test_utils::random::make_seedable_rng(seed);
+    #[tracing::instrument(skip(seed))]
+    #[rstest::rstest]
+    #[trace]
+    #[case(Seed::from_entropy())]
+    fn test_filter_by_last_transaction_time(#[case] seed: Seed) {
+        let mut rng = test_utils::random::make_seedable_rng(seed);
 
-    let peer1 = PeerId::new();
-    let peer2 = PeerId::new();
-    let peer3 = PeerId::new();
+        let peer1 = PeerId::new();
+        let peer2 = PeerId::new();
+        let peer3 = PeerId::new();
 
-    assert_eq!(
-        filter_by_last_tip_block_time(
-            vec![EvictionCandidate {
+        fn make_candidate(peer_id: PeerId, last_tx_time_secs: Option<u64>) -> EvictionCandidate {
+            EvictionCandidate {
                 age: Duration::ZERO,
-                peer_id: peer1,
+                peer_id,
                 net_group_keyed: NetGroupKeyed(1),
                 ping_min: 123,
                 peer_role: PeerRole::Inbound,
                 last_tip_block_time: None,
-                last_tx_time: None,
+                last_tx_time: last_tx_time_secs.map(Time::from_secs_since_epoch),
                 expecting_blocks_since: None,
-            },],
-            1
-        ),
-        vec![]
-    );
-
-    assert_eq!(
-        filter_by_last_tip_block_time(
-            shuffle_vec(
-                vec![
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer1,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 123,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer2,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 123,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: Some(Time::from_duration_since_epoch(
-                            Duration::from_secs(10000000)
-                        )),
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                ],
-                &mut rng
+                is_banned_or_discouraged: false,
+            }
+        }
+
+        assert_eq!(
+            filter_by_last_transaction_time(vec![make_candidate(peer1, None)], 1),
+            vec![]
+        );
+
+        assert_eq!(
+            filter_by_last_transaction_time(
+                shuffle_vec(
+                    vec![make_candidate(peer1, Some(1000000)), make_candidate(peer2, None)],
+                    &mut rng
+                ),
+                1
             ),
-            1
-        ),
-        vec![EvictionCandidate {
-            age: Duration::ZERO,
-            peer_id: peer1,
-            net_group_keyed: NetGroupKeyed(1),
-            ping_min: 123,
-            peer_role: PeerRole::Inbound,
-            last_tip_block_time: None,
-            last_tx_time: None,
-            expecting_blocks_since: None,
-        },]
-    );
-
-    assert_eq!(
-        filter_by_last_tip_block_time(
-            shuffle_vec(
-                vec![
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer1,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 123,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: Some(Time::from_duration_since_epoch(
-                            Duration::from_secs(10000000)
-                        )),
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer2,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 123,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: Some(Time::from_duration_since_epoch(
-                            Duration::from_secs(10000001)
-                        )),
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer3,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 123,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: Some(Time::from_duration_since_epoch(
-                            Duration::from_secs(10000002)
-                        )),
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
-                ],
-                &mut rng
+            vec![make_candidate(peer2, None)]
+        );
+
+        assert_eq!(
+            filter_by_last_transaction_time(
+                shuffle_vec(
+                    vec![
+                        make_candidate(peer1, Some(1000000)),
+                        make_candidate(peer2, Some(1000001)),
+                        make_candidate(peer3, Some(1000002))
+                    ],
+                    &mut rng
+                ),
+                2
             ),
-            2
-        ),
-        vec![EvictionCandidate {
-            age: Duration::ZERO,
-            peer_id: peer1,
-            net_group_keyed: NetGroupKeyed(1),
-            ping_min: 123,
-            peer_role: PeerRole::Inbound,
-            last_tip_block_time: Some(Time::from_secs_since_epoch(10000000)),
-            last_tx_time: None,
-            expecting_blocks_since: None,
-        },]
-    );
-}
+            vec![make_candidate(peer1, Some(1000000)),]
+        );
+    }
 
-#[tracing::instrument(skip(seed))]
-#[rstest::rstest]
-#[trace]
-#[case(Seed::from_entropy())]
-fn test_filter_by_last_transaction_time(#[case] seed: Seed) {
-    let mut rng = test_utils::random::make_seedable_rng(seed);
+    #[tracing::instrument(skip(seed))]
+    #[rstest::rstest]
+    #[trace]
+    #[case(Seed::from_entropy())]
+    fn test_find_group_most_connections(#[case] seed: Seed) {
+        let mut rng = test_utils::random::make_seedable_rng(seed);
 
-    let peer1 = PeerId::new();
-    let peer2 = PeerId::new();
-    let peer3 = PeerId::new();
+        let peer1 = PeerId::new();
+        let peer2 = PeerId::new();
+        let peer3 = PeerId::new();
 
-    assert_eq!(
-        filter_by_last_transaction_time(
-            vec![EvictionCandidate {
+        fn make_candidate(peer_id: PeerId, net_group_keyed: NetGroupKeyed) -> EvictionCandidate {
+            EvictionCandidate {
                 age: Duration::ZERO,
-                peer_id: peer1,
-                net_group_keyed: NetGroupKeyed(1),
+                peer_id,
+                net_group_keyed,
                 ping_min: 123,
                 peer_role: PeerRole::Inbound,
                 last_tip_block_time: None,
                 last_tx_time: None,
                 expecting_blocks_since: None,
-            },],
-            1
-        ),
-        vec![]
-    );
-
-    assert_eq!(
-        filter_by_last_transaction_time(
-            shuffle_vec(
+                is_banned_or_discouraged: false,
+            }
+        }
+
+        assert_eq!(find_group_most_connections(vec![]), None);
+
+        assert_eq!(
+            find_group_most_connections(vec![make_candidate(peer1, NetGroupKeyed(1))]),
+            Some(peer1)
+        );
+
+        // The youngest peer is selected (with the latest id)
+        assert_eq!(
+            find_group_most_connections(shuffle_vec(
                 vec![
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer1,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 123,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: Some(Time::from_secs_since_epoch(1000000)),
-                        expecting_blocks_since: None,
-                    },
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer2,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 123,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: None,
-                        expecting_blocks_since: None,
-                    },
+                    make_candidate(peer1, NetGroupKeyed(1)),
+                    make_candidate(peer2, NetGroupKeyed(1))
                 ],
                 &mut rng
-            ),
-            1
-        ),
-        vec![EvictionCandidate {
-            age: Duration::ZERO,
-            peer_id: peer2,
-            net_group_keyed: NetGroupKeyed(1),
-            ping_min: 123,
-            peer_role: PeerRole::Inbound,
-            last_tip_block_time: None,
-            last_tx_time: None,
-            expecting_blocks_since: None,
-        },]
-    );
-
-    assert_eq!(
-        filter_by_last_transaction_time(
-            shuffle_vec(
+            )),
+            Some(peer2)
+        );
+
+        assert_eq!(
+            find_group_most_connections(shuffle_vec(
                 vec![
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer1,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 123,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: Some(Time::from_secs_since_epoch(10000000)),
-                        expecting_blocks_since: None,
-                    },
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer2,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 123,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: Some(Time::from_secs_since_epoch(10000001)),
-                        expecting_blocks_since: None,
-                    },
-                    EvictionCandidate {
-                        age: Duration::ZERO,
-                        peer_id: peer3,
-                        net_group_keyed: NetGroupKeyed(1),
-                        ping_min: 123,
-                        peer_role: PeerRole::Inbound,
-                        last_tip_block_time: None,
-                        last_tx_time: Some(Time::from_secs_since_epoch(10000002)),
-                        expecting_blocks_since: None,
-                    },
+                    make_candidate(peer1, NetGroupKeyed(1)),
+                    make_candidate(peer2, NetGroupKeyed(1)),
+                    make_candidate(peer3, NetGroupKeyed(2)),
                 ],
                 &mut rng
-            ),
-            2
-        ),
-        vec![EvictionCandidate {
-            age: Duration::ZERO,
-            peer_id: peer1,
-            net_group_keyed: NetGroupKeyed(1),
-            ping_min: 123,
-            peer_role: PeerRole::Inbound,
-            last_tip_block_time: None,
-            last_tx_time: Some(Time::from_secs_since_epoch(10000000)),
-            expecting_blocks_since: None,
-        },]
-    );
-}
+            )),
+            Some(peer2)
+        );
+    }
 
-#[tracing::instrument(skip(seed))]
-#[rstest::rstest]
-#[trace]
-#[case(Seed::from_entropy())]
-fn test_find_group_most_connections(#[case] seed: Seed) {
-    let mut rng = test_utils::random::make_seedable_rng(seed);
-
-    let peer1 = PeerId::new();
-    let peer2 = PeerId::new();
-    let peer3 = PeerId::new();
-
-    assert_eq!(find_group_most_connections(vec![]), None);
-
-    assert_eq!(
-        find_group_most_connections(vec![EvictionCandidate {
-            age: Duration::ZERO,
-            peer_id: peer1,
-            net_group_keyed: NetGroupKeyed(1),
-            ping_min: 123,
-            peer_role: PeerRole::Inbound,
-            last_tip_block_time: None,
-            last_tx_time: None,
-            expecting_blocks_since: None,
-        }]),
-        Some(peer1)
-    );
-
-    // The youngest peer is selected (with the latest id)
-    assert_eq!(
-        find_group_most_connections(shuffle_vec(
-            vec![
-                EvictionCandidate {
-                    age: Duration::ZERO,
-                    peer_id: peer1,
-                    net_group_keyed: NetGroupKeyed(1),
-                    ping_min: 123,
-                    peer_role: PeerRole::Inbound,
-                    last_tip_block_time: None,
-                    last_tx_time: None,
-                    expecting_blocks_since: None,
-                },
-                EvictionCandidate {
-                    age: Duration::ZERO,
-                    peer_id: peer2,
-                    net_group_keyed: NetGroupKeyed(1),
-                    ping_min: 123,
-                    peer_role: PeerRole::Inbound,
-                    last_tip_block_time: None,
-                    last_tx_time: None,
-                    expecting_blocks_since: None,
-                }
-            ],
-            &mut rng
-        )),
-        Some(peer2)
-    );
-
-    assert_eq!(
-        find_group_most_connections(shuffle_vec(
-            vec![
-                EvictionCandidate {
-                    age: Duration::ZERO,
-                    peer_id: peer1,
-                    net_group_keyed: NetGroupKeyed(1),
-                    ping_min: 123,
-                    peer_role: PeerRole::Inbound,
-                    last_tip_block_time: None,
-                    last_tx_time: None,
-                    expecting_blocks_since: None,
-                },
-                EvictionCandidate {
-                    age: Duration::ZERO,
-                    peer_id: peer2,
-                    net_group_keyed: NetGroupKeyed(1),
-                    ping_min: 123,
-                    peer_role: PeerRole::Inbound,
-                    last_tip_block_time: None,
-                    last_tx_time: None,
-                    expecting_blocks_since: None,
-                },
-                EvictionCandidate {
-                    age: Duration::ZERO,
-                    peer_id: peer3,
-                    net_group_keyed: NetGroupKeyed(2),
-                    ping_min: 123,
-                    peer_role: PeerRole::Inbound,
-                    last_tip_block_time: None,
-                    last_tx_time: None,
-                    expecting_blocks_since: None,
-                },
-            ],
-            &mut rng
-        )),
-        Some(peer2)
-    );
-}
+    fn test_preserved_by_ping(
+        index: usize,
+        candidate: &mut EvictionCandidate,
+        config: &PeerManagerConfig,
+    ) -> bool {
+        // Check that `preserved_inbound_count_ping` peers with the lowest ping times are preserved
+        candidate.ping_min = index as i64;
+        index < *config.preserved_inbound_count_ping
+    }
 
-fn random_eviction_candidate(rng: &mut impl Rng) -> EvictionCandidate {
-    EvictionCandidate {
-        age: Duration::ZERO,
-        peer_id: PeerId::new(),
-        net_group_keyed: NetGroupKeyed(rng.gen()),
-        ping_min: rng.gen_range(0..100),
-        peer_role: PeerRole::Inbound,
-        last_tip_block_time: None,
-        last_tx_time: None,
-        expecting_blocks_since: None,
+    fn test_preserved_by_address_group(
+        index: usize,
+        candidate: &mut EvictionCandidate,
+        config: &PeerManagerConfig,
+    ) -> bool {
+        // Check that `preserved_inbound_count_address_group` peers with the highest net_group_keyed values are preserved
+        candidate.net_group_keyed = NetGroupKeyed(u64::MAX - index as u64);
+        index < *config.preserved_inbound_count_address_group
     }
-}
 
-fn test_preserved_by_ping(
-    index: usize,
-    candidate: &mut EvictionCandidate,
-    config: &PeerManagerConfig,
-) -> bool {
-    // Check that `PRESERVED_COUNT_PING` peers with the lowest ping times are preserved
-    candidate.ping_min = index as i64;
-    index < *config.preserved_inbound_count_ping
-}
+    fn test_preserved_by_last_block_time(
+        index: usize,
+        candidate: &mut EvictionCandidate,
+        config: &PeerManagerConfig,
+    ) -> bool {
+        // Check that `preserved_inbound_count_new_blocks` peers with the latest last_tip_block_time are preserved
+        candidate.last_tip_block_time = Some(Time::from_secs_since_epoch(u64::MAX - index as u64));
+        index < *config.preserved_inbound_count_new_blocks
+    }
 
-fn test_preserved_by_address_group(
-    index: usize,
-    candidate: &mut EvictionCandidate,
-    config: &PeerManagerConfig,
-) -> bool {
-    // Check that `PRESERVED_COUNT_ADDRESS_GROUP` peers with the highest net_group_keyed values are preserved
-    candidate.net_group_keyed = NetGroupKeyed(u64::MAX - index as u64);
-    index < *config.preserved_inbound_count_address_group
-}
+    fn test_preserved_by_last_tx_time(
+        index: usize,
+        candidate: &mut EvictionCandidate,
+        config: &PeerManagerConfig,
+    ) -> bool {
+        // Check that `preserved_inbound_count_new_transactions` peers with the latest last_tip_block_time are preserved
+        candidate.last_tx_time = Some(Time::from_secs_since_epoch(u64::MAX - index as u64));
+        index < *config.preserved_inbound_count_new_transactions
+    }
 
-#[tracing::instrument(skip(seed))]
-#[rstest]
-#[trace]
-#[case(test_utils::random::Seed::from_entropy())]
-fn test_randomized(#[case] seed: Seed) {
-    let mut rng = test_utils::random::make_seedable_rng(seed);
-
-    let config: PeerManagerConfig = Default::default();
-    let tests = [test_preserved_by_ping, test_preserved_by_address_group];
-
-    for _ in 0..10 {
-        for test in tests {
-            let count = rng.gen_range(0..150usize);
-            let mut candidates =
-                (0..count).map(|_| random_eviction_candidate(&mut rng)).collect::<Vec<_>>();
-            candidates.shuffle(&mut rng);
-
-            let mut preserved = BTreeSet::new();
-            for (index, candidate) in candidates.iter_mut().enumerate() {
-                let is_preserved = test(index, candidate, &config);
-                if is_preserved {
-                    preserved.insert(candidate.peer_id);
+    #[tracing::instrument(skip(seed))]
+    #[rstest]
+    #[trace]
+    #[case(test_utils::random::Seed::from_entropy())]
+    fn test_randomized(#[case] seed: Seed) {
+        let mut rng = test_utils::random::make_seedable_rng(seed);
+
+        let config: PeerManagerConfig = Default::default();
+        let tests = [
+            test_preserved_by_ping,
+            test_preserved_by_address_group,
+            test_preserved_by_last_block_time,
+            test_preserved_by_last_tx_time,
+        ];
+
+        for _ in 0..10 {
+            for test in tests {
+                let count = rng.gen_range(0..150usize);
+                let mut candidates = (0..count)
+                    .map(|_| random_candidate(PeerRole::Inbound, &mut rng))
+                    .collect::<Vec<_>>();
+                candidates.shuffle(&mut rng);
+
+                let mut preserved = BTreeSet::new();
+                for (index, candidate) in candidates.iter_mut().enumerate() {
+                    let is_preserved = test(index, candidate, &config);
+                    if is_preserved {
+                        preserved.insert(candidate.peer_id);
+                    }
                 }
-            }
 
-            candidates.shuffle(&mut rng);
-            let peer_id = select_for_eviction_inbound(candidates.clone(), &config);
-            assert_eq!(
-                count > config.total_preserved_inbound_count(),
-                peer_id.is_some(),
-                "unexpected result, candidates: {candidates:?}, peer_id: {peer_id:?}"
-            );
-            if let Some(peer_id) = peer_id {
-                assert!(!preserved.contains(&peer_id));
+                candidates.shuffle(&mut rng);
+                let peer_id = select_for_eviction_inbound(candidates.clone(), &config, &mut rng);
+                assert_eq!(
+                    count > config.total_preserved_inbound_count(),
+                    peer_id.is_some(),
+                    "unexpected result, candidates: {candidates:?}, peer_id: {peer_id:?}"
+                );
+                if let Some(peer_id) = peer_id {
+                    assert!(!preserved.contains(&peer_id));
+                }
             }
         }
     }
 }
 
-#[tracing::instrument(skip(seed))]
-#[rstest::rstest]
-#[trace]
-#[case(Seed::from_entropy())]
-fn test_block_relay_eviction_young_old_peers(#[case] seed: Seed) {
-    let mut rng = test_utils::random::make_seedable_rng(seed);
-
-    let peer1 = PeerId::new();
-    let peer2 = PeerId::new();
-    let peer3 = PeerId::new();
-
-    let now = Time::from_secs_since_epoch(100000);
-    let min_age = Duration::from_secs(5000);
-    let config = config_with_block_relay_conn_limits(2, min_age);
-
-    fn make_candidate(peer_id: PeerId, age: Duration) -> EvictionCandidate {
-        EvictionCandidate {
-            age,
-            peer_id,
-            net_group_keyed: NetGroupKeyed(1),
-            ping_min: 123,
-            peer_role: PeerRole::OutboundBlockRelay,
-            last_tip_block_time: None,
-            last_tx_time: None,
-            expecting_blocks_since: None,
+mod outbound {
+    use super::*;
+
+    #[derive(Debug, Copy, Clone)]
+    enum OutboundConnType {
+        BlockRelay,
+        FullRelay,
+    }
+
+    impl From<OutboundConnType> for PeerRole {
+        fn from(value: OutboundConnType) -> Self {
+            match value {
+                OutboundConnType::BlockRelay => PeerRole::OutboundBlockRelay,
+                OutboundConnType::FullRelay => PeerRole::OutboundFullRelay,
+            }
         }
     }
 
-    // Young peers should not be evicted
-    let candidates = vec![
-        make_candidate(peer1, Duration::from_secs(20000)),
-        make_candidate(peer2, Duration::from_secs(10000)),
-        make_candidate(peer3, min_age - Duration::from_secs(1)),
-    ];
-    assert_eq!(
-        select_for_eviction_block_relay(shuffle_vec(candidates, &mut rng), &config, now),
-        None
-    );
-
-    // Older peer can be evicted
-    let candidates = vec![
-        make_candidate(peer1, Duration::from_secs(20000)),
-        make_candidate(peer2, Duration::from_secs(10000)),
-        make_candidate(peer3, min_age + Duration::from_secs(1)),
-    ];
-    let candidates = shuffle_vec(candidates, &mut rng);
-    assert_eq!(
-        select_for_eviction_block_relay(candidates.clone(), &config, now),
-        Some(peer3)
-    );
-
-    // But if the limits are lifted, no eviction happens.
-    assert_eq!(
-        select_for_eviction_block_relay(candidates, &config_with_no_outbound_conn_limits(), now),
-        None
-    );
-}
+    fn config_with_conn_limits(
+        conn_type: OutboundConnType,
+        max_connections: usize,
+        min_age: Duration,
+    ) -> PeerManagerConfig {
+        let func = match conn_type {
+            OutboundConnType::BlockRelay => config_with_block_relay_conn_limits,
+            OutboundConnType::FullRelay => config_with_full_relay_conn_limits,
+        };
+        func(max_connections, min_age)
+    }
 
-#[tracing::instrument(skip(seed))]
-#[rstest::rstest]
-#[trace]
-#[case(Seed::from_entropy())]
-fn test_block_relay_eviction_no_blocks(#[case] seed: Seed) {
-    let mut rng = test_utils::random::make_seedable_rng(seed);
-
-    let peer1 = PeerId::new();
-    let peer2 = PeerId::new();
-    let peer3 = PeerId::new();
-
-    let now_as_secs = 100000;
-    let now = Time::from_secs_since_epoch(now_as_secs);
-    let min_age = Duration::from_secs(5000);
-    let config = config_with_block_relay_conn_limits(2, min_age);
-
-    fn make_candidate(
-        peer_id: PeerId,
-        last_tip_block_time_secs: Option<u64>,
-        expecting_blocks_since_secs: Option<u64>,
-    ) -> EvictionCandidate {
-        EvictionCandidate {
-            age: Duration::from_secs(10000),
-            peer_id,
-            net_group_keyed: NetGroupKeyed(1),
-            ping_min: 123,
-            peer_role: PeerRole::OutboundBlockRelay,
-            last_tip_block_time: last_tip_block_time_secs.map(Time::from_secs_since_epoch),
-            last_tx_time: None,
-            expecting_blocks_since: expecting_blocks_since_secs.map(Time::from_secs_since_epoch),
-        }
+    fn select_for_eviction(
+        conn_type: OutboundConnType,
+        candidates: Vec<EvictionCandidate>,
+        config: &PeerManagerConfig,
+        now: Time,
+        rng: &mut impl Rng,
+    ) -> Option<PeerId> {
+        let func = match conn_type {
+            OutboundConnType::BlockRelay => select_for_eviction_block_relay,
+            OutboundConnType::FullRelay => select_for_eviction_full_relay,
+        };
+        func(candidates, config, now, rng)
     }
 
-    // The peer that never sent us new blocks is evicted.
-    let candidates = vec![
-        make_candidate(peer1, Some(10000), None),
-        make_candidate(peer2, Some(20000), None),
-        make_candidate(peer3, None, None),
-    ];
-    let candidates = shuffle_vec(candidates, &mut rng);
-    assert_eq!(
-        select_for_eviction_block_relay(candidates.clone(), &config, now),
-        Some(peer3)
-    );
-    // But if the limits are lifted, no eviction happens.
-    assert_eq!(
-        select_for_eviction_block_relay(candidates, &config_with_no_outbound_conn_limits(), now),
-        None
-    );
-
-    // The previously evicted peer now has `expecting_blocks_since` within the limit;
-    // the next worst peer should be evicted instead.
-    let candidates = vec![
-        make_candidate(peer1, Some(10000), None),
-        make_candidate(peer2, Some(20000), None),
-        make_candidate(
-            peer3,
-            None,
-            Some(now_as_secs - BLOCK_EXPECTATION_MAX_DURATION.as_secs()),
-        ),
-    ];
-    let candidates = shuffle_vec(candidates, &mut rng);
-    assert_eq!(
-        select_for_eviction_block_relay(candidates.clone(), &config, now),
-        Some(peer1)
-    );
-    // But if the limits are lifted, no eviction happens.
-    assert_eq!(
-        select_for_eviction_block_relay(candidates, &config_with_no_outbound_conn_limits(), now),
-        None
-    );
-
-    // The same peer now has `expecting_blocks_since` below the limit;
-    // this time it should be evicted.
-    let candidates = vec![
-        make_candidate(peer1, Some(10000), None),
-        make_candidate(peer2, Some(20000), None),
-        make_candidate(
-            peer3,
-            None,
-            Some(now_as_secs - BLOCK_EXPECTATION_MAX_DURATION.as_secs() - 1),
-        ),
-    ];
-    let candidates = shuffle_vec(candidates, &mut rng);
-    assert_eq!(
-        select_for_eviction_block_relay(candidates.clone(), &config, now),
-        Some(peer3)
-    );
-    // But if the limits are lifted, no eviction happens.
-    assert_eq!(
-        select_for_eviction_block_relay(candidates, &config_with_no_outbound_conn_limits(), now),
-        None
-    );
-}
+    #[tracing::instrument(skip(seed))]
+    #[rstest::rstest]
+    #[trace]
+    #[case(Seed::from_entropy())]
+    fn test_young_old_peers(
+        #[case] seed: Seed,
+        #[values(OutboundConnType::BlockRelay, OutboundConnType::FullRelay)]
+        conn_type: OutboundConnType,
+    ) {
+        let mut rng = test_utils::random::make_seedable_rng(seed);
+
+        let peer1 = PeerId::new();
+        let peer2 = PeerId::new();
+        let peer3 = PeerId::new();
+
+        let now = Time::from_secs_since_epoch(100000);
+        let min_age = Duration::from_secs(5000);
+        let config = config_with_conn_limits(conn_type, 2, min_age);
+
+        let make_candidate = |peer_id: PeerId, age: Duration| -> EvictionCandidate {
+            EvictionCandidate {
+                age,
+                peer_id,
+                net_group_keyed: NetGroupKeyed(1),
+                ping_min: 123,
+                peer_role: conn_type.into(),
+                last_tip_block_time: None,
+                last_tx_time: None,
+                expecting_blocks_since: None,
+                is_banned_or_discouraged: false,
+            }
+        };
+
+        // Young peers should not be evicted
+        let candidates = vec![
+            make_candidate(peer1, Duration::from_secs(20000)),
+            make_candidate(peer2, Duration::from_secs(10000)),
+            make_candidate(peer3, min_age - Duration::from_secs(1)),
+        ];
+        assert_eq!(
+            select_for_eviction(
+                conn_type,
+                shuffle_vec(candidates, &mut rng),
+                &config,
+                now,
+                &mut rng
+            ),
+            None
+        );
+
+        // Older peer can be evicted
+        let candidates = vec![
+            make_candidate(peer1, Duration::from_secs(20000)),
+            make_candidate(peer2, Duration::from_secs(10000)),
+            make_candidate(peer3, min_age + Duration::from_secs(1)),
+        ];
+        let candidates = shuffle_vec(candidates, &mut rng);
+        assert_eq!(
+            select_for_eviction(conn_type, candidates.clone(), &config, now, &mut rng),
+            Some(peer3)
+        );
+
+        // But if the limits are lifted, no eviction happens.
+        assert_eq!(
+            select_for_eviction(
+                conn_type,
+                candidates,
+                &config_with_no_conn_limits(),
+                now,
+                &mut rng
+            ),
+            None
+        );
+    }
 
-#[tracing::instrument(skip(seed))]
-#[rstest::rstest]
-#[trace]
-#[case(Seed::from_entropy())]
-fn test_block_relay_eviction_old_blocks(#[case] seed: Seed) {
-    let mut rng = test_utils::random::make_seedable_rng(seed);
-
-    let peer1 = PeerId::new();
-    let peer2 = PeerId::new();
-    let peer3 = PeerId::new();
-
-    let now_as_secs = 100000;
-    let now = Time::from_secs_since_epoch(now_as_secs);
-    let min_age = Duration::from_secs(5000);
-    let config = config_with_block_relay_conn_limits(2, min_age);
-
-    fn make_candidate(
-        peer_id: PeerId,
-        last_tip_block_time_secs: u64,
-        expecting_blocks_since_secs: Option<u64>,
-    ) -> EvictionCandidate {
-        EvictionCandidate {
-            age: Duration::from_secs(10000),
-            peer_id,
-            net_group_keyed: NetGroupKeyed(1),
-            ping_min: 123,
-            peer_role: PeerRole::OutboundBlockRelay,
-            last_tip_block_time: Some(Time::from_secs_since_epoch(last_tip_block_time_secs)),
-            last_tx_time: None,
-            expecting_blocks_since: expecting_blocks_since_secs.map(Time::from_secs_since_epoch),
-        }
+    #[tracing::instrument(skip(seed))]
+    #[rstest::rstest]
+    #[trace]
+    #[case(Seed::from_entropy())]
+    fn test_no_blocks(
+        #[case] seed: Seed,
+        #[values(OutboundConnType::BlockRelay, OutboundConnType::FullRelay)]
+        conn_type: OutboundConnType,
+    ) {
+        let mut rng = test_utils::random::make_seedable_rng(seed);
+
+        let peer1 = PeerId::new();
+        let peer2 = PeerId::new();
+        let peer3 = PeerId::new();
+
+        let now_as_secs = 100000;
+        let now = Time::from_secs_since_epoch(now_as_secs);
+        let min_age = Duration::from_secs(5000);
+        let config = config_with_conn_limits(conn_type, 2, min_age);
+
+        let make_candidate = |peer_id: PeerId,
+                              last_tip_block_time_secs: Option<u64>,
+                              expecting_blocks_since_secs: Option<u64>|
+         -> EvictionCandidate {
+            EvictionCandidate {
+                age: Duration::from_secs(10000),
+                peer_id,
+                net_group_keyed: NetGroupKeyed(1),
+                ping_min: 123,
+                peer_role: conn_type.into(),
+                last_tip_block_time: last_tip_block_time_secs.map(Time::from_secs_since_epoch),
+                last_tx_time: None,
+                expecting_blocks_since: expecting_blocks_since_secs
+                    .map(Time::from_secs_since_epoch),
+                is_banned_or_discouraged: false,
+            }
+        };
+
+        // The peer that never sent us new blocks is evicted.
+        let candidates = vec![
+            make_candidate(peer1, Some(10000), None),
+            make_candidate(peer2, Some(20000), None),
+            make_candidate(peer3, None, None),
+        ];
+        let candidates = shuffle_vec(candidates, &mut rng);
+        assert_eq!(
+            select_for_eviction(conn_type, candidates.clone(), &config, now, &mut rng),
+            Some(peer3)
+        );
+        // But if the limits are lifted, no eviction happens.
+        assert_eq!(
+            select_for_eviction(
+                conn_type,
+                candidates,
+                &config_with_no_conn_limits(),
+                now,
+                &mut rng
+            ),
+            None
+        );
+
+        // The previously evicted peer now has `expecting_blocks_since` within the limit;
+        // the next worst peer should be evicted instead.
+        let candidates = vec![
+            make_candidate(peer1, Some(10000), None),
+            make_candidate(peer2, Some(20000), None),
+            make_candidate(
+                peer3,
+                None,
+                Some(now_as_secs - BLOCK_EXPECTATION_MAX_DURATION.as_secs()),
+            ),
+        ];
+        let candidates = shuffle_vec(candidates, &mut rng);
+        assert_eq!(
+            select_for_eviction(conn_type, candidates.clone(), &config, now, &mut rng),
+            Some(peer1)
+        );
+        // But if the limits are lifted, no eviction happens.
+        assert_eq!(
+            select_for_eviction(
+                conn_type,
+                candidates,
+                &config_with_no_conn_limits(),
+                now,
+                &mut rng
+            ),
+            None
+        );
+
+        // The same peer now has `expecting_blocks_since` below the limit;
+        // this time it should be evicted.
+        let candidates = vec![
+            make_candidate(peer1, Some(10000), None),
+            make_candidate(peer2, Some(20000), None),
+            make_candidate(
+                peer3,
+                None,
+                Some(now_as_secs - BLOCK_EXPECTATION_MAX_DURATION.as_secs() - 1),
+            ),
+        ];
+        let candidates = shuffle_vec(candidates, &mut rng);
+        assert_eq!(
+            select_for_eviction(conn_type, candidates.clone(), &config, now, &mut rng),
+            Some(peer3)
+        );
+        // But if the limits are lifted, no eviction happens.
+        assert_eq!(
+            select_for_eviction(
+                conn_type,
+                candidates,
+                &config_with_no_conn_limits(),
+                now,
+                &mut rng
+            ),
+            None
+        );
     }
 
-    // The peer that sent blocks a long time ago is evicted.
-    let candidates = vec![
-        make_candidate(peer1, 10000, None),
-        make_candidate(peer2, 20000, None),
-        make_candidate(peer3, 30000, None),
-    ];
-    let candidates = shuffle_vec(candidates, &mut rng);
-    assert_eq!(
-        select_for_eviction_block_relay(candidates.clone(), &config, now),
-        Some(peer1)
-    );
-    // But if the limits are lifted, no eviction happens.
-    assert_eq!(
-        select_for_eviction_block_relay(candidates, &config_with_no_outbound_conn_limits(), now),
-        None
-    );
-
-    // The previously evicted peer now has `expecting_blocks_since` within the limit;
-    // the next worst peer should be evicted instead.
-    let candidates = vec![
-        make_candidate(
-            peer1,
-            10000,
-            Some(now_as_secs - BLOCK_EXPECTATION_MAX_DURATION.as_secs()),
-        ),
-        make_candidate(peer2, 20000, None),
-        make_candidate(peer3, 30000, None),
-    ];
-    let candidates = shuffle_vec(candidates, &mut rng);
-    assert_eq!(
-        select_for_eviction_block_relay(candidates.clone(), &config, now),
-        Some(peer2)
-    );
-    // But if the limits are lifted, no eviction happens.
-    assert_eq!(
-        select_for_eviction_block_relay(candidates, &config_with_no_outbound_conn_limits(), now),
-        None
-    );
-
-    // The same peer now has `expecting_blocks_since` below the limit;
-    // this time it should be evicted.
-    let candidates = vec![
-        make_candidate(
-            peer1,
-            10000,
-            Some(now_as_secs - BLOCK_EXPECTATION_MAX_DURATION.as_secs() - 1),
-        ),
-        make_candidate(peer2, 20000, None),
-        make_candidate(peer3, 30000, None),
-    ];
-    let candidates = shuffle_vec(candidates, &mut rng);
-    assert_eq!(
-        select_for_eviction_block_relay(candidates.clone(), &config, now),
-        Some(peer1)
-    );
-    // But if the limits are lifted, no eviction happens.
-    assert_eq!(
-        select_for_eviction_block_relay(candidates, &config_with_no_outbound_conn_limits(), now),
-        None
-    );
-}
+    #[tracing::instrument(skip(seed))]
+    #[rstest::rstest]
+    #[trace]
+    #[case(Seed::from_entropy())]
+    fn test_old_blocks(
+        #[case] seed: Seed,
+        #[values(OutboundConnType::BlockRelay, OutboundConnType::FullRelay)]
+        conn_type: OutboundConnType,
+    ) {
+        let mut rng = test_utils::random::make_seedable_rng(seed);
+
+        let peer1 = PeerId::new();
+        let peer2 = PeerId::new();
+        let peer3 = PeerId::new();
+
+        let now_as_secs = 100000;
+        let now = Time::from_secs_since_epoch(now_as_secs);
+        let min_age = Duration::from_secs(5000);
+        let config = config_with_conn_limits(conn_type, 2, min_age);
+
+        let make_candidate = |peer_id: PeerId,
+                              last_tip_block_time_secs: u64,
+                              expecting_blocks_since_secs: Option<u64>|
+         -> EvictionCandidate {
+            EvictionCandidate {
+                age: Duration::from_secs(10000),
+                peer_id,
+                net_group_keyed: NetGroupKeyed(1),
+                ping_min: 123,
+                peer_role: conn_type.into(),
+                last_tip_block_time: Some(Time::from_secs_since_epoch(last_tip_block_time_secs)),
+                last_tx_time: None,
+                expecting_blocks_since: expecting_blocks_since_secs
+                    .map(Time::from_secs_since_epoch),
+                is_banned_or_discouraged: false,
+            }
+        };
+
+        // The peer that sent blocks a long time ago is evicted.
+        let candidates = vec![
+            make_candidate(peer1, 10000, None),
+            make_candidate(peer2, 20000, None),
+            make_candidate(peer3, 30000, None),
+        ];
+        let candidates = shuffle_vec(candidates, &mut rng);
+        assert_eq!(
+            select_for_eviction(conn_type, candidates.clone(), &config, now, &mut rng),
+            Some(peer1)
+        );
+        // But if the limits are lifted, no eviction happens.
+        assert_eq!(
+            select_for_eviction(
+                conn_type,
+                candidates,
+                &config_with_no_conn_limits(),
+                now,
+                &mut rng
+            ),
+            None
+        );
+
+        // The previously evicted peer now has `expecting_blocks_since` within the limit;
+        // the next worst peer should be evicted instead.
+        let candidates = vec![
+            make_candidate(
+                peer1,
+                10000,
+                Some(now_as_secs - BLOCK_EXPECTATION_MAX_DURATION.as_secs()),
+            ),
+            make_candidate(peer2, 20000, None),
+            make_candidate(peer3, 30000, None),
+        ];
+        let candidates = shuffle_vec(candidates, &mut rng);
+        assert_eq!(
+            select_for_eviction(conn_type, candidates.clone(), &config, now, &mut rng),
+            Some(peer2)
+        );
+        // But if the limits are lifted, no eviction happens.
+        assert_eq!(
+            select_for_eviction(
+                conn_type,
+                candidates,
+                &config_with_no_conn_limits(),
+                now,
+                &mut rng
+            ),
+            None
+        );
+
+        // The same peer now has `expecting_blocks_since` below the limit;
+        // this time it should be evicted.
+        let candidates = vec![
+            make_candidate(
+                peer1,
+                10000,
+                Some(now_as_secs - BLOCK_EXPECTATION_MAX_DURATION.as_secs() - 1),
+            ),
+            make_candidate(peer2, 20000, None),
+            make_candidate(peer3, 30000, None),
+        ];
+        let candidates = shuffle_vec(candidates, &mut rng);
+        assert_eq!(
+            select_for_eviction(conn_type, candidates.clone(), &config, now, &mut rng),
+            Some(peer1)
+        );
+        // But if the limits are lifted, no eviction happens.
+        assert_eq!(
+            select_for_eviction(
+                conn_type,
+                candidates,
+                &config_with_no_conn_limits(),
+                now,
+                &mut rng
+            ),
+            None
+        );
+    }
 
-#[tracing::instrument(skip(seed))]
-#[rstest::rstest]
-#[trace]
-#[case(Seed::from_entropy())]
-fn test_full_relay_eviction_young_old_peers(#[case] seed: Seed) {
-    let mut rng = test_utils::random::make_seedable_rng(seed);
-
-    let peer1 = PeerId::new();
-    let peer2 = PeerId::new();
-    let peer3 = PeerId::new();
-
-    let now = Time::from_secs_since_epoch(100000);
-    let min_age = Duration::from_secs(5000);
-    let config = config_with_full_relay_conn_limits(2, min_age);
-
-    fn make_candidate(peer_id: PeerId, age: Duration) -> EvictionCandidate {
-        EvictionCandidate {
-            age,
-            peer_id,
-            net_group_keyed: NetGroupKeyed(1),
-            ping_min: 123,
-            peer_role: PeerRole::OutboundFullRelay,
-            last_tip_block_time: None,
-            last_tx_time: None,
-            expecting_blocks_since: None,
+    fn config_with_block_relay_conn_limits(
+        max_connections: usize,
+        min_age: Duration,
+    ) -> PeerManagerConfig {
+        PeerManagerConfig {
+            outbound_block_relay_count: max_connections.into(),
+            outbound_block_relay_connection_min_age: min_age.into(),
+
+            // Connection count limits that should not influence tests' behavior are set to MAX.
+            max_inbound_connections: usize::MAX.into(),
+            preserved_inbound_count_address_group: usize::MAX.into(),
+            preserved_inbound_count_ping: usize::MAX.into(),
+            preserved_inbound_count_new_blocks: usize::MAX.into(),
+            preserved_inbound_count_new_transactions: usize::MAX.into(),
+            outbound_full_relay_count: usize::MAX.into(),
+            outbound_full_relay_extra_count: usize::MAX.into(),
+            outbound_block_relay_extra_count: usize::MAX.into(),
+            outbound_full_relay_connection_min_age: Duration::MAX.into(),
+
+            // Other values are irrelevant
+            stale_tip_time_diff: Default::default(),
+            main_loop_tick_interval: Default::default(),
+            enable_feeler_connections: Default::default(),
+            feeler_connections_interval: Default::default(),
+            force_dns_query_if_no_global_addresses_known: Default::default(),
+            allow_same_ip_connections: Default::default(),
+            peerdb_config: Default::default(),
         }
     }
 
-    // Young peers should not be evicted
-    let candidates = vec![
-        make_candidate(peer1, Duration::from_secs(20000)),
-        make_candidate(peer2, Duration::from_secs(10000)),
-        make_candidate(peer3, min_age - Duration::from_secs(1)),
-    ];
-    assert_eq!(
-        select_for_eviction_full_relay(shuffle_vec(candidates, &mut rng), &config, now),
-        None
-    );
-
-    // Older peer can be evicted
-    let candidates = vec![
-        make_candidate(peer1, Duration::from_secs(20000)),
-        make_candidate(peer2, Duration::from_secs(10000)),
-        make_candidate(peer3, min_age + Duration::from_secs(1)),
-    ];
-    let candidates = shuffle_vec(candidates, &mut rng);
-    assert_eq!(
-        select_for_eviction_full_relay(candidates.clone(), &config, now),
-        Some(peer3)
-    );
-
-    // But if the limits are lifted, no eviction happens.
-    assert_eq!(
-        select_for_eviction_full_relay(candidates, &config_with_no_outbound_conn_limits(), now),
-        None
-    );
-}
-
-#[tracing::instrument(skip(seed))]
-#[rstest::rstest]
-#[trace]
-#[case(Seed::from_entropy())]
-fn test_full_relay_eviction_no_blocks(#[case] seed: Seed) {
-    let mut rng = test_utils::random::make_seedable_rng(seed);
-
-    let peer1 = PeerId::new();
-    let peer2 = PeerId::new();
-    let peer3 = PeerId::new();
-
-    let now_as_secs = 100000;
-    let now = Time::from_secs_since_epoch(now_as_secs);
-    let min_age = Duration::from_secs(5000);
-    let config = config_with_full_relay_conn_limits(2, min_age);
-
-    fn make_candidate(
-        peer_id: PeerId,
-        last_tip_block_time_secs: Option<u64>,
-        expecting_blocks_since_secs: Option<u64>,
-    ) -> EvictionCandidate {
-        EvictionCandidate {
-            age: Duration::from_secs(10000),
-            peer_id,
-            net_group_keyed: NetGroupKeyed(1),
-            ping_min: 123,
-            peer_role: PeerRole::OutboundFullRelay,
-            last_tip_block_time: last_tip_block_time_secs.map(Time::from_secs_since_epoch),
-            last_tx_time: None,
-            expecting_blocks_since: expecting_blocks_since_secs.map(Time::from_secs_since_epoch),
+    fn config_with_full_relay_conn_limits(
+        max_connections: usize,
+        min_age: Duration,
+    ) -> PeerManagerConfig {
+        PeerManagerConfig {
+            outbound_full_relay_count: max_connections.into(),
+            outbound_full_relay_connection_min_age: min_age.into(),
+
+            // Connection count limits that should not influence tests' behavior are set to MAX.
+            max_inbound_connections: usize::MAX.into(),
+            preserved_inbound_count_address_group: usize::MAX.into(),
+            preserved_inbound_count_ping: usize::MAX.into(),
+            preserved_inbound_count_new_blocks: usize::MAX.into(),
+            preserved_inbound_count_new_transactions: usize::MAX.into(),
+            outbound_full_relay_extra_count: usize::MAX.into(),
+            outbound_block_relay_count: usize::MAX.into(),
+            outbound_block_relay_extra_count: usize::MAX.into(),
+            outbound_block_relay_connection_min_age: Duration::MAX.into(),
+
+            // Other values are irrelevant
+            stale_tip_time_diff: Default::default(),
+            main_loop_tick_interval: Default::default(),
+            enable_feeler_connections: Default::default(),
+            feeler_connections_interval: Default::default(),
+            force_dns_query_if_no_global_addresses_known: Default::default(),
+            allow_same_ip_connections: Default::default(),
+            peerdb_config: Default::default(),
         }
     }
 
-    // The peer that never sent us new blocks is evicted.
-    let candidates = vec![
-        make_candidate(peer1, Some(10000), None),
-        make_candidate(peer2, Some(20000), None),
-        make_candidate(peer3, None, None),
-    ];
-    let candidates = shuffle_vec(candidates, &mut rng);
-    assert_eq!(
-        select_for_eviction_full_relay(candidates.clone(), &config, now),
-        Some(peer3)
-    );
-    // But if the limits are lifted, no eviction happens.
-    assert_eq!(
-        select_for_eviction_full_relay(candidates, &config_with_no_outbound_conn_limits(), now),
-        None
-    );
-
-    // The previously evicted peer now has `expecting_blocks_since` within the limit;
-    // the next worst peer should be evicted instead.
-    let candidates = vec![
-        make_candidate(peer1, Some(10000), None),
-        make_candidate(peer2, Some(20000), None),
-        make_candidate(
-            peer3,
-            None,
-            Some(now_as_secs - BLOCK_EXPECTATION_MAX_DURATION.as_secs()),
-        ),
-    ];
-    let candidates = shuffle_vec(candidates, &mut rng);
-    assert_eq!(
-        select_for_eviction_full_relay(candidates.clone(), &config, now),
-        Some(peer1)
-    );
-    // But if the limits are lifted, no eviction happens.
-    assert_eq!(
-        select_for_eviction_full_relay(candidates, &config_with_no_outbound_conn_limits(), now),
-        None
-    );
-
-    // The same peer now has `expecting_blocks_since` below the limit;
-    // this time it should be evicted.
-    let candidates = vec![
-        make_candidate(peer1, Some(10000), None),
-        make_candidate(peer2, Some(20000), None),
-        make_candidate(
-            peer3,
-            None,
-            Some(now_as_secs - BLOCK_EXPECTATION_MAX_DURATION.as_secs() - 1),
-        ),
-    ];
-    let candidates = shuffle_vec(candidates, &mut rng);
-    assert_eq!(
-        select_for_eviction_full_relay(candidates.clone(), &config, now),
-        Some(peer3)
-    );
-    // But if the limits are lifted, no eviction happens.
-    assert_eq!(
-        select_for_eviction_full_relay(candidates, &config_with_no_outbound_conn_limits(), now),
-        None
-    );
+    fn config_with_no_conn_limits() -> PeerManagerConfig {
+        PeerManagerConfig {
+            outbound_block_relay_count: usize::MAX.into(),
+            outbound_full_relay_count: usize::MAX.into(),
+            outbound_full_relay_connection_min_age: Duration::MAX.into(),
+
+            // Connection count limits that should not influence tests' behavior are set to 0.
+            max_inbound_connections: 0.into(),
+            preserved_inbound_count_address_group: 0.into(),
+            preserved_inbound_count_ping: 0.into(),
+            preserved_inbound_count_new_blocks: 0.into(),
+            preserved_inbound_count_new_transactions: 0.into(),
+            outbound_full_relay_extra_count: 0.into(),
+            outbound_block_relay_extra_count: 0.into(),
+            outbound_block_relay_connection_min_age: Duration::ZERO.into(),
+
+            // Other values are irrelevant
+            stale_tip_time_diff: Default::default(),
+            main_loop_tick_interval: Default::default(),
+            enable_feeler_connections: Default::default(),
+            feeler_connections_interval: Default::default(),
+            force_dns_query_if_no_global_addresses_known: Default::default(),
+            allow_same_ip_connections: Default::default(),
+            peerdb_config: Default::default(),
+        }
+    }
 }
 
-#[tracing::instrument(skip(seed))]
-#[rstest::rstest]
-#[trace]
-#[case(Seed::from_entropy())]
-fn test_full_relay_eviction_old_blocks(#[case] seed: Seed) {
-    let mut rng = test_utils::random::make_seedable_rng(seed);
-
-    let peer1 = PeerId::new();
-    let peer2 = PeerId::new();
-    let peer3 = PeerId::new();
-
-    let now_as_secs = 100000;
-    let now = Time::from_secs_since_epoch(now_as_secs);
-    let min_age = Duration::from_secs(5000);
-    let config = config_with_full_relay_conn_limits(2, min_age);
-
-    fn make_candidate(
-        peer_id: PeerId,
-        last_tip_block_time_secs: u64,
-        expecting_blocks_since_secs: Option<u64>,
-    ) -> EvictionCandidate {
-        EvictionCandidate {
-            age: Duration::from_secs(10000),
-            peer_id,
-            net_group_keyed: NetGroupKeyed(1),
-            ping_min: 123,
-            peer_role: PeerRole::OutboundFullRelay,
-            last_tip_block_time: Some(Time::from_secs_since_epoch(last_tip_block_time_secs)),
-            last_tx_time: None,
-            expecting_blocks_since: expecting_blocks_since_secs.map(Time::from_secs_since_epoch),
+mod discouraged_candidate {
+    use super::*;
+
+    fn select_for_eviction(
+        peer_role: PeerRole,
+        candidates: Vec<EvictionCandidate>,
+        config: &PeerManagerConfig,
+        now: Time,
+        rng: &mut impl Rng,
+    ) -> Option<PeerId> {
+        match peer_role {
+            PeerRole::Inbound => select_for_eviction_inbound(candidates, config, rng),
+            PeerRole::OutboundFullRelay => {
+                select_for_eviction_full_relay(candidates, config, now, rng)
+            }
+            PeerRole::OutboundBlockRelay => {
+                select_for_eviction_block_relay(candidates, config, now, rng)
+            }
+            PeerRole::OutboundReserved | PeerRole::OutboundManual | PeerRole::Feeler => {
+                panic!("Unexpected peer role: {peer_role:?}");
+            }
         }
     }
 
-    // The peer that sent blocks a long time ago is evicted.
-    let candidates = vec![
-        make_candidate(peer1, 10000, None),
-        make_candidate(peer2, 20000, None),
-        make_candidate(peer3, 30000, None),
-    ];
-    let candidates = shuffle_vec(candidates, &mut rng);
-    assert_eq!(
-        select_for_eviction_full_relay(candidates.clone(), &config, now),
-        Some(peer1)
-    );
-    // But if the limits are lifted, no eviction happens.
-    assert_eq!(
-        select_for_eviction_full_relay(candidates, &config_with_no_outbound_conn_limits(), now),
-        None
-    );
-
-    // The previously evicted peer now has `expecting_blocks_since` within the limit;
-    // the next worst peer should be evicted instead.
-    let candidates = vec![
-        make_candidate(
-            peer1,
-            10000,
-            Some(now_as_secs - BLOCK_EXPECTATION_MAX_DURATION.as_secs()),
-        ),
-        make_candidate(peer2, 20000, None),
-        make_candidate(peer3, 30000, None),
-    ];
-    let candidates = shuffle_vec(candidates, &mut rng);
-    assert_eq!(
-        select_for_eviction_full_relay(candidates.clone(), &config, now),
-        Some(peer2)
-    );
-    // But if the limits are lifted, no eviction happens.
-    assert_eq!(
-        select_for_eviction_full_relay(candidates, &config_with_no_outbound_conn_limits(), now),
-        None
-    );
-
-    // The same peer now has `expecting_blocks_since` below the limit;
-    // this time it should be evicted.
-    let candidates = vec![
-        make_candidate(
-            peer1,
-            10000,
-            Some(now_as_secs - BLOCK_EXPECTATION_MAX_DURATION.as_secs() - 1),
-        ),
-        make_candidate(peer2, 20000, None),
-        make_candidate(peer3, 30000, None),
-    ];
-    let candidates = shuffle_vec(candidates, &mut rng);
-    assert_eq!(
-        select_for_eviction_full_relay(candidates.clone(), &config, now),
-        Some(peer1)
-    );
-    // But if the limits are lifted, no eviction happens.
-    assert_eq!(
-        select_for_eviction_full_relay(candidates, &config_with_no_outbound_conn_limits(), now),
-        None
-    );
-}
-
-fn config_with_block_relay_conn_limits(
-    max_connections: usize,
-    min_age: Duration,
-) -> PeerManagerConfig {
-    PeerManagerConfig {
-        outbound_block_relay_count: max_connections.into(),
-        outbound_block_relay_connection_min_age: min_age.into(),
-
-        // Connection count limits that should not influence tests' behavior are set to MAX.
-        max_inbound_connections: usize::MAX.into(),
-        preserved_inbound_count_address_group: usize::MAX.into(),
-        preserved_inbound_count_ping: usize::MAX.into(),
-        preserved_inbound_count_new_blocks: usize::MAX.into(),
-        preserved_inbound_count_new_transactions: usize::MAX.into(),
-        outbound_full_relay_count: usize::MAX.into(),
-        outbound_full_relay_extra_count: usize::MAX.into(),
-        outbound_block_relay_extra_count: usize::MAX.into(),
-        outbound_full_relay_connection_min_age: Duration::MAX.into(),
-
-        // Other values are irrelevant
-        stale_tip_time_diff: Default::default(),
-        main_loop_tick_interval: Default::default(),
-        enable_feeler_connections: Default::default(),
-        feeler_connections_interval: Default::default(),
-        force_dns_query_if_no_global_addresses_known: Default::default(),
-        allow_same_ip_connections: Default::default(),
-        peerdb_config: Default::default(),
+    fn max_preserve_count(peer_role: PeerRole, config: &PeerManagerConfig) -> usize {
+        match peer_role {
+            PeerRole::Inbound => config.total_preserved_inbound_count(),
+            PeerRole::OutboundFullRelay => *config.outbound_full_relay_count,
+            PeerRole::OutboundBlockRelay => *config.outbound_block_relay_count,
+            PeerRole::OutboundReserved | PeerRole::OutboundManual | PeerRole::Feeler => {
+                panic!("Unexpected peer role: {peer_role:?}");
+            }
+        }
     }
-}
 
-fn config_with_full_relay_conn_limits(
-    max_connections: usize,
-    min_age: Duration,
-) -> PeerManagerConfig {
-    PeerManagerConfig {
-        outbound_full_relay_count: max_connections.into(),
-        outbound_full_relay_connection_min_age: min_age.into(),
-
-        // Connection count limits that should not influence tests' behavior are set to MAX.
-        max_inbound_connections: usize::MAX.into(),
-        preserved_inbound_count_address_group: usize::MAX.into(),
-        preserved_inbound_count_ping: usize::MAX.into(),
-        preserved_inbound_count_new_blocks: usize::MAX.into(),
-        preserved_inbound_count_new_transactions: usize::MAX.into(),
-        outbound_full_relay_extra_count: usize::MAX.into(),
-        outbound_block_relay_count: usize::MAX.into(),
-        outbound_block_relay_extra_count: usize::MAX.into(),
-        outbound_block_relay_connection_min_age: Duration::MAX.into(),
-
-        // Other values are irrelevant
-        stale_tip_time_diff: Default::default(),
-        main_loop_tick_interval: Default::default(),
-        enable_feeler_connections: Default::default(),
-        feeler_connections_interval: Default::default(),
-        force_dns_query_if_no_global_addresses_known: Default::default(),
-        allow_same_ip_connections: Default::default(),
-        peerdb_config: Default::default(),
+    fn random_mature_candidate(
+        peer_role: PeerRole,
+        config: &PeerManagerConfig,
+        rng: &mut impl Rng,
+    ) -> EvictionCandidate {
+        let mut candidate = random_candidate(peer_role, rng);
+        match peer_role {
+            PeerRole::Inbound => {}
+            PeerRole::OutboundFullRelay => {
+                candidate.age = *config.outbound_full_relay_connection_min_age;
+            }
+            PeerRole::OutboundBlockRelay => {
+                candidate.age = *config.outbound_block_relay_connection_min_age;
+            }
+            PeerRole::OutboundReserved | PeerRole::OutboundManual | PeerRole::Feeler => {
+                panic!("Unexpected peer role: {peer_role:?}");
+            }
+        }
+
+        candidate
     }
-}
 
-fn config_with_no_outbound_conn_limits() -> PeerManagerConfig {
-    PeerManagerConfig {
-        outbound_block_relay_count: usize::MAX.into(),
-        outbound_full_relay_count: usize::MAX.into(),
-        outbound_full_relay_connection_min_age: Duration::MAX.into(),
-
-        // Connection count limits that should not influence tests' behavior are set to 0.
-        max_inbound_connections: 0.into(),
-        preserved_inbound_count_address_group: 0.into(),
-        preserved_inbound_count_ping: 0.into(),
-        preserved_inbound_count_new_blocks: 0.into(),
-        preserved_inbound_count_new_transactions: 0.into(),
-        outbound_full_relay_extra_count: 0.into(),
-        outbound_block_relay_extra_count: 0.into(),
-        outbound_block_relay_connection_min_age: Duration::ZERO.into(),
-
-        // Other values are irrelevant
-        stale_tip_time_diff: Default::default(),
-        main_loop_tick_interval: Default::default(),
-        enable_feeler_connections: Default::default(),
-        feeler_connections_interval: Default::default(),
-        force_dns_query_if_no_global_addresses_known: Default::default(),
-        allow_same_ip_connections: Default::default(),
-        peerdb_config: Default::default(),
+    #[tracing::instrument(skip(seed))]
+    #[rstest::rstest]
+    #[trace]
+    #[case(Seed::from_entropy())]
+    fn test(
+        #[case] seed: Seed,
+        #[values(
+            PeerRole::Inbound,
+            PeerRole::OutboundFullRelay,
+            PeerRole::OutboundBlockRelay
+        )]
+        peer_role: PeerRole,
+    ) {
+        let mut rng = test_utils::random::make_seedable_rng(seed);
+        let config: PeerManagerConfig = Default::default();
+        let preserve_count = max_preserve_count(peer_role, &config);
+        let now = Time::from_secs_since_epoch(rng.gen_range(0..10000));
+
+        for _i in 0..5 {
+            for candidates_count in [preserve_count - 1, preserve_count + 1] {
+                let candidates = (0..candidates_count)
+                    .map(|_| random_mature_candidate(peer_role, &config, &mut rng))
+                    .collect::<Vec<_>>();
+
+                let normally_evicted_peer_id =
+                    select_for_eviction(peer_role, candidates.clone(), &config, now, &mut rng);
+
+                let discouraged_candidate_idx = rng.gen_range(0..candidates_count);
+                let discouraged_peer_id = candidates[discouraged_candidate_idx].peer_id;
+                let candidates = {
+                    let mut candidates = candidates;
+                    candidates[discouraged_candidate_idx].is_banned_or_discouraged = true;
+                    candidates
+                };
+
+                let evicted_peer_id =
+                    select_for_eviction(peer_role, candidates.clone(), &config, now, &mut rng);
+
+                assert_eq!(
+                    evicted_peer_id.is_some(),
+                    normally_evicted_peer_id.is_some()
+                );
+
+                if let Some(evicted_peer_id) = evicted_peer_id {
+                    assert_eq!(evicted_peer_id, discouraged_peer_id);
+                }
+            }
+        }
     }
 }
diff --git a/p2p/src/peer_manager/tests/addr_list_response_caching.rs b/p2p/src/peer_manager/tests/addr_list_response_caching.rs
index 1f0bacb71c..3d9ce6282c 100644
--- a/p2p/src/peer_manager/tests/addr_list_response_caching.rs
+++ b/p2p/src/peer_manager/tests/addr_list_response_caching.rs
@@ -37,7 +37,7 @@ use crate::{
         default_backend::{
             transport::TcpTransportSocket,
             types::{Command, Message},
-            ConnectivityHandle, DefaultNetworkingService,
+            DefaultNetworkingService,
         },
         types::{PeerInfo, Role},
         ConnectivityService, NetworkingService,
@@ -45,24 +45,20 @@ use crate::{
     peer_manager::{
         addr_list_response_cache,
         peerdb::{
-            address_tables::table::test_utils::make_non_colliding_addresses,
-            storage::PeerDbStorage, storage_impl::PeerDbStorageImpl,
+            address_tables::table::test_utils::make_non_colliding_addresses, storage::PeerDbStorage,
         },
         PeerManager,
     },
     protocol::ProtocolConfig,
-    testing_utils::{peerdb_inmemory_store, TestAddressMaker, TEST_PROTOCOL_VERSION},
+    testing_utils::{TestAddressMaker, TEST_PROTOCOL_VERSION},
     types::peer_id::PeerId,
-    PeerManagerEvent,
 };
 
+use super::make_standalone_peer_manager;
+
 // Note: addr list requests are only handled for inbound peers, so we only test this variant.
 
 type TestNetworkingService = DefaultNetworkingService<TcpTransportSocket>;
-type TestPeerManager = PeerManager<
-    DefaultNetworkingService<TcpTransportSocket>,
-    PeerDbStorageImpl<storage::inmemory::InMemory>,
->;
 
 #[tracing::instrument(skip(seed))]
 #[rstest]
@@ -253,8 +249,7 @@ fn make_p2p_config() -> P2pConfig {
         boot_nodes: Default::default(),
         reserved_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
@@ -273,28 +268,19 @@ fn setup_peer_mgr(
     p2p_config: &Arc<P2pConfig>,
     time_getter: &P2pBasicTestTimeGetter,
     rng: &mut impl Rng,
-) -> (TestPeerManager, UnboundedReceiver<Command>) {
-    let (cmd_sender, cmd_receiver) = tokio::sync::mpsc::unbounded_channel();
-    let (_conn_event_sender, conn_event_receiver) = tokio::sync::mpsc::unbounded_channel();
-    let (_peer_mgr_event_sender, peer_mgr_event_receiver) =
-        tokio::sync::mpsc::unbounded_channel::<PeerManagerEvent>();
-    let connectivity_handle = ConnectivityHandle::<TestNetworkingService>::new(
-        // Note: technically, we should pass the bind addresses here, but since we don't
-        // establish real connections, it doesn't really matter.
-        vec![],
-        cmd_sender,
-        conn_event_receiver,
-    );
-
-    let mut peer_mgr = PeerManager::<TestNetworkingService, _>::new(
-        Arc::clone(chain_config),
-        Arc::clone(p2p_config),
-        connectivity_handle,
-        peer_mgr_event_receiver,
-        time_getter.get_time_getter(),
-        peerdb_inmemory_store(),
-    )
-    .unwrap();
+) -> (
+    PeerManager<TestNetworkingService, impl PeerDbStorage>,
+    UnboundedReceiver<Command>,
+) {
+    let (mut peer_mgr, _conn_event_sender, _peer_mgr_event_sender, cmd_receiver, _) =
+        make_standalone_peer_manager(
+            Arc::clone(chain_config),
+            Arc::clone(p2p_config),
+            // Note: technically, we should pass the bind addresses here, but since we don't
+            // establish real connections, it doesn't really matter.
+            vec![],
+            time_getter.get_time_getter(),
+        );
 
     let addresses_in_db = make_non_colliding_addresses(
         &[peer_mgr.peerdb.address_tables().new_addr_table()],
diff --git a/p2p/src/peer_manager/tests/addresses.rs b/p2p/src/peer_manager/tests/addresses.rs
index a0681d41b9..938c2c4b63 100644
--- a/p2p/src/peer_manager/tests/addresses.rs
+++ b/p2p/src/peer_manager/tests/addresses.rs
@@ -638,8 +638,7 @@ async fn dont_use_dns_seed_if_connections_exist() {
         boot_nodes: Default::default(),
         reserved_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_timeout: Default::default(),
         peer_handshake_timeout: Default::default(),
diff --git a/p2p/src/peer_manager/tests/ban.rs b/p2p/src/peer_manager/tests/ban.rs
index ab709c7672..f2ca52555b 100644
--- a/p2p/src/peer_manager/tests/ban.rs
+++ b/p2p/src/peer_manager/tests/ban.rs
@@ -13,428 +13,593 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use std::sync::Arc;
+use std::{sync::Arc, time::Duration};
+
+use rstest::rstest;
 
 use crate::{
-    config::NodeType,
+    ban_config::BanConfig,
+    config::P2pConfig,
+    message::{AddrListRequest, AddrListResponse, AnnounceAddrRequest, PeerManagerMessage},
     net::{
-        default_backend::{types::Command, ConnectivityHandle},
-        types::{services::Service, PeerInfo, PeerRole, Role},
+        default_backend::types::{Command, Message},
+        types::ConnectivityEvent,
+    },
+    peer_manager::{
+        config::PeerManagerConfig,
+        peerdb::test_utils::make_non_colliding_addresses_for_peer_db_in_distinct_addr_groups,
+        tests::{
+            make_standalone_peer_manager,
+            utils::{
+                adjust_peer_score, ban_peer_manually, expect_cmd_connect_to,
+                inbound_block_relay_peer_accepted_by_backend,
+                inbound_full_relay_peer_accepted_by_backend,
+                outbound_block_relay_peer_accepted_by_backend, query_peer_manager,
+                wait_for_heartbeat,
+            },
+        },
+        MAX_ADDR_RATE_PER_SECOND,
     },
-    peer_manager::{OutboundConnectType, PeerManager},
     testing_utils::{
-        connect_and_accept_services, connect_services, get_connectivity_event,
-        peerdb_inmemory_store, test_p2p_config, TestAddressMaker, TestTransportChannel,
-        TestTransportMaker, TestTransportNoise, TestTransportTcp, TEST_PROTOCOL_VERSION,
+        test_p2p_config, test_p2p_config_with_ban_config, test_p2p_config_with_peer_mgr_config,
+        test_peer_mgr_config_with_no_auto_outbound_connections, TestAddressMaker,
+        TestTransportMaker, TestTransportTcp,
     },
-    types::peer_id::PeerId,
-    utils::oneshot_nofail,
-    PeerManagerEvent,
 };
 use common::{chain::config, primitives::user_agent::mintlayer_core_user_agent};
-use p2p_test_utils::P2pBasicTestTimeGetter;
+use p2p_test_utils::{expect_no_recv, expect_recv, wait_for_no_recv, P2pBasicTestTimeGetter};
+use test_utils::random::{make_seedable_rng, Seed};
+
+// Check that a peer is automatically banned once the ban threshold is reached.
+// Also check that it's disconnected once banned, and that it's unbanned once the ban
+// duration has expired.
+#[tracing::instrument(skip(seed))]
+#[rstest]
+#[trace]
+#[case(Seed::from_entropy())]
+#[tokio::test]
+async fn auto_ban_connected_peer(#[case] seed: Seed) {
+    let mut rng = make_seedable_rng(seed);
 
-use crate::{
-    error::{P2pError, PeerError},
-    net::{
-        self,
-        default_backend::{
-            transport::{MpscChannelTransport, NoiseTcpTransport, TcpTransportSocket},
-            DefaultNetworkingService,
-        },
-        ConnectivityService, NetworkingService,
-    },
-    peer_manager::tests::make_peer_manager,
-};
+    let chain_config = Arc::new(config::create_unit_test_config());
+    let ban_config = BanConfig {
+        ban_threshold: 100.into(),
+        ban_duration: Duration::from_secs(60 * 60).into(),
+        discouragement_threshold: 1000.into(),
+        discouragement_duration: Duration::from_secs(60 * 60 * 10).into(),
+    };
+    let p2p_config = Arc::new(test_p2p_config_with_ban_config(ban_config.clone()));
 
-// ban peer whose connected to us
-async fn ban_connected_peer<A, T>()
-where
-    A: TestTransportMaker<Transport = T::Transport>,
-    T: NetworkingService + 'static + std::fmt::Debug,
-    T::ConnectivityHandle: ConnectivityService<T>,
-{
-    let addr1 = A::make_address();
-    let addr2 = A::make_address();
-
-    let config = Arc::new(config::create_unit_test_config());
-    let (mut pm1, _shutdown_sender, _subscribers_sender) =
-        make_peer_manager::<T>(A::make_transport(), addr1, Arc::clone(&config)).await;
-    let (mut pm2, _shutdown_sender, _subscribers_sender) =
-        make_peer_manager::<T>(A::make_transport(), addr2, config).await;
-
-    let (address, peer_info, _) = connect_services::<T>(
-        &mut pm1.peer_connectivity_handle,
-        &mut pm2.peer_connectivity_handle,
-    )
-    .await;
-    let peer_id = peer_info.peer_id;
-    pm2.accept_connection(
-        address,
-        pm2.peer_connectivity_handle.local_addresses()[0],
-        Role::Inbound,
-        peer_info,
-        None,
+    let time_getter = P2pBasicTestTimeGetter::new();
+    let bind_addr = TestTransportTcp::make_address();
+
+    let (
+        peer_mgr,
+        conn_event_sender,
+        peer_mgr_event_sender,
+        mut cmd_receiver,
+        mut peer_mgr_notification_receiver,
+    ) = make_standalone_peer_manager(
+        Arc::clone(&chain_config),
+        Arc::clone(&p2p_config),
+        vec![bind_addr],
+        time_getter.get_time_getter(),
     );
 
-    pm2.adjust_peer_score(peer_id, 1000);
-    let addr1 = pm1.peer_connectivity_handle.local_addresses()[0].clone().as_bannable();
-    assert!(pm2.peerdb.is_address_banned(&addr1));
-    let event = get_connectivity_event::<T>(&mut pm2.peer_connectivity_handle).await;
-    assert!(std::matches!(
-        event,
-        Ok(net::types::ConnectivityEvent::ConnectionClosed { .. })
-    ));
-}
+    let peer_mgr_join_handle = logging::spawn_in_current_span(async move {
+        let mut peer_mgr = peer_mgr;
+        let _ = peer_mgr.run_internal(None).await;
+        peer_mgr
+    });
+
+    let peer_addr = TestAddressMaker::new_random_address_with_rng(&mut rng);
+    let peer_id = inbound_block_relay_peer_accepted_by_backend(
+        &conn_event_sender,
+        peer_addr,
+        bind_addr,
+        &chain_config,
+    );
 
-#[tracing::instrument]
-#[tokio::test]
-async fn ban_connected_peer_tcp() {
-    ban_connected_peer::<TestTransportTcp, DefaultNetworkingService<TcpTransportSocket>>().await;
-}
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(cmd, Command::Accept { peer_id });
 
-#[tracing::instrument]
-#[tokio::test]
-async fn ban_connected_peer_channels() {
-    ban_connected_peer::<TestTransportChannel, DefaultNetworkingService<MpscChannelTransport>>()
-        .await;
-}
+    // Increase the score by 1/2 of the threshold, check that the peer is not banned.
+    adjust_peer_score(
+        &peer_mgr_event_sender,
+        peer_id,
+        *ban_config.ban_threshold / 2,
+    )
+    .await;
 
-#[tracing::instrument]
-#[tokio::test]
-async fn ban_connected_peer_noise() {
-    ban_connected_peer::<TestTransportNoise, DefaultNetworkingService<NoiseTcpTransport>>().await;
-}
+    let is_banned = query_peer_manager(&peer_mgr_event_sender, move |peer_mgr| {
+        peer_mgr.peer_db().is_address_banned(&peer_addr.as_bannable())
+    })
+    .await;
+    assert!(!is_banned);
 
-async fn banned_peer_attempts_to_connect<A, T>()
-where
-    A: TestTransportMaker<Transport = T::Transport>,
-    T: NetworkingService + std::fmt::Debug + 'static,
-    T::ConnectivityHandle: ConnectivityService<T>,
-{
-    let addr1 = A::make_address();
-    let addr2 = A::make_address();
-
-    let config = Arc::new(config::create_unit_test_config());
-    let (mut pm1, _shutdown_sender, _subscribers_sender) =
-        make_peer_manager::<T>(A::make_transport(), addr1, Arc::clone(&config)).await;
-    let (mut pm2, _shutdown_sender, _subscribers_sender) =
-        make_peer_manager::<T>(A::make_transport(), addr2, config).await;
-
-    let (address, peer_info, _) = connect_services::<T>(
-        &mut pm1.peer_connectivity_handle,
-        &mut pm2.peer_connectivity_handle,
+    expect_no_recv!(cmd_receiver);
+
+    // Increase the score by 1/2 of the threshold again, check that the peer is banned now.
+    adjust_peer_score(
+        &peer_mgr_event_sender,
+        peer_id,
+        *ban_config.ban_threshold / 2,
     )
     .await;
-    let peer_id = peer_info.peer_id;
-    pm2.accept_connection(
-        address,
-        pm2.peer_connectivity_handle.local_addresses()[0],
-        Role::Inbound,
-        peer_info,
-        None,
-    );
 
-    pm2.adjust_peer_score(peer_id, 1000);
-    let addr1 = pm1.peer_connectivity_handle.local_addresses()[0].clone().as_bannable();
-    assert!(pm2.peerdb.is_address_banned(&addr1));
-    let event = get_connectivity_event::<T>(&mut pm2.peer_connectivity_handle).await;
-    assert!(std::matches!(
-        event,
-        Ok(net::types::ConnectivityEvent::ConnectionClosed { .. })
-    ));
-}
+    let is_banned = query_peer_manager(&peer_mgr_event_sender, move |peer_mgr| {
+        peer_mgr.peer_db().is_address_banned(&peer_addr.as_bannable())
+    })
+    .await;
+    assert!(is_banned);
 
-#[tracing::instrument]
-#[tokio::test]
-async fn banned_peer_attempts_to_connect_tcp() {
-    banned_peer_attempts_to_connect::<TestTransportTcp, DefaultNetworkingService<TcpTransportSocket>>().await;
-}
+    // The banned peer should be disconnected.
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(cmd, Command::Disconnect { peer_id });
 
-#[tracing::instrument]
-#[tokio::test]
-async fn banned_peer_attempts_to_connect_channel() {
-    banned_peer_attempts_to_connect::<
-        TestTransportChannel,
-        DefaultNetworkingService<MpscChannelTransport>,
-    >()
+    wait_for_no_recv(&mut peer_mgr_notification_receiver).await;
+
+    // Wait for ban duration to pass; check that the peer is no longer banned.
+    time_getter.advance_time(*ban_config.ban_duration);
+
+    wait_for_heartbeat(&mut peer_mgr_notification_receiver).await;
+
+    let is_banned = query_peer_manager(&peer_mgr_event_sender, move |peer_mgr| {
+        peer_mgr.peer_db().is_address_banned(&peer_addr.as_bannable())
+    })
     .await;
+    assert!(!is_banned);
+
+    drop(conn_event_sender);
+    drop(peer_mgr_event_sender);
+
+    let _peer_mgr = peer_mgr_join_handle.await.unwrap();
 }
 
-#[tracing::instrument]
+// Check that a peer is disconnected when it's banned manually.
+// Also check that it's unbanned once the ban duration expires.
+#[tracing::instrument(skip(seed))]
+#[rstest]
+#[trace]
+#[case(Seed::from_entropy())]
 #[tokio::test]
-async fn banned_peer_attempts_to_connect_noise() {
-    banned_peer_attempts_to_connect::<
-        TestTransportNoise,
-        DefaultNetworkingService<NoiseTcpTransport>,
-    >()
-    .await;
-}
+async fn disconnect_manually_banned_peer(#[case] seed: Seed) {
+    let mut rng = make_seedable_rng(seed);
 
-// attempt to connect to banned peer
-async fn connect_to_banned_peer<A, T>()
-where
-    A: TestTransportMaker<Transport = T::Transport>,
-    T: NetworkingService + 'static + std::fmt::Debug,
-    T::ConnectivityHandle: ConnectivityService<T>,
-{
-    let addr1 = A::make_address();
-    let addr2 = A::make_address();
-
-    let config = Arc::new(config::create_unit_test_config());
-    let (mut pm1, _shutdown_sender, _subscribers_sender) =
-        make_peer_manager::<T>(A::make_transport(), addr1, Arc::clone(&config)).await;
-    let (mut pm2, _shutdown_sender, _subscribers_sender) =
-        make_peer_manager::<T>(A::make_transport(), addr2, config).await;
-
-    let (address, peer_info1, _peer_info2) = connect_services::<T>(
-        &mut pm1.peer_connectivity_handle,
-        &mut pm2.peer_connectivity_handle,
-    )
-    .await;
-    let peer_id = peer_info1.peer_id;
-    pm2.accept_connection(
-        address,
-        pm2.peer_connectivity_handle.local_addresses()[0],
-        Role::Inbound,
-        peer_info1,
-        None,
+    let chain_config = Arc::new(config::create_unit_test_config());
+    let ban_config = BanConfig {
+        ban_threshold: Default::default(),
+        ban_duration: Duration::from_secs(60 * 60).into(),
+        discouragement_threshold: Default::default(),
+        discouragement_duration: Duration::from_secs(60 * 60 * 10).into(),
+    };
+    let p2p_config = Arc::new(test_p2p_config_with_ban_config(ban_config.clone()));
+
+    let time_getter = P2pBasicTestTimeGetter::new();
+    let bind_addr = TestTransportTcp::make_address();
+
+    let (
+        peer_mgr,
+        conn_event_sender,
+        peer_mgr_event_sender,
+        mut cmd_receiver,
+        mut peer_mgr_notification_receiver,
+    ) = make_standalone_peer_manager(
+        Arc::clone(&chain_config),
+        Arc::clone(&p2p_config),
+        vec![bind_addr],
+        time_getter.get_time_getter(),
     );
 
-    let remote_addr = pm1.peer_connectivity_handle.local_addresses()[0];
+    let peer_mgr_join_handle = logging::spawn_in_current_span(async move {
+        let mut peer_mgr = peer_mgr;
+        let _ = peer_mgr.run_internal(None).await;
+        peer_mgr
+    });
+
+    let peer_addr = TestAddressMaker::new_random_address_with_rng(&mut rng);
+    let peer_id = inbound_block_relay_peer_accepted_by_backend(
+        &conn_event_sender,
+        peer_addr,
+        bind_addr,
+        &chain_config,
+    );
 
-    pm2.adjust_peer_score(peer_id, 10);
-    assert!(!pm2.peerdb.is_address_banned(&remote_addr.as_bannable()));
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(cmd, Command::Accept { peer_id });
 
-    pm2.adjust_peer_score(peer_id, 90);
-    assert!(pm2.peerdb.is_address_banned(&remote_addr.as_bannable()));
+    let is_banned = query_peer_manager(&peer_mgr_event_sender, move |peer_mgr| {
+        peer_mgr.peer_db().is_address_banned(&peer_addr.as_bannable())
+    })
+    .await;
+    assert!(!is_banned);
 
-    let event = get_connectivity_event::<T>(&mut pm2.peer_connectivity_handle).await;
-    match &event {
-        Ok(net::types::ConnectivityEvent::ConnectionClosed { .. }) => {}
-        _ => panic!("unexpected event: {event:?}"),
-    }
-    pm2.handle_connectivity_event(event.unwrap());
+    ban_peer_manually(&peer_mgr_event_sender, peer_addr.as_bannable()).await;
 
-    let (response_sender, response_receiver) = oneshot_nofail::channel();
-    pm2.connect(remote_addr, OutboundConnectType::Manual { response_sender });
-    let res = response_receiver.await.unwrap();
-    match res {
-        Err(P2pError::PeerError(PeerError::BannedAddress(_))) => {}
-        _ => panic!("unexpected result: {res:?}"),
-    }
-}
+    let is_banned = query_peer_manager(&peer_mgr_event_sender, move |peer_mgr| {
+        peer_mgr.peer_db().is_address_banned(&peer_addr.as_bannable())
+    })
+    .await;
+    assert!(is_banned);
 
-#[tracing::instrument]
-#[tokio::test]
-async fn connect_to_banned_peer_tcp() {
-    connect_to_banned_peer::<TestTransportTcp, DefaultNetworkingService<TcpTransportSocket>>()
-        .await;
-}
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(cmd, Command::Disconnect { peer_id });
 
-#[tracing::instrument]
-#[tokio::test]
-async fn connect_to_banned_peer_channels() {
-    connect_to_banned_peer::<TestTransportChannel, DefaultNetworkingService<MpscChannelTransport>>(
-    )
+    wait_for_no_recv(&mut peer_mgr_notification_receiver).await;
+
+    time_getter.advance_time(*ban_config.ban_duration);
+
+    wait_for_heartbeat(&mut peer_mgr_notification_receiver).await;
+
+    let is_banned = query_peer_manager(&peer_mgr_event_sender, move |peer_mgr| {
+        peer_mgr.peer_db().is_address_banned(&peer_addr.as_bannable())
+    })
     .await;
+    assert!(!is_banned);
+
+    drop(conn_event_sender);
+    drop(peer_mgr_event_sender);
+
+    let _peer_mgr = peer_mgr_join_handle.await.unwrap();
 }
 
-#[tracing::instrument]
+// Check that an incoming connection from a banned peer is rejected.
+#[tracing::instrument(skip(seed))]
+#[rstest]
+#[trace]
+#[case(Seed::from_entropy())]
 #[tokio::test]
-async fn connect_to_banned_peer_noise() {
-    connect_to_banned_peer::<TestTransportNoise, DefaultNetworkingService<NoiseTcpTransport>>()
-        .await;
-}
+async fn reject_incoming_connection_from_banned_peer(#[case] seed: Seed) {
+    let mut rng = make_seedable_rng(seed);
 
-async fn validate_invalid_connection<A, S>()
-where
-    A: TestTransportMaker<Transport = S::Transport>,
-    S: NetworkingService + 'static + std::fmt::Debug,
-    S::ConnectivityHandle: ConnectivityService<S>,
-{
-    for peer_role in [PeerRole::OutboundFullRelay, PeerRole::Inbound] {
-        let config = Arc::new(config::create_unit_test_config());
-        let (mut peer_manager, _shutdown_sender, _subscribers_sender) =
-            make_peer_manager::<S>(A::make_transport(), A::make_address(), Arc::clone(&config))
-                .await;
-
-        // invalid magic bytes
-        let peer_id = PeerId::new();
-        let res = peer_manager.try_accept_connection(
-            TestAddressMaker::new_random_address(),
-            TestAddressMaker::new_random_address(),
-            peer_role,
-            net::types::PeerInfo {
-                peer_id,
-                protocol_version: TEST_PROTOCOL_VERSION,
-                network: [1, 2, 3, 4],
-                software_version: *config.software_version(),
-                user_agent: mintlayer_core_user_agent(),
-                common_services: [Service::Blocks, Service::Transactions, Service::PeerAddresses]
-                    .as_slice()
-                    .into(),
-            },
-            None,
+    let chain_config = Arc::new(config::create_unit_test_config());
+    let p2p_config = Arc::new(test_p2p_config());
+
+    let time_getter = P2pBasicTestTimeGetter::new();
+    let bind_addr = TestTransportTcp::make_address();
+
+    let (mut peer_mgr, conn_event_sender, peer_mgr_event_sender, mut cmd_receiver, _) =
+        make_standalone_peer_manager(
+            Arc::clone(&chain_config),
+            Arc::clone(&p2p_config),
+            vec![bind_addr],
+            time_getter.get_time_getter(),
         );
-        assert!(res.is_err());
-        assert!(!peer_manager.is_peer_connected(peer_id));
-    }
-}
 
-#[tracing::instrument]
-#[tokio::test]
-async fn validate_invalid_connection_tcp() {
-    validate_invalid_connection::<TestTransportTcp, DefaultNetworkingService<TcpTransportSocket>>()
-        .await;
-}
+    let peer_addrs = make_non_colliding_addresses_for_peer_db_in_distinct_addr_groups(
+        &peer_mgr.peerdb,
+        2,
+        &mut rng,
+    );
+    let [banned_addr, normal_addr]: [_; 2] = peer_addrs.try_into().unwrap();
+
+    peer_mgr.ban(banned_addr.as_bannable());
+
+    let peer_mgr_join_handle = logging::spawn_in_current_span(async move {
+        let mut peer_mgr = peer_mgr;
+        let _ = peer_mgr.run_internal(None).await;
+        peer_mgr
+    });
+
+    // Connection from the banned peer is rejected.
+    let peer1_id = inbound_block_relay_peer_accepted_by_backend(
+        &conn_event_sender,
+        banned_addr,
+        bind_addr,
+        &chain_config,
+    );
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(cmd, Command::Disconnect { peer_id: peer1_id });
+
+    // Connection from the normal peer is accepted.
+    let peer2_id = inbound_block_relay_peer_accepted_by_backend(
+        &conn_event_sender,
+        normal_addr,
+        bind_addr,
+        &chain_config,
+    );
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(cmd, Command::Accept { peer_id: peer2_id });
 
-#[tracing::instrument]
-#[tokio::test]
-async fn validate_invalid_connection_channels() {
-    validate_invalid_connection::<
-        TestTransportChannel,
-        DefaultNetworkingService<MpscChannelTransport>,
-    >()
-    .await;
+    drop(conn_event_sender);
+    drop(peer_mgr_event_sender);
+
+    let _peer_mgr = peer_mgr_join_handle.await.unwrap();
 }
 
-#[tracing::instrument]
+// Check that outgoing connections to banned peers are not established.
+#[tracing::instrument(skip(seed))]
+#[rstest]
+#[trace]
+#[case(Seed::from_entropy())]
 #[tokio::test]
-async fn validate_invalid_connection_noise() {
-    validate_invalid_connection::<TestTransportNoise, DefaultNetworkingService<NoiseTcpTransport>>(
-    )
-    .await;
-}
+async fn no_outgoing_connection_to_banned_peer(#[case] seed: Seed) {
+    let mut rng = make_seedable_rng(seed);
 
-async fn inbound_connection_invalid_magic<A, T>()
-where
-    A: TestTransportMaker<Transport = T::Transport>,
-    T: NetworkingService + 'static + std::fmt::Debug,
-    T::ConnectivityHandle: ConnectivityService<T>,
-{
-    let addr1 = A::make_address();
-    let addr2 = A::make_address();
-
-    let (mut pm1, _shutdown_sender, _subscribers_sender) = make_peer_manager::<T>(
-        A::make_transport(),
-        addr1,
-        Arc::new(config::create_unit_test_config()),
-    )
-    .await;
-    let (mut pm2, _shutdown_sender, _subscribers_sender) = make_peer_manager::<T>(
-        A::make_transport(),
-        addr2,
-        Arc::new(config::Builder::test_chain().magic_bytes([1, 2, 3, 4]).build()),
-    )
-    .await;
+    let chain_config = Arc::new(config::create_unit_test_config());
+    let p2p_config = Arc::new(test_p2p_config_with_peer_mgr_config(PeerManagerConfig {
+        outbound_block_relay_count: 2.into(),
+        outbound_block_relay_extra_count: 0.into(),
+        outbound_full_relay_count: 0.into(),
+        outbound_full_relay_extra_count: 0.into(),
+
+        max_inbound_connections: Default::default(),
+        preserved_inbound_count_address_group: Default::default(),
+        preserved_inbound_count_ping: Default::default(),
+        preserved_inbound_count_new_blocks: Default::default(),
+        preserved_inbound_count_new_transactions: Default::default(),
+        outbound_block_relay_connection_min_age: Default::default(),
+        outbound_full_relay_connection_min_age: Default::default(),
+        stale_tip_time_diff: Default::default(),
+        main_loop_tick_interval: Default::default(),
+        enable_feeler_connections: Default::default(),
+        feeler_connections_interval: Default::default(),
+        force_dns_query_if_no_global_addresses_known: Default::default(),
+        allow_same_ip_connections: Default::default(),
+        peerdb_config: Default::default(),
+    }));
 
-    let (_address, peer_info, _) = connect_and_accept_services::<T>(
-        &mut pm1.peer_connectivity_handle,
-        &mut pm2.peer_connectivity_handle,
-    )
-    .await;
+    let time_getter = P2pBasicTestTimeGetter::new();
+    let bind_addr = TestTransportTcp::make_address();
+
+    let (mut peer_mgr, conn_event_sender, peer_mgr_event_sender, mut cmd_receiver, _) =
+        make_standalone_peer_manager(
+            Arc::clone(&chain_config),
+            Arc::clone(&p2p_config),
+            vec![bind_addr],
+            time_getter.get_time_getter(),
+        );
 
-    // run the first peer manager in the background and poll events from the peer manager
-    // that tries to connect to the first manager
-    logging::spawn_in_current_span(async move { pm1.run().await });
+    let peer_addrs = make_non_colliding_addresses_for_peer_db_in_distinct_addr_groups(
+        &peer_mgr.peerdb,
+        2,
+        &mut rng,
+    );
+    let [banned_addr, normal_addr]: [_; 2] = peer_addrs.try_into().unwrap();
+
+    peer_mgr.peerdb.peer_discovered(banned_addr);
+    peer_mgr.peerdb.peer_discovered(normal_addr);
+
+    peer_mgr.ban(banned_addr.as_bannable());
+
+    let peer_mgr_join_handle = logging::spawn_in_current_span(async move {
+        let mut peer_mgr = peer_mgr;
+        let _ = peer_mgr.run_internal(None).await;
+        peer_mgr
+    });
+
+    // Connection to the normal peer is established.
+    let cmd = expect_recv!(cmd_receiver);
+    expect_cmd_connect_to(&cmd, &normal_addr);
+    let peer_id = outbound_block_relay_peer_accepted_by_backend(
+        &conn_event_sender,
+        normal_addr,
+        bind_addr,
+        &chain_config,
+    );
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(cmd, Command::Accept { peer_id });
 
-    let event = get_connectivity_event::<T>(&mut pm2.peer_connectivity_handle).await;
-    match event {
-        Ok(net::types::ConnectivityEvent::ConnectionClosed { peer_id })
-            if peer_id == peer_info.peer_id => {}
-        _ => panic!("unexpected event: {event:?}"),
-    }
-}
+    // No other connection attempts are made.
+    expect_no_recv!(cmd_receiver);
 
-#[tracing::instrument]
-#[tokio::test]
-async fn inbound_connection_invalid_magic_tcp() {
-    inbound_connection_invalid_magic::<
-        TestTransportTcp,
-        DefaultNetworkingService<TcpTransportSocket>,
-    >()
-    .await;
-}
+    drop(conn_event_sender);
+    drop(peer_mgr_event_sender);
 
-#[tracing::instrument]
-#[tokio::test]
-async fn inbound_connection_invalid_magic_channels() {
-    inbound_connection_invalid_magic::<
-        TestTransportChannel,
-        DefaultNetworkingService<MpscChannelTransport>,
-    >()
-    .await;
+    let _peer_mgr = peer_mgr_join_handle.await.unwrap();
 }
 
-#[tracing::instrument]
+// Check that address announcements don't include banned addresses.
+#[tracing::instrument(skip(seed))]
+#[rstest]
+#[trace]
+#[case(Seed::from_entropy())]
 #[tokio::test]
-async fn inbound_connection_invalid_magic_noise() {
-    inbound_connection_invalid_magic::<
-        TestTransportNoise,
-        DefaultNetworkingService<NoiseTcpTransport>,
-    >()
-    .await;
+async fn banned_address_is_not_announced(#[case] seed: Seed) {
+    let mut rng = make_seedable_rng(seed);
+
+    let chain_config = Arc::new(config::create_unit_test_config());
+    let p2p_config = Arc::new(P2pConfig {
+        allow_discover_private_ips: true.into(),
+
+        bind_addresses: Default::default(),
+        socks5_proxy: Default::default(),
+        disable_noise: Default::default(),
+        boot_nodes: Default::default(),
+        reserved_nodes: Default::default(),
+        whitelisted_addresses: Default::default(),
+        ban_config: Default::default(),
+        outbound_connection_timeout: Default::default(),
+        ping_check_period: Default::default(),
+        ping_timeout: Default::default(),
+        peer_handshake_timeout: Default::default(),
+        max_clock_diff: Default::default(),
+        node_type: Default::default(),
+        user_agent: mintlayer_core_user_agent(),
+        sync_stalling_timeout: Default::default(),
+        peer_manager_config: Default::default(),
+        protocol_config: Default::default(),
+    });
+
+    let time_getter = P2pBasicTestTimeGetter::new();
+    let bind_addr = TestTransportTcp::make_address();
+
+    let (mut peer_mgr, conn_event_sender, peer_mgr_event_sender, mut cmd_receiver, _) =
+        make_standalone_peer_manager(
+            Arc::clone(&chain_config),
+            Arc::clone(&p2p_config),
+            vec![bind_addr],
+            time_getter.get_time_getter(),
+        );
+
+    let addrs = make_non_colliding_addresses_for_peer_db_in_distinct_addr_groups(
+        &peer_mgr.peerdb,
+        4,
+        &mut rng,
+    );
+    let [banned_addr, normal_addr, peer1_addr, peer2_addr]: [_; 4] = addrs.try_into().unwrap();
+
+    peer_mgr.ban(banned_addr.as_bannable());
+
+    let peer_mgr_join_handle = logging::spawn_in_current_span(async move {
+        let mut peer_mgr = peer_mgr;
+        let _ = peer_mgr.run_internal(None).await;
+        peer_mgr
+    });
+
+    let peer1_id = inbound_full_relay_peer_accepted_by_backend(
+        &conn_event_sender,
+        peer1_addr,
+        bind_addr,
+        &chain_config,
+    );
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(cmd, Command::Accept { peer_id: peer1_id });
+
+    let peer2_id = inbound_full_relay_peer_accepted_by_backend(
+        &conn_event_sender,
+        peer2_addr,
+        bind_addr,
+        &chain_config,
+    );
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(cmd, Command::Accept { peer_id: peer2_id });
+
+    conn_event_sender
+        .send(ConnectivityEvent::Message {
+            peer_id: peer1_id,
+            message: PeerManagerMessage::AnnounceAddrRequest(AnnounceAddrRequest {
+                address: banned_addr.as_peer_address(),
+            }),
+        })
+        .unwrap();
+
+    // Prevent the address limiter from kicking in.
+    time_getter.advance_time(Duration::from_secs((1.0 / MAX_ADDR_RATE_PER_SECOND) as u64));
+
+    conn_event_sender
+        .send(ConnectivityEvent::Message {
+            peer_id: peer1_id,
+            message: PeerManagerMessage::AnnounceAddrRequest(AnnounceAddrRequest {
+                address: normal_addr.as_peer_address(),
+            }),
+        })
+        .unwrap();
+
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(
+        cmd,
+        Command::SendMessage {
+            peer_id: peer2_id,
+            message: Message::AnnounceAddrRequest(AnnounceAddrRequest {
+                address: normal_addr.as_peer_address(),
+            })
+        }
+    );
+
+    // No other announcements are made.
+    expect_no_recv!(cmd_receiver);
+
+    drop(conn_event_sender);
+    drop(peer_mgr_event_sender);
+
+    let _peer_mgr = peer_mgr_join_handle.await.unwrap();
 }
 
-// Test that manually banned peers are also disconnected
-#[tracing::instrument]
-#[test]
-fn ban_and_disconnect() {
-    type TestNetworkingService = DefaultNetworkingService<TcpTransportSocket>;
+// Check that address responses don't include banned addresses.
+#[tracing::instrument(skip(seed))]
+#[rstest]
+#[trace]
+#[case(Seed::from_entropy())]
+#[tokio::test]
+async fn banned_address_not_in_addr_response(#[case] seed: Seed) {
+    let mut rng = make_seedable_rng(seed);
 
-    let bind_address = TestTransportTcp::make_address();
     let chain_config = Arc::new(config::create_unit_test_config());
-    let p2p_config = Arc::new(test_p2p_config());
-    let (cmd_sender, mut cmd_receiver) = tokio::sync::mpsc::unbounded_channel();
-    let (_conn_sender, conn_receiver) = tokio::sync::mpsc::unbounded_channel();
-    let (_peer_sender, peer_receiver) = tokio::sync::mpsc::unbounded_channel::<PeerManagerEvent>();
+    let p2p_config = Arc::new(P2pConfig {
+        allow_discover_private_ips: true.into(),
+        // The test will start with a good address in the peer db; prevent the peer manager
+        // from trying to establish a connection to it automatically.
+        peer_manager_config: test_peer_mgr_config_with_no_auto_outbound_connections(),
+
+        bind_addresses: Default::default(),
+        socks5_proxy: Default::default(),
+        disable_noise: Default::default(),
+        boot_nodes: Default::default(),
+        reserved_nodes: Default::default(),
+        whitelisted_addresses: Default::default(),
+        ban_config: Default::default(),
+        outbound_connection_timeout: Default::default(),
+        ping_check_period: Default::default(),
+        ping_timeout: Default::default(),
+        peer_handshake_timeout: Default::default(),
+        max_clock_diff: Default::default(),
+        node_type: Default::default(),
+        user_agent: mintlayer_core_user_agent(),
+        sync_stalling_timeout: Default::default(),
+        protocol_config: Default::default(),
+    });
+
     let time_getter = P2pBasicTestTimeGetter::new();
-    let connectivity_handle =
-        ConnectivityHandle::<TestNetworkingService>::new(vec![], cmd_sender, conn_receiver);
+    let bind_addr = TestTransportTcp::make_address();
+
+    let (mut peer_mgr, conn_event_sender, peer_mgr_event_sender, mut cmd_receiver, _) =
+        make_standalone_peer_manager(
+            Arc::clone(&chain_config),
+            Arc::clone(&p2p_config),
+            vec![bind_addr],
+            time_getter.get_time_getter(),
+        );
 
-    let mut pm = PeerManager::<TestNetworkingService, _>::new(
-        Arc::clone(&chain_config),
-        Arc::clone(&p2p_config),
-        connectivity_handle,
-        peer_receiver,
-        time_getter.get_time_getter(),
-        peerdb_inmemory_store(),
-    )
-    .unwrap();
-
-    let peer_id_1 = PeerId::new();
-    let address_1 = TestAddressMaker::new_random_address();
-    let peer_info = PeerInfo {
-        peer_id: peer_id_1,
-        protocol_version: TEST_PROTOCOL_VERSION,
-        network: *chain_config.magic_bytes(),
-        software_version: *chain_config.software_version(),
-        user_agent: mintlayer_core_user_agent(),
-        common_services: NodeType::Full.into(),
-    };
-    pm.accept_connection(address_1, bind_address, Role::Inbound, peer_info, None);
-    assert_eq!(pm.peers.len(), 1);
-
-    // Peer is accepted by the peer manager
-    match cmd_receiver.try_recv() {
-        Ok(Command::Accept { peer_id }) if peer_id == peer_id_1 => {}
-        v => panic!("unexpected command: {v:?}"),
-    }
-
-    let (ban_sender, mut ban_receiver) = oneshot_nofail::channel();
-    pm.handle_control_event(PeerManagerEvent::Ban(address_1.as_bannable(), ban_sender));
-    ban_receiver.try_recv().unwrap().unwrap();
-
-    // Peer is disconnected by the peer manager
-    match cmd_receiver.try_recv() {
-        Ok(Command::Disconnect { peer_id }) if peer_id == peer_id_1 => {}
-        v => panic!("unexpected command: {v:?}"),
-    }
-
-    // No more messages
-    match cmd_receiver.try_recv() {
-        Err(_) => {}
-        v => panic!("unexpected command: {v:?}"),
-    }
+    let addrs = make_non_colliding_addresses_for_peer_db_in_distinct_addr_groups(
+        &peer_mgr.peerdb,
+        3,
+        &mut rng,
+    );
+    let [banned_addr, normal_addr, peer_addr]: [_; 3] = addrs.try_into().unwrap();
+
+    peer_mgr.peerdb.peer_discovered(banned_addr);
+    peer_mgr.peerdb.peer_discovered(normal_addr);
+
+    peer_mgr.ban(banned_addr.as_bannable());
+
+    let peer_mgr_join_handle = logging::spawn_in_current_span(async move {
+        let mut peer_mgr = peer_mgr;
+        let _ = peer_mgr.run_internal(None).await;
+        peer_mgr
+    });
+
+    let peer_id = inbound_full_relay_peer_accepted_by_backend(
+        &conn_event_sender,
+        peer_addr,
+        bind_addr,
+        &chain_config,
+    );
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(cmd, Command::Accept { peer_id });
+
+    conn_event_sender
+        .send(ConnectivityEvent::Message {
+            peer_id,
+            message: PeerManagerMessage::AddrListRequest(AddrListRequest {}),
+        })
+        .unwrap();
+
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(
+        cmd,
+        Command::SendMessage {
+            peer_id,
+            message: Message::AddrListResponse(AddrListResponse {
+                addresses: vec![normal_addr.as_peer_address()],
+            })
+        }
+    );
+
+    expect_no_recv!(cmd_receiver);
+
+    drop(conn_event_sender);
+    drop(peer_mgr_event_sender);
+
+    let _peer_mgr = peer_mgr_join_handle.await.unwrap();
 }
diff --git a/p2p/src/peer_manager/tests/connections.rs b/p2p/src/peer_manager/tests/connections.rs
index dd17c7fa5b..b1dac05e54 100644
--- a/p2p/src/peer_manager/tests/connections.rs
+++ b/p2p/src/peer_manager/tests/connections.rs
@@ -43,6 +43,7 @@ use crate::{
         types::{services::Service, ConnectivityEvent, PeerRole},
     },
     peer_manager::{
+        config::{MaxInboundConnections, PeerManagerConfig},
         peerdb::{
             self, config::PeerDbConfig,
             test_utils::make_non_colliding_addresses_for_peer_db_in_distinct_addr_groups,
@@ -50,13 +51,13 @@ use crate::{
         tests::{
             get_connected_peers, make_standalone_peer_manager, run_peer_manager,
             utils::{
-                expect_cmd_connect_to, expect_connect_cmd,
+                expect_cmd_connect_to, expect_cmd_connect_to_one_of,
                 inbound_block_relay_peer_accepted_by_backend, make_full_relay_peer_info,
                 mutate_peer_manager, outbound_full_relay_peer_accepted_by_backend,
                 query_peer_manager, recv_command_advance_time, start_manually_connecting,
             },
         },
-        MaxInboundConnections, PeerManager, PeerManagerConfig,
+        PeerManager,
     },
     testing_utils::{
         connect_and_accept_services, connect_services, get_connectivity_event,
@@ -88,6 +89,136 @@ use crate::{
     PeerManagerEvent,
 };
 
+async fn validate_invalid_connection<A, S>()
+where
+    A: TestTransportMaker<Transport = S::Transport>,
+    S: NetworkingService + 'static + std::fmt::Debug,
+    S::ConnectivityHandle: ConnectivityService<S>,
+{
+    for peer_role in [PeerRole::OutboundFullRelay, PeerRole::Inbound] {
+        let config = Arc::new(config::create_unit_test_config());
+        let (mut peer_manager, _shutdown_sender, _subscribers_sender) =
+            make_peer_manager::<S>(A::make_transport(), A::make_address(), Arc::clone(&config))
+                .await;
+
+        // invalid magic bytes
+        let peer_id = PeerId::new();
+        let res = peer_manager.try_accept_connection(
+            TestAddressMaker::new_random_address(),
+            TestAddressMaker::new_random_address(),
+            peer_role,
+            net::types::PeerInfo {
+                peer_id,
+                protocol_version: TEST_PROTOCOL_VERSION,
+                network: [1, 2, 3, 4],
+                software_version: *config.software_version(),
+                user_agent: mintlayer_core_user_agent(),
+                common_services: [Service::Blocks, Service::Transactions, Service::PeerAddresses]
+                    .as_slice()
+                    .into(),
+            },
+            None,
+        );
+        assert!(res.is_err());
+        assert!(!peer_manager.is_peer_connected(peer_id));
+    }
+}
+
+#[tracing::instrument]
+#[tokio::test]
+async fn validate_invalid_connection_tcp() {
+    validate_invalid_connection::<TestTransportTcp, DefaultNetworkingService<TcpTransportSocket>>()
+        .await;
+}
+
+#[tracing::instrument]
+#[tokio::test]
+async fn validate_invalid_connection_channels() {
+    validate_invalid_connection::<
+        TestTransportChannel,
+        DefaultNetworkingService<MpscChannelTransport>,
+    >()
+    .await;
+}
+
+#[tracing::instrument]
+#[tokio::test]
+async fn validate_invalid_connection_noise() {
+    validate_invalid_connection::<TestTransportNoise, DefaultNetworkingService<NoiseTcpTransport>>(
+    )
+    .await;
+}
+
+async fn inbound_connection_invalid_magic<A, T>()
+where
+    A: TestTransportMaker<Transport = T::Transport>,
+    T: NetworkingService + 'static + std::fmt::Debug,
+    T::ConnectivityHandle: ConnectivityService<T>,
+{
+    let addr1 = A::make_address();
+    let addr2 = A::make_address();
+
+    let (mut pm1, _shutdown_sender, _subscribers_sender) = make_peer_manager::<T>(
+        A::make_transport(),
+        addr1,
+        Arc::new(config::create_unit_test_config()),
+    )
+    .await;
+    let (mut pm2, _shutdown_sender, _subscribers_sender) = make_peer_manager::<T>(
+        A::make_transport(),
+        addr2,
+        Arc::new(config::Builder::test_chain().magic_bytes([1, 2, 3, 4]).build()),
+    )
+    .await;
+
+    let (_address, peer_info, _) = connect_and_accept_services::<T>(
+        &mut pm1.peer_connectivity_handle,
+        &mut pm2.peer_connectivity_handle,
+    )
+    .await;
+
+    // run the first peer manager in the background and poll events from the peer manager
+    // that tries to connect to the first manager
+    logging::spawn_in_current_span(async move { pm1.run().await });
+
+    let event = get_connectivity_event::<T>(&mut pm2.peer_connectivity_handle).await;
+    match event {
+        Ok(net::types::ConnectivityEvent::ConnectionClosed { peer_id })
+            if peer_id == peer_info.peer_id => {}
+        _ => panic!("unexpected event: {event:?}"),
+    }
+}
+
+#[tracing::instrument]
+#[tokio::test]
+async fn inbound_connection_invalid_magic_tcp() {
+    inbound_connection_invalid_magic::<
+        TestTransportTcp,
+        DefaultNetworkingService<TcpTransportSocket>,
+    >()
+    .await;
+}
+
+#[tracing::instrument]
+#[tokio::test]
+async fn inbound_connection_invalid_magic_channels() {
+    inbound_connection_invalid_magic::<
+        TestTransportChannel,
+        DefaultNetworkingService<MpscChannelTransport>,
+    >()
+    .await;
+}
+
+#[tracing::instrument]
+#[tokio::test]
+async fn inbound_connection_invalid_magic_noise() {
+    inbound_connection_invalid_magic::<
+        TestTransportNoise,
+        DefaultNetworkingService<NoiseTcpTransport>,
+    >()
+    .await;
+}
+
 // try to connect to an address that no one listening on and verify it fails
 async fn test_peer_manager_connect<T: NetworkingService>(
     transport: T::Transport,
@@ -694,8 +825,7 @@ async fn connection_timeout_rpc_notified<T>(
         boot_nodes: Default::default(),
         reserved_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
         peer_handshake_timeout: Default::default(),
@@ -807,8 +937,7 @@ where
         boot_nodes: Default::default(),
         reserved_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
@@ -852,8 +981,7 @@ where
         disable_noise: Default::default(),
         boot_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
@@ -964,8 +1092,7 @@ where
         boot_nodes: Default::default(),
         reserved_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
@@ -1009,8 +1136,7 @@ where
         disable_noise: Default::default(),
         boot_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
@@ -1041,8 +1167,7 @@ where
         disable_noise: Default::default(),
         boot_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
@@ -1171,8 +1296,7 @@ async fn discovered_node_2_groups() {
         boot_nodes: Default::default(),
         reserved_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
@@ -1217,8 +1341,7 @@ async fn discovered_node_2_groups() {
         disable_noise: Default::default(),
         boot_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
@@ -1250,8 +1373,7 @@ async fn discovered_node_2_groups() {
         disable_noise: Default::default(),
         boot_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
@@ -1341,8 +1463,7 @@ async fn discovered_node_separate_groups() {
         boot_nodes: Default::default(),
         reserved_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
@@ -1387,8 +1508,7 @@ async fn discovered_node_separate_groups() {
         disable_noise: Default::default(),
         boot_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
@@ -1420,8 +1540,7 @@ async fn discovered_node_separate_groups() {
         disable_noise: Default::default(),
         boot_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
@@ -1550,7 +1669,7 @@ async fn feeler_connections_test_impl(seed: Seed) {
 
     log::debug!("Expecting normal outbound connection attempt");
     let cmd = cmd_receiver.recv().await.unwrap();
-    let outbound_peer_addr = expect_connect_cmd(&cmd, &mut addresses);
+    let outbound_peer_addr = expect_cmd_connect_to_one_of(&cmd, &mut addresses);
 
     let outbound_peer_id = PeerId::new();
     conn_event_sender
@@ -1597,7 +1716,7 @@ async fn feeler_connections_test_impl(seed: Seed) {
             recv_command_advance_time(&mut cmd_receiver, &time_getter, feeler_connections_interval)
                 .await
                 .unwrap();
-        let addr = expect_connect_cmd(&cmd, &mut addresses);
+        let addr = expect_cmd_connect_to_one_of(&cmd, &mut addresses);
         let is_last_addr = addresses.is_empty();
         let should_succeed = {
             let rand_bool = rng.gen_bool(0.5);
@@ -1684,7 +1803,10 @@ async fn feeler_connections_test_impl(seed: Seed) {
 }
 
 mod feeler_connections_test_utils {
-    use crate::peer_manager::peerdb::{salt::Salt, storage::PeerDbStorage, PeerDb};
+    use crate::peer_manager::{
+        config::PeerManagerConfig,
+        peerdb::{salt::Salt, storage::PeerDbStorage, PeerDb},
+    };
 
     use super::*;
 
@@ -1730,8 +1852,7 @@ mod feeler_connections_test_utils {
             boot_nodes: Default::default(),
             reserved_nodes: Default::default(),
             whitelisted_addresses: Default::default(),
-            ban_threshold: Default::default(),
-            ban_duration: Default::default(),
+            ban_config: Default::default(),
             outbound_connection_timeout: Default::default(),
             ping_timeout: Default::default(),
             peer_handshake_timeout: Default::default(),
@@ -1817,8 +1938,7 @@ async fn reject_connection_to_existing_ip(#[case] seed: Seed) {
         boot_nodes: Default::default(),
         reserved_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_timeout: Default::default(),
         peer_handshake_timeout: Default::default(),
@@ -1878,7 +1998,7 @@ async fn reject_connection_to_existing_ip(#[case] seed: Seed) {
 
     // "Discover" outbound_peer1_addr; no connection attempt should be made.
     mutate_peer_manager(&peer_mgr_event_sender, move |peer_mgr| {
-        peer_mgr.peerdb_mut().peer_discovered(outbound_peer1_addr);
+        peer_mgr.peer_db_mut().peer_discovered(outbound_peer1_addr);
     })
     .await;
     time_getter.advance_time(peer_manager::HEARTBEAT_INTERVAL_MAX);
@@ -1887,7 +2007,7 @@ async fn reject_connection_to_existing_ip(#[case] seed: Seed) {
     // "Discover" peer2_addr; a connection attempt should be made and
     // the connection should be accepted.
     mutate_peer_manager(&peer_mgr_event_sender, move |peer_mgr| {
-        peer_mgr.peerdb_mut().peer_discovered(peer2_addr)
+        peer_mgr.peer_db_mut().peer_discovered(peer2_addr)
     })
     .await;
     time_getter.advance_time(peer_manager::HEARTBEAT_INTERVAL_MAX);
@@ -2023,7 +2143,7 @@ async fn feeler_connection_to_ip_address_of_inbound_peer(#[case] seed: Seed) {
 
     // "Discover" outbound_peer_addr.
     mutate_peer_manager(&peer_mgr_event_sender, move |peer_mgr| {
-        peer_mgr.peerdb_mut().peer_discovered(outbound_peer_addr);
+        peer_mgr.peer_db_mut().peer_discovered(outbound_peer_addr);
     })
     .await;
     time_getter.advance_time(peer_manager::HEARTBEAT_INTERVAL_MAX);
diff --git a/p2p/src/peer_manager/tests/discouragement.rs b/p2p/src/peer_manager/tests/discouragement.rs
new file mode 100644
index 0000000000..06f9903012
--- /dev/null
+++ b/p2p/src/peer_manager/tests/discouragement.rs
@@ -0,0 +1,503 @@
+// Copyright (c) 2021-2024 RBB S.r.l
+// opensource@mintlayer.org
+// SPDX-License-Identifier: MIT
+// Licensed under the MIT License;
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://github.com/mintlayer/mintlayer-core/blob/master/LICENSE
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use std::{sync::Arc, time::Duration};
+
+use rstest::rstest;
+
+use crate::{
+    ban_config::BanConfig,
+    config::P2pConfig,
+    message::{AddrListRequest, AddrListResponse, AnnounceAddrRequest, PeerManagerMessage},
+    net::{
+        default_backend::types::{Command, Message},
+        types::ConnectivityEvent,
+    },
+    peer_manager::{
+        config::PeerManagerConfig,
+        peerdb::test_utils::make_non_colliding_addresses_for_peer_db_in_distinct_addr_groups,
+        tests::{
+            make_standalone_peer_manager,
+            utils::{
+                adjust_peer_score, expect_cmd_connect_to,
+                inbound_block_relay_peer_accepted_by_backend,
+                inbound_full_relay_peer_accepted_by_backend,
+                outbound_block_relay_peer_accepted_by_backend, query_peer_manager,
+                wait_for_heartbeat,
+            },
+        },
+        MAX_ADDR_RATE_PER_SECOND,
+    },
+    testing_utils::{
+        test_p2p_config, test_p2p_config_with_ban_config, test_p2p_config_with_peer_mgr_config,
+        test_peer_mgr_config_with_no_auto_outbound_connections, TestAddressMaker,
+        TestTransportMaker, TestTransportTcp,
+    },
+};
+use common::{chain::config, primitives::user_agent::mintlayer_core_user_agent};
+use p2p_test_utils::{expect_no_recv, expect_recv, wait_for_no_recv, P2pBasicTestTimeGetter};
+use test_utils::random::{make_seedable_rng, Seed};
+
+// Check that a peer is discouraged once the threshold is reached.
+// Also check that
+// 1) it's NOT disconnected when becoming discouraged;
+// 2) it's no longer discouraged once the duration has expired.
+#[tracing::instrument(skip(seed))]
+#[rstest]
+#[trace]
+#[case(Seed::from_entropy())]
+#[tokio::test]
+async fn discourage_connected_peer(#[case] seed: Seed) {
+    let mut rng = make_seedable_rng(seed);
+
+    let chain_config = Arc::new(config::create_unit_test_config());
+    let ban_config = BanConfig {
+        discouragement_threshold: 100.into(),
+        discouragement_duration: Duration::from_secs(60 * 60).into(),
+        ban_threshold: 1000.into(),
+        ban_duration: Duration::from_secs(60 * 60 * 10).into(),
+    };
+    let p2p_config = Arc::new(test_p2p_config_with_ban_config(ban_config.clone()));
+
+    let time_getter = P2pBasicTestTimeGetter::new();
+    let bind_addr = TestTransportTcp::make_address();
+
+    let (
+        peer_mgr,
+        conn_event_sender,
+        peer_mgr_event_sender,
+        mut cmd_receiver,
+        mut peer_mgr_notification_receiver,
+    ) = make_standalone_peer_manager(
+        Arc::clone(&chain_config),
+        Arc::clone(&p2p_config),
+        vec![bind_addr],
+        time_getter.get_time_getter(),
+    );
+
+    let peer_mgr_join_handle = logging::spawn_in_current_span(async move {
+        let mut peer_mgr = peer_mgr;
+        let _ = peer_mgr.run_internal(None).await;
+        peer_mgr
+    });
+
+    let peer_addr = TestAddressMaker::new_random_address_with_rng(&mut rng);
+    let peer_id = inbound_block_relay_peer_accepted_by_backend(
+        &conn_event_sender,
+        peer_addr,
+        bind_addr,
+        &chain_config,
+    );
+
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(cmd, Command::Accept { peer_id });
+
+    // Increase the score by 1/2 of the threshold, check that the peer is not discouraged.
+    adjust_peer_score(
+        &peer_mgr_event_sender,
+        peer_id,
+        *ban_config.discouragement_threshold / 2,
+    )
+    .await;
+
+    let is_discouraged = query_peer_manager(&peer_mgr_event_sender, move |peer_mgr| {
+        peer_mgr.peer_db().is_address_discouraged(&peer_addr.as_bannable())
+    })
+    .await;
+    assert!(!is_discouraged);
+
+    expect_no_recv!(cmd_receiver);
+
+    // Increase the score by 1/2 of the threshold again, check that the peer is discouraged now.
+    adjust_peer_score(
+        &peer_mgr_event_sender,
+        peer_id,
+        *ban_config.discouragement_threshold / 2,
+    )
+    .await;
+
+    let is_discouraged = query_peer_manager(&peer_mgr_event_sender, move |peer_mgr| {
+        peer_mgr.peer_db().is_address_discouraged(&peer_addr.as_bannable())
+    })
+    .await;
+    assert!(is_discouraged);
+
+    // No disconnection should happen
+    expect_no_recv!(cmd_receiver);
+
+    wait_for_no_recv(&mut peer_mgr_notification_receiver).await;
+
+    // Wait for discouragement duration to pass; check that the peer is no longer discouraged.
+    time_getter.advance_time(*ban_config.discouragement_duration);
+
+    wait_for_heartbeat(&mut peer_mgr_notification_receiver).await;
+
+    let is_discouraged = query_peer_manager(&peer_mgr_event_sender, move |peer_mgr| {
+        peer_mgr.peer_db().is_address_discouraged(&peer_addr.as_bannable())
+    })
+    .await;
+    assert!(!is_discouraged);
+
+    drop(conn_event_sender);
+    drop(peer_mgr_event_sender);
+
+    let _peer_mgr = peer_mgr_join_handle.await.unwrap();
+}
+
+// Check that an incoming connection from a discouraged peer is NOT rejected.
+#[tracing::instrument(skip(seed))]
+#[rstest]
+#[trace]
+#[case(Seed::from_entropy())]
+#[tokio::test]
+async fn dont_reject_incoming_connection_from_discouraged_peer(#[case] seed: Seed) {
+    let mut rng = make_seedable_rng(seed);
+
+    let chain_config = Arc::new(config::create_unit_test_config());
+    let p2p_config = Arc::new(test_p2p_config());
+
+    let time_getter = P2pBasicTestTimeGetter::new();
+    let bind_addr = TestTransportTcp::make_address();
+
+    let (mut peer_mgr, conn_event_sender, peer_mgr_event_sender, mut cmd_receiver, _) =
+        make_standalone_peer_manager(
+            Arc::clone(&chain_config),
+            Arc::clone(&p2p_config),
+            vec![bind_addr],
+            time_getter.get_time_getter(),
+        );
+
+    let peer_addr = TestAddressMaker::new_random_address_with_rng(&mut rng);
+
+    peer_mgr.discourage(peer_addr.as_bannable());
+
+    let peer_mgr_join_handle = logging::spawn_in_current_span(async move {
+        let mut peer_mgr = peer_mgr;
+        let _ = peer_mgr.run_internal(None).await;
+        peer_mgr
+    });
+
+    // Connection from the discouraged peer is accepted.
+    let peer_id = inbound_block_relay_peer_accepted_by_backend(
+        &conn_event_sender,
+        peer_addr,
+        bind_addr,
+        &chain_config,
+    );
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(cmd, Command::Accept { peer_id });
+
+    drop(conn_event_sender);
+    drop(peer_mgr_event_sender);
+
+    let _peer_mgr = peer_mgr_join_handle.await.unwrap();
+}
+
+// Check that outgoing connections to discouraged peers are not established.
+#[tracing::instrument(skip(seed))]
+#[rstest]
+#[trace]
+#[case(Seed::from_entropy())]
+#[tokio::test]
+async fn no_outgoing_connection_to_discouraged_peer(#[case] seed: Seed) {
+    let mut rng = make_seedable_rng(seed);
+
+    let chain_config = Arc::new(config::create_unit_test_config());
+    let p2p_config = Arc::new(test_p2p_config_with_peer_mgr_config(PeerManagerConfig {
+        outbound_block_relay_count: 2.into(),
+        outbound_block_relay_extra_count: 0.into(),
+        outbound_full_relay_count: 0.into(),
+        outbound_full_relay_extra_count: 0.into(),
+
+        max_inbound_connections: Default::default(),
+        preserved_inbound_count_address_group: Default::default(),
+        preserved_inbound_count_ping: Default::default(),
+        preserved_inbound_count_new_blocks: Default::default(),
+        preserved_inbound_count_new_transactions: Default::default(),
+        outbound_block_relay_connection_min_age: Default::default(),
+        outbound_full_relay_connection_min_age: Default::default(),
+        stale_tip_time_diff: Default::default(),
+        main_loop_tick_interval: Default::default(),
+        enable_feeler_connections: Default::default(),
+        feeler_connections_interval: Default::default(),
+        force_dns_query_if_no_global_addresses_known: Default::default(),
+        allow_same_ip_connections: Default::default(),
+        peerdb_config: Default::default(),
+    }));
+
+    let time_getter = P2pBasicTestTimeGetter::new();
+    let bind_addr = TestTransportTcp::make_address();
+
+    let (mut peer_mgr, conn_event_sender, peer_mgr_event_sender, mut cmd_receiver, _) =
+        make_standalone_peer_manager(
+            Arc::clone(&chain_config),
+            Arc::clone(&p2p_config),
+            vec![bind_addr],
+            time_getter.get_time_getter(),
+        );
+
+    let peer_addrs = make_non_colliding_addresses_for_peer_db_in_distinct_addr_groups(
+        &peer_mgr.peerdb,
+        2,
+        &mut rng,
+    );
+    let [discouraged_addr, normal_addr]: [_; 2] = peer_addrs.try_into().unwrap();
+
+    peer_mgr.peerdb.peer_discovered(discouraged_addr);
+    peer_mgr.peerdb.peer_discovered(normal_addr);
+
+    peer_mgr.discourage(discouraged_addr.as_bannable());
+
+    let peer_mgr_join_handle = logging::spawn_in_current_span(async move {
+        let mut peer_mgr = peer_mgr;
+        let _ = peer_mgr.run_internal(None).await;
+        peer_mgr
+    });
+
+    // Connection to the normal peer is established.
+    let cmd = expect_recv!(cmd_receiver);
+    expect_cmd_connect_to(&cmd, &normal_addr);
+    let peer_id = outbound_block_relay_peer_accepted_by_backend(
+        &conn_event_sender,
+        normal_addr,
+        bind_addr,
+        &chain_config,
+    );
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(cmd, Command::Accept { peer_id });
+
+    // No other connection attempts are made.
+    expect_no_recv!(cmd_receiver);
+
+    drop(conn_event_sender);
+    drop(peer_mgr_event_sender);
+
+    let _peer_mgr = peer_mgr_join_handle.await.unwrap();
+}
+
+// Check that address announcements don't include discouraged addresses.
+#[tracing::instrument(skip(seed))]
+#[rstest]
+#[trace]
+#[case(Seed::from_entropy())]
+#[tokio::test]
+async fn discouraged_address_is_not_announced(#[case] seed: Seed) {
+    let mut rng = make_seedable_rng(seed);
+
+    let chain_config = Arc::new(config::create_unit_test_config());
+    let p2p_config = Arc::new(P2pConfig {
+        allow_discover_private_ips: true.into(),
+
+        bind_addresses: Default::default(),
+        socks5_proxy: Default::default(),
+        disable_noise: Default::default(),
+        boot_nodes: Default::default(),
+        reserved_nodes: Default::default(),
+        whitelisted_addresses: Default::default(),
+        ban_config: Default::default(),
+        outbound_connection_timeout: Default::default(),
+        ping_check_period: Default::default(),
+        ping_timeout: Default::default(),
+        peer_handshake_timeout: Default::default(),
+        max_clock_diff: Default::default(),
+        node_type: Default::default(),
+        user_agent: mintlayer_core_user_agent(),
+        sync_stalling_timeout: Default::default(),
+        peer_manager_config: Default::default(),
+        protocol_config: Default::default(),
+    });
+
+    let time_getter = P2pBasicTestTimeGetter::new();
+    let bind_addr = TestTransportTcp::make_address();
+
+    let (mut peer_mgr, conn_event_sender, peer_mgr_event_sender, mut cmd_receiver, _) =
+        make_standalone_peer_manager(
+            Arc::clone(&chain_config),
+            Arc::clone(&p2p_config),
+            vec![bind_addr],
+            time_getter.get_time_getter(),
+        );
+
+    let addrs = make_non_colliding_addresses_for_peer_db_in_distinct_addr_groups(
+        &peer_mgr.peerdb,
+        4,
+        &mut rng,
+    );
+    let [discouraged_addr, normal_addr, peer1_addr, peer2_addr]: [_; 4] = addrs.try_into().unwrap();
+
+    peer_mgr.discourage(discouraged_addr.as_bannable());
+
+    let peer_mgr_join_handle = logging::spawn_in_current_span(async move {
+        let mut peer_mgr = peer_mgr;
+        let _ = peer_mgr.run_internal(None).await;
+        peer_mgr
+    });
+
+    let peer1_id = inbound_full_relay_peer_accepted_by_backend(
+        &conn_event_sender,
+        peer1_addr,
+        bind_addr,
+        &chain_config,
+    );
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(cmd, Command::Accept { peer_id: peer1_id });
+
+    let peer2_id = inbound_full_relay_peer_accepted_by_backend(
+        &conn_event_sender,
+        peer2_addr,
+        bind_addr,
+        &chain_config,
+    );
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(cmd, Command::Accept { peer_id: peer2_id });
+
+    conn_event_sender
+        .send(ConnectivityEvent::Message {
+            peer_id: peer1_id,
+            message: PeerManagerMessage::AnnounceAddrRequest(AnnounceAddrRequest {
+                address: discouraged_addr.as_peer_address(),
+            }),
+        })
+        .unwrap();
+
+    // Prevent the address limiter from kicking in.
+    time_getter.advance_time(Duration::from_secs((1.0 / MAX_ADDR_RATE_PER_SECOND) as u64));
+
+    conn_event_sender
+        .send(ConnectivityEvent::Message {
+            peer_id: peer1_id,
+            message: PeerManagerMessage::AnnounceAddrRequest(AnnounceAddrRequest {
+                address: normal_addr.as_peer_address(),
+            }),
+        })
+        .unwrap();
+
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(
+        cmd,
+        Command::SendMessage {
+            peer_id: peer2_id,
+            message: Message::AnnounceAddrRequest(AnnounceAddrRequest {
+                address: normal_addr.as_peer_address(),
+            })
+        }
+    );
+
+    // No other announcements are made.
+    expect_no_recv!(cmd_receiver);
+
+    drop(conn_event_sender);
+    drop(peer_mgr_event_sender);
+
+    let _peer_mgr = peer_mgr_join_handle.await.unwrap();
+}
+
+// Check that address responses don't include discouraged addresses.
+#[tracing::instrument(skip(seed))]
+#[rstest]
+#[trace]
+#[case(Seed::from_entropy())]
+#[tokio::test]
+async fn discouraged_address_not_in_addr_response(#[case] seed: Seed) {
+    let mut rng = make_seedable_rng(seed);
+
+    let chain_config = Arc::new(config::create_unit_test_config());
+    let p2p_config = Arc::new(P2pConfig {
+        allow_discover_private_ips: true.into(),
+        // The test will start with a good address in the peer db; prevent the peer manager
+        // from trying to establish a connection to it automatically.
+        peer_manager_config: test_peer_mgr_config_with_no_auto_outbound_connections(),
+
+        bind_addresses: Default::default(),
+        socks5_proxy: Default::default(),
+        disable_noise: Default::default(),
+        boot_nodes: Default::default(),
+        reserved_nodes: Default::default(),
+        whitelisted_addresses: Default::default(),
+        ban_config: Default::default(),
+        outbound_connection_timeout: Default::default(),
+        ping_check_period: Default::default(),
+        ping_timeout: Default::default(),
+        peer_handshake_timeout: Default::default(),
+        max_clock_diff: Default::default(),
+        node_type: Default::default(),
+        user_agent: mintlayer_core_user_agent(),
+        sync_stalling_timeout: Default::default(),
+        protocol_config: Default::default(),
+    });
+
+    let time_getter = P2pBasicTestTimeGetter::new();
+    let bind_addr = TestTransportTcp::make_address();
+
+    let (mut peer_mgr, conn_event_sender, peer_mgr_event_sender, mut cmd_receiver, _) =
+        make_standalone_peer_manager(
+            Arc::clone(&chain_config),
+            Arc::clone(&p2p_config),
+            vec![bind_addr],
+            time_getter.get_time_getter(),
+        );
+
+    let addrs = make_non_colliding_addresses_for_peer_db_in_distinct_addr_groups(
+        &peer_mgr.peerdb,
+        3,
+        &mut rng,
+    );
+    let [discouraged_addr, normal_addr, peer_addr]: [_; 3] = addrs.try_into().unwrap();
+
+    peer_mgr.peerdb.peer_discovered(discouraged_addr);
+    peer_mgr.peerdb.peer_discovered(normal_addr);
+
+    peer_mgr.discourage(discouraged_addr.as_bannable());
+
+    let peer_mgr_join_handle = logging::spawn_in_current_span(async move {
+        let mut peer_mgr = peer_mgr;
+        let _ = peer_mgr.run_internal(None).await;
+        peer_mgr
+    });
+
+    let peer_id = inbound_full_relay_peer_accepted_by_backend(
+        &conn_event_sender,
+        peer_addr,
+        bind_addr,
+        &chain_config,
+    );
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(cmd, Command::Accept { peer_id });
+
+    conn_event_sender
+        .send(ConnectivityEvent::Message {
+            peer_id,
+            message: PeerManagerMessage::AddrListRequest(AddrListRequest {}),
+        })
+        .unwrap();
+
+    let cmd = expect_recv!(cmd_receiver);
+    assert_eq!(
+        cmd,
+        Command::SendMessage {
+            peer_id,
+            message: Message::AddrListResponse(AddrListResponse {
+                addresses: vec![normal_addr.as_peer_address()],
+            })
+        }
+    );
+
+    expect_no_recv!(cmd_receiver);
+
+    drop(conn_event_sender);
+    drop(peer_mgr_event_sender);
+
+    let _peer_mgr = peer_mgr_join_handle.await.unwrap();
+}
diff --git a/p2p/src/peer_manager/tests/eviction.rs b/p2p/src/peer_manager/tests/eviction.rs
index 94d16b3592..1b2dc1e789 100644
--- a/p2p/src/peer_manager/tests/eviction.rs
+++ b/p2p/src/peer_manager/tests/eviction.rs
@@ -18,28 +18,24 @@ use std::{collections::BTreeSet, sync::Arc, time::Duration};
 use logging::log;
 use rstest::rstest;
 use test_utils::random::make_seedable_rng;
-use tokio::sync::mpsc;
 
 use p2p_test_utils::{expect_no_recv, expect_recv, P2pBasicTestTimeGetter};
 use test_utils::random::Seed;
 
 use crate::{
     config::P2pConfig,
-    net::{
-        default_backend::{types::Command, ConnectivityHandle},
-        types::ConnectivityEvent,
-    },
+    net::default_backend::types::Command,
     peer_manager::{
-        dns_seed::DefaultDnsSeed,
+        config::PeerManagerConfig,
         peerdb::{self, config::PeerDbConfig, salt::Salt},
         peers_eviction,
-        tests::utils::{expect_connect_cmd, make_block_relay_peer_info},
-        PeerManager, PeerManagerConfig,
+        tests::{
+            make_standalone_peer_manager,
+            utils::{expect_cmd_connect_to_one_of, outbound_block_relay_peer_accepted_by_backend},
+        },
     },
     sync::sync_status::PeerBlockSyncStatus,
-    testing_utils::{peerdb_inmemory_store, TestTransportMaker, TestTransportTcp},
-    tests::helpers::PeerManagerObserver,
-    types::peer_id::PeerId,
+    testing_utils::{TestTransportMaker, TestTransportTcp},
 };
 use common::{
     chain::{config, Block},
@@ -48,7 +44,6 @@ use common::{
 };
 
 use crate::{
-    net::default_backend::{transport::TcpTransportSocket, DefaultNetworkingService},
     peer_manager::{tests::utils::wait_for_heartbeat, HEARTBEAT_INTERVAL_MAX},
     PeerManagerEvent,
 };
@@ -85,8 +80,6 @@ mod dont_evict_if_blocks_in_flight {
         )]
         test_case: TestCase,
     ) {
-        type TestNetworkingService = DefaultNetworkingService<TcpTransportSocket>;
-
         let mut rng = make_seedable_rng(seed);
 
         let chain_config = Arc::new(config::create_unit_test_config());
@@ -135,8 +128,7 @@ mod dont_evict_if_blocks_in_flight {
             boot_nodes: Default::default(),
             reserved_nodes: Default::default(),
             whitelisted_addresses: Default::default(),
-            ban_threshold: Default::default(),
-            ban_duration: Default::default(),
+            ban_config: Default::default(),
             outbound_connection_timeout: Default::default(),
             ping_timeout: Default::default(),
             peer_handshake_timeout: Default::default(),
@@ -149,34 +141,20 @@ mod dont_evict_if_blocks_in_flight {
         });
 
         let bind_address = TestTransportTcp::make_address();
-        let (cmd_sender, mut cmd_receiver) = mpsc::unbounded_channel();
-        let (conn_event_sender, conn_event_receiver) = mpsc::unbounded_channel();
-        let (peer_mgr_event_sender, peer_mgr_event_receiver) =
-            mpsc::unbounded_channel::<PeerManagerEvent>();
         let time_getter = P2pBasicTestTimeGetter::new();
-        let connectivity_handle = ConnectivityHandle::<TestNetworkingService>::new(
-            vec![],
-            cmd_sender,
-            conn_event_receiver,
-        );
-        let (peer_mgr_notification_sender, mut peer_mgr_notification_receiver) =
-            mpsc::unbounded_channel();
-        let peer_mgr_observer = Box::new(PeerManagerObserver::new(peer_mgr_notification_sender));
 
-        let mut peer_mgr = PeerManager::<TestNetworkingService, _>::new_generic(
+        let (
+            mut peer_mgr,
+            conn_event_sender,
+            peer_mgr_event_sender,
+            mut cmd_receiver,
+            mut peer_mgr_notification_receiver,
+        ) = make_standalone_peer_manager(
             Arc::clone(&chain_config),
             Arc::clone(&p2p_config),
-            connectivity_handle,
-            peer_mgr_event_receiver,
+            vec![bind_address],
             time_getter.get_time_getter(),
-            peerdb_inmemory_store(),
-            Some(peer_mgr_observer),
-            Box::new(DefaultDnsSeed::new(
-                Arc::clone(&chain_config),
-                Arc::clone(&p2p_config),
-            )),
-        )
-        .unwrap();
+        );
 
         let addr_count = 3;
         let addresses =
@@ -199,26 +177,23 @@ mod dont_evict_if_blocks_in_flight {
 
         log::debug!("Expecting outbound connection attempt #1");
         let cmd = expect_recv!(cmd_receiver);
-        let peer1_addr = expect_connect_cmd(&cmd, &mut addresses);
+        let peer1_addr = expect_cmd_connect_to_one_of(&cmd, &mut addresses);
 
         log::debug!("Expecting outbound connection attempt #2");
         let cmd = expect_recv!(cmd_receiver);
-        let peer2_addr = expect_connect_cmd(&cmd, &mut addresses);
+        let peer2_addr = expect_cmd_connect_to_one_of(&cmd, &mut addresses);
 
         log::debug!("Expecting outbound connection attempt #3");
         let cmd = expect_recv!(cmd_receiver);
-        let peer3_addr = expect_connect_cmd(&cmd, &mut addresses);
+        let peer3_addr = expect_cmd_connect_to_one_of(&cmd, &mut addresses);
 
         for peer_addr in [peer1_addr, peer2_addr, peer3_addr] {
-            let peer_id = PeerId::new();
-            conn_event_sender
-                .send(ConnectivityEvent::OutboundAccepted {
-                    peer_address: peer_addr,
-                    bind_address,
-                    peer_info: make_block_relay_peer_info(peer_id, &chain_config),
-                    node_address_as_seen_by_peer: None,
-                })
-                .unwrap();
+            let peer_id = outbound_block_relay_peer_accepted_by_backend(
+                &conn_event_sender,
+                peer_addr,
+                bind_address,
+                &chain_config,
+            );
 
             log::debug!("Expecting Command::Accept");
             let cmd = expect_recv!(cmd_receiver);
diff --git a/p2p/src/peer_manager/tests/mod.rs b/p2p/src/peer_manager/tests/mod.rs
index 03943a741b..70bc6603a3 100644
--- a/p2p/src/peer_manager/tests/mod.rs
+++ b/p2p/src/peer_manager/tests/mod.rs
@@ -17,6 +17,7 @@ mod addr_list_response_caching;
 mod addresses;
 mod ban;
 mod connections;
+mod discouragement;
 mod eviction;
 mod peer_types;
 mod ping;
diff --git a/p2p/src/peer_manager/tests/peer_types.rs b/p2p/src/peer_manager/tests/peer_types.rs
index 72cad9c22f..00089e1237 100644
--- a/p2p/src/peer_manager/tests/peer_types.rs
+++ b/p2p/src/peer_manager/tests/peer_types.rs
@@ -52,8 +52,7 @@ fn validate_services() {
             boot_nodes: Default::default(),
             reserved_nodes: Default::default(),
             whitelisted_addresses: Default::default(),
-            ban_threshold: Default::default(),
-            ban_duration: Default::default(),
+            ban_config: Default::default(),
             outbound_connection_timeout: Default::default(),
             ping_check_period: Default::default(),
             ping_timeout: Default::default(),
diff --git a/p2p/src/peer_manager/tests/ping.rs b/p2p/src/peer_manager/tests/ping.rs
index 63d5a8975f..e842f6287c 100644
--- a/p2p/src/peer_manager/tests/ping.rs
+++ b/p2p/src/peer_manager/tests/ping.rs
@@ -56,8 +56,7 @@ async fn ping_timeout() {
         boot_nodes: Default::default(),
         reserved_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         peer_handshake_timeout: Default::default(),
         max_clock_diff: Default::default(),
diff --git a/p2p/src/peer_manager/tests/utils.rs b/p2p/src/peer_manager/tests/utils.rs
index b16923ac0c..e827e67ac7 100644
--- a/p2p/src/peer_manager/tests/utils.rs
+++ b/p2p/src/peer_manager/tests/utils.rs
@@ -21,7 +21,7 @@ use tokio::sync::mpsc;
 
 use p2p_test_utils::{wait_for_recv, P2pBasicTestTimeGetter};
 use p2p_types::{
-    ip_or_socket_address::IpOrSocketAddress, services::Service, socket_address::SocketAddress,
+    bannable_address::BannableAddress, ip_or_socket_address::IpOrSocketAddress, services::Service, socket_address::SocketAddress,
     PeerId,
 };
 use test_utils::assert_matches_return_val;
@@ -92,7 +92,10 @@ pub fn make_block_relay_peer_info(peer_id: PeerId, chain_config: &ChainConfig) -
     }
 }
 
-pub fn expect_connect_cmd(cmd: &Command, addresses: &mut BTreeSet<SocketAddress>) -> SocketAddress {
+pub fn expect_cmd_connect_to_one_of(
+    cmd: &Command,
+    addresses: &mut BTreeSet<SocketAddress>,
+) -> SocketAddress {
     match cmd {
         Command::Connect {
             address,
@@ -143,6 +146,46 @@ pub fn inbound_block_relay_peer_accepted_by_backend(
     peer_id
 }
 
+/// Send a ConnectivityEvent simulating a connection being accepted by the backend.
+pub fn inbound_full_relay_peer_accepted_by_backend(
+    conn_event_sender: &mpsc::UnboundedSender<ConnectivityEvent>,
+    peer_address: SocketAddress,
+    bind_address: SocketAddress,
+    chain_config: &ChainConfig,
+) -> PeerId {
+    let peer_id = PeerId::new();
+    conn_event_sender
+        .send(ConnectivityEvent::InboundAccepted {
+            peer_address,
+            bind_address,
+            peer_info: make_full_relay_peer_info(peer_id, &chain_config),
+            node_address_as_seen_by_peer: None,
+        })
+        .unwrap();
+
+    peer_id
+}
+
+/// Send a ConnectivityEvent simulating a connection being accepted by the backend.
+pub fn outbound_block_relay_peer_accepted_by_backend(
+    conn_event_sender: &mpsc::UnboundedSender<ConnectivityEvent>,
+    peer_address: SocketAddress,
+    bind_address: SocketAddress,
+    chain_config: &ChainConfig,
+) -> PeerId {
+    let peer_id = PeerId::new();
+    conn_event_sender
+        .send(ConnectivityEvent::OutboundAccepted {
+            peer_address,
+            bind_address,
+            peer_info: make_block_relay_peer_info(peer_id, &chain_config),
+            node_address_as_seen_by_peer: None,
+        })
+        .unwrap();
+
+    peer_id
+}
+
 /// Send a ConnectivityEvent simulating a connection being accepted by the backend.
 pub fn outbound_full_relay_peer_accepted_by_backend(
     conn_event_sender: &mpsc::UnboundedSender<ConnectivityEvent>,
@@ -163,6 +206,15 @@ pub fn outbound_full_relay_peer_accepted_by_backend(
     peer_id
 }
 
+/// Send a ConnectivityEvent simulating a PeerManagerMessage being received from the backend.
+pub fn peer_mgr_message_received_from_backend(
+    conn_event_sender: &mpsc::UnboundedSender<ConnectivityEvent>,
+    peer_id: PeerId,
+    message: PeerManagerMessage,
+) {
+    conn_event_sender.send(ConnectivityEvent::Message { peer_id, message }).unwrap();
+}
+
 pub async fn wait_for_heartbeat(
     peer_mgr_notification_receiver: &mut mpsc::UnboundedReceiver<PeerManagerNotification>,
 ) {
@@ -230,3 +282,34 @@ pub fn start_manually_connecting(
 
     result_receiver
 }
+
+pub async fn adjust_peer_score(
+    peer_mgr_event_sender: &mpsc::UnboundedSender<PeerManagerEvent>,
+    peer_id: PeerId,
+    score_adjustment: u32,
+) {
+    let (result_sender, result_receiver) = oneshot_nofail::channel();
+
+    peer_mgr_event_sender
+        .send(PeerManagerEvent::AdjustPeerScore(
+            peer_id,
+            score_adjustment,
+            result_sender,
+        ))
+        .unwrap();
+
+    result_receiver.await.unwrap().unwrap();
+}
+
+pub async fn ban_peer_manually(
+    peer_mgr_event_sender: &mpsc::UnboundedSender<PeerManagerEvent>,
+    peer_addr: BannableAddress,
+) {
+    let (result_sender, result_receiver) = oneshot_nofail::channel();
+
+    peer_mgr_event_sender
+        .send(PeerManagerEvent::Ban(peer_addr, result_sender))
+        .unwrap();
+
+    result_receiver.await.unwrap().unwrap();
+}
diff --git a/p2p/src/peer_manager/tests/whitelist.rs b/p2p/src/peer_manager/tests/whitelist.rs
index 8fb5d13245..7549b478b7 100644
--- a/p2p/src/peer_manager/tests/whitelist.rs
+++ b/p2p/src/peer_manager/tests/whitelist.rs
@@ -22,7 +22,7 @@ use crate::{
         types::{PeerInfo, PeerRole, Role},
     },
     peer_manager::{
-        peerdb::{salt::Salt, storage::PeerDbStorageWrite, StorageVersion},
+        peerdb::{salt::Salt, storage::PeerDbStorageWrite, CURRENT_STORAGE_VERSION},
         peerdb_common::storage::{TransactionRw, Transactional},
         tests::make_peer_manager_custom,
         PeerManager,
@@ -59,8 +59,7 @@ fn p2p_config_with_whitelisted(whitelisted_addresses: Vec<IpAddr>) -> P2pConfig
         boot_nodes: Default::default(),
         reserved_nodes: Default::default(),
         whitelisted_addresses,
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
@@ -201,7 +200,7 @@ where
             .saturating_duration_add(Duration::from_secs(60));
 
         let mut tx = db.transaction_rw().unwrap();
-        tx.set_version(StorageVersion::new(2)).unwrap();
+        tx.set_version(CURRENT_STORAGE_VERSION).unwrap();
         tx.set_salt(Salt::new_random()).unwrap();
         tx.add_banned_address(&BannableAddress::new(addr1.ip_addr()), ban_until)
             .unwrap();
diff --git a/p2p/src/peer_manager_event.rs b/p2p/src/peer_manager_event.rs
index 4bf10f9daa..296cf321c1 100644
--- a/p2p/src/peer_manager_event.rs
+++ b/p2p/src/peer_manager_event.rs
@@ -61,7 +61,7 @@ pub enum PeerManagerEvent {
 
     /// Increases the ban score of a peer by the given amount.
     ///
-    /// The peer is banned if the new score exceeds the threshold (`P2pConfig::ban_threshold`).
+    /// The peer is discouraged or banned if the new score exceeds the corresponding threshold.
     AdjustPeerScore(PeerId, u32, oneshot_nofail::Sender<crate::Result<()>>),
 
     /// New tip block received.
diff --git a/p2p/src/sync/tests/block_announcement.rs b/p2p/src/sync/tests/block_announcement.rs
index 8231916305..e7cd023a1a 100644
--- a/p2p/src/sync/tests/block_announcement.rs
+++ b/p2p/src/sync/tests/block_announcement.rs
@@ -529,8 +529,7 @@ async fn send_headers_connected_to_previously_sent_headers(#[case] seed: Seed) {
             boot_nodes: Default::default(),
             reserved_nodes: Default::default(),
             whitelisted_addresses: Default::default(),
-            ban_threshold: Default::default(),
-            ban_duration: Default::default(),
+            ban_config: Default::default(),
             outbound_connection_timeout: Default::default(),
             ping_check_period: Default::default(),
             ping_timeout: Default::default(),
@@ -633,8 +632,7 @@ async fn send_headers_connected_to_block_which_is_being_downloaded(#[case] seed:
             boot_nodes: Default::default(),
             reserved_nodes: Default::default(),
             whitelisted_addresses: Default::default(),
-            ban_threshold: Default::default(),
-            ban_duration: Default::default(),
+            ban_config: Default::default(),
             outbound_connection_timeout: Default::default(),
             ping_check_period: Default::default(),
             ping_timeout: Default::default(),
@@ -734,8 +732,7 @@ async fn correct_pending_headers_update(#[case] seed: Seed) {
             boot_nodes: Default::default(),
             reserved_nodes: Default::default(),
             whitelisted_addresses: Default::default(),
-            ban_threshold: Default::default(),
-            ban_duration: Default::default(),
+            ban_config: Default::default(),
             outbound_connection_timeout: Default::default(),
             ping_check_period: Default::default(),
             ping_timeout: Default::default(),
diff --git a/p2p/src/sync/tests/block_response.rs b/p2p/src/sync/tests/block_response.rs
index a8f7893519..6186b51151 100644
--- a/p2p/src/sync/tests/block_response.rs
+++ b/p2p/src/sync/tests/block_response.rs
@@ -31,6 +31,7 @@ use p2p_test_utils::{create_n_blocks, P2pBasicTestTimeGetter};
 use test_utils::random::{shuffle_until_different, Seed};
 
 use crate::{
+    ban_config::BanConfig,
     error::ProtocolError,
     message::{BlockListRequest, BlockResponse, BlockSyncMessage, HeaderList, HeaderListRequest},
     sync::tests::helpers::{
@@ -148,9 +149,15 @@ async fn block_responses_in_wrong_order(#[case] seed: Seed) {
 
         let chain_config = Arc::new(create_unit_test_config());
         let p2p_config = Arc::new(P2pConfig {
-            // We want to count bannable errors in this test, but don't want a disconnect
-            // to happen because of them.
-            ban_threshold: 1000.into(),
+            ban_config: BanConfig {
+                // We want to count bannable errors in this test, but don't want a disconnect
+                // to happen because of them.
+                ban_threshold: 1000.into(),
+
+                ban_duration: Default::default(),
+                discouragement_threshold: Default::default(),
+                discouragement_duration: Default::default(),
+            },
 
             bind_addresses: Default::default(),
             socks5_proxy: Default::default(),
@@ -158,8 +165,6 @@ async fn block_responses_in_wrong_order(#[case] seed: Seed) {
             boot_nodes: Default::default(),
             reserved_nodes: Default::default(),
             whitelisted_addresses: Default::default(),
-
-            ban_duration: Default::default(),
             outbound_connection_timeout: Default::default(),
             ping_check_period: Default::default(),
             ping_timeout: Default::default(),
@@ -288,8 +293,7 @@ async fn disconnect(#[case] seed: Seed) {
             boot_nodes: Default::default(),
             reserved_nodes: Default::default(),
             whitelisted_addresses: Default::default(),
-            ban_threshold: Default::default(),
-            ban_duration: Default::default(),
+            ban_config: Default::default(),
             outbound_connection_timeout: Default::default(),
             ping_check_period: Default::default(),
             ping_timeout: Default::default(),
@@ -356,8 +360,7 @@ async fn slow_response(#[case] seed: Seed) {
             boot_nodes: Default::default(),
             reserved_nodes: Default::default(),
             whitelisted_addresses: Default::default(),
-            ban_threshold: Default::default(),
-            ban_duration: Default::default(),
+            ban_config: Default::default(),
             outbound_connection_timeout: Default::default(),
             ping_check_period: Default::default(),
             ping_timeout: Default::default(),
diff --git a/p2p/src/sync/tests/header_list_request.rs b/p2p/src/sync/tests/header_list_request.rs
index ca78349aca..3026c93701 100644
--- a/p2p/src/sync/tests/header_list_request.rs
+++ b/p2p/src/sync/tests/header_list_request.rs
@@ -142,8 +142,7 @@ async fn respond_with_empty_header_list_when_in_ibd() {
             boot_nodes: Default::default(),
             reserved_nodes: Default::default(),
             whitelisted_addresses: Default::default(),
-            ban_threshold: Default::default(),
-            ban_duration: Default::default(),
+            ban_config: Default::default(),
             outbound_connection_timeout: Default::default(),
             ping_check_period: Default::default(),
             ping_timeout: Default::default(),
diff --git a/p2p/src/sync/tests/header_list_response.rs b/p2p/src/sync/tests/header_list_response.rs
index 6e47f0c995..b3a83f6aad 100644
--- a/p2p/src/sync/tests/header_list_response.rs
+++ b/p2p/src/sync/tests/header_list_response.rs
@@ -218,8 +218,7 @@ async fn disconnect() {
             boot_nodes: Default::default(),
             reserved_nodes: Default::default(),
             whitelisted_addresses: Default::default(),
-            ban_threshold: Default::default(),
-            ban_duration: Default::default(),
+            ban_config: Default::default(),
             outbound_connection_timeout: Default::default(),
             ping_check_period: Default::default(),
             ping_timeout: Default::default(),
diff --git a/p2p/src/sync/tests/network_sync.rs b/p2p/src/sync/tests/network_sync.rs
index 5112fd7aa1..2060ad42ed 100644
--- a/p2p/src/sync/tests/network_sync.rs
+++ b/p2p/src/sync/tests/network_sync.rs
@@ -61,8 +61,7 @@ async fn basic(#[case] seed: Seed) {
             boot_nodes: Default::default(),
             reserved_nodes: Default::default(),
             whitelisted_addresses: Default::default(),
-            ban_threshold: Default::default(),
-            ban_duration: Default::default(),
+            ban_config: Default::default(),
             outbound_connection_timeout: Default::default(),
             ping_check_period: Default::default(),
             ping_timeout: Default::default(),
@@ -300,8 +299,7 @@ async fn block_announcement_disconnected_headers(#[case] seed: Seed) {
             boot_nodes: Default::default(),
             reserved_nodes: Default::default(),
             whitelisted_addresses: Default::default(),
-            ban_threshold: Default::default(),
-            ban_duration: Default::default(),
+            ban_config: Default::default(),
             outbound_connection_timeout: Default::default(),
             ping_check_period: Default::default(),
             ping_timeout: Default::default(),
diff --git a/p2p/src/sync/tests/tx_announcement.rs b/p2p/src/sync/tests/tx_announcement.rs
index 5445137a7b..f5f510ecfb 100644
--- a/p2p/src/sync/tests/tx_announcement.rs
+++ b/p2p/src/sync/tests/tx_announcement.rs
@@ -160,8 +160,7 @@ async fn no_transaction_service(#[case] seed: Seed) {
             boot_nodes: Default::default(),
             reserved_nodes: Default::default(),
             whitelisted_addresses: Default::default(),
-            ban_threshold: Default::default(),
-            ban_duration: Default::default(),
+            ban_config: Default::default(),
             outbound_connection_timeout: Default::default(),
             ping_check_period: Default::default(),
             ping_timeout: Default::default(),
@@ -236,8 +235,7 @@ async fn too_many_announcements(#[case] seed: Seed) {
             boot_nodes: Default::default(),
             reserved_nodes: Default::default(),
             whitelisted_addresses: Default::default(),
-            ban_threshold: Default::default(),
-            ban_duration: Default::default(),
+            ban_config: Default::default(),
             outbound_connection_timeout: Default::default(),
             ping_check_period: Default::default(),
             ping_timeout: Default::default(),
diff --git a/p2p/src/testing_utils.rs b/p2p/src/testing_utils.rs
index 10a324a486..0c751d3446 100644
--- a/p2p/src/testing_utils.rs
+++ b/p2p/src/testing_utils.rs
@@ -29,6 +29,7 @@ use p2p_types::socket_address::SocketAddress;
 use tokio::time::timeout;
 
 use crate::{
+    ban_config::BanConfig,
     config::P2pConfig,
     net::{
         default_backend::transport::{
@@ -39,8 +40,8 @@ use crate::{
         ConnectivityService, NetworkingService,
     },
     peer_manager::{
+        config::PeerManagerConfig,
         peerdb::{config::PeerDbConfig, storage_impl::PeerDbStorageImpl},
-        PeerManagerConfig,
     },
     protocol::{ProtocolVersion, SupportedProtocolVersion},
 };
@@ -136,7 +137,7 @@ impl TestTransportMaker for TestTransportNoise {
 pub struct TestAddressMaker {}
 
 impl TestAddressMaker {
-    pub fn new_random_ipv6_addr_with_rng(rng: &mut impl Rng) -> Ipv6Addr {
+    pub fn new_random_ipv6_addr(rng: &mut impl Rng) -> Ipv6Addr {
         Ipv6Addr::new(
             rng.gen(),
             rng.gen(),
@@ -149,15 +150,17 @@ impl TestAddressMaker {
         )
     }
 
-    pub fn new_random_ipv4_addr_with_rng(rng: &mut impl Rng) -> Ipv4Addr {
+    pub fn new_random_ipv4_addr(rng: &mut impl Rng) -> Ipv4Addr {
         Ipv4Addr::new(rng.gen(), rng.gen(), rng.gen(), rng.gen())
     }
 
     pub fn new_random_address_with_rng(rng: &mut impl Rng) -> SocketAddress {
-        let ip = Self::new_random_ipv6_addr_with_rng(rng);
+        let ip = Self::new_random_ipv6_addr(rng);
         SocketAddress::new(SocketAddr::new(IpAddr::V6(ip), rng.gen()))
     }
 
+    // TODO: remove this function; rename new_random_address_with_rng to new_random_address and
+    // use it in all the tests.
     pub fn new_random_address() -> SocketAddress {
         let mut rng = make_pseudo_rng();
         Self::new_random_address_with_rng(&mut rng)
@@ -275,8 +278,7 @@ pub fn test_p2p_config() -> P2pConfig {
         boot_nodes: Default::default(),
         reserved_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
@@ -301,8 +303,7 @@ pub fn test_p2p_config_with_peer_mgr_config(peer_manager_config: PeerManagerConf
         boot_nodes: Default::default(),
         reserved_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
@@ -340,6 +341,54 @@ pub fn test_p2p_config_with_peer_db_config(peerdb_config: PeerDbConfig) -> P2pCo
     })
 }
 
+pub fn test_p2p_config_with_ban_config(ban_config: BanConfig) -> P2pConfig {
+    P2pConfig {
+        ban_config,
+
+        bind_addresses: Default::default(),
+        socks5_proxy: Default::default(),
+        disable_noise: Default::default(),
+        boot_nodes: Default::default(),
+        reserved_nodes: Default::default(),
+        whitelisted_addresses: Default::default(),
+        outbound_connection_timeout: Default::default(),
+        ping_check_period: Default::default(),
+        ping_timeout: Default::default(),
+        peer_handshake_timeout: Default::default(),
+        max_clock_diff: Default::default(),
+        node_type: Default::default(),
+        allow_discover_private_ips: Default::default(),
+        user_agent: mintlayer_core_user_agent(),
+        sync_stalling_timeout: Default::default(),
+        peer_manager_config: Default::default(),
+        protocol_config: Default::default(),
+    }
+}
+
+pub fn test_peer_mgr_config_with_no_auto_outbound_connections() -> PeerManagerConfig {
+    PeerManagerConfig {
+        outbound_block_relay_count: 0.into(),
+        outbound_block_relay_extra_count: 0.into(),
+        outbound_full_relay_count: 0.into(),
+        outbound_full_relay_extra_count: 0.into(),
+        enable_feeler_connections: false.into(),
+
+        outbound_block_relay_connection_min_age: Default::default(),
+        peerdb_config: Default::default(),
+        preserved_inbound_count_address_group: Default::default(),
+        preserved_inbound_count_ping: Default::default(),
+        preserved_inbound_count_new_blocks: Default::default(),
+        preserved_inbound_count_new_transactions: Default::default(),
+        max_inbound_connections: Default::default(),
+        outbound_full_relay_connection_min_age: Default::default(),
+        stale_tip_time_diff: Default::default(),
+        main_loop_tick_interval: Default::default(),
+        feeler_connections_interval: Default::default(),
+        allow_same_ip_connections: Default::default(),
+        force_dns_query_if_no_global_addresses_known: Default::default(),
+    }
+}
+
 pub async fn get_two_connected_sockets<A, T>() -> (T::Stream, T::Stream)
 where
     A: TestTransportMaker<Transport = T>,
diff --git a/p2p/src/tests/helpers/mod.rs b/p2p/src/tests/helpers/mod.rs
index fac7690904..0c4a4060c0 100644
--- a/p2p/src/tests/helpers/mod.rs
+++ b/p2p/src/tests/helpers/mod.rs
@@ -48,6 +48,9 @@ pub enum PeerManagerNotification {
     Ban {
         address: BannableAddress,
     },
+    Discourage {
+        address: BannableAddress,
+    },
     Heartbeat,
     ConnectionAccepted {
         address: SocketAddress,
@@ -84,6 +87,10 @@ impl peer_manager::Observer for PeerManagerObserver {
         self.send_notification(PeerManagerNotification::Ban { address });
     }
 
+    fn on_peer_discouragement(&mut self, address: BannableAddress) {
+        self.send_notification(PeerManagerNotification::Discourage { address });
+    }
+
     fn on_heartbeat(&mut self) {
         self.send_notification(PeerManagerNotification::Heartbeat);
     }
diff --git a/p2p/src/tests/peer_discovery_on_stale_tip.rs b/p2p/src/tests/peer_discovery_on_stale_tip.rs
index 7ffc43fd32..2359ef3be6 100644
--- a/p2p/src/tests/peer_discovery_on_stale_tip.rs
+++ b/p2p/src/tests/peer_discovery_on_stale_tip.rs
@@ -28,7 +28,7 @@ use test_utils::random::Seed;
 use crate::{
     config::P2pConfig,
     net::types::PeerRole,
-    peer_manager::{self, address_groups::AddressGroup, PeerManagerConfig},
+    peer_manager::{self, address_groups::AddressGroup, config::PeerManagerConfig},
     sync::test_helpers::make_new_block,
     testing_utils::{
         make_transport_with_local_addr_in_group, TestTransportChannel, TestTransportMaker,
@@ -488,8 +488,7 @@ pub fn make_p2p_config(peer_manager_config: PeerManagerConfig) -> P2pConfig {
         boot_nodes: Default::default(),
         reserved_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         // Note: peer_handshake_timeout specifies real time rather than mocked time (it's passed
         // into tokio::time::timeout), so no need to make it artificially large.
diff --git a/wallet/wallet-node-client/tests/call_tests.rs b/wallet/wallet-node-client/tests/call_tests.rs
index b1120c2a8a..ae69973554 100644
--- a/wallet/wallet-node-client/tests/call_tests.rs
+++ b/wallet/wallet-node-client/tests/call_tests.rs
@@ -57,8 +57,7 @@ pub async fn start_subsystems(
         boot_nodes: Default::default(),
         reserved_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),
diff --git a/wallet/wallet-test-node/src/lib.rs b/wallet/wallet-test-node/src/lib.rs
index e6e4e0d851..6f92175b87 100644
--- a/wallet/wallet-test-node/src/lib.rs
+++ b/wallet/wallet-test-node/src/lib.rs
@@ -167,8 +167,7 @@ pub async fn start_node(chain_config: Arc<ChainConfig>) -> (subsystem::Manager,
         boot_nodes: Default::default(),
         reserved_nodes: Default::default(),
         whitelisted_addresses: Default::default(),
-        ban_threshold: Default::default(),
-        ban_duration: Default::default(),
+        ban_config: Default::default(),
         outbound_connection_timeout: Default::default(),
         ping_check_period: Default::default(),
         ping_timeout: Default::default(),